From a83a530f67129bc3e97336855ffaa4e60d09f047 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Thu, 19 Oct 2023 17:18:50 +0200 Subject: [PATCH 01/52] Updated locks & implementation. Parameter and UDT pending --- docs/wiki/The library - Module design.md | 8 +++--- .../.test/common/main.test.bicep | 5 +++- modules/aad/domain-service/README.md | 5 +++- modules/aad/domain-service/main.bicep | 8 +++--- .../server/.test/common/main.test.bicep | 5 +++- .../server/.test/max/main.test.bicep | 5 +++- modules/analysis-services/server/README.md | 10 ++++++-- modules/analysis-services/server/main.bicep | 8 +++--- .../service/.test/common/main.test.bicep | 5 +++- .../service/.test/max/main.test.bicep | 5 +++- modules/api-management/service/README.md | 10 ++++++-- modules/api-management/service/main.bicep | 10 ++++---- .../.test/common/main.test.bicep | 5 +++- .../configuration-store/README.md | 5 +++- .../configuration-store/main.bicep | 8 +++--- .../.test/common/main.test.bicep | 5 +++- modules/app/container-app/README.md | 5 +++- modules/app/container-app/main.bicep | 8 +++--- .../.test/common/main.test.bicep | 5 +++- modules/app/managed-environment/README.md | 5 +++- modules/app/managed-environment/main.bicep | 8 +++--- .../.test/common/main.test.bicep | 5 +++- .../automation/automation-account/README.md | 5 +++- .../automation/automation-account/main.bicep | 8 +++--- .../.test/common/main.test.bicep | 5 +++- modules/batch/batch-account/README.md | 5 +++- modules/batch/batch-account/main.bicep | 8 +++--- .../.test/common/main.test.bicep | 5 +++- modules/cache/redis-enterprise/README.md | 5 +++- modules/cache/redis-enterprise/main.bicep | 8 +++--- .../cache/redis/.test/common/main.test.bicep | 5 +++- modules/cache/redis/README.md | 5 +++- modules/cache/redis/main.bicep | 8 +++--- modules/cdn/profile/.test/afd/main.test.bicep | 5 +++- .../cdn/profile/.test/common/main.test.bicep | 5 +++- modules/cdn/profile/README.md | 10 ++++++-- modules/cdn/profile/main.bicep | 8 +++--- .../account/.test/common/main.test.bicep | 5 +++- modules/cognitive-services/account/README.md | 5 +++- modules/cognitive-services/account/main.bicep | 8 +++--- .../.test/common/main.test.bicep | 5 +++- modules/compute/availability-set/README.md | 5 +++- modules/compute/availability-set/main.bicep | 8 +++--- .../.test/common/main.test.bicep | 5 +++- modules/compute/disk-encryption-set/README.md | 5 +++- .../compute/disk-encryption-set/main.bicep | 8 +++--- .../compute/disk/.test/common/main.test.bicep | 5 +++- modules/compute/disk/README.md | 5 +++- modules/compute/disk/main.bicep | 8 +++--- .../gallery/.test/common/main.test.bicep | 5 +++- modules/compute/gallery/README.md | 5 +++- modules/compute/gallery/main.bicep | 8 +++--- .../.test/common/main.test.bicep | 5 +++- .../proximity-placement-group/README.md | 5 +++- .../proximity-placement-group/main.bicep | 8 +++--- modules/compute/ssh-public-key/main.bicep | 8 +++--- .../.test/linux/main.test.bicep | 5 +++- .../.test/windows/main.test.bicep | 5 +++- .../virtual-machine-scale-set/README.md | 10 ++++++-- .../virtual-machine-scale-set/main.bicep | 8 +++--- .../.test/linux/main.test.bicep | 5 +++- .../.test/windows/main.test.bicep | 5 +++- modules/compute/virtual-machine/README.md | 10 ++++++-- modules/compute/virtual-machine/main.bicep | 8 +++--- .../.test/common/main.test.bicep | 5 +++- .../.test/encr/main.test.bicep | 5 +++- .../.test/private/main.test.bicep | 5 +++- .../container-group/README.md | 15 ++++++++--- .../container-group/main.bicep | 8 +++--- .../registry/.test/common/main.test.bicep | 5 +++- modules/container-registry/registry/README.md | 5 +++- .../container-registry/registry/main.bicep | 8 +++--- .../.test/azure/main.test.bicep | 5 +++- .../managed-cluster/README.md | 5 +++- .../managed-cluster/main.bicep | 8 +++--- .../factory/.test/common/main.test.bicep | 5 +++- modules/data-factory/factory/README.md | 5 +++- modules/data-factory/factory/main.bicep | 8 +++--- .../backup-vault/.test/common/main.test.bicep | 5 +++- .../data-protection/backup-vault/README.md | 5 +++- .../data-protection/backup-vault/main.bicep | 8 +++--- .../.test/common/main.test.bicep | 5 +++- modules/databricks/access-connector/README.md | 5 +++- .../databricks/access-connector/main.bicep | 8 +++--- .../workspace/.test/common/main.test.bicep | 5 +++- modules/databricks/workspace/README.md | 5 +++- modules/databricks/workspace/main.bicep | 8 +++--- .../.test/private/main.test.bicep | 5 +++- .../.test/public/main.test.bicep | 5 +++- .../db-for-my-sql/flexible-server/README.md | 10 ++++++-- .../db-for-my-sql/flexible-server/main.bicep | 8 +++--- .../flexible-server/main.bicep | 8 +++--- .../.test/common/main.test.bicep | 5 +++- .../application-group/README.md | 5 +++- .../application-group/main.bicep | 8 +++--- .../host-pool/.test/common/main.test.bicep | 5 +++- .../host-pool/README.md | 5 +++- .../host-pool/main.bicep | 8 +++--- .../workspace/.test/common/main.test.bicep | 5 +++- .../workspace/README.md | 5 +++- .../workspace/main.bicep | 8 +++--- .../lab/.test/common/main.test.bicep | 5 +++- modules/dev-test-lab/lab/README.md | 5 +++- modules/dev-test-lab/lab/main.bicep | 8 +++--- .../.test/common/main.test.bicep | 5 +++- .../digital-twins-instance/README.md | 5 +++- .../.test/plain/main.test.bicep | 5 +++- .../document-db/database-account/README.md | 5 +++- .../document-db/database-account/main.bicep | 8 +++--- .../domain/.test/common/main.test.bicep | 5 +++- modules/event-grid/domain/README.md | 5 +++- modules/event-grid/domain/main.bicep | 8 +++--- .../system-topic/.test/common/main.test.bicep | 5 +++- modules/event-grid/system-topic/README.md | 5 +++- modules/event-grid/system-topic/main.bicep | 8 +++--- .../topic/.test/common/main.test.bicep | 5 +++- modules/event-grid/topic/README.md | 5 +++- modules/event-grid/topic/main.bicep | 8 +++--- .../namespace/.test/common/main.test.bicep | 5 +++- modules/event-hub/namespace/README.md | 5 +++- .../event-hub/namespace/eventhub/main.bicep | 8 +++--- modules/event-hub/namespace/main.bicep | 8 +++--- .../health-bot/.test/common/main.test.bicep | 5 +++- modules/health-bot/health-bot/README.md | 5 +++- modules/health-bot/health-bot/main.bicep | 8 +++--- .../workspace/dicomservice/main.bicep | 8 +++--- .../workspace/fhirservice/main.bicep | 8 +++--- .../workspace/iotconnector/main.bicep | 8 +++--- modules/healthcare-apis/workspace/main.bicep | 8 +++--- .../.test/common/main.test.bicep | 5 +++- .../data-collection-endpoint/README.md | 5 +++- .../.test/customadv/main.test.bicep | 5 +++- .../.test/custombasic/main.test.bicep | 5 +++- .../.test/customiis/main.test.bicep | 5 +++- .../.test/linux/main.test.bicep | 5 +++- .../.test/windows/main.test.bicep | 5 +++- .../insights/data-collection-rule/README.md | 25 +++++++++++++++---- .../insights/private-link-scope/main.bicep | 8 +++--- .../webtest/.test/common/main.test.bicep | 5 +++- modules/insights/webtest/README.md | 5 +++- modules/insights/webtest/main.bicep | 8 +++--- .../vault/.test/common/main.test.bicep | 5 +++- modules/key-vault/vault/README.md | 5 +++- modules/key-vault/vault/main.bicep | 8 +++--- .../workflow/.test/common/main.test.bicep | 5 +++- modules/logic/workflow/README.md | 5 +++- modules/logic/workflow/main.bicep | 8 +++--- .../workspace/.test/common/main.test.bicep | 5 +++- .../workspace/README.md | 5 +++- .../workspace/main.bicep | 8 +++--- .../.test/common/main.test.bicep | 5 +++- .../maintenance-configuration/README.md | 5 +++- .../maintenance-configuration/main.bicep | 8 +++--- .../.test/common/main.test.bicep | 5 +++- .../user-assigned-identity/README.md | 5 +++- .../user-assigned-identity/main.bicep | 8 +++--- .../.test/nfs3/main.test.bicep | 5 +++- modules/net-app/net-app-account/README.md | 5 +++- modules/net-app/net-app-account/main.bicep | 8 +++--- .../.test/common/main.test.bicep | 5 +++- modules/network/application-gateway/README.md | 5 +++- .../network/application-gateway/main.bicep | 8 +++--- .../.test/common/main.test.bicep | 5 +++- .../application-security-group/README.md | 5 +++- .../application-security-group/main.bicep | 8 +++--- .../.test/common/main.test.bicep | 5 +++- modules/network/azure-firewall/README.md | 5 +++- modules/network/azure-firewall/main.bicep | 8 +++--- .../bastion-host/.test/common/main.test.bicep | 5 +++- modules/network/bastion-host/README.md | 5 +++- modules/network/bastion-host/main.bicep | 8 +++--- .../.test/vnet2vnet/main.test.bicep | 5 +++- modules/network/connection/README.md | 5 +++- modules/network/connection/main.bicep | 8 +++--- .../.test/common/main.test.bicep | 5 +++- .../network/ddos-protection-plan/README.md | 5 +++- .../network/ddos-protection-plan/main.bicep | 8 +++--- .../.test/common/main.test.bicep | 5 +++- .../network/dns-forwarding-ruleset/README.md | 5 +++- .../network/dns-forwarding-ruleset/main.bicep | 10 ++++---- modules/network/dns-resolver/main.bicep | 8 +++--- .../dns-zone/.test/common/main.test.bicep | 5 +++- modules/network/dns-zone/README.md | 5 +++- modules/network/dns-zone/main.bicep | 8 +++--- .../.test/common/main.test.bicep | 5 +++- .../network/express-route-circuit/README.md | 5 +++- .../network/express-route-circuit/main.bicep | 8 +++--- .../.test/common/main.test.bicep | 5 +++- .../network/express-route-gateway/README.md | 5 +++- .../network/express-route-gateway/main.bicep | 8 +++--- .../.test/common/main.test.bicep | 5 +++- .../README.md | 5 +++- .../main.bicep | 8 +++--- .../front-door/.test/common/main.test.bicep | 5 +++- modules/network/front-door/README.md | 5 +++- modules/network/front-door/main.bicep | 8 +++--- .../ip-group/.test/common/main.test.bicep | 5 +++- modules/network/ip-group/README.md | 5 +++- modules/network/ip-group/main.bicep | 8 +++--- .../.test/common/main.test.bicep | 5 +++- modules/network/load-balancer/README.md | 5 +++- modules/network/load-balancer/main.bicep | 8 +++--- .../.test/common/main.test.bicep | 5 +++- .../network/local-network-gateway/README.md | 5 +++- .../network/local-network-gateway/main.bicep | 8 +++--- .../nat-gateway/.test/common/main.test.bicep | 5 +++- modules/network/nat-gateway/README.md | 5 +++- modules/network/nat-gateway/main.bicep | 8 +++--- .../.test/common/main.test.bicep | 5 +++- modules/network/network-interface/README.md | 5 +++- modules/network/network-interface/main.bicep | 8 +++--- .../.test/common/main.test.bicep | 5 +++- modules/network/network-manager/README.md | 5 +++- modules/network/network-manager/main.bicep | 8 +++--- .../.test/common/main.test.bicep | 5 +++- .../network/network-security-group/README.md | 5 +++- .../network/network-security-group/main.bicep | 8 +++--- modules/network/network-watcher/main.bicep | 8 +++--- .../.test/common/main.test.bicep | 5 +++- modules/network/private-dns-zone/README.md | 5 +++- modules/network/private-dns-zone/main.bicep | 8 +++--- .../.test/common/main.test.bicep | 5 +++- modules/network/private-endpoint/README.md | 5 +++- modules/network/private-endpoint/main.bicep | 8 +++--- .../.test/common/main.test.bicep | 5 +++- .../network/private-link-service/README.md | 5 +++- .../network/private-link-service/main.bicep | 8 +++--- .../.test/common/main.test.bicep | 5 +++- modules/network/public-ip-address/README.md | 5 +++- modules/network/public-ip-address/main.bicep | 8 +++--- .../.test/common/main.test.bicep | 5 +++- modules/network/public-ip-prefix/README.md | 5 +++- modules/network/public-ip-prefix/main.bicep | 8 +++--- .../route-table/.test/common/main.test.bicep | 5 +++- modules/network/route-table/README.md | 5 +++- modules/network/route-table/main.bicep | 8 +++--- .../.test/common/main.test.bicep | 5 +++- .../network/service-endpoint-policy/README.md | 5 +++- .../service-endpoint-policy/main.bicep | 8 +++--- .../.test/common/main.test.bicep | 5 +++- .../network/trafficmanagerprofile/README.md | 5 +++- .../network/trafficmanagerprofile/main.bicep | 8 +++--- .../virtual-hub/.test/common/main.test.bicep | 5 +++- modules/network/virtual-hub/README.md | 5 +++- modules/network/virtual-hub/main.bicep | 8 +++--- .../.test/aadvpn/main.test.bicep | 5 +++- .../.test/vpn/main.test.bicep | 5 +++- .../network/virtual-network-gateway/README.md | 10 ++++++-- .../virtual-network-gateway/main.bicep | 8 +++--- .../.test/common/main.test.bicep | 5 +++- modules/network/virtual-network/README.md | 5 +++- modules/network/virtual-network/main.bicep | 8 +++--- .../virtual-wan/.test/common/main.test.bicep | 5 +++- modules/network/virtual-wan/README.md | 5 +++- modules/network/virtual-wan/main.bicep | 8 +++--- .../vpn-gateway/.test/common/main.test.bicep | 5 +++- modules/network/vpn-gateway/README.md | 5 +++- modules/network/vpn-gateway/main.bicep | 8 +++--- .../vpn-site/.test/common/main.test.bicep | 5 +++- modules/network/vpn-site/README.md | 5 +++- modules/network/vpn-site/main.bicep | 8 +++--- .../workspace/.test/adv/main.test.bicep | 5 +++- .../workspace/.test/common/main.test.bicep | 5 +++- .../operational-insights/workspace/README.md | 10 ++++++-- .../operational-insights/workspace/main.bicep | 8 +++--- .../capacity/.test/common/main.test.bicep | 5 +++- modules/power-bi-dedicated/capacity/README.md | 5 +++- .../account/.test/common/main.test.bicep | 5 +++- modules/purview/account/README.md | 5 +++- modules/purview/account/main.bicep | 10 ++++---- .../vault/.test/common/main.test.bicep | 5 +++- modules/recovery-services/vault/README.md | 5 +++- modules/recovery-services/vault/main.bicep | 8 +++--- .../namespace/.test/common/main.test.bicep | 5 +++- modules/relay/namespace/README.md | 5 +++- .../namespace/hybrid-connection/main.bicep | 8 +++--- modules/relay/namespace/main.bicep | 8 +++--- modules/relay/namespace/wcf-relay/main.bicep | 8 +++--- .../query/.test/common/main.test.bicep | 5 +++- modules/resource-graph/query/README.md | 5 +++- modules/resource-graph/query/main.bicep | 8 +++--- .../.test/ps/main.test.bicep | 5 +++- modules/resources/deployment-script/README.md | 5 +++- .../resources/deployment-script/main.bicep | 8 +++--- .../.test/common/main.test.bicep | 5 +++- modules/resources/resource-group/README.md | 5 +++- .../.test/common/main.test.bicep | 5 +++- modules/search/search-service/README.md | 5 +++- modules/search/search-service/main.bicep | 8 +++--- .../namespace/.test/common/main.test.bicep | 5 +++- modules/service-bus/namespace/README.md | 5 +++- modules/service-bus/namespace/main.bicep | 8 +++--- .../service-bus/namespace/queue/main.bicep | 8 +++--- .../service-bus/namespace/topic/main.bicep | 8 +++--- .../cluster/.test/common/main.test.bicep | 5 +++- modules/service-fabric/cluster/README.md | 5 +++- modules/service-fabric/cluster/main.bicep | 8 +++--- .../signal-r/.test/common/main.test.bicep | 5 +++- modules/signal-r-service/signal-r/README.md | 5 +++- modules/signal-r-service/signal-r/main.bicep | 8 +++--- .../web-pub-sub/.test/common/main.test.bicep | 5 +++- .../signal-r-service/web-pub-sub/README.md | 5 +++- .../signal-r-service/web-pub-sub/main.bicep | 8 +++--- .../.test/common/main.test.bicep | 5 +++- modules/sql/managed-instance/README.md | 5 +++- modules/sql/managed-instance/main.bicep | 8 +++--- .../sql/server/.test/common/main.test.bicep | 5 +++- modules/sql/server/README.md | 5 +++- modules/sql/server/main.bicep | 8 +++--- .../.test/common/main.test.bicep | 5 +++- .../storage-account/.test/nfs/main.test.bicep | 5 +++- modules/storage/storage-account/README.md | 10 ++++++-- modules/storage/storage-account/main.bicep | 8 +++--- .../.test/common/main.test.bicep | 5 +++- modules/synapse/private-link-hub/README.md | 5 +++- modules/synapse/private-link-hub/main.bicep | 8 +++--- modules/synapse/workspace/main.bicep | 8 +++--- .../.test/common/main.test.bicep | 5 +++- .../image-template/README.md | 5 +++- .../image-template/main.bicep | 8 +++--- .../connection/.test/common/main.test.bicep | 5 +++- modules/web/connection/README.md | 5 +++- modules/web/connection/main.bicep | 8 +++--- .../.test/asev2/main.test.bicep | 5 +++- .../.test/asev3/main.test.bicep | 5 +++- modules/web/hosting-environment/README.md | 10 ++++++-- modules/web/hosting-environment/main.bicep | 8 +++--- .../serverfarm/.test/common/main.test.bicep | 5 +++- modules/web/serverfarm/README.md | 5 +++- modules/web/serverfarm/main.bicep | 8 +++--- .../.test/functionAppCommon/main.test.bicep | 5 +++- modules/web/site/README.md | 5 +++- modules/web/site/main.bicep | 8 +++--- .../static-site/.test/common/main.test.bicep | 5 +++- modules/web/static-site/README.md | 5 +++- modules/web/static-site/main.bicep | 8 +++--- .../sharedScripts/Set-ModuleReadMe.ps1 | 15 ++++++++--- 337 files changed, 1423 insertions(+), 700 deletions(-) diff --git a/docs/wiki/The library - Module design.md b/docs/wiki/The library - Module design.md index 09691d5115..96d5244355 100644 --- a/docs/wiki/The library - Module design.md +++ b/docs/wiki/The library - Module design.md @@ -151,11 +151,11 @@ The locks extension can be added as a `resource` to the resource template direct @description('Optional. Specify the type of lock.') param lock string = '' -resource _lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${.name}-${lock}-lock' +resource _lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: } diff --git a/modules/aad/domain-service/.test/common/main.test.bicep b/modules/aad/domain-service/.test/common/main.test.bicep index 6df70643ed..0575d1a848 100644 --- a/modules/aad/domain-service/.test/common/main.test.bicep +++ b/modules/aad/domain-service/.test/common/main.test.bicep @@ -82,7 +82,10 @@ module testDeployment '../../main.bicep' = { diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } pfxCertificate: keyVault.getSecret(nestedDependencies.outputs.certSecretName) pfxCertificatePassword: keyVault.getSecret(nestedDependencies.outputs.certPWSecretName) replicaSets: [ diff --git a/modules/aad/domain-service/README.md b/modules/aad/domain-service/README.md index 89ea3e1a49..18b23f5174 100644 --- a/modules/aad/domain-service/README.md +++ b/modules/aad/domain-service/README.md @@ -54,7 +54,10 @@ module domainService 'br:bicep/modules/aad.domain-service:1.0.0' = { diagnosticStorageAccountId: '' diagnosticWorkspaceId: '' enableDefaultTelemetry: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } name: 'aaddscom001' pfxCertificate: '' pfxCertificatePassword: '' diff --git a/modules/aad/domain-service/main.bicep b/modules/aad/domain-service/main.bicep index e8aa4ad471..61eb76e7c2 100644 --- a/modules/aad/domain-service/main.bicep +++ b/modules/aad/domain-service/main.bicep @@ -230,11 +230,11 @@ resource domainService_diagnosticSettings 'Microsoft.Insights/diagnosticSettings scope: domainService } -resource domainService_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${domainService.name}-${lock}-lock' +resource domainService_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: domainService } diff --git a/modules/analysis-services/server/.test/common/main.test.bicep b/modules/analysis-services/server/.test/common/main.test.bicep index 527c3c1c71..1857916d7b 100644 --- a/modules/analysis-services/server/.test/common/main.test.bicep +++ b/modules/analysis-services/server/.test/common/main.test.bicep @@ -66,7 +66,10 @@ module testDeployment '../../main.bicep' = { params: { enableDefaultTelemetry: enableDefaultTelemetry name: '${namePrefix}${serviceShort}' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } skuName: 'S0' roleAssignments: [ { diff --git a/modules/analysis-services/server/.test/max/main.test.bicep b/modules/analysis-services/server/.test/max/main.test.bicep index 582c804860..4c9bff9711 100644 --- a/modules/analysis-services/server/.test/max/main.test.bicep +++ b/modules/analysis-services/server/.test/max/main.test.bicep @@ -63,7 +63,10 @@ module testDeployment '../../main.bicep' = { params: { enableDefaultTelemetry: enableDefaultTelemetry name: '${namePrefix}${serviceShort}' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } skuName: 'S0' skuCapacity: 1 firewallSettings: { diff --git a/modules/analysis-services/server/README.md b/modules/analysis-services/server/README.md index bd06d1cc84..3a76d70c5c 100644 --- a/modules/analysis-services/server/README.md +++ b/modules/analysis-services/server/README.md @@ -52,7 +52,10 @@ module server 'br:bicep/modules/analysis-services.server:1.0.0' = { diagnosticStorageAccountId: '' diagnosticWorkspaceId: '' enableDefaultTelemetry: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { principalIds: [ @@ -170,7 +173,10 @@ module server 'br:bicep/modules/analysis-services.server:1.0.0' = { } ] } - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { principalIds: [ diff --git a/modules/analysis-services/server/main.bicep b/modules/analysis-services/server/main.bicep index 0b0ca98d44..43d0bb4de0 100644 --- a/modules/analysis-services/server/main.bicep +++ b/modules/analysis-services/server/main.bicep @@ -120,11 +120,11 @@ resource server 'Microsoft.AnalysisServices/servers@2017-08-01' = { } } -resource server_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${server.name}-${lock}-lock' +resource server_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: server } diff --git a/modules/api-management/service/.test/common/main.test.bicep b/modules/api-management/service/.test/common/main.test.bicep index d00d8943f8..fd416833ae 100644 --- a/modules/api-management/service/.test/common/main.test.bicep +++ b/modules/api-management/service/.test/common/main.test.bicep @@ -54,7 +54,10 @@ module testDeployment '../../main.bicep' = { name: '${namePrefix}${serviceShort}001' publisherEmail: 'apimgmt-noreply@mail.windowsazure.com' publisherName: '${namePrefix}-az-amorg-x-001' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } policies: [ { format: 'xml' diff --git a/modules/api-management/service/.test/max/main.test.bicep b/modules/api-management/service/.test/max/main.test.bicep index d9dde652c7..df6c7f2bc8 100644 --- a/modules/api-management/service/.test/max/main.test.bicep +++ b/modules/api-management/service/.test/max/main.test.bicep @@ -126,7 +126,10 @@ module testDeployment '../../main.bicep' = { name: 'aadProvider' } ] - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } namedValues: [ { displayName: 'apimkey' diff --git a/modules/api-management/service/README.md b/modules/api-management/service/README.md index 9d2bea3e8d..c4fc816503 100644 --- a/modules/api-management/service/README.md +++ b/modules/api-management/service/README.md @@ -65,7 +65,10 @@ module service 'br:bicep/modules/api-management.service:1.0.0' = { publisherName: 'az-amorg-x-001' // Non-required parameters enableDefaultTelemetry: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } policies: [ { format: 'xml' @@ -263,7 +266,10 @@ module service 'br:bicep/modules/api-management.service:1.0.0' = { name: 'aadProvider' } ] - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } namedValues: [ { displayName: 'apimkey' diff --git a/modules/api-management/service/main.bicep b/modules/api-management/service/main.bicep index cdc0d4c0d6..1aa3cf04dd 100644 --- a/modules/api-management/service/main.bicep +++ b/modules/api-management/service/main.bicep @@ -435,13 +435,13 @@ module service_subscriptions 'subscription/main.bicep' = [for (subscription, ind } }] -resource apiManagementService_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${service.name}-${lock}-lock' +resource apiManagementService_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } - scope: service + scope: apiManagementService } resource apiManagementService_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { diff --git a/modules/app-configuration/configuration-store/.test/common/main.test.bicep b/modules/app-configuration/configuration-store/.test/common/main.test.bicep index 8eb3658b39..21f5a65bb4 100644 --- a/modules/app-configuration/configuration-store/.test/common/main.test.bicep +++ b/modules/app-configuration/configuration-store/.test/common/main.test.bicep @@ -89,7 +89,10 @@ module testDeployment '../../main.bicep' = { value: 'valueName' } ] - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { roleDefinitionIdOrName: 'Reader' diff --git a/modules/app-configuration/configuration-store/README.md b/modules/app-configuration/configuration-store/README.md index bd34bd6772..4b78debd8d 100644 --- a/modules/app-configuration/configuration-store/README.md +++ b/modules/app-configuration/configuration-store/README.md @@ -75,7 +75,10 @@ module configurationStore 'br:bicep/modules/app-configuration.configuration-stor value: 'valueName' } ] - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { principalIds: [ diff --git a/modules/app-configuration/configuration-store/main.bicep b/modules/app-configuration/configuration-store/main.bicep index 30ae719fe0..299c480f5c 100644 --- a/modules/app-configuration/configuration-store/main.bicep +++ b/modules/app-configuration/configuration-store/main.bicep @@ -204,11 +204,11 @@ module configurationStore_keyValues 'key-value/main.bicep' = [for (keyValue, ind } }] -resource configurationStore_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${configurationStore.name}-${lock}-lock' +resource configurationStore_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: configurationStore } diff --git a/modules/app/container-app/.test/common/main.test.bicep b/modules/app/container-app/.test/common/main.test.bicep index 9667da2fbe..9e032bfcd3 100644 --- a/modules/app/container-app/.test/common/main.test.bicep +++ b/modules/app/container-app/.test/common/main.test.bicep @@ -60,7 +60,10 @@ module testDeployment '../../main.bicep' = { enableDefaultTelemetry: enableDefaultTelemetry environmentId: nestedDependencies.outputs.managedEnvironmentResourceId location: location - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } userAssignedIdentities: { '${nestedDependencies.outputs.managedIdentityResourceId}': {} } diff --git a/modules/app/container-app/README.md b/modules/app/container-app/README.md index 870012dd19..9efafb66cb 100644 --- a/modules/app/container-app/README.md +++ b/modules/app/container-app/README.md @@ -75,7 +75,10 @@ module containerApp 'br:bicep/modules/app.container-app:1.0.0' = { // Non-required parameters enableDefaultTelemetry: '' location: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } secrets: { secureList: [ { diff --git a/modules/app/container-app/main.bicep b/modules/app/container-app/main.bicep index 8d3ed86720..6d3f020923 100644 --- a/modules/app/container-app/main.bicep +++ b/modules/app/container-app/main.bicep @@ -184,11 +184,11 @@ resource containerApp 'Microsoft.App/containerApps@2022-10-01' = { } } -resource containerApp_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${containerApp.name}-${lock}-lock' +resource containerApp_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: containerApp } diff --git a/modules/app/managed-environment/.test/common/main.test.bicep b/modules/app/managed-environment/.test/common/main.test.bicep index 6a3a769e96..84b3e08239 100644 --- a/modules/app/managed-environment/.test/common/main.test.bicep +++ b/modules/app/managed-environment/.test/common/main.test.bicep @@ -60,7 +60,10 @@ module testDeployment '../../main.bicep' = { platformReservedCidr: '172.17.17.0/24' platformReservedDnsIP: '172.17.17.17' infrastructureSubnetId: nestedDependencies.outputs.subnetResourceId - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } tags: { 'hidden-title': 'This is visible in the resource name' Env: 'test' diff --git a/modules/app/managed-environment/README.md b/modules/app/managed-environment/README.md index 19638dbf5b..6a39b46bc3 100644 --- a/modules/app/managed-environment/README.md +++ b/modules/app/managed-environment/README.md @@ -51,7 +51,10 @@ module managedEnvironment 'br:bicep/modules/app.managed-environment:1.0.0' = { infrastructureSubnetId: '' internal: true location: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } platformReservedCidr: '172.17.17.0/24' platformReservedDnsIP: '172.17.17.17' skuName: 'Consumption' diff --git a/modules/app/managed-environment/main.bicep b/modules/app/managed-environment/main.bicep index ac532ea529..2606d2b389 100644 --- a/modules/app/managed-environment/main.bicep +++ b/modules/app/managed-environment/main.bicep @@ -142,11 +142,11 @@ module managedEnvironment_roleAssignments '.bicep/nested_roleAssignments.bicep' } }] -resource managedEnvironment_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${managedEnvironment.name}-${lock}-lock' +resource managedEnvironment_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: managedEnvironment } diff --git a/modules/automation/automation-account/.test/common/main.test.bicep b/modules/automation/automation-account/.test/common/main.test.bicep index 7bfe9ab16b..d4e0066b1e 100644 --- a/modules/automation/automation-account/.test/common/main.test.bicep +++ b/modules/automation/automation-account/.test/common/main.test.bicep @@ -87,7 +87,10 @@ module testDeployment '../../main.bicep' = { ] disableLocalAuth: true linkedWorkspaceResourceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } modules: [ { name: 'PSWindowsUpdate' diff --git a/modules/automation/automation-account/README.md b/modules/automation/automation-account/README.md index 52e1318985..a4e655f495 100644 --- a/modules/automation/automation-account/README.md +++ b/modules/automation/automation-account/README.md @@ -77,7 +77,10 @@ module automationAccount 'br:bicep/modules/automation.automation-account:1.0.0' } ] linkedWorkspaceResourceId: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } modules: [ { name: 'PSWindowsUpdate' diff --git a/modules/automation/automation-account/main.bicep b/modules/automation/automation-account/main.bicep index 330c5c6828..7ae7c1f614 100644 --- a/modules/automation/automation-account/main.bicep +++ b/modules/automation/automation-account/main.bicep @@ -348,11 +348,11 @@ module automationAccount_softwareUpdateConfigurations 'software-update-configura ] }] -resource automationAccount_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${automationAccount.name}-${lock}-lock' +resource automationAccount_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: automationAccount } diff --git a/modules/batch/batch-account/.test/common/main.test.bicep b/modules/batch/batch-account/.test/common/main.test.bicep index b81a0e4036..a94c27a00b 100644 --- a/modules/batch/batch-account/.test/common/main.test.bicep +++ b/modules/batch/batch-account/.test/common/main.test.bicep @@ -73,7 +73,10 @@ module testDeployment '../../main.bicep' = { diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } poolAllocationMode: 'BatchService' privateEndpoints: [ { diff --git a/modules/batch/batch-account/README.md b/modules/batch/batch-account/README.md index 17cd685691..0562f5c4c4 100644 --- a/modules/batch/batch-account/README.md +++ b/modules/batch/batch-account/README.md @@ -55,7 +55,10 @@ module batchAccount 'br:bicep/modules/batch.batch-account:1.0.0' = { diagnosticStorageAccountId: '' diagnosticWorkspaceId: '' enableDefaultTelemetry: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } poolAllocationMode: 'BatchService' privateEndpoints: [ { diff --git a/modules/batch/batch-account/main.bicep b/modules/batch/batch-account/main.bicep index 88fe410734..4809c4c824 100644 --- a/modules/batch/batch-account/main.bicep +++ b/modules/batch/batch-account/main.bicep @@ -215,11 +215,11 @@ resource batchAccount 'Microsoft.Batch/batchAccounts@2022-06-01' = { } } -resource batchAccount_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${batchAccount.name}-${lock}-lock' +resource batchAccount_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: batchAccount } diff --git a/modules/cache/redis-enterprise/.test/common/main.test.bicep b/modules/cache/redis-enterprise/.test/common/main.test.bicep index 70adc46f2c..8094d7f546 100644 --- a/modules/cache/redis-enterprise/.test/common/main.test.bicep +++ b/modules/cache/redis-enterprise/.test/common/main.test.bicep @@ -73,7 +73,10 @@ module testDeployment '../../main.bicep' = { diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName diagnosticSettingsName: 'redisdiagnostics' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { roleDefinitionIdOrName: 'Reader' diff --git a/modules/cache/redis-enterprise/README.md b/modules/cache/redis-enterprise/README.md index 79e8069cff..db0f8bbe33 100644 --- a/modules/cache/redis-enterprise/README.md +++ b/modules/cache/redis-enterprise/README.md @@ -76,7 +76,10 @@ module redisEnterprise 'br:bicep/modules/cache.redis-enterprise:1.0.0' = { diagnosticStorageAccountId: '' diagnosticWorkspaceId: '' enableDefaultTelemetry: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } minimumTlsVersion: '1.2' privateEndpoints: [ { diff --git a/modules/cache/redis-enterprise/main.bicep b/modules/cache/redis-enterprise/main.bicep index 6cd4f4da66..fc0cfa2603 100644 --- a/modules/cache/redis-enterprise/main.bicep +++ b/modules/cache/redis-enterprise/main.bicep @@ -139,11 +139,11 @@ resource redisCacheEnterprise 'Microsoft.Cache/redisEnterprise@2022-01-01' = { zones: availabilityZones } -resource redisCacheEnterprise_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${redisCacheEnterprise.name}-${lock}-lock' +resource redisCacheEnterprise_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: redisCacheEnterprise } diff --git a/modules/cache/redis/.test/common/main.test.bicep b/modules/cache/redis/.test/common/main.test.bicep index 5428f2e9cb..b323687bb9 100644 --- a/modules/cache/redis/.test/common/main.test.bicep +++ b/modules/cache/redis/.test/common/main.test.bicep @@ -73,7 +73,10 @@ module testDeployment '../../main.bicep' = { diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName diagnosticSettingsName: 'redisdiagnostics' enableNonSslPort: true - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } minimumTlsVersion: '1.2' zoneRedundant: true zones: [ 1, 2 ] diff --git a/modules/cache/redis/README.md b/modules/cache/redis/README.md index 8360ae347a..70b7d730a2 100644 --- a/modules/cache/redis/README.md +++ b/modules/cache/redis/README.md @@ -57,7 +57,10 @@ module redis 'br:bicep/modules/cache.redis:1.0.0' = { diagnosticWorkspaceId: '' enableDefaultTelemetry: '' enableNonSslPort: true - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } minimumTlsVersion: '1.2' privateEndpoints: [ { diff --git a/modules/cache/redis/main.bicep b/modules/cache/redis/main.bicep index 84350bf9bc..db29b3f254 100644 --- a/modules/cache/redis/main.bicep +++ b/modules/cache/redis/main.bicep @@ -210,11 +210,11 @@ resource redisCache 'Microsoft.Cache/redis@2022-06-01' = { zones: availabilityZones } -resource redisCache_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${redisCache.name}-${lock}-lock' +resource redisCache_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: redisCache } diff --git a/modules/cdn/profile/.test/afd/main.test.bicep b/modules/cdn/profile/.test/afd/main.test.bicep index a8eec32f82..10c448e3b8 100644 --- a/modules/cdn/profile/.test/afd/main.test.bicep +++ b/modules/cdn/profile/.test/afd/main.test.bicep @@ -50,7 +50,10 @@ module testDeployment '../../main.bicep' = { params: { name: 'dep-${namePrefix}-test-${serviceShort}' location: 'global' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } originResponseTimeoutSeconds: 60 sku: 'Standard_AzureFrontDoor' enableDefaultTelemetry: enableDefaultTelemetry diff --git a/modules/cdn/profile/.test/common/main.test.bicep b/modules/cdn/profile/.test/common/main.test.bicep index d8dcf730f7..20344b0e7a 100644 --- a/modules/cdn/profile/.test/common/main.test.bicep +++ b/modules/cdn/profile/.test/common/main.test.bicep @@ -53,7 +53,10 @@ module testDeployment '../../main.bicep' = { params: { name: 'dep-${namePrefix}-test-${serviceShort}' location: location - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } originResponseTimeoutSeconds: 60 sku: 'Standard_Verizon' enableDefaultTelemetry: enableDefaultTelemetry diff --git a/modules/cdn/profile/README.md b/modules/cdn/profile/README.md index 04388adbbd..a3bceeb2be 100644 --- a/modules/cdn/profile/README.md +++ b/modules/cdn/profile/README.md @@ -79,7 +79,10 @@ module profile 'br:bicep/modules/cdn.profile:1.0.0' = { ] enableDefaultTelemetry: '' location: 'global' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } originResponseTimeoutSeconds: 60 origionGroups: [ { @@ -303,7 +306,10 @@ module profile 'br:bicep/modules/cdn.profile:1.0.0' = { queryStringCachingBehavior: 'IgnoreQueryString' } location: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } originResponseTimeoutSeconds: 60 roleAssignments: [ { diff --git a/modules/cdn/profile/main.bicep b/modules/cdn/profile/main.bicep index 072f1ddba5..c3b2fdcdc4 100644 --- a/modules/cdn/profile/main.bicep +++ b/modules/cdn/profile/main.bicep @@ -93,11 +93,11 @@ resource profile 'Microsoft.Cdn/profiles@2023-05-01' = { tags: tags } -resource profile_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${profile.name}-${lock}-lock' +resource profile_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: profile } diff --git a/modules/cognitive-services/account/.test/common/main.test.bicep b/modules/cognitive-services/account/.test/common/main.test.bicep index 39d0bbbd26..4c7d9c9a29 100644 --- a/modules/cognitive-services/account/.test/common/main.test.bicep +++ b/modules/cognitive-services/account/.test/common/main.test.bicep @@ -73,7 +73,10 @@ module testDeployment '../../main.bicep' = { diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } networkAcls: { defaultAction: 'Deny' ipRules: [ diff --git a/modules/cognitive-services/account/README.md b/modules/cognitive-services/account/README.md index 1d92f15fb0..e2c172435f 100644 --- a/modules/cognitive-services/account/README.md +++ b/modules/cognitive-services/account/README.md @@ -58,7 +58,10 @@ module account 'br:bicep/modules/cognitive-services.account:1.0.0' = { diagnosticStorageAccountId: '' diagnosticWorkspaceId: '' enableDefaultTelemetry: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } networkAcls: { defaultAction: 'Deny' ipRules: [ diff --git a/modules/cognitive-services/account/main.bicep b/modules/cognitive-services/account/main.bicep index 093b347969..2996423a70 100644 --- a/modules/cognitive-services/account/main.bicep +++ b/modules/cognitive-services/account/main.bicep @@ -258,11 +258,11 @@ resource cognitiveServices 'Microsoft.CognitiveServices/accounts@2022-12-01' = { } } -resource cognitiveServices_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${cognitiveServices.name}-${lock}-lock' +resource cognitiveServices_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: cognitiveServices } diff --git a/modules/compute/availability-set/.test/common/main.test.bicep b/modules/compute/availability-set/.test/common/main.test.bicep index ae1d4d2684..7e6829e7a7 100644 --- a/modules/compute/availability-set/.test/common/main.test.bicep +++ b/modules/compute/availability-set/.test/common/main.test.bicep @@ -53,7 +53,10 @@ module testDeployment '../../main.bicep' = { params: { enableDefaultTelemetry: enableDefaultTelemetry name: '${namePrefix}${serviceShort}001' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } proximityPlacementGroupResourceId: nestedDependencies.outputs.proximityPlacementGroupResourceId roleAssignments: [ { diff --git a/modules/compute/availability-set/README.md b/modules/compute/availability-set/README.md index 84aafa7e4b..b024ce9960 100644 --- a/modules/compute/availability-set/README.md +++ b/modules/compute/availability-set/README.md @@ -46,7 +46,10 @@ module availabilitySet 'br:bicep/modules/compute.availability-set:1.0.0' = { name: 'cascom001' // Non-required parameters enableDefaultTelemetry: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } proximityPlacementGroupResourceId: '' roleAssignments: [ { diff --git a/modules/compute/availability-set/main.bicep b/modules/compute/availability-set/main.bicep index 9931d26df3..cd866a1239 100644 --- a/modules/compute/availability-set/main.bicep +++ b/modules/compute/availability-set/main.bicep @@ -65,11 +65,11 @@ resource availabilitySet 'Microsoft.Compute/availabilitySets@2022-11-01' = { } } -resource availabilitySet_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${availabilitySet.name}-${lock}-lock' +resource availabilitySet_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: availabilitySet } diff --git a/modules/compute/disk-encryption-set/.test/common/main.test.bicep b/modules/compute/disk-encryption-set/.test/common/main.test.bicep index a6ad758a86..40abeb6339 100644 --- a/modules/compute/disk-encryption-set/.test/common/main.test.bicep +++ b/modules/compute/disk-encryption-set/.test/common/main.test.bicep @@ -57,7 +57,10 @@ module testDeployment '../../main.bicep' = { params: { enableDefaultTelemetry: enableDefaultTelemetry name: '${namePrefix}${serviceShort}001' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } keyName: nestedDependencies.outputs.keyName keyVaultResourceId: nestedDependencies.outputs.keyVaultResourceId roleAssignments: [ diff --git a/modules/compute/disk-encryption-set/README.md b/modules/compute/disk-encryption-set/README.md index c6bac4b9e8..d4c090d028 100644 --- a/modules/compute/disk-encryption-set/README.md +++ b/modules/compute/disk-encryption-set/README.md @@ -147,7 +147,10 @@ module diskEncryptionSet 'br:bicep/modules/compute.disk-encryption-set:1.0.0' = name: 'cdescom001' // Non-required parameters enableDefaultTelemetry: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { principalIds: [ diff --git a/modules/compute/disk-encryption-set/main.bicep b/modules/compute/disk-encryption-set/main.bicep index dda18b29ee..c481caae68 100644 --- a/modules/compute/disk-encryption-set/main.bicep +++ b/modules/compute/disk-encryption-set/main.bicep @@ -127,11 +127,11 @@ module diskEncryptionSet_roleAssignments '.bicep/nested_roleAssignments.bicep' = } }] -resource diskEncryptionSet_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${diskEncryptionSet.name}-${lock}-lock' +resource diskEncryptionSet_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: diskEncryptionSet } diff --git a/modules/compute/disk/.test/common/main.test.bicep b/modules/compute/disk/.test/common/main.test.bicep index aa9864c7ed..a2324a9a76 100644 --- a/modules/compute/disk/.test/common/main.test.bicep +++ b/modules/compute/disk/.test/common/main.test.bicep @@ -55,7 +55,10 @@ module testDeployment '../../main.bicep' = { diskIOPSReadWrite: 500 diskMBpsReadWrite: 60 diskSizeGB: 128 - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } logicalSectorSize: 512 osType: 'Windows' publicNetworkAccess: 'Enabled' diff --git a/modules/compute/disk/README.md b/modules/compute/disk/README.md index 1443faa26e..1fa1865dca 100644 --- a/modules/compute/disk/README.md +++ b/modules/compute/disk/README.md @@ -52,7 +52,10 @@ module disk 'br:bicep/modules/compute.disk:1.0.0' = { diskMBpsReadWrite: 60 diskSizeGB: 128 enableDefaultTelemetry: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } logicalSectorSize: 512 osType: 'Windows' publicNetworkAccess: 'Enabled' diff --git a/modules/compute/disk/main.bicep b/modules/compute/disk/main.bicep index d8fa0fe054..b7092070f8 100644 --- a/modules/compute/disk/main.bicep +++ b/modules/compute/disk/main.bicep @@ -185,11 +185,11 @@ resource disk 'Microsoft.Compute/disks@2022-07-02' = { } } -resource disk_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${disk.name}-${lock}-lock' +resource disk_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: disk } diff --git a/modules/compute/gallery/.test/common/main.test.bicep b/modules/compute/gallery/.test/common/main.test.bicep index 661d7c9463..df503cc635 100644 --- a/modules/compute/gallery/.test/common/main.test.bicep +++ b/modules/compute/gallery/.test/common/main.test.bicep @@ -52,7 +52,10 @@ module testDeployment '../../main.bicep' = { params: { enableDefaultTelemetry: enableDefaultTelemetry name: '${namePrefix}${serviceShort}001' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } applications: [ { name: '${namePrefix}-${serviceShort}-appd-001' diff --git a/modules/compute/gallery/README.md b/modules/compute/gallery/README.md index 61b8789f43..5a0779b929 100644 --- a/modules/compute/gallery/README.md +++ b/modules/compute/gallery/README.md @@ -175,7 +175,10 @@ module gallery 'br:bicep/modules/compute.gallery:1.0.0' = { sku: '20_04-lts-gen2' } ] - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { principalIds: [ diff --git a/modules/compute/gallery/main.bicep b/modules/compute/gallery/main.bicep index e3caa5992b..32a6eca6ce 100644 --- a/modules/compute/gallery/main.bicep +++ b/modules/compute/gallery/main.bicep @@ -59,11 +59,11 @@ resource gallery 'Microsoft.Compute/galleries@2022-03-03' = { } } -resource gallery_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${gallery.name}-${lock}-lock' +resource gallery_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: gallery } diff --git a/modules/compute/proximity-placement-group/.test/common/main.test.bicep b/modules/compute/proximity-placement-group/.test/common/main.test.bicep index 38de4fd5d1..ffa39a5ba6 100644 --- a/modules/compute/proximity-placement-group/.test/common/main.test.bicep +++ b/modules/compute/proximity-placement-group/.test/common/main.test.bicep @@ -52,7 +52,10 @@ module testDeployment '../../main.bicep' = { params: { enableDefaultTelemetry: enableDefaultTelemetry name: '${namePrefix}${serviceShort}001' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { roleDefinitionIdOrName: 'Reader' diff --git a/modules/compute/proximity-placement-group/README.md b/modules/compute/proximity-placement-group/README.md index 69368d6058..5ff85121d6 100644 --- a/modules/compute/proximity-placement-group/README.md +++ b/modules/compute/proximity-placement-group/README.md @@ -58,7 +58,10 @@ module proximityPlacementGroup 'br:bicep/modules/compute.proximity-placement-gro 'Standard_B4ms' ] } - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { principalIds: [ diff --git a/modules/compute/proximity-placement-group/main.bicep b/modules/compute/proximity-placement-group/main.bicep index 31f5c92195..1149407810 100644 --- a/modules/compute/proximity-placement-group/main.bicep +++ b/modules/compute/proximity-placement-group/main.bicep @@ -65,11 +65,11 @@ resource proximityPlacementGroup 'Microsoft.Compute/proximityPlacementGroups@202 } } -resource proximityPlacementGroup_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${proximityPlacementGroup.name}-${lock}-lock' +resource proximityPlacementGroup_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: proximityPlacementGroup } diff --git a/modules/compute/ssh-public-key/main.bicep b/modules/compute/ssh-public-key/main.bicep index c6697e0a06..b4c1c44d2d 100644 --- a/modules/compute/ssh-public-key/main.bicep +++ b/modules/compute/ssh-public-key/main.bicep @@ -51,11 +51,11 @@ resource sshPublicKey 'Microsoft.Compute/sshPublicKeys@2022-08-01' = { } } -resource sshPublicKey_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${sshPublicKey.name}-${lock}-lock' +resource sshPublicKey_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: sshPublicKey } diff --git a/modules/compute/virtual-machine-scale-set/.test/linux/main.test.bicep b/modules/compute/virtual-machine-scale-set/.test/linux/main.test.bicep index 66500b75f0..918b24bc6f 100644 --- a/modules/compute/virtual-machine-scale-set/.test/linux/main.test.bicep +++ b/modules/compute/virtual-machine-scale-set/.test/linux/main.test.bicep @@ -147,7 +147,10 @@ module testDeployment '../../main.bicep' = { extensionNetworkWatcherAgentConfig: { enabled: true } - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } nicConfigurations: [ { ipConfigurations: [ diff --git a/modules/compute/virtual-machine-scale-set/.test/windows/main.test.bicep b/modules/compute/virtual-machine-scale-set/.test/windows/main.test.bicep index f9735b759b..467fd37f32 100644 --- a/modules/compute/virtual-machine-scale-set/.test/windows/main.test.bicep +++ b/modules/compute/virtual-machine-scale-set/.test/windows/main.test.bicep @@ -149,7 +149,10 @@ module testDeployment '../../main.bicep' = { extensionNetworkWatcherAgentConfig: { enabled: true } - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } nicConfigurations: [ { ipConfigurations: [ diff --git a/modules/compute/virtual-machine-scale-set/README.md b/modules/compute/virtual-machine-scale-set/README.md index 7bd3a39ad8..6b893830bd 100644 --- a/modules/compute/virtual-machine-scale-set/README.md +++ b/modules/compute/virtual-machine-scale-set/README.md @@ -127,7 +127,10 @@ module virtualMachineScaleSet 'br:bicep/modules/compute.virtual-machine-scale-se extensionNetworkWatcherAgentConfig: { enabled: true } - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } nicConfigurations: [ { ipConfigurations: [ @@ -801,7 +804,10 @@ module virtualMachineScaleSet 'br:bicep/modules/compute.virtual-machine-scale-se extensionNetworkWatcherAgentConfig: { enabled: true } - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } nicConfigurations: [ { ipConfigurations: [ diff --git a/modules/compute/virtual-machine-scale-set/main.bicep b/modules/compute/virtual-machine-scale-set/main.bicep index fbd688e838..a12160d5b5 100644 --- a/modules/compute/virtual-machine-scale-set/main.bicep +++ b/modules/compute/virtual-machine-scale-set/main.bicep @@ -608,11 +608,11 @@ module vmss_azureDiskEncryptionExtension 'extension/main.bicep' = if (extensionA ] } -resource vmss_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${vmss.name}-${lock}-lock' +resource vmss_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: vmss } diff --git a/modules/compute/virtual-machine/.test/linux/main.test.bicep b/modules/compute/virtual-machine/.test/linux/main.test.bicep index f8c1ce0f07..7b2171042f 100644 --- a/modules/compute/virtual-machine/.test/linux/main.test.bicep +++ b/modules/compute/virtual-machine/.test/linux/main.test.bicep @@ -248,7 +248,10 @@ module testDeployment '../../main.bicep' = { Role: 'DeploymentValidation' } } - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } monitoringWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId publicKeys: [ { diff --git a/modules/compute/virtual-machine/.test/windows/main.test.bicep b/modules/compute/virtual-machine/.test/windows/main.test.bicep index 0cc62fbf54..d6395c280a 100644 --- a/modules/compute/virtual-machine/.test/windows/main.test.bicep +++ b/modules/compute/virtual-machine/.test/windows/main.test.bicep @@ -274,7 +274,10 @@ module testDeployment '../../main.bicep' = { Role: 'DeploymentValidation' } } - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } monitoringWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId proximityPlacementGroupResourceId: nestedDependencies.outputs.proximityPlacementGroupResourceId roleAssignments: [ diff --git a/modules/compute/virtual-machine/README.md b/modules/compute/virtual-machine/README.md index f833ed5a15..310d694b1c 100644 --- a/modules/compute/virtual-machine/README.md +++ b/modules/compute/virtual-machine/README.md @@ -228,7 +228,10 @@ module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = { } } location: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } monitoringWorkspaceId: '' name: 'cvmlincom' patchMode: 'AutomaticByPlatform' @@ -1090,7 +1093,10 @@ module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = { } } location: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } monitoringWorkspaceId: '' name: 'cvmwincom' patchMode: 'AutomaticByPlatform' diff --git a/modules/compute/virtual-machine/main.bicep b/modules/compute/virtual-machine/main.bicep index 3cd09f6b51..4428c6fc4a 100644 --- a/modules/compute/virtual-machine/main.bicep +++ b/modules/compute/virtual-machine/main.bicep @@ -702,11 +702,11 @@ module vm_backup '../../recovery-services/vault/backup-fabric/protection-contain ] } -resource vm_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${vm.name}-${lock}-lock' +resource vm_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: vm } diff --git a/modules/container-instance/container-group/.test/common/main.test.bicep b/modules/container-instance/container-group/.test/common/main.test.bicep index 76374c71e0..14ebfbb887 100644 --- a/modules/container-instance/container-group/.test/common/main.test.bicep +++ b/modules/container-instance/container-group/.test/common/main.test.bicep @@ -52,7 +52,10 @@ module testDeployment '../../main.bicep' = { params: { enableDefaultTelemetry: enableDefaultTelemetry name: '${namePrefix}${serviceShort}001' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } containers: [ { name: '${namePrefix}-az-aci-x-001' diff --git a/modules/container-instance/container-group/.test/encr/main.test.bicep b/modules/container-instance/container-group/.test/encr/main.test.bicep index 402d20eda2..b86cfbfaf3 100644 --- a/modules/container-instance/container-group/.test/encr/main.test.bicep +++ b/modules/container-instance/container-group/.test/encr/main.test.bicep @@ -54,7 +54,10 @@ module testDeployment '../../main.bicep' = { params: { enableDefaultTelemetry: enableDefaultTelemetry name: '${namePrefix}${serviceShort}001' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } containers: [ { name: '${namePrefix}-az-aci-x-001' diff --git a/modules/container-instance/container-group/.test/private/main.test.bicep b/modules/container-instance/container-group/.test/private/main.test.bicep index 316a0431d6..84f4dc64ed 100644 --- a/modules/container-instance/container-group/.test/private/main.test.bicep +++ b/modules/container-instance/container-group/.test/private/main.test.bicep @@ -50,7 +50,10 @@ module testDeployment '../../main.bicep' = { params: { enableDefaultTelemetry: enableDefaultTelemetry name: '${namePrefix}${serviceShort}001' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } containers: [ { name: '${namePrefix}-az-aci-x-001' diff --git a/modules/container-instance/container-group/README.md b/modules/container-instance/container-group/README.md index 66e52bf7e2..957b6d4137 100644 --- a/modules/container-instance/container-group/README.md +++ b/modules/container-instance/container-group/README.md @@ -104,7 +104,10 @@ module containerGroup 'br:bicep/modules/container-instance.container-group:1.0.0 protocol: 'Tcp' } ] - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } systemAssignedIdentity: true tags: { Environment: 'Non-Prod' @@ -296,7 +299,10 @@ module containerGroup 'br:bicep/modules/container-instance.container-group:1.0.0 protocol: 'Tcp' } ] - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } systemAssignedIdentity: true tags: { Environment: 'Non-Prod' @@ -609,7 +615,10 @@ module containerGroup 'br:bicep/modules/container-instance.container-group:1.0.0 } ] ipAddressType: 'Private' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } subnetId: '' systemAssignedIdentity: true tags: { diff --git a/modules/container-instance/container-group/main.bicep b/modules/container-instance/container-group/main.bicep index cd1e09d762..55220a17cb 100644 --- a/modules/container-instance/container-group/main.bicep +++ b/modules/container-instance/container-group/main.bicep @@ -169,11 +169,11 @@ resource containergroup 'Microsoft.ContainerInstance/containerGroups@2022-09-01' } : {}) } -resource containergroup_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${containergroup.name}-${lock}-lock' +resource containergroup_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: containergroup } diff --git a/modules/container-registry/registry/.test/common/main.test.bicep b/modules/container-registry/registry/.test/common/main.test.bicep index 1cba142a21..198ad189d0 100644 --- a/modules/container-registry/registry/.test/common/main.test.bicep +++ b/modules/container-registry/registry/.test/common/main.test.bicep @@ -80,7 +80,10 @@ module testDeployment '../../main.bicep' = { azureADAuthenticationAsArmPolicyStatus: 'enabled' softDeletePolicyStatus: 'disabled' softDeletePolicyDays: 7 - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } privateEndpoints: [ { service: 'registry' diff --git a/modules/container-registry/registry/README.md b/modules/container-registry/registry/README.md index c1c5ee9a5d..10d97ebf2f 100644 --- a/modules/container-registry/registry/README.md +++ b/modules/container-registry/registry/README.md @@ -72,7 +72,10 @@ module registry 'br:bicep/modules/container-registry.registry:1.0.0' = { diagnosticWorkspaceId: '' enableDefaultTelemetry: '' exportPolicyStatus: 'enabled' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } networkRuleSetIpRules: [ { action: 'Allow' diff --git a/modules/container-registry/registry/main.bicep b/modules/container-registry/registry/main.bicep index e70d4ad89d..f15e4b806f 100644 --- a/modules/container-registry/registry/main.bicep +++ b/modules/container-registry/registry/main.bicep @@ -336,11 +336,11 @@ module registry_webhooks 'webhook/main.bicep' = [for (webhook, index) in webhook } }] -resource registry_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${registry.name}-${lock}-lock' +resource registry_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: registry } diff --git a/modules/container-service/managed-cluster/.test/azure/main.test.bicep b/modules/container-service/managed-cluster/.test/azure/main.test.bicep index 99dc2a49ea..8a84302766 100644 --- a/modules/container-service/managed-cluster/.test/azure/main.test.bicep +++ b/modules/container-service/managed-cluster/.test/azure/main.test.bicep @@ -177,7 +177,10 @@ module testDeployment '../../main.bicep' = { enableAzureDefender: true enableKeyvaultSecretsProvider: true enablePodSecurityPolicy: false - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { roleDefinitionIdOrName: 'Reader' diff --git a/modules/container-service/managed-cluster/README.md b/modules/container-service/managed-cluster/README.md index 9f90a041fc..933b57ff45 100644 --- a/modules/container-service/managed-cluster/README.md +++ b/modules/container-service/managed-cluster/README.md @@ -200,7 +200,10 @@ module managedCluster 'br:bicep/modules/container-service.managed-cluster:1.0.0' resourceId: '' } } - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } monitoringWorkspaceId: '' networkDataplane: 'azure' networkPlugin: 'azure' diff --git a/modules/container-service/managed-cluster/main.bicep b/modules/container-service/managed-cluster/main.bicep index 40a4e6e1b9..7a75c561e2 100644 --- a/modules/container-service/managed-cluster/main.bicep +++ b/modules/container-service/managed-cluster/main.bicep @@ -665,11 +665,11 @@ module managedCluster_extension '../../kubernetes-configuration/extension/main.b } } -resource managedCluster_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${managedCluster.name}-${lock}-lock' +resource managedCluster_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: managedCluster } diff --git a/modules/data-factory/factory/.test/common/main.test.bicep b/modules/data-factory/factory/.test/common/main.test.bicep index 9d7ac74872..9c09b73f53 100644 --- a/modules/data-factory/factory/.test/common/main.test.bicep +++ b/modules/data-factory/factory/.test/common/main.test.bicep @@ -100,7 +100,10 @@ module testDeployment '../../main.bicep' = { type: 'SelfHosted' } ] - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } managedPrivateEndpoints: [ { fqdns: [ diff --git a/modules/data-factory/factory/README.md b/modules/data-factory/factory/README.md index f9473fa622..e757d76c5d 100644 --- a/modules/data-factory/factory/README.md +++ b/modules/data-factory/factory/README.md @@ -83,7 +83,10 @@ module factory 'br:bicep/modules/data-factory.factory:1.0.0' = { type: 'SelfHosted' } ] - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } managedPrivateEndpoints: [ { fqdns: [ diff --git a/modules/data-factory/factory/main.bicep b/modules/data-factory/factory/main.bicep index 14d6d25a1e..059d72e7d2 100644 --- a/modules/data-factory/factory/main.bicep +++ b/modules/data-factory/factory/main.bicep @@ -233,11 +233,11 @@ module dataFactory_integrationRuntimes 'integration-runtime/main.bicep' = [for ( ] }] -resource dataFactory_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${dataFactory.name}-${lock}-lock' +resource dataFactory_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: dataFactory } diff --git a/modules/data-protection/backup-vault/.test/common/main.test.bicep b/modules/data-protection/backup-vault/.test/common/main.test.bicep index 18be93ad16..45d3083a53 100644 --- a/modules/data-protection/backup-vault/.test/common/main.test.bicep +++ b/modules/data-protection/backup-vault/.test/common/main.test.bicep @@ -125,7 +125,10 @@ module testDeployment '../../main.bicep' = { } } ] - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } tags: { 'hidden-title': 'This is visible in the resource name' Environment: 'Non-Prod' diff --git a/modules/data-protection/backup-vault/README.md b/modules/data-protection/backup-vault/README.md index bf67a3843d..5e02dbb852 100644 --- a/modules/data-protection/backup-vault/README.md +++ b/modules/data-protection/backup-vault/README.md @@ -111,7 +111,10 @@ module backupVault 'br:bicep/modules/data-protection.backup-vault:1.0.0' = { } ] enableDefaultTelemetry: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { principalIds: [ diff --git a/modules/data-protection/backup-vault/main.bicep b/modules/data-protection/backup-vault/main.bicep index 4708219cfc..5950149576 100644 --- a/modules/data-protection/backup-vault/main.bicep +++ b/modules/data-protection/backup-vault/main.bicep @@ -112,11 +112,11 @@ module backupVault_backupPolicies 'backup-policy/main.bicep' = [for (backupPolic } }] -resource backupVault_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${backupVault.name}-${lock}-lock' +resource backupVault_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: backupVault } diff --git a/modules/databricks/access-connector/.test/common/main.test.bicep b/modules/databricks/access-connector/.test/common/main.test.bicep index 81dfb69963..106b58bac1 100644 --- a/modules/databricks/access-connector/.test/common/main.test.bicep +++ b/modules/databricks/access-connector/.test/common/main.test.bicep @@ -52,7 +52,10 @@ module testDeployment '../../main.bicep' = { params: { enableDefaultTelemetry: enableDefaultTelemetry name: '${namePrefix}${serviceShort}001' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } systemAssignedIdentity: true userAssignedIdentities: { '${nestedDependencies.outputs.managedIdentityResourceId}': {} diff --git a/modules/databricks/access-connector/README.md b/modules/databricks/access-connector/README.md index 75b28ed04e..d358c5f991 100644 --- a/modules/databricks/access-connector/README.md +++ b/modules/databricks/access-connector/README.md @@ -47,7 +47,10 @@ module accessConnector 'br:bicep/modules/databricks.access-connector:1.0.0' = { // Non-required parameters enableDefaultTelemetry: '' location: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { principalIds: [ diff --git a/modules/databricks/access-connector/main.bicep b/modules/databricks/access-connector/main.bicep index 249e53593b..6fe7f68f65 100644 --- a/modules/databricks/access-connector/main.bicep +++ b/modules/databricks/access-connector/main.bicep @@ -58,11 +58,11 @@ resource accessConnector 'Microsoft.Databricks/accessConnectors@2022-10-01-previ properties: {} } -resource accessConnector_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${accessConnector.name}-${lock}-lock' +resource accessConnector_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: accessConnector } diff --git a/modules/databricks/workspace/.test/common/main.test.bicep b/modules/databricks/workspace/.test/common/main.test.bicep index cd9bef2b09..bc4b5ee9f8 100644 --- a/modules/databricks/workspace/.test/common/main.test.bicep +++ b/modules/databricks/workspace/.test/common/main.test.bicep @@ -81,7 +81,10 @@ module testDeployment '../../main.bicep' = { diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { roleDefinitionIdOrName: 'Reader' diff --git a/modules/databricks/workspace/README.md b/modules/databricks/workspace/README.md index 79dd99e50c..79f3cd4eed 100644 --- a/modules/databricks/workspace/README.md +++ b/modules/databricks/workspace/README.md @@ -72,7 +72,10 @@ module workspace 'br:bicep/modules/databricks.workspace:1.0.0' = { loadBalancerBackendPoolName: '' loadBalancerResourceId: '' location: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } managedResourceGroupResourceId: '' natGatewayName: 'nat-gateway' prepareEncryption: true diff --git a/modules/databricks/workspace/main.bicep b/modules/databricks/workspace/main.bicep index fe0ae931b5..67304609d7 100644 --- a/modules/databricks/workspace/main.bicep +++ b/modules/databricks/workspace/main.bicep @@ -298,11 +298,11 @@ resource workspace 'Microsoft.Databricks/workspaces@2023-02-01' = { } } -resource workspace_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${workspace.name}-${lock}-lock' +resource workspace_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: workspace } diff --git a/modules/db-for-my-sql/flexible-server/.test/private/main.test.bicep b/modules/db-for-my-sql/flexible-server/.test/private/main.test.bicep index 742d0d57b6..7aa25bcacd 100644 --- a/modules/db-for-my-sql/flexible-server/.test/private/main.test.bicep +++ b/modules/db-for-my-sql/flexible-server/.test/private/main.test.bicep @@ -69,7 +69,10 @@ module testDeployment '../../main.bicep' = { enableDefaultTelemetry: enableDefaultTelemetry name: '${namePrefix}${serviceShort}001' location: resourceGroup.location - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { roleDefinitionIdOrName: 'Reader' diff --git a/modules/db-for-my-sql/flexible-server/.test/public/main.test.bicep b/modules/db-for-my-sql/flexible-server/.test/public/main.test.bicep index 18f1ae8515..cfc5ce3c28 100644 --- a/modules/db-for-my-sql/flexible-server/.test/public/main.test.bicep +++ b/modules/db-for-my-sql/flexible-server/.test/public/main.test.bicep @@ -87,7 +87,10 @@ module testDeployment '../../main.bicep' = { enableDefaultTelemetry: enableDefaultTelemetry name: '${namePrefix}${serviceShort}001' location: resourceGroup.location - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { roleDefinitionIdOrName: 'Reader' diff --git a/modules/db-for-my-sql/flexible-server/README.md b/modules/db-for-my-sql/flexible-server/README.md index 5b936154cd..e4bffab0b8 100644 --- a/modules/db-for-my-sql/flexible-server/README.md +++ b/modules/db-for-my-sql/flexible-server/README.md @@ -136,7 +136,10 @@ module flexibleServer 'br:bicep/modules/db-for-my-sql.flexible-server:1.0.0' = { enableDefaultTelemetry: '' highAvailability: 'SameZone' location: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } privateDnsZoneResourceId: '' roleAssignments: [ { @@ -343,7 +346,10 @@ module flexibleServer 'br:bicep/modules/db-for-my-sql.flexible-server:1.0.0' = { geoRedundantBackup: 'Enabled' highAvailability: 'SameZone' location: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { principalIds: [ diff --git a/modules/db-for-my-sql/flexible-server/main.bicep b/modules/db-for-my-sql/flexible-server/main.bicep index cb13edabb3..c43470d914 100644 --- a/modules/db-for-my-sql/flexible-server/main.bicep +++ b/modules/db-for-my-sql/flexible-server/main.bicep @@ -325,11 +325,11 @@ resource flexibleServer 'Microsoft.DBforMySQL/flexibleServers@2022-09-30-preview } } -resource flexibleServer_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${flexibleServer.name}-${lock}-lock' +resource flexibleServer_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: flexibleServer } diff --git a/modules/db-for-postgre-sql/flexible-server/main.bicep b/modules/db-for-postgre-sql/flexible-server/main.bicep index af23c95f5a..729e0d6a89 100644 --- a/modules/db-for-postgre-sql/flexible-server/main.bicep +++ b/modules/db-for-postgre-sql/flexible-server/main.bicep @@ -295,11 +295,11 @@ resource flexibleServer 'Microsoft.DBforPostgreSQL/flexibleServers@2022-12-01' = } } -resource flexibleServer_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${flexibleServer.name}-${lock}-lock' +resource flexibleServer_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: flexibleServer } diff --git a/modules/desktop-virtualization/application-group/.test/common/main.test.bicep b/modules/desktop-virtualization/application-group/.test/common/main.test.bicep index 673b79551f..f63f6bd345 100644 --- a/modules/desktop-virtualization/application-group/.test/common/main.test.bicep +++ b/modules/desktop-virtualization/application-group/.test/common/main.test.bicep @@ -94,7 +94,10 @@ module testDeployment '../../main.bicep' = { diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName friendlyName: 'Remote Applications 1' location: location - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { roleDefinitionIdOrName: 'Reader' diff --git a/modules/desktop-virtualization/application-group/README.md b/modules/desktop-virtualization/application-group/README.md index 9738f61981..d93fe35a01 100644 --- a/modules/desktop-virtualization/application-group/README.md +++ b/modules/desktop-virtualization/application-group/README.md @@ -75,7 +75,10 @@ module applicationGroup 'br:bicep/modules/desktop-virtualization.application-gro enableDefaultTelemetry: '' friendlyName: 'Remote Applications 1' location: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { principalIds: [ diff --git a/modules/desktop-virtualization/application-group/main.bicep b/modules/desktop-virtualization/application-group/main.bicep index 1323b46739..5484c13cc2 100644 --- a/modules/desktop-virtualization/application-group/main.bicep +++ b/modules/desktop-virtualization/application-group/main.bicep @@ -114,11 +114,11 @@ resource appGroup 'Microsoft.DesktopVirtualization/applicationGroups@2022-09-09' } } -resource appGroup_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${appGroup.name}-${lock}-lock' +resource appGroup_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: appGroup } diff --git a/modules/desktop-virtualization/host-pool/.test/common/main.test.bicep b/modules/desktop-virtualization/host-pool/.test/common/main.test.bicep index ae07838fee..a72b947abb 100644 --- a/modules/desktop-virtualization/host-pool/.test/common/main.test.bicep +++ b/modules/desktop-virtualization/host-pool/.test/common/main.test.bicep @@ -76,7 +76,10 @@ module testDeployment '../../main.bicep' = { type: 'Pooled' loadBalancerType: 'BreadthFirst' location: location - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } maxSessionLimit: 99999 personalDesktopAssignmentType: 'Automatic' roleAssignments: [ diff --git a/modules/desktop-virtualization/host-pool/README.md b/modules/desktop-virtualization/host-pool/README.md index aeced854d6..6ab851ae3c 100644 --- a/modules/desktop-virtualization/host-pool/README.md +++ b/modules/desktop-virtualization/host-pool/README.md @@ -71,7 +71,10 @@ module hostPool 'br:bicep/modules/desktop-virtualization.host-pool:1.0.0' = { friendlyName: 'AVDv2' loadBalancerType: 'BreadthFirst' location: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } maxSessionLimit: 99999 personalDesktopAssignmentType: 'Automatic' roleAssignments: [ diff --git a/modules/desktop-virtualization/host-pool/main.bicep b/modules/desktop-virtualization/host-pool/main.bicep index 79ea1e7407..85c5f91097 100644 --- a/modules/desktop-virtualization/host-pool/main.bicep +++ b/modules/desktop-virtualization/host-pool/main.bicep @@ -240,11 +240,11 @@ resource hostPool 'Microsoft.DesktopVirtualization/hostPools@2022-09-09' = { } } -resource hostPool_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${hostPool.name}-${lock}-lock' +resource hostPool_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: hostPool } diff --git a/modules/desktop-virtualization/workspace/.test/common/main.test.bicep b/modules/desktop-virtualization/workspace/.test/common/main.test.bicep index d98e112b0f..08f36e4d8a 100644 --- a/modules/desktop-virtualization/workspace/.test/common/main.test.bicep +++ b/modules/desktop-virtualization/workspace/.test/common/main.test.bicep @@ -76,7 +76,10 @@ module testDeployment '../../main.bicep' = { diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName location: location - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { roleDefinitionIdOrName: 'Reader' diff --git a/modules/desktop-virtualization/workspace/README.md b/modules/desktop-virtualization/workspace/README.md index 176ee1f214..dabe45018f 100644 --- a/modules/desktop-virtualization/workspace/README.md +++ b/modules/desktop-virtualization/workspace/README.md @@ -57,7 +57,10 @@ module workspace 'br:bicep/modules/desktop-virtualization.workspace:1.0.0' = { enableDefaultTelemetry: '' friendlyName: 'My first AVD Workspace' location: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { principalIds: [ diff --git a/modules/desktop-virtualization/workspace/main.bicep b/modules/desktop-virtualization/workspace/main.bicep index 6cf547dee5..eef8aba18a 100644 --- a/modules/desktop-virtualization/workspace/main.bicep +++ b/modules/desktop-virtualization/workspace/main.bicep @@ -97,11 +97,11 @@ resource workspace 'Microsoft.DesktopVirtualization/workspaces@2022-09-09' = { } } -resource workspace_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${workspace.name}-${lock}-lock' +resource workspace_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: workspace } diff --git a/modules/dev-test-lab/lab/.test/common/main.test.bicep b/modules/dev-test-lab/lab/.test/common/main.test.bicep index c63a75d0ae..3552e13297 100644 --- a/modules/dev-test-lab/lab/.test/common/main.test.bicep +++ b/modules/dev-test-lab/lab/.test/common/main.test.bicep @@ -61,7 +61,10 @@ module testDeployment '../../main.bicep' = { enableDefaultTelemetry: enableDefaultTelemetry name: '${namePrefix}${serviceShort}001' location: resourceGroup.location - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { roleDefinitionIdOrName: 'Reader' diff --git a/modules/dev-test-lab/lab/README.md b/modules/dev-test-lab/lab/README.md index 03bc402078..128505fa57 100644 --- a/modules/dev-test-lab/lab/README.md +++ b/modules/dev-test-lab/lab/README.md @@ -97,7 +97,10 @@ module lab 'br:bicep/modules/dev-test-lab.lab:1.0.0' = { isolateLabResources: 'Enabled' labStorageType: 'Premium' location: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } managementIdentities: { '': {} } diff --git a/modules/dev-test-lab/lab/main.bicep b/modules/dev-test-lab/lab/main.bicep index bb996a3239..0083f1bbe2 100644 --- a/modules/dev-test-lab/lab/main.bicep +++ b/modules/dev-test-lab/lab/main.bicep @@ -163,11 +163,11 @@ resource lab 'Microsoft.DevTestLab/labs@2018-10-15-preview' = { } } -resource lab_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${lab.name}-${lock}-lock' +resource lab_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: lab } diff --git a/modules/digital-twins/digital-twins-instance/.test/common/main.test.bicep b/modules/digital-twins/digital-twins-instance/.test/common/main.test.bicep index fceb1ad4b6..d772401b1d 100644 --- a/modules/digital-twins/digital-twins-instance/.test/common/main.test.bicep +++ b/modules/digital-twins/digital-twins-instance/.test/common/main.test.bicep @@ -94,7 +94,10 @@ module testDeployment '../../main.bicep' = { diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } privateEndpoints: [ { privateDnsZoneGroup: { diff --git a/modules/digital-twins/digital-twins-instance/README.md b/modules/digital-twins/digital-twins-instance/README.md index 7c92db6dec..e6c8b5ed8f 100644 --- a/modules/digital-twins/digital-twins-instance/README.md +++ b/modules/digital-twins/digital-twins-instance/README.md @@ -65,7 +65,10 @@ module digitalTwinsInstance 'br:bicep/modules/digital-twins.digital-twins-instan entityPath: '' userAssignedIdentity: '' } - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } privateEndpoints: [ { privateDnsZoneGroup: { diff --git a/modules/document-db/database-account/.test/plain/main.test.bicep b/modules/document-db/database-account/.test/plain/main.test.bicep index 2d6dfa43d6..edc31ecb87 100644 --- a/modules/document-db/database-account/.test/plain/main.test.bicep +++ b/modules/document-db/database-account/.test/plain/main.test.bicep @@ -80,7 +80,10 @@ module testDeployment '../../main.bicep' = { diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { roleDefinitionIdOrName: 'Reader' diff --git a/modules/document-db/database-account/README.md b/modules/document-db/database-account/README.md index 69a8c77859..ba4cb86e81 100644 --- a/modules/document-db/database-account/README.md +++ b/modules/document-db/database-account/README.md @@ -800,7 +800,10 @@ module databaseAccount 'br:bicep/modules/document-db.database-account:1.0.0' = { diagnosticStorageAccountId: '' diagnosticWorkspaceId: '' enableDefaultTelemetry: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { principalIds: [ diff --git a/modules/document-db/database-account/main.bicep b/modules/document-db/database-account/main.bicep index 585557fd51..bb05cd87b3 100644 --- a/modules/document-db/database-account/main.bicep +++ b/modules/document-db/database-account/main.bicep @@ -284,11 +284,11 @@ resource databaseAccount 'Microsoft.DocumentDB/databaseAccounts@2023-04-15' = { properties: databaseAccount_properties } -resource databaseAccount_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${databaseAccount.name}-${lock}-lock' +resource databaseAccount_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: databaseAccount } diff --git a/modules/event-grid/domain/.test/common/main.test.bicep b/modules/event-grid/domain/.test/common/main.test.bicep index 868878e147..f21b911b26 100644 --- a/modules/event-grid/domain/.test/common/main.test.bicep +++ b/modules/event-grid/domain/.test/common/main.test.bicep @@ -77,7 +77,10 @@ module testDeployment '../../main.bicep' = { ipMask: '40.74.28.0/23' } ] - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } privateEndpoints: [ { privateDnsZoneGroup: { diff --git a/modules/event-grid/domain/README.md b/modules/event-grid/domain/README.md index 1b981ed272..847edffbad 100644 --- a/modules/event-grid/domain/README.md +++ b/modules/event-grid/domain/README.md @@ -61,7 +61,10 @@ module domain 'br:bicep/modules/event-grid.domain:1.0.0' = { ipMask: '40.74.28.0/23' } ] - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } privateEndpoints: [ { privateDnsZoneGroup: { diff --git a/modules/event-grid/domain/main.bicep b/modules/event-grid/domain/main.bicep index 10c4724836..aca2497814 100644 --- a/modules/event-grid/domain/main.bicep +++ b/modules/event-grid/domain/main.bicep @@ -136,11 +136,11 @@ module domain_topics 'topic/main.bicep' = [for (topic, index) in topics: { } }] -resource domain_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${domain.name}-${lock}-lock' +resource domain_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: domain } diff --git a/modules/event-grid/system-topic/.test/common/main.test.bicep b/modules/event-grid/system-topic/.test/common/main.test.bicep index 316cfc5c48..0c4c9c5284 100644 --- a/modules/event-grid/system-topic/.test/common/main.test.bicep +++ b/modules/event-grid/system-topic/.test/common/main.test.bicep @@ -96,7 +96,10 @@ module testDeployment '../../main.bicep' = { diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { roleDefinitionIdOrName: 'Reader' diff --git a/modules/event-grid/system-topic/README.md b/modules/event-grid/system-topic/README.md index e605059de0..3a4e1fc8b8 100644 --- a/modules/event-grid/system-topic/README.md +++ b/modules/event-grid/system-topic/README.md @@ -78,7 +78,10 @@ module systemTopic 'br:bicep/modules/event-grid.system-topic:1.0.0' = { } } ] - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { principalIds: [ diff --git a/modules/event-grid/system-topic/main.bicep b/modules/event-grid/system-topic/main.bicep index 5358a5ea6f..f837890817 100644 --- a/modules/event-grid/system-topic/main.bicep +++ b/modules/event-grid/system-topic/main.bicep @@ -141,11 +141,11 @@ module systemTopics_eventSubscriptions 'event-subscription/main.bicep' = [for (e } }] -resource systemTopic_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${systemTopic.name}-${lock}-lock' +resource systemTopic_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: systemTopic } diff --git a/modules/event-grid/topic/.test/common/main.test.bicep b/modules/event-grid/topic/.test/common/main.test.bicep index b78bcf0f8c..e7458fc102 100644 --- a/modules/event-grid/topic/.test/common/main.test.bicep +++ b/modules/event-grid/topic/.test/common/main.test.bicep @@ -101,7 +101,10 @@ module testDeployment '../../main.bicep' = { ipMask: '40.74.28.0/23' } ] - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } privateEndpoints: [ { privateDnsZoneGroup: { diff --git a/modules/event-grid/topic/README.md b/modules/event-grid/topic/README.md index db0e345ab6..a528cfa6ff 100644 --- a/modules/event-grid/topic/README.md +++ b/modules/event-grid/topic/README.md @@ -85,7 +85,10 @@ module topic 'br:bicep/modules/event-grid.topic:1.0.0' = { ipMask: '40.74.28.0/23' } ] - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } privateEndpoints: [ { privateDnsZoneGroup: { diff --git a/modules/event-grid/topic/main.bicep b/modules/event-grid/topic/main.bicep index 80b44ca077..5c44c6e455 100644 --- a/modules/event-grid/topic/main.bicep +++ b/modules/event-grid/topic/main.bicep @@ -138,11 +138,11 @@ module topics_eventSubscriptions 'event-subscription/main.bicep' = [for (eventSu } }] -resource topic_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${topic.name}-${lock}-lock' +resource topic_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: topic } diff --git a/modules/event-hub/namespace/.test/common/main.test.bicep b/modules/event-hub/namespace/.test/common/main.test.bicep index 9852491947..53be39f48a 100644 --- a/modules/event-hub/namespace/.test/common/main.test.bicep +++ b/modules/event-hub/namespace/.test/common/main.test.bicep @@ -160,7 +160,10 @@ module testDeployment '../../main.bicep' = { retentionDescriptionTombstoneRetentionTimeInHours: 24 } ] - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } networkRuleSets: { defaultAction: 'Deny' ipRules: [ diff --git a/modules/event-hub/namespace/README.md b/modules/event-hub/namespace/README.md index de5b7fa061..4ecef9abac 100644 --- a/modules/event-hub/namespace/README.md +++ b/modules/event-hub/namespace/README.md @@ -149,7 +149,10 @@ module namespace 'br:bicep/modules/event-hub.namespace:1.0.0' = { ] isAutoInflateEnabled: true kafkaEnabled: true - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } maximumThroughputUnits: 4 minimumTlsVersion: '1.2' networkRuleSets: { diff --git a/modules/event-hub/namespace/eventhub/main.bicep b/modules/event-hub/namespace/eventhub/main.bicep index 1a7d5a2e74..f4bc0a4733 100644 --- a/modules/event-hub/namespace/eventhub/main.bicep +++ b/modules/event-hub/namespace/eventhub/main.bicep @@ -170,11 +170,11 @@ resource eventHub 'Microsoft.EventHub/namespaces/eventhubs@2022-10-01-preview' = properties: captureDescriptionEnabled ? union(eventHubProperties, eventHubPropertiesCapture) : eventHubProperties } -resource eventHub_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${eventHub.name}-${lock}-lock' +resource eventHub_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: eventHub } diff --git a/modules/event-hub/namespace/main.bicep b/modules/event-hub/namespace/main.bicep index 891c0c92d9..a0f8666e41 100644 --- a/modules/event-hub/namespace/main.bicep +++ b/modules/event-hub/namespace/main.bicep @@ -350,11 +350,11 @@ module eventHubNamespace_roleAssignments '.bicep/nested_roleAssignments.bicep' = } }] -resource eventHubNamespace_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${eventHubNamespace.name}-${lock}-lock' +resource eventHubNamespace_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: eventHubNamespace } diff --git a/modules/health-bot/health-bot/.test/common/main.test.bicep b/modules/health-bot/health-bot/.test/common/main.test.bicep index 25523eb3d0..256cebfa4e 100644 --- a/modules/health-bot/health-bot/.test/common/main.test.bicep +++ b/modules/health-bot/health-bot/.test/common/main.test.bicep @@ -52,7 +52,10 @@ module testDeployment '../../main.bicep' = { params: { enableDefaultTelemetry: enableDefaultTelemetry name: '${namePrefix}${serviceShort}001' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { roleDefinitionIdOrName: 'Reader' diff --git a/modules/health-bot/health-bot/README.md b/modules/health-bot/health-bot/README.md index fe8b3adee4..8abb43ad9b 100644 --- a/modules/health-bot/health-bot/README.md +++ b/modules/health-bot/health-bot/README.md @@ -47,7 +47,10 @@ module healthBot 'br:bicep/modules/health-bot.health-bot:1.0.0' = { sku: 'F0' // Non-required parameters enableDefaultTelemetry: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { principalIds: [ diff --git a/modules/health-bot/health-bot/main.bicep b/modules/health-bot/health-bot/main.bicep index 356c71c0ae..b0c82cbdac 100644 --- a/modules/health-bot/health-bot/main.bicep +++ b/modules/health-bot/health-bot/main.bicep @@ -66,11 +66,11 @@ resource azureHealthBot 'Microsoft.HealthBot/healthBots@2022-08-08' = { properties: {} } -resource azureHealthBot_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${azureHealthBot.name}-${lock}-lock' +resource azureHealthBot_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: azureHealthBot } diff --git a/modules/healthcare-apis/workspace/dicomservice/main.bicep b/modules/healthcare-apis/workspace/dicomservice/main.bicep index b15727ce45..b7fa04805d 100644 --- a/modules/healthcare-apis/workspace/dicomservice/main.bicep +++ b/modules/healthcare-apis/workspace/dicomservice/main.bicep @@ -134,11 +134,11 @@ resource dicom 'Microsoft.HealthcareApis/workspaces/dicomservices@2022-06-01' = } } -resource dicom_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${dicom.name}-${lock}-lock' +resource dicom_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: dicom } diff --git a/modules/healthcare-apis/workspace/fhirservice/main.bicep b/modules/healthcare-apis/workspace/fhirservice/main.bicep index f724cbe5a0..bcbd34369b 100644 --- a/modules/healthcare-apis/workspace/fhirservice/main.bicep +++ b/modules/healthcare-apis/workspace/fhirservice/main.bicep @@ -228,11 +228,11 @@ resource fhir 'Microsoft.HealthcareApis/workspaces/fhirservices@2022-06-01' = { } } -resource fhir_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${fhir.name}-${lock}-lock' +resource fhir_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: fhir } diff --git a/modules/healthcare-apis/workspace/iotconnector/main.bicep b/modules/healthcare-apis/workspace/iotconnector/main.bicep index 137108bd31..b980c0f72d 100644 --- a/modules/healthcare-apis/workspace/iotconnector/main.bicep +++ b/modules/healthcare-apis/workspace/iotconnector/main.bicep @@ -138,11 +138,11 @@ resource iotConnector 'Microsoft.HealthcareApis/workspaces/iotconnectors@2022-06 } } -resource iotConnector_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${iotConnector.name}-${lock}-lock' +resource iotConnector_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: iotConnector } diff --git a/modules/healthcare-apis/workspace/main.bicep b/modules/healthcare-apis/workspace/main.bicep index 00251abaca..a99add54ab 100644 --- a/modules/healthcare-apis/workspace/main.bicep +++ b/modules/healthcare-apis/workspace/main.bicep @@ -68,11 +68,11 @@ resource workspace 'Microsoft.HealthcareApis/workspaces@2022-06-01' = { } } -resource workspace_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${workspace.name}-${lock}-lock' +resource workspace_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: workspace } diff --git a/modules/insights/data-collection-endpoint/.test/common/main.test.bicep b/modules/insights/data-collection-endpoint/.test/common/main.test.bicep index 5c0660113b..38434e41b8 100644 --- a/modules/insights/data-collection-endpoint/.test/common/main.test.bicep +++ b/modules/insights/data-collection-endpoint/.test/common/main.test.bicep @@ -54,7 +54,10 @@ module testDeployment '../../main.bicep' = { name: '${namePrefix}${serviceShort}001' publicNetworkAccess: 'Enabled' kind: 'Windows' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { roleDefinitionIdOrName: 'Reader' diff --git a/modules/insights/data-collection-endpoint/README.md b/modules/insights/data-collection-endpoint/README.md index b967448c1e..271245b309 100644 --- a/modules/insights/data-collection-endpoint/README.md +++ b/modules/insights/data-collection-endpoint/README.md @@ -47,7 +47,10 @@ module dataCollectionEndpoint 'br:bicep/modules/insights.data-collection-endpoin // Non-required parameters enableDefaultTelemetry: '' kind: 'Windows' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } publicNetworkAccess: 'Enabled' roleAssignments: [ { diff --git a/modules/insights/data-collection-rule/.test/customadv/main.test.bicep b/modules/insights/data-collection-rule/.test/customadv/main.test.bicep index 1cf0e970d1..c4481adbbf 100644 --- a/modules/insights/data-collection-rule/.test/customadv/main.test.bicep +++ b/modules/insights/data-collection-rule/.test/customadv/main.test.bicep @@ -124,7 +124,10 @@ module testDeployment '../../main.bicep' = { } enableDefaultTelemetry: enableDefaultTelemetry kind: 'Windows' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { roleDefinitionIdOrName: 'Reader' diff --git a/modules/insights/data-collection-rule/.test/custombasic/main.test.bicep b/modules/insights/data-collection-rule/.test/custombasic/main.test.bicep index 6c63236ece..541899d269 100644 --- a/modules/insights/data-collection-rule/.test/custombasic/main.test.bicep +++ b/modules/insights/data-collection-rule/.test/custombasic/main.test.bicep @@ -108,7 +108,10 @@ module testDeployment '../../main.bicep' = { } enableDefaultTelemetry: enableDefaultTelemetry kind: 'Windows' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { roleDefinitionIdOrName: 'Reader' diff --git a/modules/insights/data-collection-rule/.test/customiis/main.test.bicep b/modules/insights/data-collection-rule/.test/customiis/main.test.bicep index 241333333f..a128245e24 100644 --- a/modules/insights/data-collection-rule/.test/customiis/main.test.bicep +++ b/modules/insights/data-collection-rule/.test/customiis/main.test.bicep @@ -87,7 +87,10 @@ module testDeployment '../../main.bicep' = { } enableDefaultTelemetry: enableDefaultTelemetry kind: 'Windows' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { roleDefinitionIdOrName: 'Reader' diff --git a/modules/insights/data-collection-rule/.test/linux/main.test.bicep b/modules/insights/data-collection-rule/.test/linux/main.test.bicep index 81a4953413..685aae6520 100644 --- a/modules/insights/data-collection-rule/.test/linux/main.test.bicep +++ b/modules/insights/data-collection-rule/.test/linux/main.test.bicep @@ -200,7 +200,10 @@ module testDeployment '../../main.bicep' = { ] enableDefaultTelemetry: enableDefaultTelemetry kind: 'Linux' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { roleDefinitionIdOrName: 'Reader' diff --git a/modules/insights/data-collection-rule/.test/windows/main.test.bicep b/modules/insights/data-collection-rule/.test/windows/main.test.bicep index 77ac653b2f..0c1b810c6b 100644 --- a/modules/insights/data-collection-rule/.test/windows/main.test.bicep +++ b/modules/insights/data-collection-rule/.test/windows/main.test.bicep @@ -154,7 +154,10 @@ module testDeployment '../../main.bicep' = { ] enableDefaultTelemetry: enableDefaultTelemetry kind: 'Windows' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { roleDefinitionIdOrName: 'Reader' diff --git a/modules/insights/data-collection-rule/README.md b/modules/insights/data-collection-rule/README.md index d1ce364f66..c9de367624 100644 --- a/modules/insights/data-collection-rule/README.md +++ b/modules/insights/data-collection-rule/README.md @@ -90,7 +90,10 @@ module dataCollectionRule 'br:bicep/modules/insights.data-collection-rule:1.0.0' description: 'Collecting custom text logs with ingestion-time transformation to columns. Expected format of a log line (comma separated values): \'\' for example: \'2023-01-25T20:15:05ZERROR404Page not found\'' enableDefaultTelemetry: '' kind: 'Windows' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { principalIds: [ @@ -331,7 +334,10 @@ module dataCollectionRule 'br:bicep/modules/insights.data-collection-rule:1.0.0' description: 'Collecting custom text logs without ingestion-time transformation.' enableDefaultTelemetry: '' kind: 'Windows' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { principalIds: [ @@ -533,7 +539,10 @@ module dataCollectionRule 'br:bicep/modules/insights.data-collection-rule:1.0.0' description: 'Collecting IIS logs.' enableDefaultTelemetry: '' kind: 'Windows' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { principalIds: [ @@ -811,7 +820,10 @@ module dataCollectionRule 'br:bicep/modules/insights.data-collection-rule:1.0.0' description: 'Collecting Linux-specific performance counters and Linux Syslog' enableDefaultTelemetry: '' kind: 'Linux' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { principalIds: [ @@ -1288,7 +1300,10 @@ module dataCollectionRule 'br:bicep/modules/insights.data-collection-rule:1.0.0' description: 'Collecting Windows-specific performance counters and Windows Event Logs' enableDefaultTelemetry: '' kind: 'Windows' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { principalIds: [ diff --git a/modules/insights/private-link-scope/main.bicep b/modules/insights/private-link-scope/main.bicep index 2eb0f2cdb2..1e0652dada 100644 --- a/modules/insights/private-link-scope/main.bicep +++ b/modules/insights/private-link-scope/main.bicep @@ -63,11 +63,11 @@ module privateLinkScope_scopedResource 'scoped-resource/main.bicep' = [for (scop } }] -resource privateLinkScope_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${privateLinkScope.name}-${lock}-lock' +resource privateLinkScope_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: privateLinkScope } diff --git a/modules/insights/webtest/.test/common/main.test.bicep b/modules/insights/webtest/.test/common/main.test.bicep index 2c96c3c4dd..6e4f1097cd 100644 --- a/modules/insights/webtest/.test/common/main.test.bicep +++ b/modules/insights/webtest/.test/common/main.test.bicep @@ -69,6 +69,9 @@ module testDeployment '../../main.bicep' = { RequestUrl: 'https://learn.microsoft.com/en-us/' HttpVerb: 'GET' } - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } } } diff --git a/modules/insights/webtest/README.md b/modules/insights/webtest/README.md index e875e2c3a4..1a38a283a2 100644 --- a/modules/insights/webtest/README.md +++ b/modules/insights/webtest/README.md @@ -60,7 +60,10 @@ module webtest 'br:bicep/modules/insights.webtest:1.0.0' = { Id: 'emea-nl-ams-azr' } ] - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } syntheticMonitorId: 'iwtcom001' } } diff --git a/modules/insights/webtest/main.bicep b/modules/insights/webtest/main.bicep index 246c2c8f82..b2978d586a 100644 --- a/modules/insights/webtest/main.bicep +++ b/modules/insights/webtest/main.bicep @@ -114,11 +114,11 @@ resource webtest 'Microsoft.Insights/webtests@2022-06-15' = { } } -resource webtest_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${webtest.name}-${lock}-lock' +resource webtest_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: webtest } diff --git a/modules/key-vault/vault/.test/common/main.test.bicep b/modules/key-vault/vault/.test/common/main.test.bicep index 179de80d30..96047f3524 100644 --- a/modules/key-vault/vault/.test/common/main.test.bicep +++ b/modules/key-vault/vault/.test/common/main.test.bicep @@ -114,7 +114,10 @@ module testDeployment '../../main.bicep' = { } } ] - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } networkAcls: { bypass: 'AzureServices' defaultAction: 'Deny' diff --git a/modules/key-vault/vault/README.md b/modules/key-vault/vault/README.md index 2160f1abf6..43330eaac1 100644 --- a/modules/key-vault/vault/README.md +++ b/modules/key-vault/vault/README.md @@ -272,7 +272,10 @@ module vault 'br:bicep/modules/key-vault.vault:1.0.0' = { } } ] - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } networkAcls: { bypass: 'AzureServices' defaultAction: 'Deny' diff --git a/modules/key-vault/vault/main.bicep b/modules/key-vault/vault/main.bicep index 08892f54ee..01003aeeee 100644 --- a/modules/key-vault/vault/main.bicep +++ b/modules/key-vault/vault/main.bicep @@ -194,11 +194,11 @@ resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' = { } } -resource keyVault_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${keyVault.name}-${lock}-lock' +resource keyVault_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: keyVault } diff --git a/modules/logic/workflow/.test/common/main.test.bicep b/modules/logic/workflow/.test/common/main.test.bicep index 80c5e688ac..9442a3a726 100644 --- a/modules/logic/workflow/.test/common/main.test.bicep +++ b/modules/logic/workflow/.test/common/main.test.bicep @@ -70,7 +70,10 @@ module testDeployment '../../main.bicep' = { diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { roleDefinitionIdOrName: 'Reader' diff --git a/modules/logic/workflow/README.md b/modules/logic/workflow/README.md index 19d3961c81..d01c7eda1f 100644 --- a/modules/logic/workflow/README.md +++ b/modules/logic/workflow/README.md @@ -51,7 +51,10 @@ module workflow 'br:bicep/modules/logic.workflow:1.0.0' = { diagnosticStorageAccountId: '' diagnosticWorkspaceId: '' enableDefaultTelemetry: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { principalIds: [ diff --git a/modules/logic/workflow/main.bicep b/modules/logic/workflow/main.bicep index 9562898748..eb6978997d 100644 --- a/modules/logic/workflow/main.bicep +++ b/modules/logic/workflow/main.bicep @@ -189,11 +189,11 @@ resource logicApp 'Microsoft.Logic/workflows@2019-05-01' = { } } -resource logicApp_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${logicApp.name}-${lock}-lock' +resource logicApp_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: logicApp } diff --git a/modules/machine-learning-services/workspace/.test/common/main.test.bicep b/modules/machine-learning-services/workspace/.test/common/main.test.bicep index 1955aee361..ef1286ee83 100644 --- a/modules/machine-learning-services/workspace/.test/common/main.test.bicep +++ b/modules/machine-learning-services/workspace/.test/common/main.test.bicep @@ -110,7 +110,10 @@ module testDeployment '../../main.bicep' = { diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName discoveryUrl: 'http://example.com' imageBuildCompute: 'testcompute' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } primaryUserAssignedIdentity: nestedDependencies.outputs.managedIdentityResourceId privateEndpoints: [ { diff --git a/modules/machine-learning-services/workspace/README.md b/modules/machine-learning-services/workspace/README.md index ff8b39bf37..587741d547 100644 --- a/modules/machine-learning-services/workspace/README.md +++ b/modules/machine-learning-services/workspace/README.md @@ -91,7 +91,10 @@ module workspace 'br:bicep/modules/machine-learning-services.workspace:1.0.0' = discoveryUrl: 'http://example.com' enableDefaultTelemetry: '' imageBuildCompute: 'testcompute' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } primaryUserAssignedIdentity: '' privateEndpoints: [ { diff --git a/modules/machine-learning-services/workspace/main.bicep b/modules/machine-learning-services/workspace/main.bicep index 5aaa86fae8..61a370e9e0 100644 --- a/modules/machine-learning-services/workspace/main.bicep +++ b/modules/machine-learning-services/workspace/main.bicep @@ -254,11 +254,11 @@ module workspace_computes 'compute/main.bicep' = [for compute in computes: { ] }] -resource workspace_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${workspace.name}-${lock}-lock' +resource workspace_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: workspace } diff --git a/modules/maintenance/maintenance-configuration/.test/common/main.test.bicep b/modules/maintenance/maintenance-configuration/.test/common/main.test.bicep index 4606ff4c70..a7ae7e0b34 100644 --- a/modules/maintenance/maintenance-configuration/.test/common/main.test.bicep +++ b/modules/maintenance/maintenance-configuration/.test/common/main.test.bicep @@ -55,7 +55,10 @@ module testDeployment '../../main.bicep' = { extensionProperties: { InGuestPatchMode: 'User' } - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } tags: { 'hidden-title': 'This is visible in the resource name' Environment: 'Non-Prod' diff --git a/modules/maintenance/maintenance-configuration/README.md b/modules/maintenance/maintenance-configuration/README.md index 75f6334537..8a38be4d68 100644 --- a/modules/maintenance/maintenance-configuration/README.md +++ b/modules/maintenance/maintenance-configuration/README.md @@ -65,7 +65,10 @@ module maintenanceConfiguration 'br:bicep/modules/maintenance.maintenance-config kbNumbersToInclude: '' } } - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } maintenanceWindow: { duration: '03:00' expirationDateTime: '9999-12-31 23:59:59' diff --git a/modules/maintenance/maintenance-configuration/main.bicep b/modules/maintenance/maintenance-configuration/main.bicep index cb6d711d8c..88bd931a1f 100644 --- a/modules/maintenance/maintenance-configuration/main.bicep +++ b/modules/maintenance/maintenance-configuration/main.bicep @@ -90,11 +90,11 @@ resource maintenanceConfiguration 'Microsoft.Maintenance/maintenanceConfiguratio } } -resource maintenanceConfiguration_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${maintenanceConfiguration.name}-${lock}-lock' +resource maintenanceConfiguration_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: maintenanceConfiguration } diff --git a/modules/managed-identity/user-assigned-identity/.test/common/main.test.bicep b/modules/managed-identity/user-assigned-identity/.test/common/main.test.bicep index d99f3b2a60..87518c8a84 100644 --- a/modules/managed-identity/user-assigned-identity/.test/common/main.test.bicep +++ b/modules/managed-identity/user-assigned-identity/.test/common/main.test.bicep @@ -52,7 +52,10 @@ module testDeployment '../../main.bicep' = { params: { enableDefaultTelemetry: enableDefaultTelemetry name: '${namePrefix}${serviceShort}001' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } federatedIdentityCredentials: [ { name: 'test-fed-cred-${serviceShort}-001' diff --git a/modules/managed-identity/user-assigned-identity/README.md b/modules/managed-identity/user-assigned-identity/README.md index bcf7800957..eb013519f9 100644 --- a/modules/managed-identity/user-assigned-identity/README.md +++ b/modules/managed-identity/user-assigned-identity/README.md @@ -54,7 +54,10 @@ module userAssignedIdentity 'br:bicep/modules/managed-identity.user-assigned-ide subject: 'system:serviceaccount:default:workload-identity-sa' } ] - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } name: 'miuaicom001' roleAssignments: [ { diff --git a/modules/managed-identity/user-assigned-identity/main.bicep b/modules/managed-identity/user-assigned-identity/main.bicep index 9d42e74ee0..72e9af25d3 100644 --- a/modules/managed-identity/user-assigned-identity/main.bicep +++ b/modules/managed-identity/user-assigned-identity/main.bicep @@ -48,11 +48,11 @@ resource userMsi 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = tags: tags } -resource userMsi_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${userMsi.name}-${lock}-lock' +resource userMsi_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: userMsi } diff --git a/modules/net-app/net-app-account/.test/nfs3/main.test.bicep b/modules/net-app/net-app-account/.test/nfs3/main.test.bicep index 962e223224..c5db1e5500 100644 --- a/modules/net-app/net-app-account/.test/nfs3/main.test.bicep +++ b/modules/net-app/net-app-account/.test/nfs3/main.test.bicep @@ -118,7 +118,10 @@ module testDeployment '../../main.bicep' = { volumes: [] } ] - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { roleDefinitionIdOrName: 'Reader' diff --git a/modules/net-app/net-app-account/README.md b/modules/net-app/net-app-account/README.md index c589ef8523..e36caba0bd 100644 --- a/modules/net-app/net-app-account/README.md +++ b/modules/net-app/net-app-account/README.md @@ -162,7 +162,10 @@ module netAppAccount 'br:bicep/modules/net-app.net-app-account:1.0.0' = { } ] enableDefaultTelemetry: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { principalIds: [ diff --git a/modules/net-app/net-app-account/main.bicep b/modules/net-app/net-app-account/main.bicep index 12fc192758..04f49982ee 100644 --- a/modules/net-app/net-app-account/main.bicep +++ b/modules/net-app/net-app-account/main.bicep @@ -92,11 +92,11 @@ resource netAppAccount 'Microsoft.NetApp/netAppAccounts@2022-11-01' = { } } -resource netAppAccount_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${netAppAccount.name}-${lock}-lock' +resource netAppAccount_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: netAppAccount } diff --git a/modules/network/application-gateway/.test/common/main.test.bicep b/modules/network/application-gateway/.test/common/main.test.bicep index 548ada9bbd..0dfff545fc 100644 --- a/modules/network/application-gateway/.test/common/main.test.bicep +++ b/modules/network/application-gateway/.test/common/main.test.bicep @@ -284,7 +284,10 @@ module testDeployment '../../main.bicep' = { } } ] - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } probes: [ { name: 'privateVmHttpSettingProbe' diff --git a/modules/network/application-gateway/README.md b/modules/network/application-gateway/README.md index aaee08b326..ea6ed5aa59 100644 --- a/modules/network/application-gateway/README.md +++ b/modules/network/application-gateway/README.md @@ -224,7 +224,10 @@ module applicationGateway 'br:bicep/modules/network.application-gateway:1.0.0' = } } ] - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } privateEndpoints: [ { privateDnsZoneGroup: { diff --git a/modules/network/application-gateway/main.bicep b/modules/network/application-gateway/main.bicep index a346bcf980..bde57cf4ea 100644 --- a/modules/network/application-gateway/main.bicep +++ b/modules/network/application-gateway/main.bicep @@ -343,11 +343,11 @@ resource applicationGateway 'Microsoft.Network/applicationGateways@2023-04-01' = zones: zones } -resource applicationGateway_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${applicationGateway.name}-${lock}-lock' +resource applicationGateway_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: applicationGateway } diff --git a/modules/network/application-security-group/.test/common/main.test.bicep b/modules/network/application-security-group/.test/common/main.test.bicep index d97c89d410..8783a868c4 100644 --- a/modules/network/application-security-group/.test/common/main.test.bicep +++ b/modules/network/application-security-group/.test/common/main.test.bicep @@ -52,7 +52,10 @@ module testDeployment '../../main.bicep' = { params: { enableDefaultTelemetry: enableDefaultTelemetry name: '${namePrefix}${serviceShort}001' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { roleDefinitionIdOrName: 'Reader' diff --git a/modules/network/application-security-group/README.md b/modules/network/application-security-group/README.md index dd4a0b47e3..ec025813eb 100644 --- a/modules/network/application-security-group/README.md +++ b/modules/network/application-security-group/README.md @@ -45,7 +45,10 @@ module applicationSecurityGroup 'br:bicep/modules/network.application-security-g name: 'nasgcom001' // Non-required parameters enableDefaultTelemetry: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { principalIds: [ diff --git a/modules/network/application-security-group/main.bicep b/modules/network/application-security-group/main.bicep index fa7054d1eb..ede2d7ab30 100644 --- a/modules/network/application-security-group/main.bicep +++ b/modules/network/application-security-group/main.bicep @@ -44,11 +44,11 @@ resource applicationSecurityGroup 'Microsoft.Network/applicationSecurityGroups@2 properties: {} } -resource applicationSecurityGroup_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${applicationSecurityGroup.name}-${lock}-lock' +resource applicationSecurityGroup_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: applicationSecurityGroup } diff --git a/modules/network/azure-firewall/.test/common/main.test.bicep b/modules/network/azure-firewall/.test/common/main.test.bicep index 17193997bd..cf719551ab 100644 --- a/modules/network/azure-firewall/.test/common/main.test.bicep +++ b/modules/network/azure-firewall/.test/common/main.test.bicep @@ -126,7 +126,10 @@ module testDeployment '../../main.bicep' = { diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } networkRuleCollections: [ { name: 'allow-network-rules' diff --git a/modules/network/azure-firewall/README.md b/modules/network/azure-firewall/README.md index 73137eee0b..b758a08607 100644 --- a/modules/network/azure-firewall/README.md +++ b/modules/network/azure-firewall/README.md @@ -213,7 +213,10 @@ module azureFirewall 'br:bicep/modules/network.azure-firewall:1.0.0' = { diagnosticStorageAccountId: '' diagnosticWorkspaceId: '' enableDefaultTelemetry: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } networkRuleCollections: [ { name: 'allow-network-rules' diff --git a/modules/network/azure-firewall/main.bicep b/modules/network/azure-firewall/main.bicep index 83e3b2a2af..18d4cd11bb 100644 --- a/modules/network/azure-firewall/main.bicep +++ b/modules/network/azure-firewall/main.bicep @@ -321,11 +321,11 @@ resource azureFirewall 'Microsoft.Network/azureFirewalls@2023-04-01' = { ] } -resource azureFirewall_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${azureFirewall.name}-${lock}-lock' +resource azureFirewall_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: azureFirewall } diff --git a/modules/network/bastion-host/.test/common/main.test.bicep b/modules/network/bastion-host/.test/common/main.test.bicep index 5d384c25e9..02f6497c2d 100644 --- a/modules/network/bastion-host/.test/common/main.test.bicep +++ b/modules/network/bastion-host/.test/common/main.test.bicep @@ -78,7 +78,10 @@ module testDeployment '../../main.bicep' = { enableFileCopy: false enableIpConnect: false enableShareableLink: false - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { roleDefinitionIdOrName: 'Reader' diff --git a/modules/network/bastion-host/README.md b/modules/network/bastion-host/README.md index 8aa5825b04..954954a006 100644 --- a/modules/network/bastion-host/README.md +++ b/modules/network/bastion-host/README.md @@ -59,7 +59,10 @@ module bastionHost 'br:bicep/modules/network.bastion-host:1.0.0' = { enableFileCopy: false enableIpConnect: false enableShareableLink: false - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { principalIds: [ diff --git a/modules/network/bastion-host/main.bicep b/modules/network/bastion-host/main.bicep index f0b0ea9427..a23e458c26 100644 --- a/modules/network/bastion-host/main.bicep +++ b/modules/network/bastion-host/main.bicep @@ -201,11 +201,11 @@ resource azureBastion 'Microsoft.Network/bastionHosts@2022-11-01' = { properties: bastionpropertiesVar } -resource azureBastion_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${azureBastion.name}-${lock}-lock' +resource azureBastion_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: azureBastion } diff --git a/modules/network/connection/.test/vnet2vnet/main.test.bicep b/modules/network/connection/.test/vnet2vnet/main.test.bicep index 5d1cbca2c3..9450e5be59 100644 --- a/modules/network/connection/.test/vnet2vnet/main.test.bicep +++ b/modules/network/connection/.test/vnet2vnet/main.test.bicep @@ -62,7 +62,10 @@ module testDeployment '../../main.bicep' = { id: nestedDependencies.outputs.primaryVNETGatewayResourceID } enableBgp: false - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } virtualNetworkGateway2: { id: nestedDependencies.outputs.secondaryVNETGatewayResourceID } diff --git a/modules/network/connection/README.md b/modules/network/connection/README.md index 7275058f5a..59df1f4289 100644 --- a/modules/network/connection/README.md +++ b/modules/network/connection/README.md @@ -47,7 +47,10 @@ module connection 'br:bicep/modules/network.connection:1.0.0' = { connectionType: 'Vnet2Vnet' enableBgp: false enableDefaultTelemetry: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } tags: { Environment: 'Non-Prod' 'hidden-title': 'This is visible in the resource name' diff --git a/modules/network/connection/main.bicep b/modules/network/connection/main.bicep index 809a56c5c6..7ae38ce990 100644 --- a/modules/network/connection/main.bicep +++ b/modules/network/connection/main.bicep @@ -149,11 +149,11 @@ resource connection 'Microsoft.Network/connections@2023-04-01' = { } } -resource connection_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${connection.name}-${lock}-lock' +resource connection_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: connection } diff --git a/modules/network/ddos-protection-plan/.test/common/main.test.bicep b/modules/network/ddos-protection-plan/.test/common/main.test.bicep index 07f548e028..5f76122a56 100644 --- a/modules/network/ddos-protection-plan/.test/common/main.test.bicep +++ b/modules/network/ddos-protection-plan/.test/common/main.test.bicep @@ -52,7 +52,10 @@ module testDeployment '../../main.bicep' = { params: { enableDefaultTelemetry: enableDefaultTelemetry name: '${namePrefix}${serviceShort}001' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { roleDefinitionIdOrName: 'Reader' diff --git a/modules/network/ddos-protection-plan/README.md b/modules/network/ddos-protection-plan/README.md index ce299dd18a..d233dd56ff 100644 --- a/modules/network/ddos-protection-plan/README.md +++ b/modules/network/ddos-protection-plan/README.md @@ -46,7 +46,10 @@ module ddosProtectionPlan 'br:bicep/modules/network.ddos-protection-plan:1.0.0' name: 'ndppcom001' // Non-required parameters enableDefaultTelemetry: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { principalIds: [ diff --git a/modules/network/ddos-protection-plan/main.bicep b/modules/network/ddos-protection-plan/main.bicep index 159a71942f..260820d19a 100644 --- a/modules/network/ddos-protection-plan/main.bicep +++ b/modules/network/ddos-protection-plan/main.bicep @@ -45,11 +45,11 @@ resource ddosProtectionPlan 'Microsoft.Network/ddosProtectionPlans@2023-04-01' = properties: {} } -resource ddosProtectionPlan_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${ddosProtectionPlan.name}-${lock}-lock' +resource ddosProtectionPlan_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: ddosProtectionPlan } diff --git a/modules/network/dns-forwarding-ruleset/.test/common/main.test.bicep b/modules/network/dns-forwarding-ruleset/.test/common/main.test.bicep index 1580914504..e3c7eb4a8e 100644 --- a/modules/network/dns-forwarding-ruleset/.test/common/main.test.bicep +++ b/modules/network/dns-forwarding-ruleset/.test/common/main.test.bicep @@ -83,7 +83,10 @@ module testDeployment '../../main.bicep' = { principalType: 'ServicePrincipal' } ] - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } tags: { 'hidden-title': 'This is visible in the resource name' Environment: 'Non-Prod' diff --git a/modules/network/dns-forwarding-ruleset/README.md b/modules/network/dns-forwarding-ruleset/README.md index 100d91455b..786f79447d 100644 --- a/modules/network/dns-forwarding-ruleset/README.md +++ b/modules/network/dns-forwarding-ruleset/README.md @@ -64,7 +64,10 @@ module dnsForwardingRuleset 'br:bicep/modules/network.dns-forwarding-ruleset:1.0 ] } ] - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { principalIds: [ diff --git a/modules/network/dns-forwarding-ruleset/main.bicep b/modules/network/dns-forwarding-ruleset/main.bicep index 205acc5938..1128b7975b 100644 --- a/modules/network/dns-forwarding-ruleset/main.bicep +++ b/modules/network/dns-forwarding-ruleset/main.bicep @@ -77,13 +77,13 @@ module dnsForwardingRuleset_virtualNetworkLinks 'virtual-network-link/main.bicep } }] -resource dnsForwardingRulesets_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${dnsForwardingRuleset.name}-${lock}-lock' +resource dnsForwardingRulesets_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } - scope: dnsForwardingRuleset + scope: dnsForwardingRulesets } module dnsForwardingRulesets_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { diff --git a/modules/network/dns-resolver/main.bicep b/modules/network/dns-resolver/main.bicep index b0d58fa614..d259ba74ae 100644 --- a/modules/network/dns-resolver/main.bicep +++ b/modules/network/dns-resolver/main.bicep @@ -86,11 +86,11 @@ resource dnsResolver_outboundEndpoint 'Microsoft.Network/dnsResolvers/outboundEn } }] -resource dnsResolver_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${dnsResolver.name}-${lock}-lock' +resource dnsResolver_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: dnsResolver } diff --git a/modules/network/dns-zone/.test/common/main.test.bicep b/modules/network/dns-zone/.test/common/main.test.bicep index f23e497864..667e7e4e00 100644 --- a/modules/network/dns-zone/.test/common/main.test.bicep +++ b/modules/network/dns-zone/.test/common/main.test.bicep @@ -106,7 +106,10 @@ module testDeployment '../../main.bicep' = { targetResourceId: nestedDependencies.outputs.trafficManagerProfileResourceId } ] - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } mx: [ { mxRecords: [ diff --git a/modules/network/dns-zone/README.md b/modules/network/dns-zone/README.md index cf007e7fc7..ab69184217 100644 --- a/modules/network/dns-zone/README.md +++ b/modules/network/dns-zone/README.md @@ -109,7 +109,10 @@ module dnsZone 'br:bicep/modules/network.dns-zone:1.0.0' = { } ] enableDefaultTelemetry: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } mx: [ { mxRecords: [ diff --git a/modules/network/dns-zone/main.bicep b/modules/network/dns-zone/main.bicep index 5f182697f8..0e0b99a916 100644 --- a/modules/network/dns-zone/main.bicep +++ b/modules/network/dns-zone/main.bicep @@ -213,11 +213,11 @@ module dnsZone_TXT 'txt/main.bicep' = [for (txtRecord, index) in txt: { } }] -resource dnsZone_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${dnsZone.name}-${lock}-lock' +resource dnsZone_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: dnsZone } diff --git a/modules/network/express-route-circuit/.test/common/main.test.bicep b/modules/network/express-route-circuit/.test/common/main.test.bicep index 58ce2762f0..befce2285b 100644 --- a/modules/network/express-route-circuit/.test/common/main.test.bicep +++ b/modules/network/express-route-circuit/.test/common/main.test.bicep @@ -73,7 +73,10 @@ module testDeployment '../../main.bicep' = { diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { roleDefinitionIdOrName: 'Reader' diff --git a/modules/network/express-route-circuit/README.md b/modules/network/express-route-circuit/README.md index 3acc1d2f3c..b8f4687a47 100644 --- a/modules/network/express-route-circuit/README.md +++ b/modules/network/express-route-circuit/README.md @@ -55,7 +55,10 @@ module expressRouteCircuit 'br:bicep/modules/network.express-route-circuit:1.0.0 diagnosticStorageAccountId: '' diagnosticWorkspaceId: '' enableDefaultTelemetry: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { principalIds: [ diff --git a/modules/network/express-route-circuit/main.bicep b/modules/network/express-route-circuit/main.bicep index f979f2c2e7..bed56a2ef3 100644 --- a/modules/network/express-route-circuit/main.bicep +++ b/modules/network/express-route-circuit/main.bicep @@ -188,11 +188,11 @@ resource expressRouteCircuits 'Microsoft.Network/expressRouteCircuits@2023-04-01 } } -resource expressRouteCircuits_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${expressRouteCircuits.name}-${lock}-lock' +resource expressRouteCircuits_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: expressRouteCircuits } diff --git a/modules/network/express-route-gateway/.test/common/main.test.bicep b/modules/network/express-route-gateway/.test/common/main.test.bicep index 9dd58dbbe3..d99873cd46 100644 --- a/modules/network/express-route-gateway/.test/common/main.test.bicep +++ b/modules/network/express-route-gateway/.test/common/main.test.bicep @@ -60,7 +60,10 @@ module testDeployment '../../main.bicep' = { autoScaleConfigurationBoundsMin: 2 autoScaleConfigurationBoundsMax: 3 virtualHubId: nestedDependencies.outputs.virtualHubResourceId - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { roleDefinitionIdOrName: 'Reader' diff --git a/modules/network/express-route-gateway/README.md b/modules/network/express-route-gateway/README.md index 8221723ccf..668611a8ca 100644 --- a/modules/network/express-route-gateway/README.md +++ b/modules/network/express-route-gateway/README.md @@ -49,7 +49,10 @@ module expressRouteGateway 'br:bicep/modules/network.express-route-gateway:1.0.0 autoScaleConfigurationBoundsMax: 3 autoScaleConfigurationBoundsMin: 2 enableDefaultTelemetry: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { principalIds: [ diff --git a/modules/network/express-route-gateway/main.bicep b/modules/network/express-route-gateway/main.bicep index 0858bcf18d..8ed68dd208 100644 --- a/modules/network/express-route-gateway/main.bicep +++ b/modules/network/express-route-gateway/main.bicep @@ -71,11 +71,11 @@ resource expressRouteGateway 'Microsoft.Network/expressRouteGateways@2023-04-01' } } -resource expressRouteGateway_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${expressRouteGateway.name}-${lock}-lock' +resource expressRouteGateway_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: expressRouteGateway } diff --git a/modules/network/front-door-web-application-firewall-policy/.test/common/main.test.bicep b/modules/network/front-door-web-application-firewall-policy/.test/common/main.test.bicep index a971d68691..9473957b31 100644 --- a/modules/network/front-door-web-application-firewall-policy/.test/common/main.test.bicep +++ b/modules/network/front-door-web-application-firewall-policy/.test/common/main.test.bicep @@ -52,7 +52,10 @@ module testDeployment '../../main.bicep' = { params: { enableDefaultTelemetry: enableDefaultTelemetry name: '${namePrefix}${serviceShort}001' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } sku: 'Premium_AzureFrontDoor' policySettings: { mode: 'Prevention' diff --git a/modules/network/front-door-web-application-firewall-policy/README.md b/modules/network/front-door-web-application-firewall-policy/README.md index 8cf0e4a016..2a9bd01464 100644 --- a/modules/network/front-door-web-application-firewall-policy/README.md +++ b/modules/network/front-door-web-application-firewall-policy/README.md @@ -94,7 +94,10 @@ module frontDoorWebApplicationFirewallPolicy 'br:bicep/modules/network.front-doo ] } enableDefaultTelemetry: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } managedRules: { managedRuleSets: [ { diff --git a/modules/network/front-door-web-application-firewall-policy/main.bicep b/modules/network/front-door-web-application-firewall-policy/main.bicep index 3ecc47cd21..5e5cb34de6 100644 --- a/modules/network/front-door-web-application-firewall-policy/main.bicep +++ b/modules/network/front-door-web-application-firewall-policy/main.bicep @@ -106,11 +106,11 @@ resource frontDoorWAFPolicy 'Microsoft.Network/FrontDoorWebApplicationFirewallPo } } -resource frontDoorWAFPolicy_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${frontDoorWAFPolicy.name}-${lock}-lock' +resource frontDoorWAFPolicy_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: frontDoorWAFPolicy } diff --git a/modules/network/front-door/.test/common/main.test.bicep b/modules/network/front-door/.test/common/main.test.bicep index dfc4e2b726..485d7f052f 100644 --- a/modules/network/front-door/.test/common/main.test.bicep +++ b/modules/network/front-door/.test/common/main.test.bicep @@ -113,7 +113,10 @@ module testDeployment '../../main.bicep' = { } } ] - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } routingRules: [ { name: 'routingRule' diff --git a/modules/network/front-door/README.md b/modules/network/front-door/README.md index f9b46052f3..f2f83732a0 100644 --- a/modules/network/front-door/README.md +++ b/modules/network/front-door/README.md @@ -135,7 +135,10 @@ module frontDoor 'br:bicep/modules/network.front-door:1.0.0' = { // Non-required parameters enableDefaultTelemetry: '' enforceCertificateNameCheck: 'Disabled' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { principalIds: [ diff --git a/modules/network/front-door/main.bicep b/modules/network/front-door/main.bicep index fe4dac367a..5cc6ed7234 100644 --- a/modules/network/front-door/main.bicep +++ b/modules/network/front-door/main.bicep @@ -135,11 +135,11 @@ resource frontDoor 'Microsoft.Network/frontDoors@2020-05-01' = { } } -resource frontDoor_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${frontDoor.name}-${lock}-lock' +resource frontDoor_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: frontDoor } diff --git a/modules/network/ip-group/.test/common/main.test.bicep b/modules/network/ip-group/.test/common/main.test.bicep index 61476fd930..e58ccd5a53 100644 --- a/modules/network/ip-group/.test/common/main.test.bicep +++ b/modules/network/ip-group/.test/common/main.test.bicep @@ -56,7 +56,10 @@ module testDeployment '../../main.bicep' = { '10.0.0.1' '10.0.0.2' ] - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { roleDefinitionIdOrName: 'Reader' diff --git a/modules/network/ip-group/README.md b/modules/network/ip-group/README.md index 2de276d682..890b0bfd2a 100644 --- a/modules/network/ip-group/README.md +++ b/modules/network/ip-group/README.md @@ -50,7 +50,10 @@ module ipGroup 'br:bicep/modules/network.ip-group:1.0.0' = { '10.0.0.1' '10.0.0.2' ] - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { principalIds: [ diff --git a/modules/network/ip-group/main.bicep b/modules/network/ip-group/main.bicep index b9a45120cd..6572ca71b5 100644 --- a/modules/network/ip-group/main.bicep +++ b/modules/network/ip-group/main.bicep @@ -50,11 +50,11 @@ resource ipGroup 'Microsoft.Network/ipGroups@2023-04-01' = { } } -resource ipGroup_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${ipGroup.name}-${lock}-lock' +resource ipGroup_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: ipGroup } diff --git a/modules/network/load-balancer/.test/common/main.test.bicep b/modules/network/load-balancer/.test/common/main.test.bicep index 6efb446ead..190d42404e 100644 --- a/modules/network/load-balancer/.test/common/main.test.bicep +++ b/modules/network/load-balancer/.test/common/main.test.bicep @@ -128,7 +128,10 @@ module testDeployment '../../main.bicep' = { probeName: 'probe2' } ] - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } outboundRules: [ { allocatedOutboundPorts: 63984 diff --git a/modules/network/load-balancer/README.md b/modules/network/load-balancer/README.md index 779036371c..e4d7ff7751 100644 --- a/modules/network/load-balancer/README.md +++ b/modules/network/load-balancer/README.md @@ -112,7 +112,10 @@ module loadBalancer 'br:bicep/modules/network.load-balancer:1.0.0' = { probeName: 'probe2' } ] - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } outboundRules: [ { allocatedOutboundPorts: 63984 diff --git a/modules/network/load-balancer/main.bicep b/modules/network/load-balancer/main.bicep index 0f15931f27..df626d8dff 100644 --- a/modules/network/load-balancer/main.bicep +++ b/modules/network/load-balancer/main.bicep @@ -221,11 +221,11 @@ module loadBalancer_inboundNATRules 'inbound-nat-rule/main.bicep' = [for (inboun ] }] -resource loadBalancer_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${loadBalancer.name}-${lock}-lock' +resource loadBalancer_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: loadBalancer } diff --git a/modules/network/local-network-gateway/.test/common/main.test.bicep b/modules/network/local-network-gateway/.test/common/main.test.bicep index 8bebc4a7aa..0d7e13410f 100644 --- a/modules/network/local-network-gateway/.test/common/main.test.bicep +++ b/modules/network/local-network-gateway/.test/common/main.test.bicep @@ -58,7 +58,10 @@ module testDeployment '../../main.bicep' = { localGatewayPublicIpAddress: '8.8.8.8' localAsn: '65123' localBgpPeeringAddress: '192.168.1.5' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { roleDefinitionIdOrName: 'Reader' diff --git a/modules/network/local-network-gateway/README.md b/modules/network/local-network-gateway/README.md index 0f26183ba5..a0348467c4 100644 --- a/modules/network/local-network-gateway/README.md +++ b/modules/network/local-network-gateway/README.md @@ -52,7 +52,10 @@ module localNetworkGateway 'br:bicep/modules/network.local-network-gateway:1.0.0 enableDefaultTelemetry: '' localAsn: '65123' localBgpPeeringAddress: '192.168.1.5' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { principalIds: [ diff --git a/modules/network/local-network-gateway/main.bicep b/modules/network/local-network-gateway/main.bicep index 7030202e79..e850d93a68 100644 --- a/modules/network/local-network-gateway/main.bicep +++ b/modules/network/local-network-gateway/main.bicep @@ -76,11 +76,11 @@ resource localNetworkGateway 'Microsoft.Network/localNetworkGateways@2023-04-01' } } -resource localNetworkGateway_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${localNetworkGateway.name}-${lock}-lock' +resource localNetworkGateway_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: localNetworkGateway } diff --git a/modules/network/nat-gateway/.test/common/main.test.bicep b/modules/network/nat-gateway/.test/common/main.test.bicep index 178f58c027..f999e3cb3a 100644 --- a/modules/network/nat-gateway/.test/common/main.test.bicep +++ b/modules/network/nat-gateway/.test/common/main.test.bicep @@ -70,7 +70,10 @@ module testDeployment '../../main.bicep' = { diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } natGatewayPublicIpAddress: true roleAssignments: [ { diff --git a/modules/network/nat-gateway/README.md b/modules/network/nat-gateway/README.md index 8d239324a4..fc7783084d 100644 --- a/modules/network/nat-gateway/README.md +++ b/modules/network/nat-gateway/README.md @@ -51,7 +51,10 @@ module natGateway 'br:bicep/modules/network.nat-gateway:1.0.0' = { diagnosticStorageAccountId: '' diagnosticWorkspaceId: '' enableDefaultTelemetry: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } natGatewayPublicIpAddress: true roleAssignments: [ { diff --git a/modules/network/nat-gateway/main.bicep b/modules/network/nat-gateway/main.bicep index f7094fff0c..1f25013f3e 100644 --- a/modules/network/nat-gateway/main.bicep +++ b/modules/network/nat-gateway/main.bicep @@ -153,11 +153,11 @@ resource natGateway 'Microsoft.Network/natGateways@2023-04-01' = { dependsOn: [ publicIPAddress ] } -resource natGateway_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${natGateway.name}-${lock}-lock' +resource natGateway_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: natGateway } diff --git a/modules/network/network-interface/.test/common/main.test.bicep b/modules/network/network-interface/.test/common/main.test.bicep index 5a7bfcf666..4fcb9fd47d 100644 --- a/modules/network/network-interface/.test/common/main.test.bicep +++ b/modules/network/network-interface/.test/common/main.test.bicep @@ -97,7 +97,10 @@ module testDeployment '../../main.bicep' = { diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { roleDefinitionIdOrName: 'Reader' diff --git a/modules/network/network-interface/README.md b/modules/network/network-interface/README.md index ee9c528fdd..82c12c3ece 100644 --- a/modules/network/network-interface/README.md +++ b/modules/network/network-interface/README.md @@ -75,7 +75,10 @@ module networkInterface 'br:bicep/modules/network.network-interface:1.0.0' = { diagnosticStorageAccountId: '' diagnosticWorkspaceId: '' enableDefaultTelemetry: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { principalIds: [ diff --git a/modules/network/network-interface/main.bicep b/modules/network/network-interface/main.bicep index 43f79f1528..ef6d49137a 100644 --- a/modules/network/network-interface/main.bicep +++ b/modules/network/network-interface/main.bicep @@ -154,11 +154,11 @@ resource networkInterface_diagnosticSettings 'Microsoft.Insights/diagnosticSetti scope: networkInterface } -resource networkInterface_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${networkInterface.name}-${lock}-lock' +resource networkInterface_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: networkInterface } diff --git a/modules/network/network-manager/.test/common/main.test.bicep b/modules/network/network-manager/.test/common/main.test.bicep index e0899bd41c..25ba582f7c 100644 --- a/modules/network/network-manager/.test/common/main.test.bicep +++ b/modules/network/network-manager/.test/common/main.test.bicep @@ -59,7 +59,10 @@ module testDeployment '../../main.bicep' = { params: { name: networkManagerName enableDefaultTelemetry: enableDefaultTelemetry - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { roleDefinitionIdOrName: 'Reader' diff --git a/modules/network/network-manager/README.md b/modules/network/network-manager/README.md index 86e3036e2f..3d9b5b3f77 100644 --- a/modules/network/network-manager/README.md +++ b/modules/network/network-manager/README.md @@ -100,7 +100,10 @@ module networkManager 'br:bicep/modules/network.network-manager:1.0.0' = { } ] enableDefaultTelemetry: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } networkGroups: [ { description: 'network-group-spokes description' diff --git a/modules/network/network-manager/main.bicep b/modules/network/network-manager/main.bicep index 21c5a261c0..c5aa045c1d 100644 --- a/modules/network/network-manager/main.bicep +++ b/modules/network/network-manager/main.bicep @@ -126,11 +126,11 @@ module networkManager_securityAdminConfigurations 'security-admin-configuration/ dependsOn: networkManager_networkGroups }] -resource networkManager_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${networkManager.name}-${lock}-lock' +resource networkManager_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: networkManager } diff --git a/modules/network/network-security-group/.test/common/main.test.bicep b/modules/network/network-security-group/.test/common/main.test.bicep index b3d3aa351f..66532c02ae 100644 --- a/modules/network/network-security-group/.test/common/main.test.bicep +++ b/modules/network/network-security-group/.test/common/main.test.bicep @@ -71,7 +71,10 @@ module testDeployment '../../main.bicep' = { diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { roleDefinitionIdOrName: 'Reader' diff --git a/modules/network/network-security-group/README.md b/modules/network/network-security-group/README.md index 9cc85e94be..ffbec83ea4 100644 --- a/modules/network/network-security-group/README.md +++ b/modules/network/network-security-group/README.md @@ -52,7 +52,10 @@ module networkSecurityGroup 'br:bicep/modules/network.network-security-group:1.0 diagnosticStorageAccountId: '' diagnosticWorkspaceId: '' enableDefaultTelemetry: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { principalIds: [ diff --git a/modules/network/network-security-group/main.bicep b/modules/network/network-security-group/main.bicep index 5ee9437903..a736802a6f 100644 --- a/modules/network/network-security-group/main.bicep +++ b/modules/network/network-security-group/main.bicep @@ -136,11 +136,11 @@ module networkSecurityGroup_securityRules 'security-rule/main.bicep' = [for (sec } }] -resource networkSecurityGroup_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${networkSecurityGroup.name}-${lock}-lock' +resource networkSecurityGroup_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: networkSecurityGroup } diff --git a/modules/network/network-watcher/main.bicep b/modules/network/network-watcher/main.bicep index 2fbae1f1cd..a13ab9b33a 100644 --- a/modules/network/network-watcher/main.bicep +++ b/modules/network/network-watcher/main.bicep @@ -53,11 +53,11 @@ resource networkWatcher 'Microsoft.Network/networkWatchers@2023-04-01' = { properties: {} } -resource networkWatcher_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${networkWatcher.name}-${lock}-lock' +resource networkWatcher_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: networkWatcher } diff --git a/modules/network/private-dns-zone/.test/common/main.test.bicep b/modules/network/private-dns-zone/.test/common/main.test.bicep index d3e5ad38db..b8fd61f780 100644 --- a/modules/network/private-dns-zone/.test/common/main.test.bicep +++ b/modules/network/private-dns-zone/.test/common/main.test.bicep @@ -102,7 +102,10 @@ module testDeployment '../../main.bicep' = { ttl: 3600 } ] - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } mx: [ { mxRecords: [ diff --git a/modules/network/private-dns-zone/README.md b/modules/network/private-dns-zone/README.md index 54fc9873d1..f4d2715733 100644 --- a/modules/network/private-dns-zone/README.md +++ b/modules/network/private-dns-zone/README.md @@ -104,7 +104,10 @@ module privateDnsZone 'br:bicep/modules/network.private-dns-zone:1.0.0' = { } ] enableDefaultTelemetry: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } mx: [ { mxRecords: [ diff --git a/modules/network/private-dns-zone/main.bicep b/modules/network/private-dns-zone/main.bicep index 75d433791a..f9715e994d 100644 --- a/modules/network/private-dns-zone/main.bicep +++ b/modules/network/private-dns-zone/main.bicep @@ -189,11 +189,11 @@ module privateDnsZone_virtualNetworkLinks 'virtual-network-link/main.bicep' = [f } }] -resource privateDnsZone_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${privateDnsZone.name}-${lock}-lock' +resource privateDnsZone_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: privateDnsZone } diff --git a/modules/network/private-endpoint/.test/common/main.test.bicep b/modules/network/private-endpoint/.test/common/main.test.bicep index 856807277f..19cb68785c 100644 --- a/modules/network/private-endpoint/.test/common/main.test.bicep +++ b/modules/network/private-endpoint/.test/common/main.test.bicep @@ -60,7 +60,10 @@ module testDeployment '../../main.bicep' = { ] serviceResourceId: nestedDependencies.outputs.keyVaultResourceId subnetResourceId: nestedDependencies.outputs.subnetResourceId - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } privateDnsZoneGroup: { privateDNSResourceIds: [ nestedDependencies.outputs.privateDNSZoneResourceId diff --git a/modules/network/private-endpoint/README.md b/modules/network/private-endpoint/README.md index 241b1e441a..67e0fc3fc7 100644 --- a/modules/network/private-endpoint/README.md +++ b/modules/network/private-endpoint/README.md @@ -68,7 +68,10 @@ module privateEndpoint 'br:bicep/modules/network.private-endpoint:1.0.0' = { } } ] - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } privateDnsZoneGroup: { privateDNSResourceIds: [ '' diff --git a/modules/network/private-endpoint/main.bicep b/modules/network/private-endpoint/main.bicep index c47ebca698..4b6aa3fe60 100644 --- a/modules/network/private-endpoint/main.bicep +++ b/modules/network/private-endpoint/main.bicep @@ -101,11 +101,11 @@ module privateEndpoint_privateDnsZoneGroup 'private-dns-zone-group/main.bicep' = } } -resource privateEndpoint_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${privateEndpoint.name}-${lock}-lock' +resource privateEndpoint_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: privateEndpoint } diff --git a/modules/network/private-link-service/.test/common/main.test.bicep b/modules/network/private-link-service/.test/common/main.test.bicep index 2566dda08b..b7cbc93723 100644 --- a/modules/network/private-link-service/.test/common/main.test.bicep +++ b/modules/network/private-link-service/.test/common/main.test.bicep @@ -54,7 +54,10 @@ module testDeployment '../../main.bicep' = { params: { enableDefaultTelemetry: enableDefaultTelemetry name: '${namePrefix}${serviceShort}001' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } ipConfigurations: [ { name: '${serviceShort}01' diff --git a/modules/network/private-link-service/README.md b/modules/network/private-link-service/README.md index a1182c3ce1..14623bf726 100644 --- a/modules/network/private-link-service/README.md +++ b/modules/network/private-link-service/README.md @@ -74,7 +74,10 @@ module privateLinkService 'br:bicep/modules/network.private-link-service:1.0.0' id: '' } ] - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { principalIds: [ diff --git a/modules/network/private-link-service/main.bicep b/modules/network/private-link-service/main.bicep index e9f91ecae5..6f69a73136 100644 --- a/modules/network/private-link-service/main.bicep +++ b/modules/network/private-link-service/main.bicep @@ -73,11 +73,11 @@ resource privateLinkService 'Microsoft.Network/privateLinkServices@2022-11-01' = } } -resource privateLinkService_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${privateLinkService.name}-${lock}-lock' +resource privateLinkService_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: privateLinkService } diff --git a/modules/network/public-ip-address/.test/common/main.test.bicep b/modules/network/public-ip-address/.test/common/main.test.bicep index 73fe5bb4a5..eadd4eb23a 100644 --- a/modules/network/public-ip-address/.test/common/main.test.bicep +++ b/modules/network/public-ip-address/.test/common/main.test.bicep @@ -70,7 +70,10 @@ module testDeployment '../../main.bicep' = { diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } publicIPAllocationMethod: 'Static' roleAssignments: [ { diff --git a/modules/network/public-ip-address/README.md b/modules/network/public-ip-address/README.md index d66c035af4..a462079471 100644 --- a/modules/network/public-ip-address/README.md +++ b/modules/network/public-ip-address/README.md @@ -51,7 +51,10 @@ module publicIpAddress 'br:bicep/modules/network.public-ip-address:1.0.0' = { diagnosticStorageAccountId: '' diagnosticWorkspaceId: '' enableDefaultTelemetry: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } publicIPAllocationMethod: 'Static' roleAssignments: [ { diff --git a/modules/network/public-ip-address/main.bicep b/modules/network/public-ip-address/main.bicep index 9df17390ea..88b830b1cd 100644 --- a/modules/network/public-ip-address/main.bicep +++ b/modules/network/public-ip-address/main.bicep @@ -169,11 +169,11 @@ resource publicIpAddress 'Microsoft.Network/publicIPAddresses@2023-04-01' = { } } -resource publicIpAddress_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${publicIpAddress.name}-${lock}-lock' +resource publicIpAddress_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: publicIpAddress } diff --git a/modules/network/public-ip-prefix/.test/common/main.test.bicep b/modules/network/public-ip-prefix/.test/common/main.test.bicep index 4c96332650..86dba8a94f 100644 --- a/modules/network/public-ip-prefix/.test/common/main.test.bicep +++ b/modules/network/public-ip-prefix/.test/common/main.test.bicep @@ -53,7 +53,10 @@ module testDeployment '../../main.bicep' = { enableDefaultTelemetry: enableDefaultTelemetry name: '${namePrefix}${serviceShort}001' prefixLength: 28 - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { roleDefinitionIdOrName: 'Reader' diff --git a/modules/network/public-ip-prefix/README.md b/modules/network/public-ip-prefix/README.md index b10bc8730b..8f26231cc1 100644 --- a/modules/network/public-ip-prefix/README.md +++ b/modules/network/public-ip-prefix/README.md @@ -47,7 +47,10 @@ module publicIpPrefix 'br:bicep/modules/network.public-ip-prefix:1.0.0' = { prefixLength: 28 // Non-required parameters enableDefaultTelemetry: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { principalIds: [ diff --git a/modules/network/public-ip-prefix/main.bicep b/modules/network/public-ip-prefix/main.bicep index 2781103a65..f67c5e9195 100644 --- a/modules/network/public-ip-prefix/main.bicep +++ b/modules/network/public-ip-prefix/main.bicep @@ -60,11 +60,11 @@ resource publicIpPrefix 'Microsoft.Network/publicIPPrefixes@2023-04-01' = { } } -resource publicIpPrefix_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${publicIpPrefix.name}-${lock}-lock' +resource publicIpPrefix_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: publicIpPrefix } diff --git a/modules/network/route-table/.test/common/main.test.bicep b/modules/network/route-table/.test/common/main.test.bicep index 760b5c2741..cab828e429 100644 --- a/modules/network/route-table/.test/common/main.test.bicep +++ b/modules/network/route-table/.test/common/main.test.bicep @@ -52,7 +52,10 @@ module testDeployment '../../main.bicep' = { params: { enableDefaultTelemetry: enableDefaultTelemetry name: '${namePrefix}${serviceShort}001' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { roleDefinitionIdOrName: 'Reader' diff --git a/modules/network/route-table/README.md b/modules/network/route-table/README.md index ce2ec44629..d9c31186d8 100644 --- a/modules/network/route-table/README.md +++ b/modules/network/route-table/README.md @@ -46,7 +46,10 @@ module routeTable 'br:bicep/modules/network.route-table:1.0.0' = { name: 'nrtcom001' // Non-required parameters enableDefaultTelemetry: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { principalIds: [ diff --git a/modules/network/route-table/main.bicep b/modules/network/route-table/main.bicep index f32660a665..7323c68c3f 100644 --- a/modules/network/route-table/main.bicep +++ b/modules/network/route-table/main.bicep @@ -53,11 +53,11 @@ resource routeTable 'Microsoft.Network/routeTables@2023-04-01' = { } } -resource routeTable_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${routeTable.name}-${lock}-lock' +resource routeTable_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: routeTable } diff --git a/modules/network/service-endpoint-policy/.test/common/main.test.bicep b/modules/network/service-endpoint-policy/.test/common/main.test.bicep index ef6675cda3..82ee681383 100644 --- a/modules/network/service-endpoint-policy/.test/common/main.test.bicep +++ b/modules/network/service-endpoint-policy/.test/common/main.test.bicep @@ -52,7 +52,10 @@ module testDeployment '../../main.bicep' = { params: { enableDefaultTelemetry: enableDefaultTelemetry name: '${namePrefix}-${serviceShort}-001' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { roleDefinitionIdOrName: 'Reader' diff --git a/modules/network/service-endpoint-policy/README.md b/modules/network/service-endpoint-policy/README.md index f58b19c384..75a8c5bd09 100644 --- a/modules/network/service-endpoint-policy/README.md +++ b/modules/network/service-endpoint-policy/README.md @@ -46,7 +46,10 @@ module serviceEndpointPolicy 'br:bicep/modules/network.service-endpoint-policy:1 name: 'nsnpcom-001' // Non-required parameters enableDefaultTelemetry: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { principalIds: [ diff --git a/modules/network/service-endpoint-policy/main.bicep b/modules/network/service-endpoint-policy/main.bicep index 357a2055e5..e2c4706285 100644 --- a/modules/network/service-endpoint-policy/main.bicep +++ b/modules/network/service-endpoint-policy/main.bicep @@ -57,11 +57,11 @@ resource serviceEndpointPolicy 'Microsoft.Network/serviceEndpointPolicies@2023-0 } } -resource serviceEndpointPolicy_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${serviceEndpointPolicy.name}-${lock}-lock' +resource serviceEndpointPolicy_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: serviceEndpointPolicy } diff --git a/modules/network/trafficmanagerprofile/.test/common/main.test.bicep b/modules/network/trafficmanagerprofile/.test/common/main.test.bicep index 14ba90e0c3..9a466dd925 100644 --- a/modules/network/trafficmanagerprofile/.test/common/main.test.bicep +++ b/modules/network/trafficmanagerprofile/.test/common/main.test.bicep @@ -71,7 +71,10 @@ module testDeployment '../../main.bicep' = { diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { roleDefinitionIdOrName: 'Reader' diff --git a/modules/network/trafficmanagerprofile/README.md b/modules/network/trafficmanagerprofile/README.md index 614ac693bf..7d94cadfb8 100644 --- a/modules/network/trafficmanagerprofile/README.md +++ b/modules/network/trafficmanagerprofile/README.md @@ -53,7 +53,10 @@ module trafficmanagerprofile 'br:bicep/modules/network.trafficmanagerprofile:1.0 diagnosticStorageAccountId: '' diagnosticWorkspaceId: '' enableDefaultTelemetry: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { principalIds: [ diff --git a/modules/network/trafficmanagerprofile/main.bicep b/modules/network/trafficmanagerprofile/main.bicep index bfb057fe76..842448a99c 100644 --- a/modules/network/trafficmanagerprofile/main.bicep +++ b/modules/network/trafficmanagerprofile/main.bicep @@ -148,11 +148,11 @@ resource trafficManagerProfile 'Microsoft.Network/trafficmanagerprofiles@2018-08 } } -resource trafficManagerProfile_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${trafficManagerProfile.name}-${lock}-lock' +resource trafficManagerProfile_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: trafficManagerProfile } diff --git a/modules/network/virtual-hub/.test/common/main.test.bicep b/modules/network/virtual-hub/.test/common/main.test.bicep index f6186c40cf..52f78ecbb6 100644 --- a/modules/network/virtual-hub/.test/common/main.test.bicep +++ b/modules/network/virtual-hub/.test/common/main.test.bicep @@ -53,7 +53,10 @@ module testDeployment '../../main.bicep' = { params: { enableDefaultTelemetry: enableDefaultTelemetry name: '${namePrefix}-${serviceShort}' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } addressPrefix: '10.1.0.0/16' virtualWanId: nestedDependencies.outputs.virtualWWANResourceId hubRouteTables: [ diff --git a/modules/network/virtual-hub/README.md b/modules/network/virtual-hub/README.md index be143b75c0..1b5bee3540 100644 --- a/modules/network/virtual-hub/README.md +++ b/modules/network/virtual-hub/README.md @@ -76,7 +76,10 @@ module virtualHub 'br:bicep/modules/network.virtual-hub:1.0.0' = { } } ] - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } tags: { Environment: 'Non-Prod' 'hidden-title': 'This is visible in the resource name' diff --git a/modules/network/virtual-hub/main.bicep b/modules/network/virtual-hub/main.bicep index 282b1c1e98..ed647753cd 100644 --- a/modules/network/virtual-hub/main.bicep +++ b/modules/network/virtual-hub/main.bicep @@ -129,11 +129,11 @@ resource virtualHub 'Microsoft.Network/virtualHubs@2022-11-01' = { } } -resource virtualHub_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${virtualHub.name}-${lock}-lock' +resource virtualHub_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: virtualHub } diff --git a/modules/network/virtual-network-gateway/.test/aadvpn/main.test.bicep b/modules/network/virtual-network-gateway/.test/aadvpn/main.test.bicep index 3a784a64e4..fe61f76c04 100644 --- a/modules/network/virtual-network-gateway/.test/aadvpn/main.test.bicep +++ b/modules/network/virtual-network-gateway/.test/aadvpn/main.test.bicep @@ -75,7 +75,10 @@ module testDeployment '../../main.bicep' = { domainNameLabel: [ '${namePrefix}-dm-${serviceShort}' ] - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } publicIpZones: [ '1' '2' diff --git a/modules/network/virtual-network-gateway/.test/vpn/main.test.bicep b/modules/network/virtual-network-gateway/.test/vpn/main.test.bicep index 16c5132474..1845a4fff4 100644 --- a/modules/network/virtual-network-gateway/.test/vpn/main.test.bicep +++ b/modules/network/virtual-network-gateway/.test/vpn/main.test.bicep @@ -77,7 +77,10 @@ module testDeployment '../../main.bicep' = { domainNameLabel: [ '${namePrefix}-dm-${serviceShort}' ] - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } publicIpZones: [ '1' '2' diff --git a/modules/network/virtual-network-gateway/README.md b/modules/network/virtual-network-gateway/README.md index 98a0acccc9..883307369a 100644 --- a/modules/network/virtual-network-gateway/README.md +++ b/modules/network/virtual-network-gateway/README.md @@ -58,7 +58,10 @@ module virtualNetworkGateway 'br:bicep/modules/network.virtual-network-gateway:1 'dm-nvngavpn' ] enableDefaultTelemetry: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } publicIpZones: [ '1' '2' @@ -359,7 +362,10 @@ module virtualNetworkGateway 'br:bicep/modules/network.virtual-network-gateway:1 enableDefaultTelemetry: '' enablePrivateIpAddress: true gatewayDefaultSiteLocalNetworkGatewayId: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } natRules: [ { externalMappings: [ diff --git a/modules/network/virtual-network-gateway/main.bicep b/modules/network/virtual-network-gateway/main.bicep index 3603f8132e..0169361f08 100644 --- a/modules/network/virtual-network-gateway/main.bicep +++ b/modules/network/virtual-network-gateway/main.bicep @@ -402,11 +402,11 @@ module virtualNetworkGateway_natRules 'nat-rule/main.bicep' = [for (natRule, ind } }] -resource virtualNetworkGateway_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${virtualNetworkGateway.name}-${lock}-lock' +resource virtualNetworkGateway_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: virtualNetworkGateway } diff --git a/modules/network/virtual-network/.test/common/main.test.bicep b/modules/network/virtual-network/.test/common/main.test.bicep index 832c76cfc0..766e2acdb0 100644 --- a/modules/network/virtual-network/.test/common/main.test.bicep +++ b/modules/network/virtual-network/.test/common/main.test.bicep @@ -80,7 +80,10 @@ module testDeployment '../../main.bicep' = { '10.0.1.4' '10.0.1.5' ] - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { roleDefinitionIdOrName: 'Reader' diff --git a/modules/network/virtual-network/README.md b/modules/network/virtual-network/README.md index cff0a58411..9edcbbf2ea 100644 --- a/modules/network/virtual-network/README.md +++ b/modules/network/virtual-network/README.md @@ -63,7 +63,10 @@ module virtualNetwork 'br:bicep/modules/network.virtual-network:1.0.0' = { ] enableDefaultTelemetry: '' flowTimeoutInMinutes: 20 - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { principalIds: [ diff --git a/modules/network/virtual-network/main.bicep b/modules/network/virtual-network/main.bicep index 1b00114e5e..bac1cc95ba 100644 --- a/modules/network/virtual-network/main.bicep +++ b/modules/network/virtual-network/main.bicep @@ -232,11 +232,11 @@ module virtualNetwork_peering_remote 'virtual-network-peering/main.bicep' = [for } }] -resource virtualNetwork_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${virtualNetwork.name}-${lock}-lock' +resource virtualNetwork_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: virtualNetwork } diff --git a/modules/network/virtual-wan/.test/common/main.test.bicep b/modules/network/virtual-wan/.test/common/main.test.bicep index ab7ace98d9..cc243543eb 100644 --- a/modules/network/virtual-wan/.test/common/main.test.bicep +++ b/modules/network/virtual-wan/.test/common/main.test.bicep @@ -55,7 +55,10 @@ module testDeployment '../../main.bicep' = { allowBranchToBranchTraffic: true allowVnetToVnetTraffic: true disableVpnEncryption: true - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { roleDefinitionIdOrName: 'Reader' diff --git a/modules/network/virtual-wan/README.md b/modules/network/virtual-wan/README.md index 4d6f442bb2..074b480409 100644 --- a/modules/network/virtual-wan/README.md +++ b/modules/network/virtual-wan/README.md @@ -49,7 +49,10 @@ module virtualWan 'br:bicep/modules/network.virtual-wan:1.0.0' = { allowVnetToVnetTraffic: true disableVpnEncryption: true enableDefaultTelemetry: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { principalIds: [ diff --git a/modules/network/virtual-wan/main.bicep b/modules/network/virtual-wan/main.bicep index 320389906b..8bff343120 100644 --- a/modules/network/virtual-wan/main.bicep +++ b/modules/network/virtual-wan/main.bicep @@ -65,11 +65,11 @@ resource virtualWan 'Microsoft.Network/virtualWans@2023-04-01' = { } } -resource virtualWan_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${virtualWan.name}-${lock}-lock' +resource virtualWan_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: virtualWan } diff --git a/modules/network/vpn-gateway/.test/common/main.test.bicep b/modules/network/vpn-gateway/.test/common/main.test.bicep index 7496548a25..9c12de8234 100644 --- a/modules/network/vpn-gateway/.test/common/main.test.bicep +++ b/modules/network/vpn-gateway/.test/common/main.test.bicep @@ -72,7 +72,10 @@ module testDeployment '../../main.bicep' = { routingWeight: 0 } ] - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } natRules: [ { externalMappings: [ diff --git a/modules/network/vpn-gateway/README.md b/modules/network/vpn-gateway/README.md index 67cfe344a8..6627d5fe95 100644 --- a/modules/network/vpn-gateway/README.md +++ b/modules/network/vpn-gateway/README.md @@ -53,7 +53,10 @@ module vpnGateway 'br:bicep/modules/network.vpn-gateway:1.0.0' = { peerWeight: 0 } enableDefaultTelemetry: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } natRules: [ { externalMappings: [ diff --git a/modules/network/vpn-gateway/main.bicep b/modules/network/vpn-gateway/main.bicep index 58acd01951..366166703d 100644 --- a/modules/network/vpn-gateway/main.bicep +++ b/modules/network/vpn-gateway/main.bicep @@ -72,11 +72,11 @@ resource vpnGateway 'Microsoft.Network/vpnGateways@2023-04-01' = { } } -resource vpnGateway_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${vpnGateway.name}-${lock}-lock' +resource vpnGateway_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: vpnGateway } diff --git a/modules/network/vpn-site/.test/common/main.test.bicep b/modules/network/vpn-site/.test/common/main.test.bicep index bfcbcbb6ad..2bdea975b3 100644 --- a/modules/network/vpn-site/.test/common/main.test.bicep +++ b/modules/network/vpn-site/.test/common/main.test.bicep @@ -54,7 +54,10 @@ module testDeployment '../../main.bicep' = { enableDefaultTelemetry: enableDefaultTelemetry name: '${namePrefix}-${serviceShort}' virtualWanId: nestedDependencies.outputs.virtualWWANResourceId - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } tags: { 'hidden-title': 'This is visible in the resource name' tagA: 'valueA' diff --git a/modules/network/vpn-site/README.md b/modules/network/vpn-site/README.md index d231248df9..fb1536ea28 100644 --- a/modules/network/vpn-site/README.md +++ b/modules/network/vpn-site/README.md @@ -51,7 +51,10 @@ module vpnSite 'br:bicep/modules/network.vpn-site:1.0.0' = { linkSpeedInMbps: 0 } enableDefaultTelemetry: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } o365Policy: { breakOutCategories: { allow: true diff --git a/modules/network/vpn-site/main.bicep b/modules/network/vpn-site/main.bicep index 3d50b1d9d2..11420e78e0 100644 --- a/modules/network/vpn-site/main.bicep +++ b/modules/network/vpn-site/main.bicep @@ -81,11 +81,11 @@ resource vpnSite 'Microsoft.Network/vpnSites@2023-04-01' = { } } -resource vpnSite_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${vpnSite.name}-${lock}-lock' +resource vpnSite_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: vpnSite } diff --git a/modules/operational-insights/workspace/.test/adv/main.test.bicep b/modules/operational-insights/workspace/.test/adv/main.test.bicep index f449c7cc6d..b18387c3af 100644 --- a/modules/operational-insights/workspace/.test/adv/main.test.bicep +++ b/modules/operational-insights/workspace/.test/adv/main.test.bicep @@ -181,7 +181,10 @@ module testDeployment '../../main.bicep' = { resourceId: nestedDependencies.outputs.storageAccountResourceId } ] - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } publicNetworkAccessForIngestion: 'Disabled' publicNetworkAccessForQuery: 'Disabled' savedSearches: [ diff --git a/modules/operational-insights/workspace/.test/common/main.test.bicep b/modules/operational-insights/workspace/.test/common/main.test.bicep index 2e994d7fed..8f4ef65925 100644 --- a/modules/operational-insights/workspace/.test/common/main.test.bicep +++ b/modules/operational-insights/workspace/.test/common/main.test.bicep @@ -182,7 +182,10 @@ module testDeployment '../../main.bicep' = { resourceId: nestedDependencies.outputs.storageAccountResourceId } ] - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } publicNetworkAccessForIngestion: 'Disabled' publicNetworkAccessForQuery: 'Disabled' savedSearches: [ diff --git a/modules/operational-insights/workspace/README.md b/modules/operational-insights/workspace/README.md index b0e47dc105..054fa4a406 100644 --- a/modules/operational-insights/workspace/README.md +++ b/modules/operational-insights/workspace/README.md @@ -193,7 +193,10 @@ module workspace 'br:bicep/modules/operational-insights.workspace:1.0.0' = { resourceId: '' } ] - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } publicNetworkAccessForIngestion: 'Disabled' publicNetworkAccessForQuery: 'Disabled' savedSearches: [ @@ -699,7 +702,10 @@ module workspace 'br:bicep/modules/operational-insights.workspace:1.0.0' = { resourceId: '' } ] - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } publicNetworkAccessForIngestion: 'Disabled' publicNetworkAccessForQuery: 'Disabled' roleAssignments: [ diff --git a/modules/operational-insights/workspace/main.bicep b/modules/operational-insights/workspace/main.bicep index d162a45732..616695e390 100644 --- a/modules/operational-insights/workspace/main.bicep +++ b/modules/operational-insights/workspace/main.bicep @@ -324,11 +324,11 @@ module logAnalyticsWorkspace_solutions '../../operations-management/solution/mai } }] -resource logAnalyticsWorkspace_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${logAnalyticsWorkspace.name}-${lock}-lock' +resource logAnalyticsWorkspace_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: logAnalyticsWorkspace } diff --git a/modules/power-bi-dedicated/capacity/.test/common/main.test.bicep b/modules/power-bi-dedicated/capacity/.test/common/main.test.bicep index e2222db5b8..9492810703 100644 --- a/modules/power-bi-dedicated/capacity/.test/common/main.test.bicep +++ b/modules/power-bi-dedicated/capacity/.test/common/main.test.bicep @@ -53,7 +53,10 @@ module testDeployment '../../main.bicep' = { enableDefaultTelemetry: enableDefaultTelemetry name: '${namePrefix}${serviceShort}001' skuCapacity: 1 - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } members: [ nestedDependencies.outputs.managedIdentityPrincipalId ] diff --git a/modules/power-bi-dedicated/capacity/README.md b/modules/power-bi-dedicated/capacity/README.md index 8257071543..1b88bb161e 100644 --- a/modules/power-bi-dedicated/capacity/README.md +++ b/modules/power-bi-dedicated/capacity/README.md @@ -50,7 +50,10 @@ module capacity 'br:bicep/modules/power-bi-dedicated.capacity:1.0.0' = { skuCapacity: 1 // Non-required parameters enableDefaultTelemetry: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { principalIds: [ diff --git a/modules/purview/account/.test/common/main.test.bicep b/modules/purview/account/.test/common/main.test.bicep index e2746b7ebf..994f498e69 100644 --- a/modules/purview/account/.test/common/main.test.bicep +++ b/modules/purview/account/.test/common/main.test.bicep @@ -173,6 +173,9 @@ module testDeployment '../../main.bicep' = { enableDefaultTelemetry: enableDefaultTelemetry diagnosticLogCategoriesToEnable: [ 'allLogs' ] diagnosticMetricsToEnable: [ 'AllMetrics' ] - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } } } diff --git a/modules/purview/account/README.md b/modules/purview/account/README.md index 78a48d77ad..e056859426 100644 --- a/modules/purview/account/README.md +++ b/modules/purview/account/README.md @@ -92,7 +92,10 @@ module account 'br:bicep/modules/purview.account:1.0.0' = { } ] location: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } managedResourceGroupName: 'pvacom001-managed-rg' portalPrivateEndpoints: [ { diff --git a/modules/purview/account/main.bicep b/modules/purview/account/main.bicep index a5eedb8ff6..1ae49db892 100644 --- a/modules/purview/account/main.bicep +++ b/modules/purview/account/main.bicep @@ -146,13 +146,13 @@ resource account 'Microsoft.Purview/accounts@2021-07-01' = { } } -resource purview_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${account.name}-${lock}-lock' +resource purview_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } - scope: account + scope: purview } resource purview_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { diff --git a/modules/recovery-services/vault/.test/common/main.test.bicep b/modules/recovery-services/vault/.test/common/main.test.bicep index aa714983ad..b62d5348f3 100644 --- a/modules/recovery-services/vault/.test/common/main.test.bicep +++ b/modules/recovery-services/vault/.test/common/main.test.bicep @@ -316,7 +316,10 @@ module testDeployment '../../main.bicep' = { diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } privateEndpoints: [ { privateDnsZoneGroup: { diff --git a/modules/recovery-services/vault/README.md b/modules/recovery-services/vault/README.md index c7bbaa77ff..d6eadaf898 100644 --- a/modules/recovery-services/vault/README.md +++ b/modules/recovery-services/vault/README.md @@ -302,7 +302,10 @@ module vault 'br:bicep/modules/recovery-services.vault:1.0.0' = { diagnosticStorageAccountId: '' diagnosticWorkspaceId: '' enableDefaultTelemetry: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } monitoringSettings: { azureMonitorAlertSettings: { alertsForAllJobFailures: 'Enabled' diff --git a/modules/recovery-services/vault/main.bicep b/modules/recovery-services/vault/main.bicep index 5a7a9bdaf3..6cf6ca00b6 100644 --- a/modules/recovery-services/vault/main.bicep +++ b/modules/recovery-services/vault/main.bicep @@ -262,11 +262,11 @@ module rsv_replicationAlertSettings 'replication-alert-setting/main.bicep' = if } } -resource rsv_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${rsv.name}-${lock}-lock' +resource rsv_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: rsv } diff --git a/modules/relay/namespace/.test/common/main.test.bicep b/modules/relay/namespace/.test/common/main.test.bicep index 219a764842..988f059004 100644 --- a/modules/relay/namespace/.test/common/main.test.bicep +++ b/modules/relay/namespace/.test/common/main.test.bicep @@ -67,7 +67,10 @@ module testDeployment '../../main.bicep' = { params: { enableDefaultTelemetry: enableDefaultTelemetry name: '${namePrefix}${serviceShort}001' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } skuName: 'Standard' tags: { 'hidden-title': 'This is visible in the resource name' diff --git a/modules/relay/namespace/README.md b/modules/relay/namespace/README.md index f9d8f5efff..f606c09e15 100644 --- a/modules/relay/namespace/README.md +++ b/modules/relay/namespace/README.md @@ -92,7 +92,10 @@ module namespace 'br:bicep/modules/relay.namespace:1.0.0' = { userMetadata: '[{\'key\':\'endpoint\'\'value\':\'db-server.constoso.com:1433\'}]' } ] - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } networkRuleSets: { defaultAction: 'Deny' ipRules: [ diff --git a/modules/relay/namespace/hybrid-connection/main.bicep b/modules/relay/namespace/hybrid-connection/main.bicep index 280f1efc02..d011a33440 100644 --- a/modules/relay/namespace/hybrid-connection/main.bicep +++ b/modules/relay/namespace/hybrid-connection/main.bicep @@ -94,11 +94,11 @@ module hybridConnection_authorizationRules 'authorization-rule/main.bicep' = [fo } }] -resource hybridConnection_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${hybridConnection.name}-${lock}-lock' +resource hybridConnection_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: hybridConnection } diff --git a/modules/relay/namespace/main.bicep b/modules/relay/namespace/main.bicep index 58fe8148c0..98c368a414 100644 --- a/modules/relay/namespace/main.bicep +++ b/modules/relay/namespace/main.bicep @@ -223,11 +223,11 @@ module namespace_wcfRelays 'wcf-relay/main.bicep' = [for (wcfRelay, index) in wc } }] -resource namespace_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${namespace.name}-${lock}-lock' +resource namespace_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: namespace } diff --git a/modules/relay/namespace/wcf-relay/main.bicep b/modules/relay/namespace/wcf-relay/main.bicep index 171e2d99ba..1b87a1d1c9 100644 --- a/modules/relay/namespace/wcf-relay/main.bicep +++ b/modules/relay/namespace/wcf-relay/main.bicep @@ -106,11 +106,11 @@ module wcfRelay_authorizationRules 'authorization-rule/main.bicep' = [for (autho } }] -resource wcfRelay_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${wcfRelay.name}-${lock}-lock' +resource wcfRelay_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: wcfRelay } diff --git a/modules/resource-graph/query/.test/common/main.test.bicep b/modules/resource-graph/query/.test/common/main.test.bicep index 77af84a74d..a898c05ab8 100644 --- a/modules/resource-graph/query/.test/common/main.test.bicep +++ b/modules/resource-graph/query/.test/common/main.test.bicep @@ -52,7 +52,10 @@ module testDeployment '../../main.bicep' = { params: { enableDefaultTelemetry: enableDefaultTelemetry name: '${namePrefix}${serviceShort}001' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { roleDefinitionIdOrName: 'Reader' diff --git a/modules/resource-graph/query/README.md b/modules/resource-graph/query/README.md index 5d725b3c03..e634f1e83b 100644 --- a/modules/resource-graph/query/README.md +++ b/modules/resource-graph/query/README.md @@ -47,7 +47,10 @@ module query 'br:bicep/modules/resource-graph.query:1.0.0' = { query: 'resources | take 10' // Non-required parameters enableDefaultTelemetry: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } queryDescription: 'An example query to list first 10 resources in the subscription.' roleAssignments: [ { diff --git a/modules/resource-graph/query/main.bicep b/modules/resource-graph/query/main.bicep index f9ec7eaa26..d2c0aa57c5 100644 --- a/modules/resource-graph/query/main.bicep +++ b/modules/resource-graph/query/main.bicep @@ -53,11 +53,11 @@ resource rgQuery 'Microsoft.ResourceGraph/queries@2018-09-01-preview' = { } } -resource rgQuery_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${rgQuery.name}-${lock}-lock' +resource rgQuery_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: rgQuery } diff --git a/modules/resources/deployment-script/.test/ps/main.test.bicep b/modules/resources/deployment-script/.test/ps/main.test.bicep index 25dc575fc1..e3a9c55382 100644 --- a/modules/resources/deployment-script/.test/ps/main.test.bicep +++ b/modules/resources/deployment-script/.test/ps/main.test.bicep @@ -53,7 +53,10 @@ module testDeployment '../../main.bicep' = { azPowerShellVersion: '8.0' cleanupPreference: 'Always' kind: 'AzurePowerShell' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } retentionInterval: 'P1D' runOnce: false scriptContent: 'Write-Host \'The cake is a lie!\'' diff --git a/modules/resources/deployment-script/README.md b/modules/resources/deployment-script/README.md index 16d4b28844..b05ab07d14 100644 --- a/modules/resources/deployment-script/README.md +++ b/modules/resources/deployment-script/README.md @@ -168,7 +168,10 @@ module deploymentScript 'br:bicep/modules/resources.deployment-script:1.0.0' = { cleanupPreference: 'Always' enableDefaultTelemetry: '' kind: 'AzurePowerShell' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } retentionInterval: 'P1D' runOnce: false scriptContent: 'Write-Host \'The cake is a lie!\'' diff --git a/modules/resources/deployment-script/main.bicep b/modules/resources/deployment-script/main.bicep index fe29c5b502..d9f530d3da 100644 --- a/modules/resources/deployment-script/main.bicep +++ b/modules/resources/deployment-script/main.bicep @@ -131,11 +131,11 @@ resource deploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = { } } -resource deploymentScript_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${deploymentScript.name}-${lock}-lock' +resource deploymentScript_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: deploymentScript } diff --git a/modules/resources/resource-group/.test/common/main.test.bicep b/modules/resources/resource-group/.test/common/main.test.bicep index 0090211eb1..6a47e86bce 100644 --- a/modules/resources/resource-group/.test/common/main.test.bicep +++ b/modules/resources/resource-group/.test/common/main.test.bicep @@ -51,7 +51,10 @@ module testDeployment '../../main.bicep' = { params: { enableDefaultTelemetry: enableDefaultTelemetry name: '${namePrefix}${serviceShort}001' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { roleDefinitionIdOrName: 'Reader' diff --git a/modules/resources/resource-group/README.md b/modules/resources/resource-group/README.md index e57cc52c30..96082a1eb5 100644 --- a/modules/resources/resource-group/README.md +++ b/modules/resources/resource-group/README.md @@ -46,7 +46,10 @@ module resourceGroup 'br:bicep/modules/resources.resource-group:1.0.0' = { name: 'rrgcom001' // Non-required parameters enableDefaultTelemetry: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { principalIds: [ diff --git a/modules/search/search-service/.test/common/main.test.bicep b/modules/search/search-service/.test/common/main.test.bicep index 299cc6438a..d975b5f231 100644 --- a/modules/search/search-service/.test/common/main.test.bicep +++ b/modules/search/search-service/.test/common/main.test.bicep @@ -78,7 +78,10 @@ module testDeployment '../../main.bicep' = { partitionCount: 2 replicaCount: 3 systemAssignedIdentity: true - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { roleDefinitionIdOrName: 'Reader' diff --git a/modules/search/search-service/README.md b/modules/search/search-service/README.md index 3cc54ce756..e6f1bdd343 100644 --- a/modules/search/search-service/README.md +++ b/modules/search/search-service/README.md @@ -63,7 +63,10 @@ module searchService 'br:bicep/modules/search.search-service:1.0.0' = { disableLocalAuth: false enableDefaultTelemetry: '' hostingMode: 'highDensity' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } networkRuleSet: { ipRules: [ { diff --git a/modules/search/search-service/main.bicep b/modules/search/search-service/main.bicep index 7e6828f7ed..fda5f6ad0a 100644 --- a/modules/search/search-service/main.bicep +++ b/modules/search/search-service/main.bicep @@ -196,11 +196,11 @@ resource searchService_diagnosticSettings 'Microsoft.Insights/diagnosticsettings scope: searchService } -resource searchService_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${searchService.name}-${lock}-lock' +resource searchService_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: searchService } diff --git a/modules/service-bus/namespace/.test/common/main.test.bicep b/modules/service-bus/namespace/.test/common/main.test.bicep index b7ffb57b2a..1659a427e9 100644 --- a/modules/service-bus/namespace/.test/common/main.test.bicep +++ b/modules/service-bus/namespace/.test/common/main.test.bicep @@ -67,7 +67,10 @@ module testDeployment '../../main.bicep' = { params: { enableDefaultTelemetry: enableDefaultTelemetry name: '${namePrefix}${serviceShort}001' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } skuName: 'Premium' skuCapacity: 2 premiumMessagingPartitions: 1 diff --git a/modules/service-bus/namespace/README.md b/modules/service-bus/namespace/README.md index 67765a898b..8d48bd015d 100644 --- a/modules/service-bus/namespace/README.md +++ b/modules/service-bus/namespace/README.md @@ -81,7 +81,10 @@ module namespace 'br:bicep/modules/service-bus.namespace:1.0.0' = { diagnosticWorkspaceId: '' disableLocalAuth: true enableDefaultTelemetry: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } minimumTlsVersion: '1.2' networkRuleSets: { defaultAction: 'Deny' diff --git a/modules/service-bus/namespace/main.bicep b/modules/service-bus/namespace/main.bicep index df6693bb49..f73ff266cc 100644 --- a/modules/service-bus/namespace/main.bicep +++ b/modules/service-bus/namespace/main.bicep @@ -353,11 +353,11 @@ module serviceBusNamespace_topics 'topic/main.bicep' = [for (topic, index) in to } }] -resource serviceBusNamespace_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${serviceBusNamespace.name}-${lock}-lock' +resource serviceBusNamespace_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: serviceBusNamespace } diff --git a/modules/service-bus/namespace/queue/main.bicep b/modules/service-bus/namespace/queue/main.bicep index fc7f3276ec..563b1cb91d 100644 --- a/modules/service-bus/namespace/queue/main.bicep +++ b/modules/service-bus/namespace/queue/main.bicep @@ -151,11 +151,11 @@ module queue_authorizationRules 'authorization-rule/main.bicep' = [for (authoriz } }] -resource queue_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${queue.name}-${lock}-lock' +resource queue_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: queue } diff --git a/modules/service-bus/namespace/topic/main.bicep b/modules/service-bus/namespace/topic/main.bicep index 25140d0269..8c66761d9e 100644 --- a/modules/service-bus/namespace/topic/main.bicep +++ b/modules/service-bus/namespace/topic/main.bicep @@ -131,11 +131,11 @@ module topic_authorizationRules 'authorization-rule/main.bicep' = [for (authoriz } }] -resource topic_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${topic.name}-${lock}-lock' +resource topic_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: topic } diff --git a/modules/service-fabric/cluster/.test/common/main.test.bicep b/modules/service-fabric/cluster/.test/common/main.test.bicep index 1f35cd24db..a84afa9e53 100644 --- a/modules/service-fabric/cluster/.test/common/main.test.bicep +++ b/modules/service-fabric/cluster/.test/common/main.test.bicep @@ -53,7 +53,10 @@ module testDeployment '../../main.bicep' = { params: { enableDefaultTelemetry: enableDefaultTelemetry name: '${namePrefix}${serviceShort}001' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } tags: { 'hidden-title': 'This is visible in the resource name' resourceType: 'Service Fabric' diff --git a/modules/service-fabric/cluster/README.md b/modules/service-fabric/cluster/README.md index 4df1e6c55e..841790a974 100644 --- a/modules/service-fabric/cluster/README.md +++ b/modules/service-fabric/cluster/README.md @@ -274,7 +274,10 @@ module cluster 'br:bicep/modules/service-fabric.cluster:1.0.0' = { ] } ] - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } maxUnusedVersionsToKeep: 2 notifications: [ { diff --git a/modules/service-fabric/cluster/main.bicep b/modules/service-fabric/cluster/main.bicep index 3cf80e1cb6..7e8ce3d1d2 100644 --- a/modules/service-fabric/cluster/main.bicep +++ b/modules/service-fabric/cluster/main.bicep @@ -284,11 +284,11 @@ resource serviceFabricCluster 'Microsoft.ServiceFabric/clusters@2021-06-01' = { } // Service Fabric cluster resource lock -resource serviceFabricCluster_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${serviceFabricCluster.name}-${lock}-lock' +resource serviceFabricCluster_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: serviceFabricCluster } diff --git a/modules/signal-r-service/signal-r/.test/common/main.test.bicep b/modules/signal-r-service/signal-r/.test/common/main.test.bicep index 433523a64f..255d0379ea 100644 --- a/modules/signal-r-service/signal-r/.test/common/main.test.bicep +++ b/modules/signal-r-service/signal-r/.test/common/main.test.bicep @@ -58,7 +58,10 @@ module testDeployment '../../main.bicep' = { disableAadAuth: false disableLocalAuth: true location: location - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } kind: 'SignalR' networkAcls: { defaultAction: 'Allow' diff --git a/modules/signal-r-service/signal-r/README.md b/modules/signal-r-service/signal-r/README.md index 3a6b8ee2c8..25a20587d3 100644 --- a/modules/signal-r-service/signal-r/README.md +++ b/modules/signal-r-service/signal-r/README.md @@ -54,7 +54,10 @@ module signalR 'br:bicep/modules/signal-r-service.signal-r:1.0.0' = { enableDefaultTelemetry: '' kind: 'SignalR' location: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } networkAcls: { defaultAction: 'Allow' privateEndpoints: [ diff --git a/modules/signal-r-service/signal-r/main.bicep b/modules/signal-r-service/signal-r/main.bicep index 94f0d16b8e..82c3f7d52d 100644 --- a/modules/signal-r-service/signal-r/main.bicep +++ b/modules/signal-r-service/signal-r/main.bicep @@ -184,11 +184,11 @@ module signalR_privateEndpoints '../../network/private-endpoint/main.bicep' = [f } }] -resource signalR_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${signalR.name}-${lock}-lock' +resource signalR_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: signalR } diff --git a/modules/signal-r-service/web-pub-sub/.test/common/main.test.bicep b/modules/signal-r-service/web-pub-sub/.test/common/main.test.bicep index 841d4abf2d..498880adf4 100644 --- a/modules/signal-r-service/web-pub-sub/.test/common/main.test.bicep +++ b/modules/signal-r-service/web-pub-sub/.test/common/main.test.bicep @@ -58,7 +58,10 @@ module testDeployment '../../main.bicep' = { disableAadAuth: false disableLocalAuth: true location: location - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } networkAcls: { defaultAction: 'Allow' privateEndpoints: [ diff --git a/modules/signal-r-service/web-pub-sub/README.md b/modules/signal-r-service/web-pub-sub/README.md index 834852ff3f..2bca236422 100644 --- a/modules/signal-r-service/web-pub-sub/README.md +++ b/modules/signal-r-service/web-pub-sub/README.md @@ -54,7 +54,10 @@ module webPubSub 'br:bicep/modules/signal-r-service.web-pub-sub:1.0.0' = { disableLocalAuth: true enableDefaultTelemetry: '' location: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } networkAcls: { defaultAction: 'Allow' privateEndpoints: [ diff --git a/modules/signal-r-service/web-pub-sub/main.bicep b/modules/signal-r-service/web-pub-sub/main.bicep index 455a9fc8a2..337e0bb233 100644 --- a/modules/signal-r-service/web-pub-sub/main.bicep +++ b/modules/signal-r-service/web-pub-sub/main.bicep @@ -144,11 +144,11 @@ module webPubSub_privateEndpoints '../../network/private-endpoint/main.bicep' = } }] -resource webPubSub_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${webPubSub.name}-${lock}-lock' +resource webPubSub_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: webPubSub } diff --git a/modules/sql/managed-instance/.test/common/main.test.bicep b/modules/sql/managed-instance/.test/common/main.test.bicep index f13416a55e..fe67a03897 100644 --- a/modules/sql/managed-instance/.test/common/main.test.bicep +++ b/modules/sql/managed-instance/.test/common/main.test.bicep @@ -112,7 +112,10 @@ module testDeployment '../../main.bicep' = { } ] licenseType: 'LicenseIncluded' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } primaryUserAssignedIdentityId: nestedDependencies.outputs.managedIdentityResourceId proxyOverride: 'Proxy' publicDataEndpointEnabled: false diff --git a/modules/sql/managed-instance/README.md b/modules/sql/managed-instance/README.md index e1ab517342..fa41121d2c 100644 --- a/modules/sql/managed-instance/README.md +++ b/modules/sql/managed-instance/README.md @@ -90,7 +90,10 @@ module managedInstance 'br:bicep/modules/sql.managed-instance:1.0.0' = { } ] licenseType: 'LicenseIncluded' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } primaryUserAssignedIdentityId: '' proxyOverride: 'Proxy' publicDataEndpointEnabled: false diff --git a/modules/sql/managed-instance/main.bicep b/modules/sql/managed-instance/main.bicep index dadd1e4f71..49a8ce6d03 100644 --- a/modules/sql/managed-instance/main.bicep +++ b/modules/sql/managed-instance/main.bicep @@ -257,11 +257,11 @@ resource managedInstance 'Microsoft.Sql/managedInstances@2022-05-01-preview' = { } } -resource managedInstance_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${managedInstance.name}-${lock}-lock' +resource managedInstance_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: managedInstance } diff --git a/modules/sql/server/.test/common/main.test.bicep b/modules/sql/server/.test/common/main.test.bicep index 6c3153cc5e..a357d50171 100644 --- a/modules/sql/server/.test/common/main.test.bicep +++ b/modules/sql/server/.test/common/main.test.bicep @@ -73,7 +73,10 @@ module testDeployment '../../main.bicep' = { params: { enableDefaultTelemetry: enableDefaultTelemetry name: '${namePrefix}-${serviceShort}' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } primaryUserAssignedIdentityId: nestedDependencies.outputs.managedIdentityResourceId administratorLogin: 'adminUserName' administratorLoginPassword: password diff --git a/modules/sql/server/README.md b/modules/sql/server/README.md index 36bc8f5f0a..eb937b5233 100644 --- a/modules/sql/server/README.md +++ b/modules/sql/server/README.md @@ -175,7 +175,10 @@ module server 'br:bicep/modules/sql.server:1.0.0' = { } ] location: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } primaryUserAssignedIdentityId: '' privateEndpoints: [ { diff --git a/modules/sql/server/main.bicep b/modules/sql/server/main.bicep index f41f7bbfd1..8d425af40c 100644 --- a/modules/sql/server/main.bicep +++ b/modules/sql/server/main.bicep @@ -140,11 +140,11 @@ resource server 'Microsoft.Sql/servers@2022-05-01-preview' = { } } -resource server_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${server.name}-${lock}-lock' +resource server_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: server } diff --git a/modules/storage/storage-account/.test/common/main.test.bicep b/modules/storage/storage-account/.test/common/main.test.bicep index 4a706b1279..aa3c99fb18 100644 --- a/modules/storage/storage-account/.test/common/main.test.bicep +++ b/modules/storage/storage-account/.test/common/main.test.bicep @@ -71,7 +71,10 @@ module testDeployment '../../main.bicep' = { allowBlobPublicAccess: false requireInfrastructureEncryption: true largeFileSharesState: 'Enabled' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } enableHierarchicalNamespace: true enableSftp: true enableNfsV3: true diff --git a/modules/storage/storage-account/.test/nfs/main.test.bicep b/modules/storage/storage-account/.test/nfs/main.test.bicep index 712fe58733..8403155a98 100644 --- a/modules/storage/storage-account/.test/nfs/main.test.bicep +++ b/modules/storage/storage-account/.test/nfs/main.test.bicep @@ -67,7 +67,10 @@ module testDeployment '../../main.bicep' = { kind: 'FileStorage' allowBlobPublicAccess: false supportsHttpsTrafficOnly: false - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } fileServices: { shares: [ { diff --git a/modules/storage/storage-account/README.md b/modules/storage/storage-account/README.md index 257e7ecc6c..f2141b9e38 100644 --- a/modules/storage/storage-account/README.md +++ b/modules/storage/storage-account/README.md @@ -155,7 +155,10 @@ module storageAccount 'br:bicep/modules/storage.storage-account:1.0.0' = { storageAccountName: 'ssacom001' } ] - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } managementPolicyRules: [ { definition: { @@ -830,7 +833,10 @@ module storageAccount 'br:bicep/modules/storage.storage-account:1.0.0' = { ] } kind: 'FileStorage' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { principalIds: [ diff --git a/modules/storage/storage-account/main.bicep b/modules/storage/storage-account/main.bicep index 89a565312e..9c84ef7153 100644 --- a/modules/storage/storage-account/main.bicep +++ b/modules/storage/storage-account/main.bicep @@ -318,11 +318,11 @@ resource storageAccount_diagnosticSettings 'Microsoft.Insights/diagnosticSetting scope: storageAccount } -resource storageAccount_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${storageAccount.name}-${lock}-lock' +resource storageAccount_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: storageAccount } diff --git a/modules/synapse/private-link-hub/.test/common/main.test.bicep b/modules/synapse/private-link-hub/.test/common/main.test.bicep index fd9d7be35d..90a86c4ef5 100644 --- a/modules/synapse/private-link-hub/.test/common/main.test.bicep +++ b/modules/synapse/private-link-hub/.test/common/main.test.bicep @@ -54,7 +54,10 @@ module testDeployment '../../main.bicep' = { params: { enableDefaultTelemetry: enableDefaultTelemetry name: '${namePrefix}${serviceShort}001' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } privateEndpoints: [ { privateDnsZoneGroup: { diff --git a/modules/synapse/private-link-hub/README.md b/modules/synapse/private-link-hub/README.md index 9a56960925..80dfefa245 100644 --- a/modules/synapse/private-link-hub/README.md +++ b/modules/synapse/private-link-hub/README.md @@ -48,7 +48,10 @@ module privateLinkHub 'br:bicep/modules/synapse.private-link-hub:1.0.0' = { name: 'splhcom001' // Non-required parameters enableDefaultTelemetry: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } privateEndpoints: [ { privateDnsZoneGroup: { diff --git a/modules/synapse/private-link-hub/main.bicep b/modules/synapse/private-link-hub/main.bicep index 6c70f61162..2d27a271f4 100644 --- a/modules/synapse/private-link-hub/main.bicep +++ b/modules/synapse/private-link-hub/main.bicep @@ -49,11 +49,11 @@ resource privateLinkHub 'Microsoft.Synapse/privateLinkHubs@2021-06-01' = { } // Resource Lock -resource privateLinkHub_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${privateLinkHub.name}-${lock}-lock' +resource privateLinkHub_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: privateLinkHub } diff --git a/modules/synapse/workspace/main.bicep b/modules/synapse/workspace/main.bicep index 6dabffcafb..acd8ff254e 100644 --- a/modules/synapse/workspace/main.bicep +++ b/modules/synapse/workspace/main.bicep @@ -269,11 +269,11 @@ module workspace_key './key/main.bicep' = if (encryptionActivateWorkspace) { } // Resource Lock -resource workspace_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${workspace.name}-${lock}-lock' +resource workspace_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: workspace } diff --git a/modules/virtual-machine-images/image-template/.test/common/main.test.bicep b/modules/virtual-machine-images/image-template/.test/common/main.test.bicep index 87d86aad95..3844885f12 100644 --- a/modules/virtual-machine-images/image-template/.test/common/main.test.bicep +++ b/modules/virtual-machine-images/image-template/.test/common/main.test.bicep @@ -86,7 +86,10 @@ module testDeployment '../../main.bicep' = { } buildTimeoutInMinutes: 60 imageReplicationRegions: [] - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } managedImageName: '${namePrefix}-mi-${serviceShort}-001' osDiskSizeGB: 127 roleAssignments: [ diff --git a/modules/virtual-machine-images/image-template/README.md b/modules/virtual-machine-images/image-template/README.md index a06d6c5360..e65476a0f8 100644 --- a/modules/virtual-machine-images/image-template/README.md +++ b/modules/virtual-machine-images/image-template/README.md @@ -63,7 +63,10 @@ module imageTemplate 'br:bicep/modules/virtual-machine-images.image-template:1.0 buildTimeoutInMinutes: 60 enableDefaultTelemetry: '' imageReplicationRegions: [] - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } managedImageName: 'mi-vmiitcom-001' osDiskSizeGB: 127 roleAssignments: [ diff --git a/modules/virtual-machine-images/image-template/main.bicep b/modules/virtual-machine-images/image-template/main.bicep index b8c9cd08bc..c16527dd84 100644 --- a/modules/virtual-machine-images/image-template/main.bicep +++ b/modules/virtual-machine-images/image-template/main.bicep @@ -182,11 +182,11 @@ resource imageTemplate 'Microsoft.VirtualMachineImages/imageTemplates@2022-02-14 } } -resource imageTemplate_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${imageTemplate.name}-${lock}-lock' +resource imageTemplate_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: imageTemplate } diff --git a/modules/web/connection/.test/common/main.test.bicep b/modules/web/connection/.test/common/main.test.bicep index 0491801800..73975fe689 100644 --- a/modules/web/connection/.test/common/main.test.bicep +++ b/modules/web/connection/.test/common/main.test.bicep @@ -57,7 +57,10 @@ module testDeployment '../../main.bicep' = { id: '${subscription().id}/providers/Microsoft.Web/locations/westeurope/managedApis/azuremonitorlogs' } - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { roleDefinitionIdOrName: 'Reader' diff --git a/modules/web/connection/README.md b/modules/web/connection/README.md index 930a3eee78..a4bda0f809 100644 --- a/modules/web/connection/README.md +++ b/modules/web/connection/README.md @@ -49,7 +49,10 @@ module connection 'br:bicep/modules/web.connection:1.0.0' = { id: '' } enableDefaultTelemetry: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { principalIds: [ diff --git a/modules/web/connection/main.bicep b/modules/web/connection/main.bicep index af0149864e..9829af1550 100644 --- a/modules/web/connection/main.bicep +++ b/modules/web/connection/main.bicep @@ -75,11 +75,11 @@ resource connection 'Microsoft.Web/connections@2016-06-01' = { } } -resource connection_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${connection.name}-${lock}-lock' +resource connection_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: connection } diff --git a/modules/web/hosting-environment/.test/asev2/main.test.bicep b/modules/web/hosting-environment/.test/asev2/main.test.bicep index e15556f50e..144e9687c2 100644 --- a/modules/web/hosting-environment/.test/asev2/main.test.bicep +++ b/modules/web/hosting-environment/.test/asev2/main.test.bicep @@ -66,7 +66,10 @@ module testDeployment '../../main.bicep' = { enableDefaultTelemetry: enableDefaultTelemetry name: '${namePrefix}${serviceShort}001' location: resourceGroup.location - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { roleDefinitionIdOrName: 'Reader' diff --git a/modules/web/hosting-environment/.test/asev3/main.test.bicep b/modules/web/hosting-environment/.test/asev3/main.test.bicep index beaf49c542..230dc541a7 100644 --- a/modules/web/hosting-environment/.test/asev3/main.test.bicep +++ b/modules/web/hosting-environment/.test/asev3/main.test.bicep @@ -68,7 +68,10 @@ module testDeployment '../../main.bicep' = { enableDefaultTelemetry: enableDefaultTelemetry name: '${namePrefix}${serviceShort}001' location: resourceGroup.location - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { roleDefinitionIdOrName: 'Reader' diff --git a/modules/web/hosting-environment/README.md b/modules/web/hosting-environment/README.md index 277ad756dd..e8c0ff336a 100644 --- a/modules/web/hosting-environment/README.md +++ b/modules/web/hosting-environment/README.md @@ -59,7 +59,10 @@ module hostingEnvironment 'br:bicep/modules/web.hosting-environment:1.0.0' = { ipsslAddressCount: 2 kind: 'ASEv2' location: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } multiSize: 'Standard_D1_V2' roleAssignments: [ { @@ -207,7 +210,10 @@ module hostingEnvironment 'br:bicep/modules/web.hosting-environment:1.0.0' = { inboundIpAddressOverride: '10.0.0.10' internalLoadBalancingMode: 'Web Publishing' location: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } remoteDebugEnabled: true roleAssignments: [ { diff --git a/modules/web/hosting-environment/main.bicep b/modules/web/hosting-environment/main.bicep index dbaade31fd..c94a27f359 100644 --- a/modules/web/hosting-environment/main.bicep +++ b/modules/web/hosting-environment/main.bicep @@ -227,11 +227,11 @@ module appServiceEnvironment_configurations_customDnsSuffix 'configuration--cust } } -resource appServiceEnvironment_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${appServiceEnvironment.name}-${lock}-lock' +resource appServiceEnvironment_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: appServiceEnvironment } diff --git a/modules/web/serverfarm/.test/common/main.test.bicep b/modules/web/serverfarm/.test/common/main.test.bicep index 3e75d2847a..e01036dec7 100644 --- a/modules/web/serverfarm/.test/common/main.test.bicep +++ b/modules/web/serverfarm/.test/common/main.test.bicep @@ -77,7 +77,10 @@ module testDeployment '../../main.bicep' = { diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { roleDefinitionIdOrName: 'Reader' diff --git a/modules/web/serverfarm/README.md b/modules/web/serverfarm/README.md index ff4421dcd7..86f5578e32 100644 --- a/modules/web/serverfarm/README.md +++ b/modules/web/serverfarm/README.md @@ -57,7 +57,10 @@ module serverfarm 'br:bicep/modules/web.serverfarm:1.0.0' = { diagnosticStorageAccountId: '' diagnosticWorkspaceId: '' enableDefaultTelemetry: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } roleAssignments: [ { principalIds: [ diff --git a/modules/web/serverfarm/main.bicep b/modules/web/serverfarm/main.bicep index e94ffce02d..7e8a00ccff 100644 --- a/modules/web/serverfarm/main.bicep +++ b/modules/web/serverfarm/main.bicep @@ -146,11 +146,11 @@ resource appServicePlan_diagnosticSettings 'Microsoft.Insights/diagnosticsetting scope: appServicePlan } -resource appServicePlan_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${appServicePlan.name}-${lock}-lock' +resource appServicePlan_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: appServicePlan } diff --git a/modules/web/site/.test/functionAppCommon/main.test.bicep b/modules/web/site/.test/functionAppCommon/main.test.bicep index 1e12bb9d94..d54ffa073c 100644 --- a/modules/web/site/.test/functionAppCommon/main.test.bicep +++ b/modules/web/site/.test/functionAppCommon/main.test.bicep @@ -144,7 +144,10 @@ module testDeployment '../../main.bicep' = { diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } privateEndpoints: [ { service: 'sites' diff --git a/modules/web/site/README.md b/modules/web/site/README.md index 2e79002447..fb33c06bcf 100644 --- a/modules/web/site/README.md +++ b/modules/web/site/README.md @@ -139,7 +139,10 @@ module site 'br:bicep/modules/web.site:1.0.0' = { } ] keyVaultAccessIdentityResourceId: '' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } privateEndpoints: [ { privateDnsZoneGroup: { diff --git a/modules/web/site/main.bicep b/modules/web/site/main.bicep index f234ad2d46..c05208f822 100644 --- a/modules/web/site/main.bicep +++ b/modules/web/site/main.bicep @@ -373,11 +373,11 @@ module app_hybridConnectionRelays 'hybrid-connection-namespace/relay/main.bicep' } }] -resource app_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${app.name}-${lock}-lock' +resource app_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: app } diff --git a/modules/web/static-site/.test/common/main.test.bicep b/modules/web/static-site/.test/common/main.test.bicep index 914204e453..dab4a75694 100644 --- a/modules/web/static-site/.test/common/main.test.bicep +++ b/modules/web/static-site/.test/common/main.test.bicep @@ -57,7 +57,10 @@ module testDeployment '../../main.bicep' = { name: '${namePrefix}${serviceShort}001' allowConfigFileUpdates: true enterpriseGradeCdnStatus: 'Disabled' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } privateEndpoints: [ { service: 'staticSites' diff --git a/modules/web/static-site/README.md b/modules/web/static-site/README.md index 8e0bfb8865..215a1c62bc 100644 --- a/modules/web/static-site/README.md +++ b/modules/web/static-site/README.md @@ -64,7 +64,10 @@ module staticSite 'br:bicep/modules/web.static-site:1.0.0' = { linkedBackend: { resourceId: '' } - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } privateEndpoints: [ { privateDnsZoneGroup: { diff --git a/modules/web/static-site/main.bicep b/modules/web/static-site/main.bicep index 1dad12c914..b9b1b52b2c 100644 --- a/modules/web/static-site/main.bicep +++ b/modules/web/static-site/main.bicep @@ -176,11 +176,11 @@ module staticSite_customDomains 'custom-domain/main.bicep' = [for (customDomain, } }] -resource staticSite_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { - name: '${staticSite.name}-${lock}-lock' +resource staticSite_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: staticSite } diff --git a/utilities/pipelines/sharedScripts/Set-ModuleReadMe.ps1 b/utilities/pipelines/sharedScripts/Set-ModuleReadMe.ps1 index 3d24f83b64..8ea9ceca0c 100644 --- a/utilities/pipelines/sharedScripts/Set-ModuleReadMe.ps1 +++ b/utilities/pipelines/sharedScripts/Set-ModuleReadMe.ps1 @@ -538,7 +538,10 @@ Add type comments to given bicep params string, using one required parameter 'na // Required parameters name: 'carml' // Non-required parameters - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } ' #> function Add-BicepParameterTypeComment { @@ -613,7 +616,10 @@ Order the given JSON object alphabetically. Would result into: @{ name: 'carml' - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } } #> function Get-OrderedParametersJSON { @@ -906,7 +912,10 @@ Convert the given JSONParameters object with one required parameter to a formatt // Required parameters name: 'carml' // Non-required parameters - lock: 'CanNotDelete' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } ' #> function ConvertTo-FormattedBicep { From b8f10a513ad86c2a8168f97cf570f381ba2a438a Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Thu, 19 Oct 2023 17:20:17 +0200 Subject: [PATCH 02/52] Replaced param --- constructs/Compute/virtualMachinesMultiple/main.bicep | 9 ++------- docs/wiki/The library - Module design.md | 9 ++------- modules/aad/domain-service/main.bicep | 9 ++------- modules/analysis-services/server/main.bicep | 9 ++------- modules/api-management/service/main.bicep | 9 ++------- modules/app-configuration/configuration-store/main.bicep | 9 ++------- modules/app/container-app/main.bicep | 9 ++------- modules/app/managed-environment/main.bicep | 9 ++------- modules/automation/automation-account/main.bicep | 9 ++------- modules/batch/batch-account/main.bicep | 9 ++------- modules/cache/redis-enterprise/main.bicep | 9 ++------- modules/cache/redis/main.bicep | 9 ++------- modules/cdn/profile/main.bicep | 9 ++------- modules/cognitive-services/account/main.bicep | 9 ++------- modules/compute/availability-set/main.bicep | 9 ++------- modules/compute/disk-encryption-set/main.bicep | 9 ++------- modules/compute/disk/main.bicep | 9 ++------- modules/compute/proximity-placement-group/main.bicep | 9 ++------- modules/compute/ssh-public-key/main.bicep | 9 ++------- modules/compute/virtual-machine-scale-set/main.bicep | 9 ++------- modules/compute/virtual-machine/main.bicep | 9 ++------- modules/container-instance/container-group/main.bicep | 9 ++------- modules/container-registry/registry/main.bicep | 9 ++------- modules/container-service/managed-cluster/main.bicep | 9 ++------- modules/data-factory/factory/main.bicep | 9 ++------- modules/data-protection/backup-vault/main.bicep | 9 ++------- modules/databricks/access-connector/main.bicep | 9 ++------- modules/databricks/workspace/main.bicep | 9 ++------- modules/db-for-my-sql/flexible-server/main.bicep | 9 ++------- modules/db-for-postgre-sql/flexible-server/main.bicep | 9 ++------- modules/dev-test-lab/lab/main.bicep | 9 ++------- modules/digital-twins/digital-twins-instance/main.bicep | 9 ++------- modules/document-db/database-account/main.bicep | 9 ++------- modules/event-grid/domain/main.bicep | 9 ++------- modules/event-grid/system-topic/main.bicep | 9 ++------- modules/event-grid/topic/main.bicep | 9 ++------- modules/event-hub/namespace/eventhub/main.bicep | 9 ++------- modules/event-hub/namespace/main.bicep | 9 ++------- modules/health-bot/health-bot/main.bicep | 9 ++------- .../healthcare-apis/workspace/dicomservice/main.bicep | 9 ++------- modules/healthcare-apis/workspace/fhirservice/main.bicep | 9 ++------- .../healthcare-apis/workspace/iotconnector/main.bicep | 9 ++------- modules/healthcare-apis/workspace/main.bicep | 9 ++------- modules/insights/private-link-scope/main.bicep | 9 ++------- modules/key-vault/vault/main.bicep | 9 ++------- modules/logic/workflow/main.bicep | 9 ++------- .../managed-identity/user-assigned-identity/main.bicep | 9 ++------- modules/net-app/net-app-account/main.bicep | 9 ++------- modules/network/application-gateway/main.bicep | 9 ++------- modules/network/application-security-group/main.bicep | 9 ++------- modules/network/azure-firewall/main.bicep | 9 ++------- modules/network/bastion-host/main.bicep | 9 ++------- modules/network/ddos-protection-plan/main.bicep | 9 ++------- modules/network/dns-forwarding-ruleset/main.bicep | 9 ++------- modules/network/dns-resolver/main.bicep | 9 ++------- modules/network/dns-zone/main.bicep | 9 ++------- modules/network/express-route-circuit/main.bicep | 9 ++------- modules/network/express-route-gateway/main.bicep | 9 ++------- .../main.bicep | 9 ++------- modules/network/front-door/main.bicep | 9 ++------- modules/network/ip-group/main.bicep | 9 ++------- modules/network/load-balancer/main.bicep | 9 ++------- modules/network/local-network-gateway/main.bicep | 9 ++------- modules/network/nat-gateway/main.bicep | 9 ++------- modules/network/network-interface/main.bicep | 9 ++------- modules/network/network-security-group/main.bicep | 9 ++------- modules/network/network-watcher/main.bicep | 9 ++------- modules/network/private-dns-zone/main.bicep | 9 ++------- modules/network/private-endpoint/main.bicep | 9 ++------- modules/network/private-link-service/main.bicep | 9 ++------- modules/network/public-ip-address/main.bicep | 9 ++------- modules/network/public-ip-prefix/main.bicep | 9 ++------- modules/network/route-table/main.bicep | 9 ++------- modules/network/service-endpoint-policy/main.bicep | 9 ++------- modules/network/trafficmanagerprofile/main.bicep | 9 ++------- modules/network/virtual-hub/main.bicep | 9 ++------- modules/network/virtual-network-gateway/main.bicep | 9 ++------- modules/network/virtual-network/main.bicep | 9 ++------- modules/network/virtual-wan/main.bicep | 9 ++------- modules/network/vpn-gateway/main.bicep | 9 ++------- modules/network/vpn-site/main.bicep | 9 ++------- modules/operational-insights/workspace/main.bicep | 9 ++------- modules/purview/account/main.bicep | 9 ++------- modules/recovery-services/vault/main.bicep | 9 ++------- modules/relay/namespace/hybrid-connection/main.bicep | 9 ++------- modules/relay/namespace/main.bicep | 9 ++------- modules/relay/namespace/wcf-relay/main.bicep | 9 ++------- modules/resource-graph/query/main.bicep | 9 ++------- modules/resources/deployment-script/main.bicep | 9 ++------- modules/resources/resource-group/main.bicep | 9 ++------- modules/service-bus/namespace/main.bicep | 9 ++------- modules/service-bus/namespace/queue/main.bicep | 9 ++------- modules/service-bus/namespace/topic/main.bicep | 9 ++------- modules/service-fabric/cluster/main.bicep | 9 ++------- modules/signal-r-service/signal-r/main.bicep | 9 ++------- modules/signal-r-service/web-pub-sub/main.bicep | 9 ++------- modules/sql/managed-instance/database/main.bicep | 9 ++------- modules/sql/managed-instance/main.bicep | 9 ++------- modules/sql/server/main.bicep | 9 ++------- modules/storage/storage-account/main.bicep | 9 ++------- modules/synapse/private-link-hub/main.bicep | 9 ++------- modules/synapse/workspace/main.bicep | 9 ++------- modules/virtual-machine-images/image-template/main.bicep | 9 ++------- modules/web/connection/main.bicep | 9 ++------- modules/web/hosting-environment/main.bicep | 9 ++------- modules/web/serverfarm/main.bicep | 9 ++------- modules/web/site/main.bicep | 9 ++------- modules/web/site/slot/main.bicep | 9 ++------- modules/web/static-site/main.bicep | 9 ++------- 109 files changed, 218 insertions(+), 763 deletions(-) diff --git a/constructs/Compute/virtualMachinesMultiple/main.bicep b/constructs/Compute/virtualMachinesMultiple/main.bicep index 9fc00d6f9e..88257d6a32 100644 --- a/constructs/Compute/virtualMachinesMultiple/main.bicep +++ b/constructs/Compute/virtualMachinesMultiple/main.bicep @@ -242,13 +242,8 @@ param diagnosticEventHubAuthorizationRuleId string = '' @description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') param diagnosticEventHubName string = '' -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/docs/wiki/The library - Module design.md b/docs/wiki/The library - Module design.md index 96d5244355..5204914d7a 100644 --- a/docs/wiki/The library - Module design.md +++ b/docs/wiki/The library - Module design.md @@ -143,13 +143,8 @@ The locks extension can be added as a `resource` to the resource template direct Details ```bicep -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType resource _lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { name: lock.?name ?? 'lock-${name}' diff --git a/modules/aad/domain-service/main.bicep b/modules/aad/domain-service/main.bicep index 61eb76e7c2..cba0794867 100644 --- a/modules/aad/domain-service/main.bicep +++ b/modules/aad/domain-service/main.bicep @@ -133,13 +133,8 @@ param tags object = {} @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/analysis-services/server/main.bicep b/modules/analysis-services/server/main.bicep index 43d0bb4de0..83e32511dc 100644 --- a/modules/analysis-services/server/main.bicep +++ b/modules/analysis-services/server/main.bicep @@ -38,13 +38,8 @@ param diagnosticEventHubAuthorizationRuleId string = '' @description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') param diagnosticEventHubName string = '' -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/api-management/service/main.bicep b/modules/api-management/service/main.bicep index 1aa3cf04dd..dc00c685e8 100644 --- a/modules/api-management/service/main.bicep +++ b/modules/api-management/service/main.bicep @@ -45,13 +45,8 @@ param userAssignedIdentities object = {} @description('Optional. Location for all Resources.') param location string = resourceGroup().location -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Limit control plane API calls to API Management service with version equal to or newer than this value.') param minApiVersion string = '' diff --git a/modules/app-configuration/configuration-store/main.bicep b/modules/app-configuration/configuration-store/main.bicep index 299c480f5c..ce31018c16 100644 --- a/modules/app-configuration/configuration-store/main.bicep +++ b/modules/app-configuration/configuration-store/main.bicep @@ -74,13 +74,8 @@ param diagnosticEventHubAuthorizationRuleId string = '' @description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') param diagnosticEventHubName string = '' -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/app/container-app/main.bicep b/modules/app/container-app/main.bicep index 6d3f020923..6906b2731d 100644 --- a/modules/app/container-app/main.bicep +++ b/modules/app/container-app/main.bicep @@ -45,13 +45,8 @@ param activeRevisionsMode string = 'Single' @description('Required. Resource ID of environment.') param environmentId string -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Tags of the resource.') param tags object = {} diff --git a/modules/app/managed-environment/main.bicep b/modules/app/managed-environment/main.bicep index 2606d2b389..0df80ad210 100644 --- a/modules/app/managed-environment/main.bicep +++ b/modules/app/managed-environment/main.bicep @@ -67,13 +67,8 @@ param certificateValue string = '' @description('Optional. DNS suffix for the environment domain.') param dnsSuffix string = '' -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Workload profiles configured for the Managed Environment.') param workloadProfiles array = [] diff --git a/modules/automation/automation-account/main.bicep b/modules/automation/automation-account/main.bicep index 7ae7c1f614..6f1ad62fde 100644 --- a/modules/automation/automation-account/main.bicep +++ b/modules/automation/automation-account/main.bicep @@ -83,13 +83,8 @@ param systemAssignedIdentity bool = false @description('Optional. The ID(s) to assign to the resource.') param userAssignedIdentities object = {} -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/batch/batch-account/main.bicep b/modules/batch/batch-account/main.bicep index 4809c4c824..c1b87a4c54 100644 --- a/modules/batch/batch-account/main.bicep +++ b/modules/batch/batch-account/main.bicep @@ -70,13 +70,8 @@ param diagnosticEventHubAuthorizationRuleId string = '' @description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') param diagnosticEventHubName string = '' -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Tags of the resource.') param tags object = {} diff --git a/modules/cache/redis-enterprise/main.bicep b/modules/cache/redis-enterprise/main.bicep index fc0cfa2603..0b715e4ad1 100644 --- a/modules/cache/redis-enterprise/main.bicep +++ b/modules/cache/redis-enterprise/main.bicep @@ -8,13 +8,8 @@ param location string = resourceGroup().location @description('Required. The name of the Redis Cache Enterprise resource.') param name string -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/cache/redis/main.bicep b/modules/cache/redis/main.bicep index db29b3f254..93e4ceafb2 100644 --- a/modules/cache/redis/main.bicep +++ b/modules/cache/redis/main.bicep @@ -8,13 +8,8 @@ param location string = resourceGroup().location @description('Required. The name of the Redis cache resource.') param name string -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/cdn/profile/main.bicep b/modules/cdn/profile/main.bicep index c3b2fdcdc4..5c54632773 100644 --- a/modules/cdn/profile/main.bicep +++ b/modules/cdn/profile/main.bicep @@ -53,13 +53,8 @@ param afdEndpoints array = [] @description('Optional. Endpoint tags.') param tags object = {} -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/cognitive-services/account/main.bicep b/modules/cognitive-services/account/main.bicep index 2996423a70..4ef42c4492 100644 --- a/modules/cognitive-services/account/main.bicep +++ b/modules/cognitive-services/account/main.bicep @@ -92,13 +92,8 @@ param systemAssignedIdentity bool = false @description('Conditional. The ID(s) to assign to the resource. Required if a user assigned identity is used for encryption.') param userAssignedIdentities object = {} -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/compute/availability-set/main.bicep b/modules/compute/availability-set/main.bicep index cd866a1239..ca11aff2fd 100644 --- a/modules/compute/availability-set/main.bicep +++ b/modules/compute/availability-set/main.bicep @@ -20,13 +20,8 @@ param proximityPlacementGroupResourceId string = '' @description('Optional. Resource location.') param location string = resourceGroup().location -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/compute/disk-encryption-set/main.bicep b/modules/compute/disk-encryption-set/main.bicep index c481caae68..2442ef6038 100644 --- a/modules/compute/disk-encryption-set/main.bicep +++ b/modules/compute/disk-encryption-set/main.bicep @@ -8,13 +8,8 @@ param name string @description('Optional. Resource location.') param location string = resourceGroup().location -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Required. Resource ID of the KeyVault containing the key or secret.') param keyVaultResourceId string diff --git a/modules/compute/disk/main.bicep b/modules/compute/disk/main.bicep index b7092070f8..496f1e6a86 100644 --- a/modules/compute/disk/main.bicep +++ b/modules/compute/disk/main.bicep @@ -118,13 +118,8 @@ param publicNetworkAccess string = 'Disabled' @description('Optional. True if the image from which the OS disk is created supports accelerated networking.') param acceleratedNetwork bool = false -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/compute/proximity-placement-group/main.bicep b/modules/compute/proximity-placement-group/main.bicep index 1149407810..93e0a091bd 100644 --- a/modules/compute/proximity-placement-group/main.bicep +++ b/modules/compute/proximity-placement-group/main.bicep @@ -15,13 +15,8 @@ param type string = 'Standard' @description('Optional. Resource location.') param location string = resourceGroup().location -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/compute/ssh-public-key/main.bicep b/modules/compute/ssh-public-key/main.bicep index b4c1c44d2d..763a2e39d9 100644 --- a/modules/compute/ssh-public-key/main.bicep +++ b/modules/compute/ssh-public-key/main.bicep @@ -13,13 +13,8 @@ param location string = resourceGroup().location @description('Optional. SSH public key used to authenticate to a virtual machine through SSH. If this property is not initially provided when the resource is created, the publicKey property will be populated when generateKeyPair is called. If the public key is provided upon resource creation, the provided public key needs to be at least 2048-bit and in ssh-rsa format.') param publicKey string = '' -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/compute/virtual-machine-scale-set/main.bicep b/modules/compute/virtual-machine-scale-set/main.bicep index a12160d5b5..19d7d372fb 100644 --- a/modules/compute/virtual-machine-scale-set/main.bicep +++ b/modules/compute/virtual-machine-scale-set/main.bicep @@ -146,13 +146,8 @@ param diagnosticEventHubAuthorizationRuleId string = '' @description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') param diagnosticEventHubName string = '' -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Specifies the mode of an upgrade to virtual machines in the scale set.\' Manual - You control the application of updates to virtual machines in the scale set. You do this by using the manualUpgrade action. ; Automatic - All virtual machines in the scale set are automatically updated at the same time. - Automatic, Manual, Rolling.') @allowed([ diff --git a/modules/compute/virtual-machine/main.bicep b/modules/compute/virtual-machine/main.bicep index 4428c6fc4a..458f799703 100644 --- a/modules/compute/virtual-machine/main.bicep +++ b/modules/compute/virtual-machine/main.bicep @@ -235,13 +235,8 @@ param diagnosticEventHubAuthorizationRuleId string = '' @description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') param diagnosticEventHubName string = '' -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/container-instance/container-group/main.bicep b/modules/container-instance/container-group/main.bicep index 55220a17cb..01cd35d401 100644 --- a/modules/container-instance/container-group/main.bicep +++ b/modules/container-instance/container-group/main.bicep @@ -63,13 +63,8 @@ param subnetId string = '' @description('Optional. Specify if volumes (emptyDir, AzureFileShare or GitRepo) shall be attached to your containergroup.') param volumes array = [] -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Enables system assigned managed identity on the resource.') param systemAssignedIdentity bool = false diff --git a/modules/container-registry/registry/main.bicep b/modules/container-registry/registry/main.bicep index f15e4b806f..56925f5ede 100644 --- a/modules/container-registry/registry/main.bicep +++ b/modules/container-registry/registry/main.bicep @@ -116,13 +116,8 @@ param replications array = [] @description('Optional. All webhooks to create.') param webhooks array = [] -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Enables system assigned managed identity on the resource.') param systemAssignedIdentity bool = false diff --git a/modules/container-service/managed-cluster/main.bicep b/modules/container-service/managed-cluster/main.bicep index 7a75c561e2..d322f03f54 100644 --- a/modules/container-service/managed-cluster/main.bicep +++ b/modules/container-service/managed-cluster/main.bicep @@ -338,13 +338,8 @@ param enableDefaultTelemetry bool = true @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Tags of the resource.') param tags object = {} diff --git a/modules/data-factory/factory/main.bicep b/modules/data-factory/factory/main.bicep index 059d72e7d2..31df41c739 100644 --- a/modules/data-factory/factory/main.bicep +++ b/modules/data-factory/factory/main.bicep @@ -67,13 +67,8 @@ param diagnosticEventHubAuthorizationRuleId string = '' @description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') param diagnosticEventHubName string = '' -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Enables system assigned managed identity on the resource.') param systemAssignedIdentity bool = false diff --git a/modules/data-protection/backup-vault/main.bicep b/modules/data-protection/backup-vault/main.bicep index 5950149576..deb3fb2822 100644 --- a/modules/data-protection/backup-vault/main.bicep +++ b/modules/data-protection/backup-vault/main.bicep @@ -14,13 +14,8 @@ param location string = resourceGroup().location @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Enables system assigned managed identity on the resource.') param systemAssignedIdentity bool = false diff --git a/modules/databricks/access-connector/main.bicep b/modules/databricks/access-connector/main.bicep index 6fe7f68f65..79fe9ed821 100644 --- a/modules/databricks/access-connector/main.bicep +++ b/modules/databricks/access-connector/main.bicep @@ -14,13 +14,8 @@ param location string = resourceGroup().location @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Enables system assigned managed identity on the resource.') param systemAssignedIdentity bool = false diff --git a/modules/databricks/workspace/main.bicep b/modules/databricks/workspace/main.bicep index 67304609d7..6f4e5dab96 100644 --- a/modules/databricks/workspace/main.bicep +++ b/modules/databricks/workspace/main.bicep @@ -34,13 +34,8 @@ param diagnosticEventHubAuthorizationRuleId string = '' @description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') param diagnosticEventHubName string = '' -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Tags of the resource.') param tags object = {} diff --git a/modules/db-for-my-sql/flexible-server/main.bicep b/modules/db-for-my-sql/flexible-server/main.bicep index c43470d914..ac8be22a85 100644 --- a/modules/db-for-my-sql/flexible-server/main.bicep +++ b/modules/db-for-my-sql/flexible-server/main.bicep @@ -5,13 +5,8 @@ metadata owner = 'Azure/module-maintainers' @description('Required. The name of the MySQL flexible server.') param name string -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Location for all resources.') param location string = resourceGroup().location diff --git a/modules/db-for-postgre-sql/flexible-server/main.bicep b/modules/db-for-postgre-sql/flexible-server/main.bicep index 729e0d6a89..66dc008da0 100644 --- a/modules/db-for-postgre-sql/flexible-server/main.bicep +++ b/modules/db-for-postgre-sql/flexible-server/main.bicep @@ -149,13 +149,8 @@ param databases array = [] @description('Optional. The configurations to create in the server.') param configurations array = [] -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/dev-test-lab/lab/main.bicep b/modules/dev-test-lab/lab/main.bicep index 0083f1bbe2..144ea2184f 100644 --- a/modules/dev-test-lab/lab/main.bicep +++ b/modules/dev-test-lab/lab/main.bicep @@ -8,13 +8,8 @@ param name string @description('Optional. Location for all Resources.') param location string = resourceGroup().location -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalIds\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/digital-twins/digital-twins-instance/main.bicep b/modules/digital-twins/digital-twins-instance/main.bicep index de3a9f3ce7..c68f1da0b9 100644 --- a/modules/digital-twins/digital-twins-instance/main.bicep +++ b/modules/digital-twins/digital-twins-instance/main.bicep @@ -13,13 +13,8 @@ param location string = resourceGroup().location @description('Optional. Resource tags.') param tags object = {} -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Enables system assigned managed identity on the resource.') param systemAssignedIdentity bool = false diff --git a/modules/document-db/database-account/main.bicep b/modules/document-db/database-account/main.bicep index bb05cd87b3..a48baa99c2 100644 --- a/modules/document-db/database-account/main.bicep +++ b/modules/document-db/database-account/main.bicep @@ -73,13 +73,8 @@ param gremlinDatabases array = [] @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalIds\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/event-grid/domain/main.bicep b/modules/event-grid/domain/main.bicep index aca2497814..0ec3b52635 100644 --- a/modules/event-grid/domain/main.bicep +++ b/modules/event-grid/domain/main.bicep @@ -43,13 +43,8 @@ param privateEndpoints array = [] @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Tags of the resource.') param tags object = {} diff --git a/modules/event-grid/system-topic/main.bicep b/modules/event-grid/system-topic/main.bicep index f837890817..05a7a6d9bd 100644 --- a/modules/event-grid/system-topic/main.bicep +++ b/modules/event-grid/system-topic/main.bicep @@ -32,13 +32,8 @@ param diagnosticEventHubName string = '' @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Enables system assigned managed identity on the resource.') param systemAssignedIdentity bool = false diff --git a/modules/event-grid/topic/main.bicep b/modules/event-grid/topic/main.bicep index 5c44c6e455..0f5ded5929 100644 --- a/modules/event-grid/topic/main.bicep +++ b/modules/event-grid/topic/main.bicep @@ -40,13 +40,8 @@ param privateEndpoints array = [] @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Tags of the resource.') param tags object = {} diff --git a/modules/event-hub/namespace/eventhub/main.bicep b/modules/event-hub/namespace/eventhub/main.bicep index f4bc0a4733..14e5dea26d 100644 --- a/modules/event-hub/namespace/eventhub/main.bicep +++ b/modules/event-hub/namespace/eventhub/main.bicep @@ -51,13 +51,8 @@ param consumergroups array = [ } ] -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/event-hub/namespace/main.bicep b/modules/event-hub/namespace/main.bicep index a0f8666e41..39e09ea7ed 100644 --- a/modules/event-hub/namespace/main.bicep +++ b/modules/event-hub/namespace/main.bicep @@ -86,13 +86,8 @@ param diagnosticEventHubAuthorizationRuleId string = '' @description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') param diagnosticEventHubName string = '' -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Enables system assigned managed identity on the resource.') param systemAssignedIdentity bool = false diff --git a/modules/health-bot/health-bot/main.bicep b/modules/health-bot/health-bot/main.bicep index b0c82cbdac..9ec6c7c2e5 100644 --- a/modules/health-bot/health-bot/main.bicep +++ b/modules/health-bot/health-bot/main.bicep @@ -19,13 +19,8 @@ param userAssignedIdentities object = {} @description('Optional. Location for all resources.') param location string = resourceGroup().location -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/healthcare-apis/workspace/dicomservice/main.bicep b/modules/healthcare-apis/workspace/dicomservice/main.bicep index b7fa04805d..83a199fe0f 100644 --- a/modules/healthcare-apis/workspace/dicomservice/main.bicep +++ b/modules/healthcare-apis/workspace/dicomservice/main.bicep @@ -47,13 +47,8 @@ param diagnosticEventHubAuthorizationRuleId string = '' @description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') param diagnosticEventHubName string = '' -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @allowed([ 'Disabled' diff --git a/modules/healthcare-apis/workspace/fhirservice/main.bicep b/modules/healthcare-apis/workspace/fhirservice/main.bicep index bcbd34369b..0741f47148 100644 --- a/modules/healthcare-apis/workspace/fhirservice/main.bicep +++ b/modules/healthcare-apis/workspace/fhirservice/main.bicep @@ -81,13 +81,8 @@ param importEnabled bool = false @description('Optional. If the FHIR service is in InitialImportMode.') param initialImportMode bool = false -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/healthcare-apis/workspace/iotconnector/main.bicep b/modules/healthcare-apis/workspace/iotconnector/main.bicep index b980c0f72d..af64b118dc 100644 --- a/modules/healthcare-apis/workspace/iotconnector/main.bicep +++ b/modules/healthcare-apis/workspace/iotconnector/main.bicep @@ -42,13 +42,8 @@ param diagnosticEventHubAuthorizationRuleId string = '' @description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') param diagnosticEventHubName string = '' -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Enables system assigned managed identity on the resource.') param systemAssignedIdentity bool = false diff --git a/modules/healthcare-apis/workspace/main.bicep b/modules/healthcare-apis/workspace/main.bicep index a99add54ab..b20e83498a 100644 --- a/modules/healthcare-apis/workspace/main.bicep +++ b/modules/healthcare-apis/workspace/main.bicep @@ -9,13 +9,8 @@ param name string @description('Optional. Location for all resources.') param location string = resourceGroup().location -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/insights/private-link-scope/main.bicep b/modules/insights/private-link-scope/main.bicep index 1e0652dada..337c2cb210 100644 --- a/modules/insights/private-link-scope/main.bicep +++ b/modules/insights/private-link-scope/main.bicep @@ -9,13 +9,8 @@ param name string @description('Optional. The location of the private link scope. Should be global.') param location string = 'global' -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/key-vault/vault/main.bicep b/modules/key-vault/vault/main.bicep index 01003aeeee..62e478240c 100644 --- a/modules/key-vault/vault/main.bicep +++ b/modules/key-vault/vault/main.bicep @@ -76,13 +76,8 @@ param diagnosticEventHubAuthorizationRuleId string = '' @description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.') param diagnosticEventHubName string = '' -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/logic/workflow/main.bicep b/modules/logic/workflow/main.bicep index eb6978997d..5ba270f44f 100644 --- a/modules/logic/workflow/main.bicep +++ b/modules/logic/workflow/main.bicep @@ -47,13 +47,8 @@ param diagnosticEventHubAuthorizationRuleId string = '' @description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') param diagnosticEventHubName string = '' -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/managed-identity/user-assigned-identity/main.bicep b/modules/managed-identity/user-assigned-identity/main.bicep index 72e9af25d3..d2b66e91f8 100644 --- a/modules/managed-identity/user-assigned-identity/main.bicep +++ b/modules/managed-identity/user-assigned-identity/main.bicep @@ -11,13 +11,8 @@ param location string = resourceGroup().location @description('Optional. The federated identity credentials list to indicate which token from the external IdP should be trusted by your application. Federated identity credentials are supported on applications only. A maximum of 20 federated identity credentials can be added per application object.') param federatedIdentityCredentials array = [] -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/net-app/net-app-account/main.bicep b/modules/net-app/net-app-account/main.bicep index 04f49982ee..5b267072cf 100644 --- a/modules/net-app/net-app-account/main.bicep +++ b/modules/net-app/net-app-account/main.bicep @@ -36,13 +36,8 @@ param roleAssignments array = [] @description('Optional. Location for all resources.') param location string = resourceGroup().location -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Tags for all resources.') param tags object = {} diff --git a/modules/network/application-gateway/main.bicep b/modules/network/application-gateway/main.bicep index bde57cf4ea..2294d5ccac 100644 --- a/modules/network/application-gateway/main.bicep +++ b/modules/network/application-gateway/main.bicep @@ -242,13 +242,8 @@ var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { enabled: true }] -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/network/application-security-group/main.bicep b/modules/network/application-security-group/main.bicep index ede2d7ab30..6e0112f77a 100644 --- a/modules/network/application-security-group/main.bicep +++ b/modules/network/application-security-group/main.bicep @@ -8,13 +8,8 @@ param name string @description('Optional. Location for all resources.') param location string = resourceGroup().location -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/network/azure-firewall/main.bicep b/modules/network/azure-firewall/main.bicep index 18d4cd11bb..d279f016cf 100644 --- a/modules/network/azure-firewall/main.bicep +++ b/modules/network/azure-firewall/main.bicep @@ -82,13 +82,8 @@ param diagnosticEventHubName string = '' @description('Optional. Location for all resources.') param location string = resourceGroup().location -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/network/bastion-host/main.bicep b/modules/network/bastion-host/main.bicep index a23e458c26..49080a20b0 100644 --- a/modules/network/bastion-host/main.bicep +++ b/modules/network/bastion-host/main.bicep @@ -32,13 +32,8 @@ param diagnosticEventHubAuthorizationRuleId string = '' @description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') param diagnosticEventHubName string = '' -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @allowed([ 'Basic' diff --git a/modules/network/ddos-protection-plan/main.bicep b/modules/network/ddos-protection-plan/main.bicep index 260820d19a..9ec08f8467 100644 --- a/modules/network/ddos-protection-plan/main.bicep +++ b/modules/network/ddos-protection-plan/main.bicep @@ -9,13 +9,8 @@ param name string @description('Optional. Location for all resources.') param location string = resourceGroup().location -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/network/dns-forwarding-ruleset/main.bicep b/modules/network/dns-forwarding-ruleset/main.bicep index 1128b7975b..9aea9da8de 100644 --- a/modules/network/dns-forwarding-ruleset/main.bicep +++ b/modules/network/dns-forwarding-ruleset/main.bicep @@ -9,13 +9,8 @@ param name string @description('Optional. Location for all resources.') param location string = resourceGroup().location -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/network/dns-resolver/main.bicep b/modules/network/dns-resolver/main.bicep index d259ba74ae..3bfd54aa33 100644 --- a/modules/network/dns-resolver/main.bicep +++ b/modules/network/dns-resolver/main.bicep @@ -9,13 +9,8 @@ param name string @description('Optional. Location for all resources.') param location string = resourceGroup().location -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/network/dns-zone/main.bicep b/modules/network/dns-zone/main.bicep index 0e0b99a916..5e25ed9920 100644 --- a/modules/network/dns-zone/main.bicep +++ b/modules/network/dns-zone/main.bicep @@ -46,13 +46,8 @@ param roleAssignments array = [] @description('Optional. Tags of the resource.') param tags object = {} -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true diff --git a/modules/network/express-route-circuit/main.bicep b/modules/network/express-route-circuit/main.bicep index bed56a2ef3..773e4b8135 100644 --- a/modules/network/express-route-circuit/main.bicep +++ b/modules/network/express-route-circuit/main.bicep @@ -81,13 +81,8 @@ param diagnosticEventHubAuthorizationRuleId string = '' @description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') param diagnosticEventHubName string = '' -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/network/express-route-gateway/main.bicep b/modules/network/express-route-gateway/main.bicep index 8ed68dd208..9f2fbdac1a 100644 --- a/modules/network/express-route-gateway/main.bicep +++ b/modules/network/express-route-gateway/main.bicep @@ -32,13 +32,8 @@ param roleAssignments array = [] @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' diff --git a/modules/network/front-door-web-application-firewall-policy/main.bicep b/modules/network/front-door-web-application-firewall-policy/main.bicep index 5e5cb34de6..d3b856c1f3 100644 --- a/modules/network/front-door-web-application-firewall-policy/main.bicep +++ b/modules/network/front-door-web-application-firewall-policy/main.bicep @@ -69,13 +69,8 @@ param policySettings object = { mode: 'Prevention' } -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/network/front-door/main.bicep b/modules/network/front-door/main.bicep index 5cc6ed7234..077a8df1cb 100644 --- a/modules/network/front-door/main.bicep +++ b/modules/network/front-door/main.bicep @@ -10,13 +10,8 @@ param name string @description('Optional. Location for all resources.') param location string = resourceGroup().location -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/network/ip-group/main.bicep b/modules/network/ip-group/main.bicep index 6572ca71b5..501905ab39 100644 --- a/modules/network/ip-group/main.bicep +++ b/modules/network/ip-group/main.bicep @@ -12,13 +12,8 @@ param location string = resourceGroup().location @description('Optional. IpAddresses/IpAddressPrefixes in the IpGroups resource.') param ipAddresses array = [] -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/network/load-balancer/main.bicep b/modules/network/load-balancer/main.bicep index df626d8dff..c6b58e36af 100644 --- a/modules/network/load-balancer/main.bicep +++ b/modules/network/load-balancer/main.bicep @@ -40,13 +40,8 @@ param diagnosticEventHubAuthorizationRuleId string = '' @description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') param diagnosticEventHubName string = '' -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/network/local-network-gateway/main.bicep b/modules/network/local-network-gateway/main.bicep index e850d93a68..eaa76d065b 100644 --- a/modules/network/local-network-gateway/main.bicep +++ b/modules/network/local-network-gateway/main.bicep @@ -24,13 +24,8 @@ param localBgpPeeringAddress string = '' @description('Optional. The weight added to routes learned from this BGP speaker. This will only take effect if both the localAsn and the localBgpPeeringAddress values are provided.') param localPeerWeight string = '' -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/network/nat-gateway/main.bicep b/modules/network/nat-gateway/main.bicep index 1f25013f3e..ac9c59d6e2 100644 --- a/modules/network/nat-gateway/main.bicep +++ b/modules/network/nat-gateway/main.bicep @@ -44,13 +44,8 @@ param diagnosticEventHubAuthorizationRuleId string = '' @description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') param diagnosticEventHubName string = '' -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/network/network-interface/main.bicep b/modules/network/network-interface/main.bicep index ef6d49137a..a5b392977e 100644 --- a/modules/network/network-interface/main.bicep +++ b/modules/network/network-interface/main.bicep @@ -50,13 +50,8 @@ param disableTcpStateTracking bool = false @description('Required. A list of IPConfigurations of the network interface.') param ipConfigurations array -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/network/network-security-group/main.bicep b/modules/network/network-security-group/main.bicep index a736802a6f..47a8aea877 100644 --- a/modules/network/network-security-group/main.bicep +++ b/modules/network/network-security-group/main.bicep @@ -26,13 +26,8 @@ param diagnosticEventHubAuthorizationRuleId string = '' @description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') param diagnosticEventHubName string = '' -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/network/network-watcher/main.bicep b/modules/network/network-watcher/main.bicep index a13ab9b33a..cf3e039803 100644 --- a/modules/network/network-watcher/main.bicep +++ b/modules/network/network-watcher/main.bicep @@ -15,13 +15,8 @@ param connectionMonitors array = [] @description('Optional. Array that contains the Flow Logs.') param flowLogs array = [] -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/network/private-dns-zone/main.bicep b/modules/network/private-dns-zone/main.bicep index f9715e994d..be05db9fa8 100644 --- a/modules/network/private-dns-zone/main.bicep +++ b/modules/network/private-dns-zone/main.bicep @@ -41,13 +41,8 @@ param roleAssignments array = [] @description('Optional. Tags of the resource.') param tags object = {} -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true diff --git a/modules/network/private-endpoint/main.bicep b/modules/network/private-endpoint/main.bicep index 4b6aa3fe60..201514fc41 100644 --- a/modules/network/private-endpoint/main.bicep +++ b/modules/network/private-endpoint/main.bicep @@ -29,13 +29,8 @@ param privateDnsZoneGroup object = {} @description('Optional. Location for all Resources.') param location string = resourceGroup().location -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/network/private-link-service/main.bicep b/modules/network/private-link-service/main.bicep index 6f69a73136..495193fb80 100644 --- a/modules/network/private-link-service/main.bicep +++ b/modules/network/private-link-service/main.bicep @@ -8,13 +8,8 @@ param name string @description('Optional. Location for all Resources.') param location string = resourceGroup().location -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Tags to be applied on all resources/resource groups in this deployment.') param tags object = {} diff --git a/modules/network/public-ip-address/main.bicep b/modules/network/public-ip-address/main.bicep index 88b830b1cd..60143805b3 100644 --- a/modules/network/public-ip-address/main.bicep +++ b/modules/network/public-ip-address/main.bicep @@ -70,13 +70,8 @@ param fqdn string = '' @description('Optional. The reverse FQDN. A user-visible, fully qualified domain name that resolves to this public IP address. If the reverseFqdn is specified, then a PTR DNS record is created pointing from the IP address in the in-addr.arpa domain to the reverse FQDN.') param reverseFqdn string = '' -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Location for all resources.') param location string = resourceGroup().location diff --git a/modules/network/public-ip-prefix/main.bicep b/modules/network/public-ip-prefix/main.bicep index f67c5e9195..4d20cc27d8 100644 --- a/modules/network/public-ip-prefix/main.bicep +++ b/modules/network/public-ip-prefix/main.bicep @@ -14,13 +14,8 @@ param location string = resourceGroup().location @maxValue(31) param prefixLength int -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/network/route-table/main.bicep b/modules/network/route-table/main.bicep index 7323c68c3f..5f7099a843 100644 --- a/modules/network/route-table/main.bicep +++ b/modules/network/route-table/main.bicep @@ -14,13 +14,8 @@ param routes array = [] @description('Optional. Switch to disable BGP route propagation.') param disableBgpRoutePropagation bool = false -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/network/service-endpoint-policy/main.bicep b/modules/network/service-endpoint-policy/main.bicep index e2c4706285..666e2f35c4 100644 --- a/modules/network/service-endpoint-policy/main.bicep +++ b/modules/network/service-endpoint-policy/main.bicep @@ -17,13 +17,8 @@ param contextualServiceEndpointPolicies array = [] @description('Optional. The alias indicating if the policy belongs to a service.') param serviceAlias string = '' -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/network/trafficmanagerprofile/main.bicep b/modules/network/trafficmanagerprofile/main.bicep index 842448a99c..1be416ff31 100644 --- a/modules/network/trafficmanagerprofile/main.bicep +++ b/modules/network/trafficmanagerprofile/main.bicep @@ -62,13 +62,8 @@ param diagnosticEventHubAuthorizationRuleId string = '' @description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') param diagnosticEventHubName string = '' -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/network/virtual-hub/main.bicep b/modules/network/virtual-hub/main.bicep index ed647753cd..6ab9a5b388 100644 --- a/modules/network/virtual-hub/main.bicep +++ b/modules/network/virtual-hub/main.bicep @@ -70,13 +70,8 @@ param hubRouteTables array = [] @description('Optional. Virtual network connections to create for the virtual hub.') param hubVirtualNetworkConnections array = [] -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true diff --git a/modules/network/virtual-network-gateway/main.bicep b/modules/network/virtual-network-gateway/main.bicep index 0169361f08..586b7eddc6 100644 --- a/modules/network/virtual-network-gateway/main.bicep +++ b/modules/network/virtual-network-gateway/main.bicep @@ -127,13 +127,8 @@ param diagnosticEventHubName string = '' @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Tags of the resource.') param tags object = {} diff --git a/modules/network/virtual-network/main.bicep b/modules/network/virtual-network/main.bicep index bac1cc95ba..78a28de297 100644 --- a/modules/network/virtual-network/main.bicep +++ b/modules/network/virtual-network/main.bicep @@ -49,13 +49,8 @@ param diagnosticEventHubAuthorizationRuleId string = '' @description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') param diagnosticEventHubName string = '' -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/network/virtual-wan/main.bicep b/modules/network/virtual-wan/main.bicep index 8bff343120..16e97f787f 100644 --- a/modules/network/virtual-wan/main.bicep +++ b/modules/network/virtual-wan/main.bicep @@ -33,13 +33,8 @@ param tags object = {} @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' diff --git a/modules/network/vpn-gateway/main.bicep b/modules/network/vpn-gateway/main.bicep index 366166703d..40289db433 100644 --- a/modules/network/vpn-gateway/main.bicep +++ b/modules/network/vpn-gateway/main.bicep @@ -32,13 +32,8 @@ param vpnGatewayScaleUnit int = 2 @description('Optional. Tags of the resource.') param tags object = {} -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true diff --git a/modules/network/vpn-site/main.bicep b/modules/network/vpn-site/main.bicep index 11420e78e0..1edf2bdd00 100644 --- a/modules/network/vpn-site/main.bicep +++ b/modules/network/vpn-site/main.bicep @@ -38,13 +38,8 @@ param enableDefaultTelemetry bool = true @description('Optional. List of all VPN site links.') param vpnSiteLinks array = [] -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/operational-insights/workspace/main.bicep b/modules/operational-insights/workspace/main.bicep index 616695e390..c75dd4fa40 100644 --- a/modules/operational-insights/workspace/main.bicep +++ b/modules/operational-insights/workspace/main.bicep @@ -97,13 +97,8 @@ param diagnosticEventHubName string = '' @description('Optional. Indicates whether customer managed storage is mandatory for query management.') param forceCmkForQuery bool = true -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/purview/account/main.bicep b/modules/purview/account/main.bicep index 1ae49db892..59098d746e 100644 --- a/modules/purview/account/main.bicep +++ b/modules/purview/account/main.bicep @@ -83,13 +83,8 @@ param diagnosticMetricsToEnable array = [ @description('Optional. The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings".') param diagnosticSettingsName string = '' -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType // =========== // // Variables // diff --git a/modules/recovery-services/vault/main.bicep b/modules/recovery-services/vault/main.bicep index 6cf6ca00b6..e53dc7e391 100644 --- a/modules/recovery-services/vault/main.bicep +++ b/modules/recovery-services/vault/main.bicep @@ -50,13 +50,8 @@ param diagnosticEventHubName string = '' @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Enables system assigned managed identity on the resource.') param systemAssignedIdentity bool = false diff --git a/modules/relay/namespace/hybrid-connection/main.bicep b/modules/relay/namespace/hybrid-connection/main.bicep index d011a33440..ce8f223961 100644 --- a/modules/relay/namespace/hybrid-connection/main.bicep +++ b/modules/relay/namespace/hybrid-connection/main.bicep @@ -42,13 +42,8 @@ param authorizationRules array = [ } ] -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/relay/namespace/main.bicep b/modules/relay/namespace/main.bicep index 98c368a414..6bb1a8d638 100644 --- a/modules/relay/namespace/main.bicep +++ b/modules/relay/namespace/main.bicep @@ -40,13 +40,8 @@ param diagnosticEventHubAuthorizationRuleId string = '' @description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') param diagnosticEventHubName string = '' -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/relay/namespace/wcf-relay/main.bicep b/modules/relay/namespace/wcf-relay/main.bicep index 1b87a1d1c9..14a45dabfb 100644 --- a/modules/relay/namespace/wcf-relay/main.bicep +++ b/modules/relay/namespace/wcf-relay/main.bicep @@ -52,13 +52,8 @@ param authorizationRules array = [ } ] -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/resource-graph/query/main.bicep b/modules/resource-graph/query/main.bicep index d2c0aa57c5..b88bd76129 100644 --- a/modules/resource-graph/query/main.bicep +++ b/modules/resource-graph/query/main.bicep @@ -8,13 +8,8 @@ param name string @description('Optional. Location for all resources.') param location string = resourceGroup().location -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/resources/deployment-script/main.bicep b/modules/resources/deployment-script/main.bicep index d9f530d3da..ad2b9c8016 100644 --- a/modules/resources/deployment-script/main.bicep +++ b/modules/resources/deployment-script/main.bicep @@ -66,13 +66,8 @@ param timeout string = 'PT1H' @description('Generated. Do not provide a value! This date value is used to make sure the script run every time the template is deployed.') param baseTime string = utcNow('yyyy-MM-dd-HH-mm-ss') -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Tags of the resource.') param tags object = {} diff --git a/modules/resources/resource-group/main.bicep b/modules/resources/resource-group/main.bicep index c0a80d63de..5dbce60a17 100644 --- a/modules/resources/resource-group/main.bicep +++ b/modules/resources/resource-group/main.bicep @@ -10,13 +10,8 @@ param name string @description('Optional. Location of the Resource Group. It uses the deployment\'s location when not provided.') param location string = deployment().location -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/service-bus/namespace/main.bicep b/modules/service-bus/namespace/main.bicep index f73ff266cc..ad7bf2b5a6 100644 --- a/modules/service-bus/namespace/main.bicep +++ b/modules/service-bus/namespace/main.bicep @@ -75,13 +75,8 @@ param diagnosticEventHubAuthorizationRuleId string = '' @description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') param diagnosticEventHubName string = '' -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Enables system assigned managed identity on the resource.') param systemAssignedIdentity bool = false diff --git a/modules/service-bus/namespace/queue/main.bicep b/modules/service-bus/namespace/queue/main.bicep index 563b1cb91d..23ef096325 100644 --- a/modules/service-bus/namespace/queue/main.bicep +++ b/modules/service-bus/namespace/queue/main.bicep @@ -85,13 +85,8 @@ param authorizationRules array = [ } ] -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/service-bus/namespace/topic/main.bicep b/modules/service-bus/namespace/topic/main.bicep index 8c66761d9e..d325b77f80 100644 --- a/modules/service-bus/namespace/topic/main.bicep +++ b/modules/service-bus/namespace/topic/main.bicep @@ -70,13 +70,8 @@ param authorizationRules array = [ } ] -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/service-fabric/cluster/main.bicep b/modules/service-fabric/cluster/main.bicep index 7e8ce3d1d2..310306c9b2 100644 --- a/modules/service-fabric/cluster/main.bicep +++ b/modules/service-fabric/cluster/main.bicep @@ -11,13 +11,8 @@ param location string = resourceGroup().location @description('Optional. Tags of the resource.') param tags object = {} -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true diff --git a/modules/signal-r-service/signal-r/main.bicep b/modules/signal-r-service/signal-r/main.bicep index 82c3f7d52d..c9b1c8831a 100644 --- a/modules/signal-r-service/signal-r/main.bicep +++ b/modules/signal-r-service/signal-r/main.bicep @@ -92,13 +92,8 @@ param upstreamTemplatesToEnable array = [] @description('Optional. Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.') param privateEndpoints array = [] -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/signal-r-service/web-pub-sub/main.bicep b/modules/signal-r-service/web-pub-sub/main.bicep index 337e0bb233..fa138d655c 100644 --- a/modules/signal-r-service/web-pub-sub/main.bicep +++ b/modules/signal-r-service/web-pub-sub/main.bicep @@ -11,13 +11,8 @@ param name string @description('Optional. Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.') param privateEndpoints array = [] -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/sql/managed-instance/database/main.bicep b/modules/sql/managed-instance/database/main.bicep index cd6cab2d08..c296818ba2 100644 --- a/modules/sql/managed-instance/database/main.bicep +++ b/modules/sql/managed-instance/database/main.bicep @@ -60,13 +60,8 @@ param diagnosticEventHubAuthorizationRuleId string = '' @description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') param diagnosticEventHubName string = '' -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. The configuration for the backup short term retention policy definition.') param backupShortTermRetentionPoliciesObj object = {} diff --git a/modules/sql/managed-instance/main.bicep b/modules/sql/managed-instance/main.bicep index 49a8ce6d03..e47dec54ae 100644 --- a/modules/sql/managed-instance/main.bicep +++ b/modules/sql/managed-instance/main.bicep @@ -98,13 +98,8 @@ param diagnosticEventHubAuthorizationRuleId string = '' @description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') param diagnosticEventHubName string = '' -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/sql/server/main.bicep b/modules/sql/server/main.bicep index 8d425af40c..b7966f72fb 100644 --- a/modules/sql/server/main.bicep +++ b/modules/sql/server/main.bicep @@ -24,13 +24,8 @@ param userAssignedIdentities object = {} @description('Conditional. The resource ID of a user assigned identity to be used by default. Required if "userAssignedIdentities" is not empty.') param primaryUserAssignedIdentityId string = '' -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/storage/storage-account/main.bicep b/modules/storage/storage-account/main.bicep index 9c84ef7153..e373575e80 100644 --- a/modules/storage/storage-account/main.bicep +++ b/modules/storage/storage-account/main.bicep @@ -144,13 +144,8 @@ param diagnosticEventHubAuthorizationRuleId string = '' @description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') param diagnosticEventHubName string = '' -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Tags of the resource.') param tags object = {} diff --git a/modules/synapse/private-link-hub/main.bicep b/modules/synapse/private-link-hub/main.bicep index 2d27a271f4..094d9fb571 100644 --- a/modules/synapse/private-link-hub/main.bicep +++ b/modules/synapse/private-link-hub/main.bicep @@ -11,13 +11,8 @@ param location string = resourceGroup().location @description('Optional. Tags of the resource.') param tags object = {} -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true diff --git a/modules/synapse/workspace/main.bicep b/modules/synapse/workspace/main.bicep index acd8ff254e..d9346fdb6d 100644 --- a/modules/synapse/workspace/main.bicep +++ b/modules/synapse/workspace/main.bicep @@ -91,13 +91,8 @@ param workspaceRepositoryConfiguration object = {} @description('Optional. The ID(s) to assign to the resource.') param userAssignedIdentities object = {} -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/virtual-machine-images/image-template/main.bicep b/modules/virtual-machine-images/image-template/main.bicep index c16527dd84..c9644cafa8 100644 --- a/modules/virtual-machine-images/image-template/main.bicep +++ b/modules/virtual-machine-images/image-template/main.bicep @@ -65,13 +65,8 @@ param storageAccountType string = 'Standard_LRS' @description('Optional. Resource ID of the staging resource group in the same subscription and location as the image template that will be used to build the image.

If this field is empty, a resource group with a random name will be created.

If the resource group specified in this field doesn\'t exist, it will be created with the same name.

If the resource group specified exists, it must be empty and in the same region as the image template.

The resource group created will be deleted during template deletion if this field is empty or the resource group specified doesn\'t exist,

but if the resource group specified exists the resources created in the resource group will be deleted during template deletion and the resource group itself will remain.') param stagingResourceGroup string = '' -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Tags of the resource.') param tags object = {} diff --git a/modules/web/connection/main.bicep b/modules/web/connection/main.bicep index 9829af1550..d69835391c 100644 --- a/modules/web/connection/main.bicep +++ b/modules/web/connection/main.bicep @@ -34,13 +34,8 @@ param roleAssignments array = [] @description('Optional. Status of the connection.') param statuses array = [] -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Tags of the resource.') param tags object = {} diff --git a/modules/web/hosting-environment/main.bicep b/modules/web/hosting-environment/main.bicep index c94a27f359..610a1a6e8c 100644 --- a/modules/web/hosting-environment/main.bicep +++ b/modules/web/hosting-environment/main.bicep @@ -9,13 +9,8 @@ param name string @description('Optional. Location for all resources.') param location string = resourceGroup().location -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/web/serverfarm/main.bicep b/modules/web/serverfarm/main.bicep index 7e8a00ccff..8d6927b762 100644 --- a/modules/web/serverfarm/main.bicep +++ b/modules/web/serverfarm/main.bicep @@ -46,13 +46,8 @@ param targetWorkerCount int = 0 ]) param targetWorkerSize int = 0 -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/web/site/main.bicep b/modules/web/site/main.bicep index c05208f822..a948ee8f55 100644 --- a/modules/web/site/main.bicep +++ b/modules/web/site/main.bicep @@ -75,13 +75,8 @@ param appSettingsKeyValuePairs object = {} @description('Optional. The auth settings V2 configuration.') param authSettingV2Configuration object = {} -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.') param privateEndpoints array = [] diff --git a/modules/web/site/slot/main.bicep b/modules/web/site/slot/main.bicep index f6435e2a38..981936ca94 100644 --- a/modules/web/site/slot/main.bicep +++ b/modules/web/site/slot/main.bicep @@ -66,13 +66,8 @@ param appSettingsKeyValuePairs object = {} @description('Optional. The auth settings V2 configuration.') param authSettingV2Configuration object = {} -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Configuration details for private endpoints.') param privateEndpoints array = [] diff --git a/modules/web/static-site/main.bicep b/modules/web/static-site/main.bicep index b9b1b52b2c..6a093f95c6 100644 --- a/modules/web/static-site/main.bicep +++ b/modules/web/static-site/main.bicep @@ -61,13 +61,8 @@ param systemAssignedIdentity bool = false @description('Optional. The ID(s) to assign to the resource.') param userAssignedIdentities object = {} -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Note, requires the \'sku\' to be \'Standard\'.') param privateEndpoints array = [] From 338e44486a4ccc148371a17d3be5ec0679a31da5 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Thu, 19 Oct 2023 17:32:31 +0200 Subject: [PATCH 03/52] Added UDT --- modules/aad/domain-service/main.bicep | 12 ++++++++++++ modules/analysis-services/server/main.bicep | 12 ++++++++++++ modules/api-management/service/main.bicep | 12 ++++++++++++ .../app-configuration/configuration-store/main.bicep | 12 ++++++++++++ modules/app/container-app/main.bicep | 12 ++++++++++++ modules/app/managed-environment/main.bicep | 12 ++++++++++++ modules/automation/automation-account/main.bicep | 12 ++++++++++++ modules/batch/batch-account/main.bicep | 12 ++++++++++++ modules/cache/redis-enterprise/main.bicep | 12 ++++++++++++ modules/cache/redis/main.bicep | 12 ++++++++++++ modules/cdn/profile/main.bicep | 12 ++++++++++++ modules/cognitive-services/account/main.bicep | 12 ++++++++++++ modules/compute/availability-set/main.bicep | 12 ++++++++++++ modules/compute/disk-encryption-set/main.bicep | 12 ++++++++++++ modules/compute/disk/main.bicep | 12 ++++++++++++ modules/compute/proximity-placement-group/main.bicep | 12 ++++++++++++ modules/compute/ssh-public-key/main.bicep | 12 ++++++++++++ modules/compute/virtual-machine-scale-set/main.bicep | 12 ++++++++++++ modules/compute/virtual-machine/main.bicep | 12 ++++++++++++ .../container-instance/container-group/main.bicep | 12 ++++++++++++ modules/container-registry/registry/main.bicep | 12 ++++++++++++ modules/container-service/managed-cluster/main.bicep | 12 ++++++++++++ modules/data-factory/factory/main.bicep | 12 ++++++++++++ modules/data-protection/backup-vault/main.bicep | 12 ++++++++++++ modules/databricks/access-connector/main.bicep | 12 ++++++++++++ modules/databricks/workspace/main.bicep | 12 ++++++++++++ modules/db-for-my-sql/flexible-server/main.bicep | 12 ++++++++++++ .../db-for-postgre-sql/flexible-server/main.bicep | 12 ++++++++++++ modules/dev-test-lab/lab/main.bicep | 12 ++++++++++++ .../digital-twins/digital-twins-instance/main.bicep | 12 ++++++++++++ modules/document-db/database-account/main.bicep | 12 ++++++++++++ modules/event-grid/domain/main.bicep | 12 ++++++++++++ modules/event-grid/system-topic/main.bicep | 12 ++++++++++++ modules/event-grid/topic/main.bicep | 12 ++++++++++++ modules/event-hub/namespace/eventhub/main.bicep | 12 ++++++++++++ modules/event-hub/namespace/main.bicep | 12 ++++++++++++ modules/health-bot/health-bot/main.bicep | 12 ++++++++++++ .../workspace/dicomservice/main.bicep | 12 ++++++++++++ .../healthcare-apis/workspace/fhirservice/main.bicep | 12 ++++++++++++ .../workspace/iotconnector/main.bicep | 12 ++++++++++++ modules/healthcare-apis/workspace/main.bicep | 12 ++++++++++++ modules/insights/private-link-scope/main.bicep | 12 ++++++++++++ modules/key-vault/vault/main.bicep | 12 ++++++++++++ modules/logic/workflow/main.bicep | 12 ++++++++++++ .../user-assigned-identity/main.bicep | 12 ++++++++++++ modules/net-app/net-app-account/main.bicep | 12 ++++++++++++ modules/network/application-gateway/main.bicep | 12 ++++++++++++ .../network/application-security-group/main.bicep | 12 ++++++++++++ modules/network/azure-firewall/main.bicep | 12 ++++++++++++ modules/network/bastion-host/main.bicep | 12 ++++++++++++ modules/network/ddos-protection-plan/main.bicep | 12 ++++++++++++ modules/network/dns-forwarding-ruleset/main.bicep | 12 ++++++++++++ modules/network/dns-resolver/main.bicep | 12 ++++++++++++ modules/network/dns-zone/main.bicep | 12 ++++++++++++ modules/network/express-route-circuit/main.bicep | 12 ++++++++++++ modules/network/express-route-gateway/main.bicep | 12 ++++++++++++ .../main.bicep | 12 ++++++++++++ modules/network/front-door/main.bicep | 12 ++++++++++++ modules/network/ip-group/main.bicep | 12 ++++++++++++ modules/network/load-balancer/main.bicep | 12 ++++++++++++ modules/network/local-network-gateway/main.bicep | 12 ++++++++++++ modules/network/nat-gateway/main.bicep | 12 ++++++++++++ modules/network/network-interface/main.bicep | 12 ++++++++++++ modules/network/network-security-group/main.bicep | 12 ++++++++++++ modules/network/network-watcher/main.bicep | 12 ++++++++++++ modules/network/private-dns-zone/main.bicep | 12 ++++++++++++ modules/network/private-endpoint/main.bicep | 12 ++++++++++++ modules/network/private-link-service/main.bicep | 12 ++++++++++++ modules/network/public-ip-address/main.bicep | 12 ++++++++++++ modules/network/public-ip-prefix/main.bicep | 12 ++++++++++++ modules/network/route-table/main.bicep | 12 ++++++++++++ modules/network/service-endpoint-policy/main.bicep | 12 ++++++++++++ modules/network/trafficmanagerprofile/main.bicep | 12 ++++++++++++ modules/network/virtual-hub/main.bicep | 12 ++++++++++++ modules/network/virtual-network-gateway/main.bicep | 12 ++++++++++++ modules/network/virtual-network/main.bicep | 12 ++++++++++++ modules/network/virtual-wan/main.bicep | 12 ++++++++++++ modules/network/vpn-gateway/main.bicep | 12 ++++++++++++ modules/network/vpn-site/main.bicep | 12 ++++++++++++ modules/operational-insights/workspace/main.bicep | 12 ++++++++++++ modules/purview/account/main.bicep | 12 ++++++++++++ modules/recovery-services/vault/main.bicep | 12 ++++++++++++ modules/relay/namespace/hybrid-connection/main.bicep | 12 ++++++++++++ modules/relay/namespace/main.bicep | 12 ++++++++++++ modules/relay/namespace/wcf-relay/main.bicep | 12 ++++++++++++ modules/resource-graph/query/main.bicep | 12 ++++++++++++ modules/resources/deployment-script/main.bicep | 12 ++++++++++++ modules/resources/resource-group/main.bicep | 12 ++++++++++++ modules/service-bus/namespace/main.bicep | 12 ++++++++++++ modules/service-bus/namespace/queue/main.bicep | 12 ++++++++++++ modules/service-bus/namespace/topic/main.bicep | 12 ++++++++++++ modules/service-fabric/cluster/main.bicep | 12 ++++++++++++ modules/signal-r-service/signal-r/main.bicep | 12 ++++++++++++ modules/signal-r-service/web-pub-sub/main.bicep | 12 ++++++++++++ modules/sql/managed-instance/database/main.bicep | 12 ++++++++++++ modules/sql/managed-instance/main.bicep | 12 ++++++++++++ modules/sql/server/main.bicep | 12 ++++++++++++ modules/storage/storage-account/main.bicep | 12 ++++++++++++ modules/synapse/private-link-hub/main.bicep | 12 ++++++++++++ modules/synapse/workspace/main.bicep | 12 ++++++++++++ .../virtual-machine-images/image-template/main.bicep | 12 ++++++++++++ modules/web/connection/main.bicep | 12 ++++++++++++ modules/web/hosting-environment/main.bicep | 12 ++++++++++++ modules/web/serverfarm/main.bicep | 12 ++++++++++++ modules/web/site/main.bicep | 12 ++++++++++++ modules/web/site/slot/main.bicep | 12 ++++++++++++ modules/web/static-site/main.bicep | 12 ++++++++++++ 107 files changed, 1284 insertions(+) diff --git a/modules/aad/domain-service/main.bicep b/modules/aad/domain-service/main.bicep index cba0794867..d40b4bed76 100644 --- a/modules/aad/domain-service/main.bicep +++ b/modules/aad/domain-service/main.bicep @@ -258,3 +258,15 @@ output resourceId string = domainService.id @description('The location the resource was deployed into.') output location string = domainService.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/analysis-services/server/main.bicep b/modules/analysis-services/server/main.bicep index 83e32511dc..f6e77f5f47 100644 --- a/modules/analysis-services/server/main.bicep +++ b/modules/analysis-services/server/main.bicep @@ -161,3 +161,15 @@ output resourceGroupName string = resourceGroup().name @description('The location the resource was deployed into.') output location string = server.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/api-management/service/main.bicep b/modules/api-management/service/main.bicep index dc00c685e8..5578e8facb 100644 --- a/modules/api-management/service/main.bicep +++ b/modules/api-management/service/main.bicep @@ -479,3 +479,15 @@ output systemAssignedPrincipalId string = systemAssignedIdentity && contains(ser @description('The location the resource was deployed into.') output location string = service.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/app-configuration/configuration-store/main.bicep b/modules/app-configuration/configuration-store/main.bicep index ce31018c16..d9ac909088 100644 --- a/modules/app-configuration/configuration-store/main.bicep +++ b/modules/app-configuration/configuration-store/main.bicep @@ -271,3 +271,15 @@ output systemAssignedPrincipalId string = systemAssignedIdentity && contains(con @description('The location the resource was deployed into.') output location string = configurationStore.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/app/container-app/main.bicep b/modules/app/container-app/main.bicep index 6906b2731d..2e543f7adf 100644 --- a/modules/app/container-app/main.bicep +++ b/modules/app/container-app/main.bicep @@ -212,3 +212,15 @@ output name string = containerApp.name @description('The location the resource was deployed into.') output location string = containerApp.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/app/managed-environment/main.bicep b/modules/app/managed-environment/main.bicep index 0df80ad210..15c38ff607 100644 --- a/modules/app/managed-environment/main.bicep +++ b/modules/app/managed-environment/main.bicep @@ -157,3 +157,15 @@ output name string = managedEnvironment.name @description('The resource ID of the Managed Environment.') output resourceId string = managedEnvironment.id + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/automation/automation-account/main.bicep b/modules/automation/automation-account/main.bicep index 6f1ad62fde..2b3eeba561 100644 --- a/modules/automation/automation-account/main.bicep +++ b/modules/automation/automation-account/main.bicep @@ -415,3 +415,15 @@ output systemAssignedPrincipalId string = systemAssignedIdentity && contains(aut @description('The location the resource was deployed into.') output location string = automationAccount.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/batch/batch-account/main.bicep b/modules/batch/batch-account/main.bicep index c1b87a4c54..b139eb573b 100644 --- a/modules/batch/batch-account/main.bicep +++ b/modules/batch/batch-account/main.bicep @@ -266,3 +266,15 @@ output resourceGroupName string = resourceGroup().name @description('The location the resource was deployed into.') output location string = batchAccount.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/cache/redis-enterprise/main.bicep b/modules/cache/redis-enterprise/main.bicep index 0b715e4ad1..ebe14a0506 100644 --- a/modules/cache/redis-enterprise/main.bicep +++ b/modules/cache/redis-enterprise/main.bicep @@ -225,3 +225,15 @@ output hostName string = redisCacheEnterprise.properties.hostName @description('The location the resource was deployed into.') output location string = redisCacheEnterprise.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/cache/redis/main.bicep b/modules/cache/redis/main.bicep index 93e4ceafb2..1cd8c37d89 100644 --- a/modules/cache/redis/main.bicep +++ b/modules/cache/redis/main.bicep @@ -283,3 +283,15 @@ output subnetId string = !empty(subnetId) ? redisCache.properties.subnetId : '' @description('The location the resource was deployed into.') output location string = redisCache.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/cdn/profile/main.bicep b/modules/cdn/profile/main.bicep index 5c54632773..b979a6f25c 100644 --- a/modules/cdn/profile/main.bicep +++ b/modules/cdn/profile/main.bicep @@ -211,3 +211,15 @@ output profileType string = profile.type @description('The location the resource was deployed into.') output location string = profile.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/cognitive-services/account/main.bicep b/modules/cognitive-services/account/main.bicep index 4ef42c4492..dbbbcae777 100644 --- a/modules/cognitive-services/account/main.bicep +++ b/modules/cognitive-services/account/main.bicep @@ -328,3 +328,15 @@ output systemAssignedPrincipalId string = systemAssignedIdentity && contains(cog @description('The location the resource was deployed into.') output location string = cognitiveServices.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/compute/availability-set/main.bicep b/modules/compute/availability-set/main.bicep index ca11aff2fd..0ffa5c3308 100644 --- a/modules/compute/availability-set/main.bicep +++ b/modules/compute/availability-set/main.bicep @@ -93,3 +93,15 @@ output resourceGroupName string = resourceGroup().name @description('The location the resource was deployed into.') output location string = availabilitySet.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/compute/disk-encryption-set/main.bicep b/modules/compute/disk-encryption-set/main.bicep index 2442ef6038..be0eab23bf 100644 --- a/modules/compute/disk-encryption-set/main.bicep +++ b/modules/compute/disk-encryption-set/main.bicep @@ -151,3 +151,15 @@ output keyVaultName string = last(split(keyVaultResourceId, '/'))! @description('The location the resource was deployed into.') output location string = diskEncryptionSet.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/compute/disk/main.bicep b/modules/compute/disk/main.bicep index 496f1e6a86..172bac9dcd 100644 --- a/modules/compute/disk/main.bicep +++ b/modules/compute/disk/main.bicep @@ -213,3 +213,15 @@ output name string = disk.name @description('The location the resource was deployed into.') output location string = disk.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/compute/proximity-placement-group/main.bicep b/modules/compute/proximity-placement-group/main.bicep index 93e0a091bd..759089e848 100644 --- a/modules/compute/proximity-placement-group/main.bicep +++ b/modules/compute/proximity-placement-group/main.bicep @@ -93,3 +93,15 @@ output resourceGroupName string = resourceGroup().name @description('The location the resource was deployed into.') output location string = proximityPlacementGroup.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/compute/ssh-public-key/main.bicep b/modules/compute/ssh-public-key/main.bicep index 763a2e39d9..e94e025473 100644 --- a/modules/compute/ssh-public-key/main.bicep +++ b/modules/compute/ssh-public-key/main.bicep @@ -79,3 +79,15 @@ output name string = sshPublicKey.name @description('The location the resource was deployed into.') output location string = sshPublicKey.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/compute/virtual-machine-scale-set/main.bicep b/modules/compute/virtual-machine-scale-set/main.bicep index 19d7d372fb..4c5dbbecd6 100644 --- a/modules/compute/virtual-machine-scale-set/main.bicep +++ b/modules/compute/virtual-machine-scale-set/main.bicep @@ -651,3 +651,15 @@ output systemAssignedPrincipalId string = systemAssignedIdentity && contains(vms @description('The location the resource was deployed into.') output location string = vmss.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/compute/virtual-machine/main.bicep b/modules/compute/virtual-machine/main.bicep index 458f799703..1ca3aa0499 100644 --- a/modules/compute/virtual-machine/main.bicep +++ b/modules/compute/virtual-machine/main.bicep @@ -733,3 +733,15 @@ output systemAssignedPrincipalId string = systemAssignedIdentity && contains(vm. @description('The location the resource was deployed into.') output location string = vm.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/container-instance/container-group/main.bicep b/modules/container-instance/container-group/main.bicep index 01cd35d401..6d15338ef7 100644 --- a/modules/container-instance/container-group/main.bicep +++ b/modules/container-instance/container-group/main.bicep @@ -190,3 +190,15 @@ output systemAssignedPrincipalId string = systemAssignedIdentity && contains(con @description('The location the resource was deployed into.') output location string = containergroup.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/container-registry/registry/main.bicep b/modules/container-registry/registry/main.bicep index 56925f5ede..fe47570835 100644 --- a/modules/container-registry/registry/main.bicep +++ b/modules/container-registry/registry/main.bicep @@ -406,3 +406,15 @@ output systemAssignedPrincipalId string = systemAssignedIdentity && contains(reg @description('The location the resource was deployed into.') output location string = registry.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/container-service/managed-cluster/main.bicep b/modules/container-service/managed-cluster/main.bicep index d322f03f54..9b657a80b0 100644 --- a/modules/container-service/managed-cluster/main.bicep +++ b/modules/container-service/managed-cluster/main.bicep @@ -744,3 +744,15 @@ output oidcIssuerUrl string = enableOidcIssuerProfile ? managedCluster.propertie @description('The addonProfiles of the Kubernetes cluster.') output addonProfiles object = contains(managedCluster.properties, 'addonProfiles') ? managedCluster.properties.addonProfiles : {} + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/data-factory/factory/main.bicep b/modules/data-factory/factory/main.bicep index 31df41c739..f9a156dc4f 100644 --- a/modules/data-factory/factory/main.bicep +++ b/modules/data-factory/factory/main.bicep @@ -300,3 +300,15 @@ output systemAssignedPrincipalId string = systemAssignedIdentity && contains(dat @description('The location the resource was deployed into.') output location string = dataFactory.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/data-protection/backup-vault/main.bicep b/modules/data-protection/backup-vault/main.bicep index deb3fb2822..5708d1d233 100644 --- a/modules/data-protection/backup-vault/main.bicep +++ b/modules/data-protection/backup-vault/main.bicep @@ -143,3 +143,15 @@ output systemAssignedPrincipalId string = systemAssignedIdentity && contains(bac @description('The location the resource was deployed into.') output location string = backupVault.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/databricks/access-connector/main.bicep b/modules/databricks/access-connector/main.bicep index 79fe9ed821..51a2abf247 100644 --- a/modules/databricks/access-connector/main.bicep +++ b/modules/databricks/access-connector/main.bicep @@ -86,3 +86,15 @@ output resourceGroupName string = resourceGroup().name @description('The location the resource was deployed into.') output location string = accessConnector.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/databricks/workspace/main.bicep b/modules/databricks/workspace/main.bicep index 6f4e5dab96..d853653888 100644 --- a/modules/databricks/workspace/main.bicep +++ b/modules/databricks/workspace/main.bicep @@ -362,3 +362,15 @@ output resourceGroupName string = resourceGroup().name @description('The location the resource was deployed into.') output location string = workspace.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/db-for-my-sql/flexible-server/main.bicep b/modules/db-for-my-sql/flexible-server/main.bicep index ac8be22a85..8135768725 100644 --- a/modules/db-for-my-sql/flexible-server/main.bicep +++ b/modules/db-for-my-sql/flexible-server/main.bicep @@ -399,3 +399,15 @@ output resourceGroupName string = resourceGroup().name @description('The location the resource was deployed into.') output location string = flexibleServer.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/db-for-postgre-sql/flexible-server/main.bicep b/modules/db-for-postgre-sql/flexible-server/main.bicep index 66dc008da0..5d49114d47 100644 --- a/modules/db-for-postgre-sql/flexible-server/main.bicep +++ b/modules/db-for-postgre-sql/flexible-server/main.bicep @@ -387,3 +387,15 @@ output resourceGroupName string = resourceGroup().name @description('The location the resource was deployed into.') output location string = flexibleServer.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/dev-test-lab/lab/main.bicep b/modules/dev-test-lab/lab/main.bicep index 144ea2184f..26b1544387 100644 --- a/modules/dev-test-lab/lab/main.bicep +++ b/modules/dev-test-lab/lab/main.bicep @@ -303,3 +303,15 @@ output name string = lab.name @description('The location the resource was deployed into.') output location string = lab.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/digital-twins/digital-twins-instance/main.bicep b/modules/digital-twins/digital-twins-instance/main.bicep index c68f1da0b9..b18dd65659 100644 --- a/modules/digital-twins/digital-twins-instance/main.bicep +++ b/modules/digital-twins/digital-twins-instance/main.bicep @@ -253,3 +253,15 @@ output hostname string = digitalTwinsInstance.properties.hostName @description('The location the resource was deployed into.') output location string = digitalTwinsInstance.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/document-db/database-account/main.bicep b/modules/document-db/database-account/main.bicep index a48baa99c2..b1a43f4d4d 100644 --- a/modules/document-db/database-account/main.bicep +++ b/modules/document-db/database-account/main.bicep @@ -383,3 +383,15 @@ output systemAssignedPrincipalId string = systemAssignedIdentity && contains(dat @description('The location the resource was deployed into.') output location string = databaseAccount.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/event-grid/domain/main.bicep b/modules/event-grid/domain/main.bicep index 0ec3b52635..770c9b2bb5 100644 --- a/modules/event-grid/domain/main.bicep +++ b/modules/event-grid/domain/main.bicep @@ -200,3 +200,15 @@ output resourceGroupName string = resourceGroup().name @description('The location the resource was deployed into.') output location string = domain.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/event-grid/system-topic/main.bicep b/modules/event-grid/system-topic/main.bicep index 05a7a6d9bd..22d6ea6dbe 100644 --- a/modules/event-grid/system-topic/main.bicep +++ b/modules/event-grid/system-topic/main.bicep @@ -185,3 +185,15 @@ output systemAssignedPrincipalId string = systemAssignedIdentity && contains(sys @description('The location the resource was deployed into.') output location string = systemTopic.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/event-grid/topic/main.bicep b/modules/event-grid/topic/main.bicep index 0f5ded5929..488d8e650d 100644 --- a/modules/event-grid/topic/main.bicep +++ b/modules/event-grid/topic/main.bicep @@ -202,3 +202,15 @@ output resourceGroupName string = resourceGroup().name @description('The location the resource was deployed into.') output location string = topic.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/event-hub/namespace/eventhub/main.bicep b/modules/event-hub/namespace/eventhub/main.bicep index 14e5dea26d..31e340edb5 100644 --- a/modules/event-hub/namespace/eventhub/main.bicep +++ b/modules/event-hub/namespace/eventhub/main.bicep @@ -220,3 +220,15 @@ output resourceGroupName string = resourceGroup().name @description('The authentication rule resource ID of the event hub.') output resourceId string = az.resourceId('Microsoft.EventHub/namespaces/authorizationRules', namespaceName, 'RootManageSharedAccessKey') + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/event-hub/namespace/main.bicep b/modules/event-hub/namespace/main.bicep index 39e09ea7ed..2059bf56b3 100644 --- a/modules/event-hub/namespace/main.bicep +++ b/modules/event-hub/namespace/main.bicep @@ -381,3 +381,15 @@ output systemAssignedPrincipalId string = systemAssignedIdentity && contains(eve @description('The location the resource was deployed into.') output location string = eventHubNamespace.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/health-bot/health-bot/main.bicep b/modules/health-bot/health-bot/main.bicep index 9ec6c7c2e5..d9ce35e07d 100644 --- a/modules/health-bot/health-bot/main.bicep +++ b/modules/health-bot/health-bot/main.bicep @@ -94,3 +94,15 @@ output resourceId string = azureHealthBot.id @description('The location the resource was deployed into.') output location string = azureHealthBot.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/healthcare-apis/workspace/dicomservice/main.bicep b/modules/healthcare-apis/workspace/dicomservice/main.bicep index 83a199fe0f..da9ee96521 100644 --- a/modules/healthcare-apis/workspace/dicomservice/main.bicep +++ b/modules/healthcare-apis/workspace/dicomservice/main.bicep @@ -165,3 +165,15 @@ output systemAssignedPrincipalId string = systemAssignedIdentity && contains(dic @description('The location the resource was deployed into.') output location string = dicom.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/healthcare-apis/workspace/fhirservice/main.bicep b/modules/healthcare-apis/workspace/fhirservice/main.bicep index 0741f47148..4ceaf315bc 100644 --- a/modules/healthcare-apis/workspace/fhirservice/main.bicep +++ b/modules/healthcare-apis/workspace/fhirservice/main.bicep @@ -275,3 +275,15 @@ output location string = fhir.location @description('The name of the fhir workspace.') output workspaceName string = workspace.name + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/healthcare-apis/workspace/iotconnector/main.bicep b/modules/healthcare-apis/workspace/iotconnector/main.bicep index af64b118dc..ad733a1250 100644 --- a/modules/healthcare-apis/workspace/iotconnector/main.bicep +++ b/modules/healthcare-apis/workspace/iotconnector/main.bicep @@ -189,3 +189,15 @@ output location string = iotConnector.location @description('The name of the medtech workspace.') output workspaceName string = workspace.name + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/healthcare-apis/workspace/main.bicep b/modules/healthcare-apis/workspace/main.bicep index b20e83498a..85501db4ac 100644 --- a/modules/healthcare-apis/workspace/main.bicep +++ b/modules/healthcare-apis/workspace/main.bicep @@ -189,3 +189,15 @@ output resourceGroupName string = resourceGroup().name @description('The location the resource was deployed into.') output location string = workspace.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/insights/private-link-scope/main.bicep b/modules/insights/private-link-scope/main.bicep index 337c2cb210..5569d9fe30 100644 --- a/modules/insights/private-link-scope/main.bicep +++ b/modules/insights/private-link-scope/main.bicep @@ -114,3 +114,15 @@ output resourceGroupName string = resourceGroup().name @description('The location the resource was deployed into.') output location string = privateLinkScope.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/key-vault/vault/main.bicep b/modules/key-vault/vault/main.bicep index 62e478240c..f5de3fe075 100644 --- a/modules/key-vault/vault/main.bicep +++ b/modules/key-vault/vault/main.bicep @@ -308,3 +308,15 @@ output uri string = keyVault.properties.vaultUri @description('The location the resource was deployed into.') output location string = keyVault.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/logic/workflow/main.bicep b/modules/logic/workflow/main.bicep index 5ba270f44f..f07e71f1ba 100644 --- a/modules/logic/workflow/main.bicep +++ b/modules/logic/workflow/main.bicep @@ -233,3 +233,15 @@ output systemAssignedPrincipalId string = systemAssignedIdentity && contains(log @description('The location the resource was deployed into.') output location string = logicApp.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/managed-identity/user-assigned-identity/main.bicep b/modules/managed-identity/user-assigned-identity/main.bicep index d2b66e91f8..45d1530bc9 100644 --- a/modules/managed-identity/user-assigned-identity/main.bicep +++ b/modules/managed-identity/user-assigned-identity/main.bicep @@ -94,3 +94,15 @@ output resourceGroupName string = resourceGroup().name @description('The location the resource was deployed into.') output location string = userMsi.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/net-app/net-app-account/main.bicep b/modules/net-app/net-app-account/main.bicep index 5b267072cf..e089c3aed2 100644 --- a/modules/net-app/net-app-account/main.bicep +++ b/modules/net-app/net-app-account/main.bicep @@ -138,3 +138,15 @@ output resourceGroupName string = resourceGroup().name @description('The location the resource was deployed into.') output location string = netAppAccount.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/network/application-gateway/main.bicep b/modules/network/application-gateway/main.bicep index 2294d5ccac..65efe0cbff 100644 --- a/modules/network/application-gateway/main.bicep +++ b/modules/network/application-gateway/main.bicep @@ -407,3 +407,15 @@ output resourceGroupName string = resourceGroup().name @description('The location the resource was deployed into.') output location string = applicationGateway.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/network/application-security-group/main.bicep b/modules/network/application-security-group/main.bicep index 6e0112f77a..e1633929e7 100644 --- a/modules/network/application-security-group/main.bicep +++ b/modules/network/application-security-group/main.bicep @@ -72,3 +72,15 @@ output name string = applicationSecurityGroup.name @description('The location the resource was deployed into.') output location string = applicationSecurityGroup.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/network/azure-firewall/main.bicep b/modules/network/azure-firewall/main.bicep index d279f016cf..9bc65dc9f3 100644 --- a/modules/network/azure-firewall/main.bicep +++ b/modules/network/azure-firewall/main.bicep @@ -377,3 +377,15 @@ output natRuleCollections array = natRuleCollections @description('The location the resource was deployed into.') output location string = azureFirewall.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/network/bastion-host/main.bicep b/modules/network/bastion-host/main.bicep index 49080a20b0..70cf762a95 100644 --- a/modules/network/bastion-host/main.bicep +++ b/modules/network/bastion-host/main.bicep @@ -244,3 +244,15 @@ output location string = azureBastion.location @description('The Public IPconfiguration object for the AzureBastionSubnet.') output ipConfAzureBastionSubnet object = azureBastion.properties.ipConfigurations[0] + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/network/ddos-protection-plan/main.bicep b/modules/network/ddos-protection-plan/main.bicep index 9ec08f8467..7b493bd543 100644 --- a/modules/network/ddos-protection-plan/main.bicep +++ b/modules/network/ddos-protection-plan/main.bicep @@ -73,3 +73,15 @@ output name string = ddosProtectionPlan.name @description('The location the resource was deployed into.') output location string = ddosProtectionPlan.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/network/dns-forwarding-ruleset/main.bicep b/modules/network/dns-forwarding-ruleset/main.bicep index 9aea9da8de..82ff90c2df 100644 --- a/modules/network/dns-forwarding-ruleset/main.bicep +++ b/modules/network/dns-forwarding-ruleset/main.bicep @@ -105,3 +105,15 @@ output name string = dnsForwardingRuleset.name @description('The location the resource was deployed into.') output location string = dnsForwardingRuleset.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/network/dns-resolver/main.bicep b/modules/network/dns-resolver/main.bicep index 3bfd54aa33..933f358d6f 100644 --- a/modules/network/dns-resolver/main.bicep +++ b/modules/network/dns-resolver/main.bicep @@ -114,3 +114,15 @@ output name string = dnsResolver.name @description('The location the resource was deployed into.') output location string = dnsResolver.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/network/dns-zone/main.bicep b/modules/network/dns-zone/main.bicep index 5e25ed9920..8c2d9e864d 100644 --- a/modules/network/dns-zone/main.bicep +++ b/modules/network/dns-zone/main.bicep @@ -241,3 +241,15 @@ output resourceId string = dnsZone.id @description('The location the resource was deployed into.') output location string = dnsZone.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/network/express-route-circuit/main.bicep b/modules/network/express-route-circuit/main.bicep index 773e4b8135..813d3f4a98 100644 --- a/modules/network/express-route-circuit/main.bicep +++ b/modules/network/express-route-circuit/main.bicep @@ -232,3 +232,15 @@ output serviceKey string = reference(expressRouteCircuits.id, '2021-02-01').serv @description('The location the resource was deployed into.') output location string = expressRouteCircuits.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/network/express-route-gateway/main.bicep b/modules/network/express-route-gateway/main.bicep index 9f2fbdac1a..6e461e3158 100644 --- a/modules/network/express-route-gateway/main.bicep +++ b/modules/network/express-route-gateway/main.bicep @@ -99,3 +99,15 @@ output name string = expressRouteGateway.name @description('The location the resource was deployed into.') output location string = expressRouteGateway.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/network/front-door-web-application-firewall-policy/main.bicep b/modules/network/front-door-web-application-firewall-policy/main.bicep index d3b856c1f3..f24e6ed9ca 100644 --- a/modules/network/front-door-web-application-firewall-policy/main.bicep +++ b/modules/network/front-door-web-application-firewall-policy/main.bicep @@ -134,3 +134,15 @@ output resourceGroupName string = resourceGroup().name @description('The location the resource was deployed into.') output location string = frontDoorWAFPolicy.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/network/front-door/main.bicep b/modules/network/front-door/main.bicep index 077a8df1cb..055bf7232a 100644 --- a/modules/network/front-door/main.bicep +++ b/modules/network/front-door/main.bicep @@ -173,3 +173,15 @@ output resourceId string = frontDoor.id @description('The resource group the front door was deployed into.') output resourceGroupName string = resourceGroup().name + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/network/ip-group/main.bicep b/modules/network/ip-group/main.bicep index 501905ab39..90f7e7df3d 100644 --- a/modules/network/ip-group/main.bicep +++ b/modules/network/ip-group/main.bicep @@ -78,3 +78,15 @@ output name string = ipGroup.name @description('The location the resource was deployed into.') output location string = ipGroup.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/network/load-balancer/main.bicep b/modules/network/load-balancer/main.bicep index c6b58e36af..5b238610a9 100644 --- a/modules/network/load-balancer/main.bicep +++ b/modules/network/load-balancer/main.bicep @@ -264,3 +264,15 @@ output backendpools array = loadBalancer.properties.backendAddressPools @description('The location the resource was deployed into.') output location string = loadBalancer.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/network/local-network-gateway/main.bicep b/modules/network/local-network-gateway/main.bicep index eaa76d065b..b4d16ba511 100644 --- a/modules/network/local-network-gateway/main.bicep +++ b/modules/network/local-network-gateway/main.bicep @@ -104,3 +104,15 @@ output name string = localNetworkGateway.name @description('The location the resource was deployed into.') output location string = localNetworkGateway.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/network/nat-gateway/main.bicep b/modules/network/nat-gateway/main.bicep index ac9c59d6e2..34136d7d14 100644 --- a/modules/network/nat-gateway/main.bicep +++ b/modules/network/nat-gateway/main.bicep @@ -181,3 +181,15 @@ output resourceGroupName string = resourceGroup().name @description('The location the resource was deployed into.') output location string = natGateway.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/network/network-interface/main.bicep b/modules/network/network-interface/main.bicep index a5b392977e..9fd426cfa9 100644 --- a/modules/network/network-interface/main.bicep +++ b/modules/network/network-interface/main.bicep @@ -182,3 +182,15 @@ output resourceGroupName string = resourceGroup().name @description('The location the resource was deployed into.') output location string = networkInterface.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/network/network-security-group/main.bicep b/modules/network/network-security-group/main.bicep index 47a8aea877..fbae4bf830 100644 --- a/modules/network/network-security-group/main.bicep +++ b/modules/network/network-security-group/main.bicep @@ -176,3 +176,15 @@ output name string = networkSecurityGroup.name @description('The location the resource was deployed into.') output location string = networkSecurityGroup.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/network/network-watcher/main.bicep b/modules/network/network-watcher/main.bicep index cf3e039803..9f6a533323 100644 --- a/modules/network/network-watcher/main.bicep +++ b/modules/network/network-watcher/main.bicep @@ -111,3 +111,15 @@ output resourceGroupName string = resourceGroup().name @description('The location the resource was deployed into.') output location string = networkWatcher.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/network/private-dns-zone/main.bicep b/modules/network/private-dns-zone/main.bicep index be05db9fa8..9d5e75bdbd 100644 --- a/modules/network/private-dns-zone/main.bicep +++ b/modules/network/private-dns-zone/main.bicep @@ -217,3 +217,15 @@ output resourceId string = privateDnsZone.id @description('The location the resource was deployed into.') output location string = privateDnsZone.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/network/private-endpoint/main.bicep b/modules/network/private-endpoint/main.bicep index 201514fc41..3b0407fd1c 100644 --- a/modules/network/private-endpoint/main.bicep +++ b/modules/network/private-endpoint/main.bicep @@ -129,3 +129,15 @@ output name string = privateEndpoint.name @description('The location the resource was deployed into.') output location string = privateEndpoint.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/network/private-link-service/main.bicep b/modules/network/private-link-service/main.bicep index 495193fb80..8f7b9a0c33 100644 --- a/modules/network/private-link-service/main.bicep +++ b/modules/network/private-link-service/main.bicep @@ -101,3 +101,15 @@ output name string = privateLinkService.name @description('The location the resource was deployed into.') output location string = privateLinkService.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/network/public-ip-address/main.bicep b/modules/network/public-ip-address/main.bicep index 60143805b3..6c0642550f 100644 --- a/modules/network/public-ip-address/main.bicep +++ b/modules/network/public-ip-address/main.bicep @@ -213,3 +213,15 @@ output ipAddress string = contains(publicIpAddress.properties, 'ipAddress') ? pu @description('The location the resource was deployed into.') output location string = publicIpAddress.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/network/public-ip-prefix/main.bicep b/modules/network/public-ip-prefix/main.bicep index 4d20cc27d8..800f157685 100644 --- a/modules/network/public-ip-prefix/main.bicep +++ b/modules/network/public-ip-prefix/main.bicep @@ -88,3 +88,15 @@ output name string = publicIpPrefix.name @description('The location the resource was deployed into.') output location string = publicIpPrefix.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/network/route-table/main.bicep b/modules/network/route-table/main.bicep index 5f7099a843..bbf34b3d9f 100644 --- a/modules/network/route-table/main.bicep +++ b/modules/network/route-table/main.bicep @@ -81,3 +81,15 @@ output resourceId string = routeTable.id @description('The location the resource was deployed into.') output location string = routeTable.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/network/service-endpoint-policy/main.bicep b/modules/network/service-endpoint-policy/main.bicep index 666e2f35c4..efebb4933b 100644 --- a/modules/network/service-endpoint-policy/main.bicep +++ b/modules/network/service-endpoint-policy/main.bicep @@ -85,3 +85,15 @@ output resourceId string = serviceEndpointPolicy.id @description('The location the resource was deployed into.') output location string = serviceEndpointPolicy.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/network/trafficmanagerprofile/main.bicep b/modules/network/trafficmanagerprofile/main.bicep index 1be416ff31..2744e9d3d2 100644 --- a/modules/network/trafficmanagerprofile/main.bicep +++ b/modules/network/trafficmanagerprofile/main.bicep @@ -186,3 +186,15 @@ output resourceGroupName string = resourceGroup().name @description('The name of the traffic manager was deployed into.') output name string = trafficManagerProfile.name + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/network/virtual-hub/main.bicep b/modules/network/virtual-hub/main.bicep index 6ab9a5b388..20bdb7a9ef 100644 --- a/modules/network/virtual-hub/main.bicep +++ b/modules/network/virtual-hub/main.bicep @@ -170,3 +170,15 @@ output name string = virtualHub.name @description('The location the resource was deployed into.') output location string = virtualHub.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/network/virtual-network-gateway/main.bicep b/modules/network/virtual-network-gateway/main.bicep index 586b7eddc6..3e04a95352 100644 --- a/modules/network/virtual-network-gateway/main.bicep +++ b/modules/network/virtual-network-gateway/main.bicep @@ -449,3 +449,15 @@ output activeActive bool = virtualNetworkGateway.properties.activeActive @description('The location the resource was deployed into.') output location string = virtualNetworkGateway.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/network/virtual-network/main.bicep b/modules/network/virtual-network/main.bicep index 78a28de297..51cb62c403 100644 --- a/modules/network/virtual-network/main.bicep +++ b/modules/network/virtual-network/main.bicep @@ -282,3 +282,15 @@ output location string = virtualNetwork.location @description('The Diagnostic Settings of the virtual network.') output diagnosticsLogs array = diagnosticsLogs + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/network/virtual-wan/main.bicep b/modules/network/virtual-wan/main.bicep index 16e97f787f..062176fbc2 100644 --- a/modules/network/virtual-wan/main.bicep +++ b/modules/network/virtual-wan/main.bicep @@ -93,3 +93,15 @@ output resourceGroupName string = resourceGroup().name @description('The location the resource was deployed into.') output location string = virtualWan.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/network/vpn-gateway/main.bicep b/modules/network/vpn-gateway/main.bicep index 40289db433..680c8ea141 100644 --- a/modules/network/vpn-gateway/main.bicep +++ b/modules/network/vpn-gateway/main.bicep @@ -124,3 +124,15 @@ output resourceGroupName string = resourceGroup().name @description('The location the resource was deployed into.') output location string = vpnGateway.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/network/vpn-site/main.bicep b/modules/network/vpn-site/main.bicep index 1edf2bdd00..f86e669d86 100644 --- a/modules/network/vpn-site/main.bicep +++ b/modules/network/vpn-site/main.bicep @@ -105,3 +105,15 @@ output resourceGroupName string = resourceGroup().name @description('The location the resource was deployed into.') output location string = vpnSite.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/operational-insights/workspace/main.bicep b/modules/operational-insights/workspace/main.bicep index c75dd4fa40..2d5c56f05e 100644 --- a/modules/operational-insights/workspace/main.bicep +++ b/modules/operational-insights/workspace/main.bicep @@ -358,3 +358,15 @@ output location string = logAnalyticsWorkspace.location @description('The principal ID of the system assigned identity.') output systemAssignedIdentityPrincipalId string = systemAssignedIdentity && contains(logAnalyticsWorkspace.identity, 'principalId') ? logAnalyticsWorkspace.identity.principalId : '' + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/purview/account/main.bicep b/modules/purview/account/main.bicep index 59098d746e..640835c8e8 100644 --- a/modules/purview/account/main.bicep +++ b/modules/purview/account/main.bicep @@ -317,3 +317,15 @@ output managedEventHubId string = account.properties.managedResources.eventHubNa @description('The principal ID of the system assigned identity.') output systemAssignedPrincipalId string = account.identity.principalId + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/recovery-services/vault/main.bicep b/modules/recovery-services/vault/main.bicep index e53dc7e391..5158f2c76a 100644 --- a/modules/recovery-services/vault/main.bicep +++ b/modules/recovery-services/vault/main.bicep @@ -329,3 +329,15 @@ output systemAssignedPrincipalId string = systemAssignedIdentity && contains(rsv @description('The location the resource was deployed into.') output location string = rsv.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/relay/namespace/hybrid-connection/main.bicep b/modules/relay/namespace/hybrid-connection/main.bicep index ce8f223961..6236c7796a 100644 --- a/modules/relay/namespace/hybrid-connection/main.bicep +++ b/modules/relay/namespace/hybrid-connection/main.bicep @@ -119,3 +119,15 @@ output resourceId string = hybridConnection.id @description('The resource group of the deployed hybrid connection.') output resourceGroupName string = resourceGroup().name + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/relay/namespace/main.bicep b/modules/relay/namespace/main.bicep index 6bb1a8d638..df15060cb2 100644 --- a/modules/relay/namespace/main.bicep +++ b/modules/relay/namespace/main.bicep @@ -287,3 +287,15 @@ output name string = namespace.name @description('The location the resource was deployed into.') output location string = namespace.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/relay/namespace/wcf-relay/main.bicep b/modules/relay/namespace/wcf-relay/main.bicep index 14a45dabfb..cce30b9ed4 100644 --- a/modules/relay/namespace/wcf-relay/main.bicep +++ b/modules/relay/namespace/wcf-relay/main.bicep @@ -131,3 +131,15 @@ output resourceId string = wcfRelay.id @description('The resource group of the deployed wcf relay.') output resourceGroupName string = resourceGroup().name + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/resource-graph/query/main.bicep b/modules/resource-graph/query/main.bicep index b88bd76129..d43b0b4772 100644 --- a/modules/resource-graph/query/main.bicep +++ b/modules/resource-graph/query/main.bicep @@ -81,3 +81,15 @@ output resourceGroupName string = resourceGroup().name @description('The location the resource was deployed into.') output location string = rgQuery.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/resources/deployment-script/main.bicep b/modules/resources/deployment-script/main.bicep index ad2b9c8016..825fc3f790 100644 --- a/modules/resources/deployment-script/main.bicep +++ b/modules/resources/deployment-script/main.bicep @@ -149,3 +149,15 @@ output location string = deploymentScript.location @description('The output of the deployment script.') output outputs object = contains(deploymentScript.properties, 'outputs') ? deploymentScript.properties.outputs : {} + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/resources/resource-group/main.bicep b/modules/resources/resource-group/main.bicep index 5dbce60a17..4d617e87fd 100644 --- a/modules/resources/resource-group/main.bicep +++ b/modules/resources/resource-group/main.bicep @@ -76,3 +76,15 @@ output resourceId string = resourceGroup.id @description('The location the resource was deployed into.') output location string = resourceGroup.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/service-bus/namespace/main.bicep b/modules/service-bus/namespace/main.bicep index ad7bf2b5a6..11adbf9ea5 100644 --- a/modules/service-bus/namespace/main.bicep +++ b/modules/service-bus/namespace/main.bicep @@ -420,3 +420,15 @@ output systemAssignedPrincipalId string = systemAssignedIdentity && contains(ser @description('The location the resource was deployed into.') output location string = serviceBusNamespace.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/service-bus/namespace/queue/main.bicep b/modules/service-bus/namespace/queue/main.bicep index 23ef096325..22694101a8 100644 --- a/modules/service-bus/namespace/queue/main.bicep +++ b/modules/service-bus/namespace/queue/main.bicep @@ -176,3 +176,15 @@ output resourceId string = queue.id @description('The resource group of the deployed queue.') output resourceGroupName string = resourceGroup().name + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/service-bus/namespace/topic/main.bicep b/modules/service-bus/namespace/topic/main.bicep index d325b77f80..f037607a66 100644 --- a/modules/service-bus/namespace/topic/main.bicep +++ b/modules/service-bus/namespace/topic/main.bicep @@ -156,3 +156,15 @@ output resourceId string = topic.id @description('The resource group of the deployed topic.') output resourceGroupName string = resourceGroup().name + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/service-fabric/cluster/main.bicep b/modules/service-fabric/cluster/main.bicep index 310306c9b2..f4151b2811 100644 --- a/modules/service-fabric/cluster/main.bicep +++ b/modules/service-fabric/cluster/main.bicep @@ -327,3 +327,15 @@ output endpoint string = serviceFabricCluster.properties.clusterEndpoint @description('The location the resource was deployed into.') output location string = serviceFabricCluster.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/signal-r-service/signal-r/main.bicep b/modules/signal-r-service/signal-r/main.bicep index c9b1c8831a..26b74eeceb 100644 --- a/modules/signal-r-service/signal-r/main.bicep +++ b/modules/signal-r-service/signal-r/main.bicep @@ -212,3 +212,15 @@ output resourceId string = signalR.id @description('The location the resource was deployed into.') output location string = signalR.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/signal-r-service/web-pub-sub/main.bicep b/modules/signal-r-service/web-pub-sub/main.bicep index fa138d655c..0065ca3fc3 100644 --- a/modules/signal-r-service/web-pub-sub/main.bicep +++ b/modules/signal-r-service/web-pub-sub/main.bicep @@ -184,3 +184,15 @@ output serverPort int = webPubSub.properties.serverPort @description('The location the resource was deployed into.') output location string = webPubSub.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/sql/managed-instance/database/main.bicep b/modules/sql/managed-instance/database/main.bicep index c296818ba2..0a5e18352f 100644 --- a/modules/sql/managed-instance/database/main.bicep +++ b/modules/sql/managed-instance/database/main.bicep @@ -197,3 +197,15 @@ output resourceGroupName string = resourceGroup().name @description('The location the resource was deployed into.') output location string = database.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/sql/managed-instance/main.bicep b/modules/sql/managed-instance/main.bicep index e47dec54ae..50514cba48 100644 --- a/modules/sql/managed-instance/main.bicep +++ b/modules/sql/managed-instance/main.bicep @@ -394,3 +394,15 @@ output systemAssignedPrincipalId string = systemAssignedIdentity && contains(man @description('The location the resource was deployed into.') output location string = managedInstance.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/sql/server/main.bicep b/modules/sql/server/main.bicep index b7966f72fb..0578f35743 100644 --- a/modules/sql/server/main.bicep +++ b/modules/sql/server/main.bicep @@ -341,3 +341,15 @@ output systemAssignedPrincipalId string = systemAssignedIdentity && contains(ser @description('The location the resource was deployed into.') output location string = server.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/storage/storage-account/main.bicep b/modules/storage/storage-account/main.bicep index e373575e80..db7a5db84d 100644 --- a/modules/storage/storage-account/main.bicep +++ b/modules/storage/storage-account/main.bicep @@ -488,3 +488,15 @@ output systemAssignedPrincipalId string = systemAssignedIdentity && contains(sto @description('The location the resource was deployed into.') output location string = storageAccount.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/synapse/private-link-hub/main.bicep b/modules/synapse/private-link-hub/main.bicep index 094d9fb571..daff6a4c13 100644 --- a/modules/synapse/private-link-hub/main.bicep +++ b/modules/synapse/private-link-hub/main.bicep @@ -102,3 +102,15 @@ output resourceGroupName string = resourceGroup().name @description('The location the resource was deployed into.') output location string = privateLinkHub.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/synapse/workspace/main.bicep b/modules/synapse/workspace/main.bicep index d9346fdb6d..885f4bdd34 100644 --- a/modules/synapse/workspace/main.bicep +++ b/modules/synapse/workspace/main.bicep @@ -337,3 +337,15 @@ output systemAssignedPrincipalId string = contains(workspace.identity, 'principa @description('The location the resource was deployed into.') output location string = workspace.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/virtual-machine-images/image-template/main.bicep b/modules/virtual-machine-images/image-template/main.bicep index c9644cafa8..6db850e193 100644 --- a/modules/virtual-machine-images/image-template/main.bicep +++ b/modules/virtual-machine-images/image-template/main.bicep @@ -216,3 +216,15 @@ output runThisCommand string = 'Invoke-AzResourceAction -ResourceName ${imageTem @description('The location the resource was deployed into.') output location string = imageTemplate.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/web/connection/main.bicep b/modules/web/connection/main.bicep index d69835391c..7b2861588e 100644 --- a/modules/web/connection/main.bicep +++ b/modules/web/connection/main.bicep @@ -103,3 +103,15 @@ output name string = connection.name @description('The location the resource was deployed into.') output location string = connection.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/web/hosting-environment/main.bicep b/modules/web/hosting-environment/main.bicep index 610a1a6e8c..c54774b335 100644 --- a/modules/web/hosting-environment/main.bicep +++ b/modules/web/hosting-environment/main.bicep @@ -267,3 +267,15 @@ output name string = appServiceEnvironment.name @description('The location the resource was deployed into.') output location string = appServiceEnvironment.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/web/serverfarm/main.bicep b/modules/web/serverfarm/main.bicep index 8d6927b762..7433ec3076 100644 --- a/modules/web/serverfarm/main.bicep +++ b/modules/web/serverfarm/main.bicep @@ -177,3 +177,15 @@ output resourceId string = appServicePlan.id @description('The location the resource was deployed into.') output location string = appServicePlan.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/web/site/main.bicep b/modules/web/site/main.bicep index a948ee8f55..d0a75e87d5 100644 --- a/modules/web/site/main.bicep +++ b/modules/web/site/main.bicep @@ -452,3 +452,15 @@ output location string = app.location @description('Default hostname of the app.') output defaultHostname string = app.properties.defaultHostName + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/web/site/slot/main.bicep b/modules/web/site/slot/main.bicep index 981936ca94..037a778ccd 100644 --- a/modules/web/site/slot/main.bicep +++ b/modules/web/site/slot/main.bicep @@ -365,3 +365,15 @@ output systemAssignedPrincipalId string = systemAssignedIdentity && (contains(sl @description('The location the resource was deployed into.') output location string = slot.location + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/web/static-site/main.bicep b/modules/web/static-site/main.bicep index 6a093f95c6..e5214b74e4 100644 --- a/modules/web/static-site/main.bicep +++ b/modules/web/static-site/main.bicep @@ -229,3 +229,15 @@ output location string = staticSite.location @description('The default autogenerated hostname for the static site.') output defaultHostname string = staticSite.properties.defaultHostname + +// ================ // +// Definitions // +// ================ // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? From d59ae8e10dd7408dead4d46becfb896a774742a4 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Thu, 19 Oct 2023 17:50:05 +0200 Subject: [PATCH 04/52] Small fix --- modules/api-management/service/main.bicep | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/api-management/service/main.bicep b/modules/api-management/service/main.bicep index e627364c67..80b8735a04 100644 --- a/modules/api-management/service/main.bicep +++ b/modules/api-management/service/main.bicep @@ -430,16 +430,16 @@ module service_subscriptions 'subscription/main.bicep' = [for (subscription, ind } }] -resource apiManagementService_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { +resource service_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { name: lock.?name ?? 'lock-${name}' properties: { level: lock.?kind ?? '' notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } - scope: apiManagementService + scope: service } -resource apiManagementService_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { +resource service_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { name: !empty(diagnosticSettingsName) ? diagnosticSettingsName : '${name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null @@ -452,7 +452,7 @@ resource apiManagementService_diagnosticSettings 'Microsoft.Insights/diagnosticS scope: service } -module apiManagementService_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module service_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-Apim-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' From 1d2a7672259a96f5639310b564ae8d4d6ce98919 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Thu, 19 Oct 2023 18:00:32 +0200 Subject: [PATCH 05/52] Fixed diverse templates --- modules/compute/gallery/main.bicep | 21 ++++++++++++------- .../.bicep/nested_networkInterface.bicep | 14 ++++++++++++- .../application-group/main.bicep | 21 ++++++++++++------- .../host-pool/main.bicep | 21 ++++++++++++------- .../workspace/main.bicep | 21 ++++++++++++------- modules/insights/webtest/main.bicep | 9 ++------ modules/network/network-manager/main.bicep | 9 ++------ 7 files changed, 73 insertions(+), 43 deletions(-) diff --git a/modules/compute/gallery/main.bicep b/modules/compute/gallery/main.bicep index 32a6eca6ce..414c4c94f1 100644 --- a/modules/compute/gallery/main.bicep +++ b/modules/compute/gallery/main.bicep @@ -18,13 +18,8 @@ param applications array = [] @sys.description('Optional. Images to create.') param images array = [] -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@sys.description('Optional. Specify the type of lock.') -param lock string = '' +@sys.description('Optional. The lock settings of the service.') +param lock lockType @sys.description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] @@ -143,3 +138,15 @@ output name string = gallery.name @sys.description('The location the resource was deployed into.') output location string = gallery.location + +// =============== // +// Definitions // +// =============== // + +type lockType = { + @sys.description('Optional. Specify the name of lock.') + name: string? + + @sys.description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/compute/virtual-machine/.bicep/nested_networkInterface.bicep b/modules/compute/virtual-machine/.bicep/nested_networkInterface.bicep index 20386a51b8..7187f4f7a8 100644 --- a/modules/compute/virtual-machine/.bicep/nested_networkInterface.bicep +++ b/modules/compute/virtual-machine/.bicep/nested_networkInterface.bicep @@ -10,7 +10,7 @@ param dnsServers array = [] param networkSecurityGroupResourceId string = '' param ipConfigurations array -param lock string = '' +param lock lockType param diagnosticStorageAccountId string param diagnosticWorkspaceId string param diagnosticEventHubAuthorizationRuleId string @@ -94,3 +94,15 @@ module networkInterface '../../../network/network-interface/main.bicep' = { networkInterface_publicIPAddresses ] } + +// =============== // +// Definitions // +// =============== // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/desktop-virtualization/application-group/main.bicep b/modules/desktop-virtualization/application-group/main.bicep index 5484c13cc2..ed9329f309 100644 --- a/modules/desktop-virtualization/application-group/main.bicep +++ b/modules/desktop-virtualization/application-group/main.bicep @@ -40,13 +40,8 @@ param diagnosticEventHubAuthorizationRuleId string = '' @sys.description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') param diagnosticEventHubName string = '' -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@sys.description('Optional. Specify the type of lock.') -param lock string = '' +@sys.description('Optional. The lock settings of the service.') +param lock lockType @sys.description('Optional. Tags of the resource.') param tags object = {} @@ -176,3 +171,15 @@ output name string = appGroup.name @sys.description('The location the resource was deployed into.') output location string = appGroup.location + +// =============== // +// Definitions // +// =============== // + +type lockType = { + @sys.description('Optional. Specify the name of lock.') + name: string? + + @sys.description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/desktop-virtualization/host-pool/main.bicep b/modules/desktop-virtualization/host-pool/main.bicep index 85c5f91097..4ec3daa00b 100644 --- a/modules/desktop-virtualization/host-pool/main.bicep +++ b/modules/desktop-virtualization/host-pool/main.bicep @@ -68,13 +68,8 @@ param diagnosticEventHubAuthorizationRuleId string = '' @sys.description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') param diagnosticEventHubName string = '' -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@sys.description('Optional. Specify the type of lock.') -param lock string = '' +@sys.description('Optional. The lock settings of the service.') +param lock lockType @sys.description('Optional. Tags of the resource.') param tags object = {} @@ -288,3 +283,15 @@ output tokenExpirationTime string = dateTimeAdd(baseTime, tokenValidityLength) @sys.description('The location the resource was deployed into.') output location string = hostPool.location + +// =============== // +// Definitions // +// =============== // + +type lockType = { + @sys.description('Optional. Specify the name of lock.') + name: string? + + @sys.description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/desktop-virtualization/workspace/main.bicep b/modules/desktop-virtualization/workspace/main.bicep index eef8aba18a..dbb747db0c 100644 --- a/modules/desktop-virtualization/workspace/main.bicep +++ b/modules/desktop-virtualization/workspace/main.bicep @@ -29,13 +29,8 @@ param diagnosticEventHubAuthorizationRuleId string = '' @sys.description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') param diagnosticEventHubName string = '' -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@sys.description('Optional. Specify the type of lock.') -param lock string = '' +@sys.description('Optional. The lock settings of the service.') +param lock lockType @sys.description('Optional. Tags of the resource.') param tags object = {} @@ -142,3 +137,15 @@ output name string = workspace.name @sys.description('The location the resource was deployed into.') output location string = workspace.location + +// =============== // +// Definitions // +// =============== // + +type lockType = { + @sys.description('Optional. Specify the name of lock.') + name: string? + + @sys.description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/insights/webtest/main.bicep b/modules/insights/webtest/main.bicep index b2978d586a..a2781f68de 100644 --- a/modules/insights/webtest/main.bicep +++ b/modules/insights/webtest/main.bicep @@ -68,13 +68,8 @@ param validationRules object = {} @sys.description('Optional. An XML configuration specification for a WebTest.') param configuration object = {} -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@sys.description('Optional. Specify the type of lock.') -param lock string = '' +@sys.description('Optional. The lock settings of the service.') +param lock lockType @sys.description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] diff --git a/modules/network/network-manager/main.bicep b/modules/network/network-manager/main.bicep index c5aa045c1d..6bd51f09c8 100644 --- a/modules/network/network-manager/main.bicep +++ b/modules/network/network-manager/main.bicep @@ -10,13 +10,8 @@ param name string @sys.description('Optional. Location for all resources.') param location string = resourceGroup().location -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@sys.description('Optional. Specify the type of lock.') -param lock string = '' +@sys.description('Optional. The lock settings of the service.') +param lock lockType @sys.description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] From 2cef5c320c6a491cca8277abedf8a12f4d60d598 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Thu, 19 Oct 2023 18:15:03 +0200 Subject: [PATCH 06/52] Refreshed json --- modules/aad/domain-service/main.json | 70 ++-- modules/analysis-services/server/main.json | 70 ++-- modules/api-management/service/main.json | 118 ++++--- .../configuration-store/main.json | 118 +++++-- modules/app/container-app/main.json | 66 ++-- modules/app/managed-environment/main.json | 82 +++-- .../automation/automation-account/main.json | 134 ++++--- modules/batch/batch-account/main.json | 98 ++++-- modules/cache/redis-enterprise/main.json | 80 +++-- modules/cache/redis/main.json | 80 +++-- modules/cdn/profile/main.json | 90 +++-- modules/cognitive-services/account/main.json | 114 ++++-- modules/compute/availability-set/main.json | 66 ++-- modules/compute/disk-encryption-set/main.json | 101 ++++-- modules/compute/disk/main.json | 66 ++-- modules/compute/gallery/main.json | 74 ++-- .../proximity-placement-group/main.json | 66 ++-- modules/compute/ssh-public-key/main.json | 66 ++-- .../virtual-machine-scale-set/main.json | 120 ++++--- modules/compute/virtual-machine/main.json | 331 ++++++++++++------ .../container-group/main.json | 90 +++-- modules/container-registry/registry/main.json | 114 ++++-- .../managed-cluster/main.json | 108 +++--- modules/data-factory/factory/main.json | 102 ++++-- .../data-protection/backup-vault/main.json | 72 ++-- modules/databricks/access-connector/main.json | 66 ++-- modules/databricks/workspace/main.json | 120 +++++-- .../db-for-my-sql/flexible-server/main.json | 132 +++++-- .../flexible-server/main.json | 102 ++++-- .../application-group/main.json | 85 +++-- .../host-pool/main.json | 70 ++-- .../workspace/main.json | 70 ++-- modules/dev-test-lab/lab/main.json | 94 +++-- .../digital-twins-instance/main.json | 80 +++-- .../document-db/database-account/main.json | 88 +++-- modules/event-grid/domain/main.json | 78 +++-- modules/event-grid/system-topic/main.json | 78 +++-- modules/event-grid/topic/main.json | 80 +++-- .../event-hub/namespace/eventhub/main.json | 83 +++-- modules/event-hub/namespace/main.json | 203 +++++++---- modules/health-bot/health-bot/main.json | 66 ++-- .../workspace/dicomservice/main.json | 79 +++-- .../workspace/fhirservice/main.json | 83 +++-- .../workspace/iotconnector/main.json | 83 +++-- modules/healthcare-apis/workspace/main.json | 323 +++++++++++------ modules/insights/private-link-scope/main.json | 74 ++-- modules/key-vault/vault/main.json | 88 +++-- modules/logic/workflow/main.json | 72 ++-- .../user-assigned-identity/main.json | 74 ++-- modules/net-app/net-app-account/main.json | 70 ++-- modules/network/application-gateway/main.json | 74 ++-- .../application-security-group/main.json | 66 ++-- modules/network/azure-firewall/main.json | 228 +++++++----- modules/network/bastion-host/main.json | 150 +++++--- .../network/ddos-protection-plan/main.json | 66 ++-- modules/network/dns-resolver/main.json | 74 ++-- modules/network/dns-zone/main.json | 106 +++--- .../network/express-route-circuit/main.json | 70 ++-- .../network/express-route-gateway/main.json | 66 ++-- .../main.json | 66 ++-- modules/network/front-door/main.json | 68 ++-- modules/network/ip-group/main.json | 66 ++-- modules/network/load-balancer/main.json | 80 +++-- .../network/local-network-gateway/main.json | 66 ++-- modules/network/nat-gateway/main.json | 142 +++++--- modules/network/network-interface/main.json | 70 ++-- .../network/network-security-group/main.json | 74 ++-- modules/network/network-watcher/main.json | 74 ++-- modules/network/private-dns-zone/main.json | 102 +++--- .../network/private-link-service/main.json | 66 ++-- modules/network/public-ip-address/main.json | 72 ++-- modules/network/public-ip-prefix/main.json | 66 ++-- modules/network/route-table/main.json | 66 ++-- .../network/service-endpoint-policy/main.json | 66 ++-- .../network/trafficmanagerprofile/main.json | 68 ++-- modules/network/virtual-hub/main.json | 70 ++-- .../network/virtual-network-gateway/main.json | 150 +++++--- modules/network/virtual-network/main.json | 82 +++-- modules/network/virtual-wan/main.json | 66 ++-- modules/network/vpn-gateway/main.json | 70 ++-- modules/network/vpn-site/main.json | 66 ++-- .../operational-insights/workspace/main.json | 106 +++--- modules/recovery-services/vault/main.json | 104 +++--- .../namespace/hybrid-connection/main.json | 79 +++-- modules/relay/namespace/main.json | 248 ++++++++----- modules/relay/namespace/wcf-relay/main.json | 79 +++-- modules/resource-graph/query/main.json | 66 ++-- modules/resources/deployment-script/main.json | 64 ++-- modules/resources/resource-group/main.json | 58 ++- modules/service-bus/namespace/main.json | 286 ++++++++++----- modules/service-bus/namespace/queue/main.json | 81 +++-- modules/service-bus/namespace/topic/main.json | 79 +++-- modules/service-fabric/cluster/main.json | 72 ++-- modules/signal-r-service/signal-r/main.json | 70 ++-- .../signal-r-service/web-pub-sub/main.json | 78 +++-- .../sql/managed-instance/database/main.json | 77 ++-- modules/sql/managed-instance/main.json | 177 ++++++---- modules/sql/server/main.json | 104 +++--- modules/storage/storage-account/main.json | 118 ++++--- modules/synapse/private-link-hub/main.json | 70 ++-- modules/synapse/workspace/main.json | 122 ++++--- .../image-template/main.json | 66 ++-- modules/web/connection/main.json | 66 ++-- modules/web/hosting-environment/main.json | 78 +++-- modules/web/serverfarm/main.json | 70 ++-- modules/web/site/main.json | 197 +++++++---- modules/web/site/slot/main.json | 95 +++-- modules/web/static-site/main.json | 90 +++-- 108 files changed, 6868 insertions(+), 3485 deletions(-) diff --git a/modules/aad/domain-service/main.json b/modules/aad/domain-service/main.json index 0f206dd1ce..db6b6c7286 100644 --- a/modules/aad/domain-service/main.json +++ b/modules/aad/domain-service/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "10694057578652449276" + "templateHash": "15488600110889393374" }, "name": "Azure Active Directory Domain Services", "description": "This module deploys an Azure Active Directory Domain Services (AADDS).", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -243,15 +271,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -297,8 +319,8 @@ ], "diagnosticsLogs": "[if(contains(parameters('diagnosticLogCategoriesToEnable'), 'allLogs'), createArray(createObject('categoryGroup', 'allLogs', 'enabled', true())), if(contains(parameters('diagnosticLogCategoriesToEnable'), ''), createArray(), variables('diagnosticsLogsSpecified')))]" }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -312,7 +334,7 @@ } } }, - { + "domainService": { "type": "Microsoft.AAD/domainServices", "apiVersion": "2021-05-01", "name": "[parameters('name')]", @@ -345,7 +367,7 @@ "sku": "[parameters('sku')]" } }, - { + "domainService_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -359,24 +381,24 @@ "logs": "[variables('diagnosticsLogs')]" }, "dependsOn": [ - "[resourceId('Microsoft.AAD/domainServices', parameters('name'))]" + "domainService" ] }, - { - "condition": "[not(empty(parameters('lock')))]", + "domainService_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.AAD/domainServices/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.AAD/domainServices', parameters('name'))]" + "domainService" ] }, - { + "domainService_roleAssignments": { "copy": { "name": "domainService_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -524,10 +546,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.AAD/domainServices', parameters('name'))]" + "domainService" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -555,7 +577,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.AAD/domainServices', parameters('name')), '2021-05-01', 'full').location]" + "value": "[reference('domainService', '2021-05-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/analysis-services/server/main.json b/modules/analysis-services/server/main.json index 9855c786cd..7a88c2863b 100644 --- a/modules/analysis-services/server/main.json +++ b/modules/analysis-services/server/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "5443858044342002150" + "templateHash": "8360081126452950096" }, "name": "Analysis Services Servers", "description": "This module deploys an Analysis Services Server.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -84,15 +112,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -173,8 +195,8 @@ ], "diagnosticsLogs": "[if(contains(parameters('diagnosticLogCategoriesToEnable'), 'allLogs'), createArray(createObject('categoryGroup', 'allLogs', 'enabled', true())), if(contains(parameters('diagnosticLogCategoriesToEnable'), ''), createArray(), variables('diagnosticsLogsSpecified')))]" }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -188,7 +210,7 @@ } } }, - { + "server": { "type": "Microsoft.AnalysisServices/servers", "apiVersion": "2017-08-01", "name": "[parameters('name')]", @@ -202,21 +224,21 @@ "ipV4FirewallSettings": "[parameters('firewallSettings')]" } }, - { - "condition": "[not(empty(parameters('lock')))]", + "server_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.AnalysisServices/servers/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.AnalysisServices/servers', parameters('name'))]" + "server" ] }, - { + "server_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -231,10 +253,10 @@ "logs": "[variables('diagnosticsLogs')]" }, "dependsOn": [ - "[resourceId('Microsoft.AnalysisServices/servers', parameters('name'))]" + "server" ] }, - { + "server_roleAssignments": { "copy": { "name": "server_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -379,10 +401,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.AnalysisServices/servers', parameters('name'))]" + "server" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -410,7 +432,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.AnalysisServices/servers', parameters('name')), '2017-08-01', 'full').location]" + "value": "[reference('server', '2017-08-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/api-management/service/main.json b/modules/api-management/service/main.json index 0eca3efbe5..664026fbd7 100644 --- a/modules/api-management/service/main.json +++ b/modules/api-management/service/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "12476936893104821390" + "templateHash": "7131184550588177223" }, "name": "API Management Services", "description": "This module deploys an API Management Service.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "additionalLocations": { "type": "array", @@ -111,15 +139,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "minApiVersion": { @@ -371,8 +393,8 @@ "identityType": "[if(parameters('systemAssignedIdentity'), if(not(empty(parameters('userAssignedIdentities'))), 'SystemAssigned,UserAssigned', 'SystemAssigned'), if(not(empty(parameters('userAssignedIdentities'))), 'UserAssigned', 'None'))]", "identity": "[if(not(equals(variables('identityType'), 'None')), createObject('type', variables('identityType'), 'userAssignedIdentities', if(not(empty(parameters('userAssignedIdentities'))), parameters('userAssignedIdentities'), null())), null())]" }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -386,7 +408,7 @@ } } }, - { + "service": { "type": "Microsoft.ApiManagement/service", "apiVersion": "2021-08-01", "name": "[parameters('name')]", @@ -414,21 +436,21 @@ "restore": "[parameters('restore')]" } }, - { - "condition": "[not(empty(parameters('lock')))]", + "service_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.ApiManagement/service/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.ApiManagement/service', parameters('name'))]" + "service" ] }, - { + "service_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -443,10 +465,10 @@ "logs": "[variables('diagnosticsLogs')]" }, "dependsOn": [ - "[resourceId('Microsoft.ApiManagement/service', parameters('name'))]" + "service" ] }, - { + "service_apis": { "copy": { "name": "service_apis", "count": "[length(parameters('apis'))]" @@ -916,11 +938,11 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.ApiManagement/service', parameters('name'))]", + "service", "service_apiVersionSets" ] }, - { + "service_apiVersionSets": { "copy": { "name": "service_apiVersionSets", "count": "[length(parameters('apiVersionSets'))]" @@ -1035,10 +1057,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.ApiManagement/service', parameters('name'))]" + "service" ] }, - { + "service_authorizationServers": { "copy": { "name": "service_authorizationServers", "count": "[length(variables('authorizationServerList'))]" @@ -1297,10 +1319,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.ApiManagement/service', parameters('name'))]" + "service" ] }, - { + "service_backends": { "copy": { "name": "service_backends", "count": "[length(parameters('backends'))]" @@ -1492,10 +1514,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.ApiManagement/service', parameters('name'))]" + "service" ] }, - { + "service_caches": { "copy": { "name": "service_caches", "count": "[length(parameters('caches'))]" @@ -1640,10 +1662,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.ApiManagement/service', parameters('name'))]" + "service" ] }, - { + "service_identityProviders": { "copy": { "name": "service_identityProviders", "count": "[length(parameters('identityProviders'))]" @@ -1860,10 +1882,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.ApiManagement/service', parameters('name'))]" + "service" ] }, - { + "service_namedValues": { "copy": { "name": "service_namedValues", "count": "[length(parameters('namedValues'))]" @@ -2019,10 +2041,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.ApiManagement/service', parameters('name'))]" + "service" ] }, - { + "service_portalsettings": { "copy": { "name": "service_portalsettings", "count": "[length(parameters('portalsettings'))]" @@ -2142,10 +2164,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.ApiManagement/service', parameters('name'))]" + "service" ] }, - { + "service_policies": { "copy": { "name": "service_policies", "count": "[length(parameters('policies'))]" @@ -2275,10 +2297,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.ApiManagement/service', parameters('name'))]" + "service" ] }, - { + "service_products": { "copy": { "name": "service_products", "count": "[length(parameters('products'))]" @@ -2707,11 +2729,11 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.ApiManagement/service', parameters('name'))]", + "service", "service_apis" ] }, - { + "service_subscriptions": { "copy": { "name": "service_subscriptions", "count": "[length(parameters('subscriptions'))]" @@ -2871,12 +2893,12 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.ApiManagement/service', parameters('name'))]" + "service" ] }, - { + "service_roleAssignments": { "copy": { - "name": "apiManagementService_roleAssignments", + "name": "service_roleAssignments", "count": "[length(parameters('roleAssignments'))]" }, "type": "Microsoft.Resources/deployments", @@ -3023,10 +3045,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.ApiManagement/service', parameters('name'))]" + "service" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -3054,14 +3076,14 @@ "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference(resourceId('Microsoft.ApiManagement/service', parameters('name')), '2021-08-01', 'full').identity, 'principalId')), reference(resourceId('Microsoft.ApiManagement/service', parameters('name')), '2021-08-01', 'full').identity.principalId, '')]" + "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference('service', '2021-08-01', 'full').identity, 'principalId')), reference('service', '2021-08-01', 'full').identity.principalId, '')]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.ApiManagement/service', parameters('name')), '2021-08-01', 'full').location]" + "value": "[reference('service', '2021-08-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/app-configuration/configuration-store/main.json b/modules/app-configuration/configuration-store/main.json index fa81c86079..71f664a814 100644 --- a/modules/app-configuration/configuration-store/main.json +++ b/modules/app-configuration/configuration-store/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "1438402426319950203" + "templateHash": "17468791848583972607" }, "name": "App Configuration Stores", "description": "This module deploys an App Configuration Store.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -160,15 +188,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -262,8 +284,20 @@ "userAssignedIdentities": "[if(not(empty(parameters('userAssignedIdentities'))), parameters('userAssignedIdentities'), null())]" } }, - "resources": [ - { + "resources": { + "cMKKeyVault::cMKKey": { + "condition": "[and(not(empty(parameters('cMKKeyVaultResourceId'))), not(empty(parameters('cMKKeyName'))))]", + "existing": true, + "type": "Microsoft.KeyVault/vaults/keys", + "apiVersion": "2022-07-01", + "subscriptionId": "[split(parameters('cMKKeyVaultResourceId'), '/')[2]]", + "resourceGroup": "[split(parameters('cMKKeyVaultResourceId'), '/')[4]]", + "name": "[format('{0}/{1}', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName'))]", + "dependsOn": [ + "cMKKeyVault" + ] + }, + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -277,7 +311,25 @@ } } }, - { + "cMKKeyVault": { + "condition": "[not(empty(parameters('cMKKeyVaultResourceId')))]", + "existing": true, + "type": "Microsoft.KeyVault/vaults", + "apiVersion": "2023-02-01", + "subscriptionId": "[split(parameters('cMKKeyVaultResourceId'), '/')[2]]", + "resourceGroup": "[split(parameters('cMKKeyVaultResourceId'), '/')[4]]", + "name": "[last(split(parameters('cMKKeyVaultResourceId'), '/'))]" + }, + "cMKUserAssignedIdentity": { + "condition": "[not(empty(parameters('cMKUserAssignedIdentityResourceId')))]", + "existing": true, + "type": "Microsoft.ManagedIdentity/userAssignedIdentities", + "apiVersion": "2023-01-31", + "subscriptionId": "[split(parameters('cMKUserAssignedIdentityResourceId'), '/')[2]]", + "resourceGroup": "[split(parameters('cMKUserAssignedIdentityResourceId'), '/')[4]]", + "name": "[last(split(parameters('cMKUserAssignedIdentityResourceId'), '/'))]" + }, + "configurationStore": { "type": "Microsoft.AppConfiguration/configurationStores", "apiVersion": "2023-03-01", "name": "[parameters('name')]", @@ -291,26 +343,30 @@ "createMode": "[parameters('createMode')]", "disableLocalAuth": "[parameters('disableLocalAuth')]", "enablePurgeProtection": "[if(equals(parameters('sku'), 'Free'), false(), parameters('enablePurgeProtection'))]", - "encryption": "[if(not(empty(parameters('cMKKeyName'))), createObject('keyVaultProperties', createObject('keyIdentifier', if(not(empty(parameters('cMKKeyVersion'))), format('{0}/{1}', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('cMKKeyVaultResourceId'), '/')[2], split(parameters('cMKKeyVaultResourceId'), '/')[4]), 'Microsoft.KeyVault/vaults/keys', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName')), '2022-07-01').keyUri, parameters('cMKKeyVersion')), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('cMKKeyVaultResourceId'), '/')[2], split(parameters('cMKKeyVaultResourceId'), '/')[4]), 'Microsoft.KeyVault/vaults/keys', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName')), '2022-07-01').keyUriWithVersion), 'identityClientId', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('cMKUserAssignedIdentityResourceId'), '/')[2], split(parameters('cMKUserAssignedIdentityResourceId'), '/')[4]), 'Microsoft.ManagedIdentity/userAssignedIdentities', last(split(parameters('cMKUserAssignedIdentityResourceId'), '/'))), '2023-01-31').clientId)), null())]", + "encryption": "[if(not(empty(parameters('cMKKeyName'))), createObject('keyVaultProperties', createObject('keyIdentifier', if(not(empty(parameters('cMKKeyVersion'))), format('{0}/{1}', reference('cMKKeyVault::cMKKey').keyUri, parameters('cMKKeyVersion')), reference('cMKKeyVault::cMKKey').keyUriWithVersion), 'identityClientId', reference('cMKUserAssignedIdentity').clientId)), null())]", "publicNetworkAccess": "[if(not(empty(parameters('publicNetworkAccess'))), parameters('publicNetworkAccess'), null())]", "softDeleteRetentionInDays": "[if(equals(parameters('sku'), 'Free'), 0, parameters('softDeleteRetentionInDays'))]" - } + }, + "dependsOn": [ + "cMKKeyVault", + "cMKUserAssignedIdentity" + ] }, - { - "condition": "[not(empty(parameters('lock')))]", + "configurationStore_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.AppConfiguration/configurationStores/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.AppConfiguration/configurationStores', parameters('name'))]" + "configurationStore" ] }, - { + "configurationStore_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -325,10 +381,10 @@ "logs": "[variables('diagnosticsLogs')]" }, "dependsOn": [ - "[resourceId('Microsoft.AppConfiguration/configurationStores', parameters('name'))]" + "configurationStore" ] }, - { + "configurationStore_keyValues": { "copy": { "name": "configurationStore_keyValues", "count": "[length(parameters('keyValues'))]" @@ -463,10 +519,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.AppConfiguration/configurationStores', parameters('name'))]" + "configurationStore" ] }, - { + "configurationStore_roleAssignments": { "copy": { "name": "configurationStore_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -615,10 +671,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.AppConfiguration/configurationStores', parameters('name'))]" + "configurationStore" ] }, - { + "configurationStore_privateEndpoints": { "copy": { "name": "configurationStore_privateEndpoints", "count": "[length(parameters('privateEndpoints'))]" @@ -1142,10 +1198,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.AppConfiguration/configurationStores', parameters('name'))]" + "configurationStore" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -1173,14 +1229,14 @@ "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference(resourceId('Microsoft.AppConfiguration/configurationStores', parameters('name')), '2023-03-01', 'full').identity, 'principalId')), reference(resourceId('Microsoft.AppConfiguration/configurationStores', parameters('name')), '2023-03-01', 'full').identity.principalId, '')]" + "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference('configurationStore', '2023-03-01', 'full').identity, 'principalId')), reference('configurationStore', '2023-03-01', 'full').identity.principalId, '')]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.AppConfiguration/configurationStores', parameters('name')), '2023-03-01', 'full').location]" + "value": "[reference('configurationStore', '2023-03-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/app/container-app/main.json b/modules/app/container-app/main.json index 1d501046a4..ab2f16b6bf 100644 --- a/modules/app/container-app/main.json +++ b/modules/app/container-app/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "2221038631504030167" + "templateHash": "12099824985619995147" }, "name": "Container Apps", "description": "This module deploys a Container App.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -98,15 +126,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "tags": { @@ -261,8 +283,8 @@ "identityType": "[if(parameters('systemAssignedIdentity'), if(not(empty(parameters('userAssignedIdentities'))), 'SystemAssigned,UserAssigned', 'SystemAssigned'), if(not(empty(parameters('userAssignedIdentities'))), 'UserAssigned', 'None'))]", "identity": "[if(not(equals(variables('identityType'), 'None')), createObject('type', variables('identityType'), 'userAssignedIdentities', if(not(empty(parameters('userAssignedIdentities'))), parameters('userAssignedIdentities'), null())), null())]" }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -276,7 +298,7 @@ } } }, - { + "containerApp": { "type": "Microsoft.App/containerApps", "apiVersion": "2022-10-01", "name": "[parameters('name')]", @@ -323,21 +345,21 @@ "workloadProfileType": "[parameters('workloadProfileType')]" } }, - { - "condition": "[not(empty(parameters('lock')))]", + "containerApp_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.App/containerApps/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.App/containerApps', parameters('name'))]" + "containerApp" ] }, - { + "containerApp_roleAssignments": { "copy": { "name": "containerApp_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -483,10 +505,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.App/containerApps', parameters('name'))]" + "containerApp" ] } - ], + }, "outputs": { "resourceId": { "type": "string", @@ -514,7 +536,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.App/containerApps', parameters('name')), '2022-10-01', 'full').location]" + "value": "[reference('containerApp', '2022-10-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/app/managed-environment/main.json b/modules/app/managed-environment/main.json index 71407f0d6d..d278601942 100644 --- a/modules/app/managed-environment/main.json +++ b/modules/app/managed-environment/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "3480452524372003572" + "templateHash": "10531866391221761404" }, "name": "App ManagedEnvironments", "description": "This module deploys an App Managed Environment (also known as a Container App Environment).", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -147,15 +175,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "workloadProfiles": { @@ -166,8 +188,8 @@ } } }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -181,7 +203,16 @@ } } }, - { + "logAnalyticsWorkspace": { + "condition": "[not(empty(parameters('logAnalyticsWorkspaceResourceId')))]", + "existing": true, + "type": "Microsoft.OperationalInsights/workspaces", + "apiVersion": "2021-06-01", + "subscriptionId": "[split(parameters('logAnalyticsWorkspaceResourceId'), '/')[2]]", + "resourceGroup": "[split(parameters('logAnalyticsWorkspaceResourceId'), '/')[4]]", + "name": "[last(split(parameters('logAnalyticsWorkspaceResourceId'), '/'))]" + }, + "managedEnvironment": { "type": "Microsoft.App/managedEnvironments", "apiVersion": "2022-10-01", "name": "[parameters('name')]", @@ -194,7 +225,7 @@ "appLogsConfiguration": { "destination": "[parameters('logsDestination')]", "logAnalyticsConfiguration": { - "customerId": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('logAnalyticsWorkspaceResourceId'), '/')[2], split(parameters('logAnalyticsWorkspaceResourceId'), '/')[4]), 'Microsoft.OperationalInsights/workspaces', last(split(parameters('logAnalyticsWorkspaceResourceId'), '/'))), '2021-06-01').customerId]", + "customerId": "[reference('logAnalyticsWorkspace').customerId]", "sharedKey": "[listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('logAnalyticsWorkspaceResourceId'), '/')[2], split(parameters('logAnalyticsWorkspaceResourceId'), '/')[4]), 'Microsoft.OperationalInsights/workspaces', last(split(parameters('logAnalyticsWorkspaceResourceId'), '/'))), '2021-06-01').primarySharedKey]" } }, @@ -214,23 +245,26 @@ }, "workloadProfiles": "[if(not(empty(parameters('workloadProfiles'))), parameters('workloadProfiles'), null())]", "zoneRedundant": "[parameters('zoneRedundant')]" - } + }, + "dependsOn": [ + "logAnalyticsWorkspace" + ] }, - { - "condition": "[not(empty(parameters('lock')))]", + "managedEnvironment_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.App/managedEnvironments/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.App/managedEnvironments', parameters('name'))]" + "managedEnvironment" ] }, - { + "managedEnvironment_roleAssignments": { "copy": { "name": "managedEnvironment_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -376,10 +410,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.App/managedEnvironments', parameters('name'))]" + "managedEnvironment" ] } - ], + }, "outputs": { "resourceGroupName": { "type": "string", @@ -393,7 +427,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.App/managedEnvironments', parameters('name')), '2022-10-01', 'full').location]" + "value": "[reference('managedEnvironment', '2022-10-01', 'full').location]" }, "name": { "type": "string", diff --git a/modules/automation/automation-account/main.json b/modules/automation/automation-account/main.json index 0bd2c0c53d..03e14534c8 100644 --- a/modules/automation/automation-account/main.json +++ b/modules/automation/automation-account/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "17321818753856998075" + "templateHash": "7224631368259234684" }, "name": "Automation Accounts", "description": "This module deploys an Azure Automation Account.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -189,15 +217,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -282,8 +304,8 @@ "identityType": "[if(parameters('systemAssignedIdentity'), if(not(empty(parameters('userAssignedIdentities'))), 'SystemAssigned,UserAssigned', 'SystemAssigned'), if(not(empty(parameters('userAssignedIdentities'))), 'UserAssigned', 'None'))]", "identity": "[if(not(equals(variables('identityType'), 'None')), createObject('type', variables('identityType'), 'userAssignedIdentities', if(not(empty(parameters('userAssignedIdentities'))), parameters('userAssignedIdentities'), null())), null())]" }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -297,7 +319,25 @@ } } }, - { + "cMKKeyVault": { + "condition": "[not(empty(parameters('cMKKeyVaultResourceId')))]", + "existing": true, + "type": "Microsoft.KeyVault/vaults", + "apiVersion": "2021-10-01", + "subscriptionId": "[split(parameters('cMKKeyVaultResourceId'), '/')[2]]", + "resourceGroup": "[split(parameters('cMKKeyVaultResourceId'), '/')[4]]", + "name": "[last(split(parameters('cMKKeyVaultResourceId'), '/'))]" + }, + "cMKKeyVaultKey": { + "condition": "[and(not(empty(parameters('cMKKeyVaultResourceId'))), not(empty(parameters('cMKKeyName'))))]", + "existing": true, + "type": "Microsoft.KeyVault/vaults/keys", + "apiVersion": "2021-10-01", + "subscriptionId": "[split(parameters('cMKKeyVaultResourceId'), '/')[2]]", + "resourceGroup": "[split(parameters('cMKKeyVaultResourceId'), '/')[4]]", + "name": "[format('{0}/{1}', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName'))]" + }, + "automationAccount": { "type": "Microsoft.Automation/automationAccounts", "apiVersion": "2022-08-08", "name": "[parameters('name')]", @@ -308,26 +348,30 @@ "sku": { "name": "[parameters('skuName')]" }, - "encryption": "[if(not(empty(parameters('cMKKeyName'))), createObject('keySource', 'Microsoft.KeyVault', 'identity', createObject('userAssignedIdentity', parameters('cMKUserAssignedIdentityResourceId')), 'keyVaultProperties', createObject('keyName', parameters('cMKKeyName'), 'keyVaultUri', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('cMKKeyVaultResourceId'), '/')[2], split(parameters('cMKKeyVaultResourceId'), '/')[4]), 'Microsoft.KeyVault/vaults', last(split(parameters('cMKKeyVaultResourceId'), '/'))), '2021-10-01').vaultUri, 'keyVersion', if(not(empty(parameters('cMKKeyVersion'))), parameters('cMKKeyVersion'), last(split(reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('cMKKeyVaultResourceId'), '/')[2], split(parameters('cMKKeyVaultResourceId'), '/')[4]), 'Microsoft.KeyVault/vaults/keys', split(format('{0}/{1}', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName')), '/')[0], split(format('{0}/{1}', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName')), '/')[1]), '2021-10-01').keyUriWithVersion, '/'))))), null())]", + "encryption": "[if(not(empty(parameters('cMKKeyName'))), createObject('keySource', 'Microsoft.KeyVault', 'identity', createObject('userAssignedIdentity', parameters('cMKUserAssignedIdentityResourceId')), 'keyVaultProperties', createObject('keyName', parameters('cMKKeyName'), 'keyVaultUri', reference('cMKKeyVault').vaultUri, 'keyVersion', if(not(empty(parameters('cMKKeyVersion'))), parameters('cMKKeyVersion'), last(split(reference('cMKKeyVaultKey').keyUriWithVersion, '/'))))), null())]", "publicNetworkAccess": "[if(not(empty(parameters('publicNetworkAccess'))), if(equals(parameters('publicNetworkAccess'), 'Disabled'), false(), true()), if(not(empty(parameters('privateEndpoints'))), false(), null()))]", "disableLocalAuth": "[parameters('disableLocalAuth')]" - } + }, + "dependsOn": [ + "cMKKeyVault", + "cMKKeyVaultKey" + ] }, - { - "condition": "[not(empty(parameters('lock')))]", + "automationAccount_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Automation/automationAccounts/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Automation/automationAccounts', parameters('name'))]" + "automationAccount" ] }, - { + "automationAccount_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -342,10 +386,10 @@ "logs": "[variables('diagnosticsLogs')]" }, "dependsOn": [ - "[resourceId('Microsoft.Automation/automationAccounts', parameters('name'))]" + "automationAccount" ] }, - { + "automationAccount_modules": { "copy": { "name": "automationAccount_modules", "count": "[length(parameters('modules'))]" @@ -504,10 +548,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Automation/automationAccounts', parameters('name'))]" + "automationAccount" ] }, - { + "automationAccount_schedules": { "copy": { "name": "automationAccount_schedules", "count": "[length(parameters('schedules'))]" @@ -695,10 +739,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Automation/automationAccounts', parameters('name'))]" + "automationAccount" ] }, - { + "automationAccount_runbooks": { "copy": { "name": "automationAccount_runbooks", "count": "[length(parameters('runbooks'))]" @@ -907,10 +951,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Automation/automationAccounts', parameters('name'))]" + "automationAccount" ] }, - { + "automationAccount_jobSchedules": { "copy": { "name": "automationAccount_jobSchedules", "count": "[length(parameters('jobSchedules'))]" @@ -1057,12 +1101,12 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Automation/automationAccounts', parameters('name'))]", + "automationAccount", "automationAccount_runbooks", "automationAccount_schedules" ] }, - { + "automationAccount_variables": { "copy": { "name": "automationAccount_variables", "count": "[length(parameters('variables'))]" @@ -1197,10 +1241,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Automation/automationAccounts', parameters('name'))]" + "automationAccount" ] }, - { + "automationAccount_linkedService": { "condition": "[not(empty(parameters('linkedWorkspaceResourceId')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -1336,10 +1380,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Automation/automationAccounts', parameters('name'))]" + "automationAccount" ] }, - { + "automationAccount_solutions": { "copy": { "name": "automationAccount_solutions", "count": "[length(parameters('gallerySolutions'))]" @@ -1494,10 +1538,10 @@ } }, "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', if(not(empty(parameters('linkedWorkspaceResourceId'))), split(parameters('linkedWorkspaceResourceId'), '/')[2], subscription().subscriptionId), if(not(empty(parameters('linkedWorkspaceResourceId'))), split(parameters('linkedWorkspaceResourceId'), '/')[4], resourceGroup().name)), 'Microsoft.Resources/deployments', format('{0}-AutoAccount-LinkedService', uniqueString(deployment().name, parameters('location'))))]" + "automationAccount_linkedService" ] }, - { + "automationAccount_softwareUpdateConfigurations": { "copy": { "name": "automationAccount_softwareUpdateConfigurations", "count": "[length(parameters('softwareUpdateConfigurations'))]" @@ -1985,11 +2029,11 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Automation/automationAccounts', parameters('name'))]", + "automationAccount", "automationAccount_solutions" ] }, - { + "automationAccount_privateEndpoints": { "copy": { "name": "automationAccount_privateEndpoints", "count": "[length(parameters('privateEndpoints'))]" @@ -2513,10 +2557,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Automation/automationAccounts', parameters('name'))]" + "automationAccount" ] }, - { + "automationAccount_roleAssignments": { "copy": { "name": "automationAccount_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -2665,10 +2709,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Automation/automationAccounts', parameters('name'))]" + "automationAccount" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -2696,14 +2740,14 @@ "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference(resourceId('Microsoft.Automation/automationAccounts', parameters('name')), '2022-08-08', 'full').identity, 'principalId')), reference(resourceId('Microsoft.Automation/automationAccounts', parameters('name')), '2022-08-08', 'full').identity.principalId, '')]" + "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference('automationAccount', '2022-08-08', 'full').identity, 'principalId')), reference('automationAccount', '2022-08-08', 'full').identity.principalId, '')]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Automation/automationAccounts', parameters('name')), '2022-08-08', 'full').location]" + "value": "[reference('automationAccount', '2022-08-08', 'full').location]" } } } \ No newline at end of file diff --git a/modules/batch/batch-account/main.json b/modules/batch/batch-account/main.json index d169073f0f..ee2ca1e6a0 100644 --- a/modules/batch/batch-account/main.json +++ b/modules/batch/batch-account/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "2591446309015635136" + "templateHash": "18412099798600531806" }, "name": "Batch Accounts", "description": "This module deploys a Batch Account.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -147,15 +175,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "tags": { @@ -281,8 +303,8 @@ }, "enableReferencedModulesTelemetry": false }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -296,7 +318,25 @@ } } }, - { + "keyVaultReferenceKeyVault": { + "condition": "[not(empty(parameters('keyVaultReferenceResourceId')))]", + "existing": true, + "type": "Microsoft.KeyVault/vaults", + "apiVersion": "2021-10-01", + "subscriptionId": "[split(parameters('keyVaultReferenceResourceId'), '/')[2]]", + "resourceGroup": "[split(parameters('keyVaultReferenceResourceId'), '/')[4]]", + "name": "[last(split(parameters('keyVaultReferenceResourceId'), '/'))]" + }, + "cMKKeyVaultKey": { + "condition": "[and(not(empty(parameters('cMKKeyVaultResourceId'))), not(empty(parameters('cMKKeyName'))))]", + "existing": true, + "type": "Microsoft.KeyVault/vaults/keys", + "apiVersion": "2021-10-01", + "subscriptionId": "[split(parameters('cMKKeyVaultResourceId'), '/')[2]]", + "resourceGroup": "[split(parameters('cMKKeyVaultResourceId'), '/')[4]]", + "name": "[format('{0}/{1}', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName'))]" + }, + "batchAccount": { "type": "Microsoft.Batch/batchAccounts", "apiVersion": "2022-06-01", "name": "[parameters('name')]", @@ -306,28 +346,32 @@ "properties": { "allowedAuthenticationModes": "[parameters('allowedAuthenticationModes')]", "autoStorage": "[variables('autoStorageConfig')]", - "encryption": "[if(not(empty(parameters('cMKKeyName'))), createObject('keySource', 'Microsoft.KeyVault', 'keyVaultProperties', createObject('keyIdentifier', if(not(empty(parameters('cMKKeyVersion'))), format('{0}/{1}', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('cMKKeyVaultResourceId'), '/')[2], split(parameters('cMKKeyVaultResourceId'), '/')[4]), 'Microsoft.KeyVault/vaults/keys', split(format('{0}/{1}', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName')), '/')[0], split(format('{0}/{1}', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName')), '/')[1]), '2021-10-01').keyUri, parameters('cMKKeyVersion')), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('cMKKeyVaultResourceId'), '/')[2], split(parameters('cMKKeyVaultResourceId'), '/')[4]), 'Microsoft.KeyVault/vaults/keys', split(format('{0}/{1}', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName')), '/')[0], split(format('{0}/{1}', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName')), '/')[1]), '2021-10-01').keyUriWithVersion))), null())]", - "keyVaultReference": "[if(equals(parameters('poolAllocationMode'), 'UserSubscription'), createObject('id', parameters('keyVaultReferenceResourceId'), 'url', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('keyVaultReferenceResourceId'), '/')[2], split(parameters('keyVaultReferenceResourceId'), '/')[4]), 'Microsoft.KeyVault/vaults', last(split(parameters('keyVaultReferenceResourceId'), '/'))), '2021-10-01').vaultUri), null())]", + "encryption": "[if(not(empty(parameters('cMKKeyName'))), createObject('keySource', 'Microsoft.KeyVault', 'keyVaultProperties', createObject('keyIdentifier', if(not(empty(parameters('cMKKeyVersion'))), format('{0}/{1}', reference('cMKKeyVaultKey').keyUri, parameters('cMKKeyVersion')), reference('cMKKeyVaultKey').keyUriWithVersion))), null())]", + "keyVaultReference": "[if(equals(parameters('poolAllocationMode'), 'UserSubscription'), createObject('id', parameters('keyVaultReferenceResourceId'), 'url', reference('keyVaultReferenceKeyVault').vaultUri), null())]", "networkProfile": "[if(or(equals(parameters('publicNetworkAccess'), 'Disabled'), empty(parameters('networkProfileAllowedIpRanges'))), null(), createObject('accountAccess', createObject('defaultAction', parameters('networkProfileDefaultAction'), 'ipRules', variables('networkProfileIpRules'))))]", "poolAllocationMode": "[parameters('poolAllocationMode')]", "publicNetworkAccess": "[if(not(empty(parameters('publicNetworkAccess'))), parameters('publicNetworkAccess'), if(and(not(empty(parameters('privateEndpoints'))), empty(parameters('networkProfileAllowedIpRanges'))), 'Disabled', null()))]" - } + }, + "dependsOn": [ + "cMKKeyVaultKey", + "keyVaultReferenceKeyVault" + ] }, - { - "condition": "[not(empty(parameters('lock')))]", + "batchAccount_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Batch/batchAccounts/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Batch/batchAccounts', parameters('name'))]" + "batchAccount" ] }, - { + "batchAccount_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -342,10 +386,10 @@ "logs": "[variables('diagnosticsLogs')]" }, "dependsOn": [ - "[resourceId('Microsoft.Batch/batchAccounts', parameters('name'))]" + "batchAccount" ] }, - { + "batchAccount_privateEndpoints": { "copy": { "name": "batchAccount_privateEndpoints", "count": "[length(parameters('privateEndpoints'))]" @@ -869,10 +913,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Batch/batchAccounts', parameters('name'))]" + "batchAccount" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -900,7 +944,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Batch/batchAccounts', parameters('name')), '2022-06-01', 'full').location]" + "value": "[reference('batchAccount', '2022-06-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/cache/redis-enterprise/main.json b/modules/cache/redis-enterprise/main.json index bd9889f874..c47f6c96c9 100644 --- a/modules/cache/redis-enterprise/main.json +++ b/modules/cache/redis-enterprise/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "4614393026190076893" + "templateHash": "6166425534162277830" }, "name": "Redis Cache Enterprise", "description": "This module deploys a Redis Cache Enterprise.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "location": { "type": "string", @@ -26,15 +54,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -200,8 +222,8 @@ "diagnosticsLogs": "[if(contains(parameters('diagnosticLogCategoriesToEnable'), 'allLogs'), createArray(createObject('categoryGroup', 'allLogs', 'enabled', true())), if(contains(parameters('diagnosticLogCategoriesToEnable'), ''), createArray(), variables('diagnosticsLogsSpecified')))]", "enableReferencedModulesTelemetry": false }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -215,7 +237,7 @@ } } }, - { + "redisCacheEnterprise": { "type": "Microsoft.Cache/redisEnterprise", "apiVersion": "2022-01-01", "name": "[parameters('name')]", @@ -230,21 +252,21 @@ }, "zones": "[variables('availabilityZones')]" }, - { - "condition": "[not(empty(parameters('lock')))]", + "redisCacheEnterprise_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Cache/redisEnterprise/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Cache/redisEnterprise', parameters('name'))]" + "redisCacheEnterprise" ] }, - { + "redisCacheEnterprise_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -259,10 +281,10 @@ "logs": "[if(and(and(and(empty(parameters('diagnosticStorageAccountId')), empty(parameters('diagnosticWorkspaceId'))), empty(parameters('diagnosticEventHubAuthorizationRuleId'))), empty(parameters('diagnosticEventHubName'))), null(), variables('diagnosticsLogs'))]" }, "dependsOn": [ - "[resourceId('Microsoft.Cache/redisEnterprise', parameters('name'))]" + "redisCacheEnterprise" ] }, - { + "redisCacheEnterprise_rbac": { "copy": { "name": "redisCacheEnterprise_rbac", "count": "[length(parameters('roleAssignments'))]" @@ -408,10 +430,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Cache/redisEnterprise', parameters('name'))]" + "redisCacheEnterprise" ] }, - { + "redisCacheEnterprise_databases": { "copy": { "name": "redisCacheEnterprise_databases", "count": "[length(parameters('databases'))]" @@ -640,10 +662,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Cache/redisEnterprise', parameters('name'))]" + "redisCacheEnterprise" ] }, - { + "redisCacheEnterprise_privateEndpoints": { "copy": { "name": "redisCacheEnterprise_privateEndpoints", "count": "[length(parameters('privateEndpoints'))]" @@ -1167,10 +1189,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Cache/redisEnterprise', parameters('name'))]" + "redisCacheEnterprise" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -1198,14 +1220,14 @@ "metadata": { "description": "Redis hostname." }, - "value": "[reference(resourceId('Microsoft.Cache/redisEnterprise', parameters('name')), '2022-01-01').hostName]" + "value": "[reference('redisCacheEnterprise').hostName]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Cache/redisEnterprise', parameters('name')), '2022-01-01', 'full').location]" + "value": "[reference('redisCacheEnterprise', '2022-01-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/cache/redis/main.json b/modules/cache/redis/main.json index 04b6f51cbf..809cb561ef 100644 --- a/modules/cache/redis/main.json +++ b/modules/cache/redis/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "2042912837463951821" + "templateHash": "14721248899308225880" }, "name": "Redis Cache", "description": "This module deploys a Redis Cache.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "location": { "type": "string", @@ -26,15 +54,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -306,8 +328,8 @@ }, "enableReferencedModulesTelemetry": false }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -321,7 +343,7 @@ } } }, - { + "redisCache": { "type": "Microsoft.Cache/redis", "apiVersion": "2022-06-01", "name": "[parameters('name')]", @@ -348,21 +370,21 @@ }, "zones": "[variables('availabilityZones')]" }, - { - "condition": "[not(empty(parameters('lock')))]", + "redisCache_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Cache/redis/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Cache/redis', parameters('name'))]" + "redisCache" ] }, - { + "redisCache_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -377,10 +399,10 @@ "logs": "[if(and(and(and(empty(parameters('diagnosticStorageAccountId')), empty(parameters('diagnosticWorkspaceId'))), empty(parameters('diagnosticEventHubAuthorizationRuleId'))), empty(parameters('diagnosticEventHubName'))), null(), variables('diagnosticsLogs'))]" }, "dependsOn": [ - "[resourceId('Microsoft.Cache/redis', parameters('name'))]" + "redisCache" ] }, - { + "redisCache_rbac": { "copy": { "name": "redisCache_rbac", "count": "[length(parameters('roleAssignments'))]" @@ -526,10 +548,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Cache/redis', parameters('name'))]" + "redisCache" ] }, - { + "redisCache_privateEndpoints": { "copy": { "name": "redisCache_privateEndpoints", "count": "[length(parameters('privateEndpoints'))]" @@ -1053,10 +1075,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Cache/redis', parameters('name'))]" + "redisCache" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -1084,28 +1106,28 @@ "metadata": { "description": "Redis hostname." }, - "value": "[reference(resourceId('Microsoft.Cache/redis', parameters('name')), '2022-06-01').hostName]" + "value": "[reference('redisCache').hostName]" }, "sslPort": { "type": "int", "metadata": { "description": "Redis SSL port." }, - "value": "[reference(resourceId('Microsoft.Cache/redis', parameters('name')), '2022-06-01').sslPort]" + "value": "[reference('redisCache').sslPort]" }, "subnetId": { "type": "string", "metadata": { "description": "The full resource ID of a subnet in a virtual network where the Redis Cache was deployed in." }, - "value": "[if(not(empty(parameters('subnetId'))), reference(resourceId('Microsoft.Cache/redis', parameters('name')), '2022-06-01').subnetId, '')]" + "value": "[if(not(empty(parameters('subnetId'))), reference('redisCache').subnetId, '')]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Cache/redis', parameters('name')), '2022-06-01', 'full').location]" + "value": "[reference('redisCache', '2022-06-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/cdn/profile/main.json b/modules/cdn/profile/main.json index b46a4cdf8d..62440e268a 100644 --- a/modules/cdn/profile/main.json +++ b/modules/cdn/profile/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "14280184708897109589" + "templateHash": "3308793853973967081" }, "name": "CDN Profiles", "description": "This module deploys a CDN Profile.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -110,15 +138,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -139,8 +161,8 @@ "variables": { "enableReferencedModulesTelemetry": false }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -154,7 +176,7 @@ } } }, - { + "profile": { "type": "Microsoft.Cdn/profiles", "apiVersion": "2023-05-01", "name": "[parameters('name')]", @@ -167,21 +189,21 @@ }, "tags": "[parameters('tags')]" }, - { - "condition": "[not(empty(parameters('lock')))]", + "profile_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Cdn/profiles/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Cdn/profiles', parameters('name'))]" + "profile" ] }, - { + "profile_roleAssignments": { "copy": { "name": "profile_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -334,10 +356,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Cdn/profiles', parameters('name'))]" + "profile" ] }, - { + "profile_endpoint": { "condition": "[not(empty(parameters('endpointProperties')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -685,10 +707,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Cdn/profiles', parameters('name'))]" + "profile" ] }, - { + "profile_secret": { "copy": { "name": "profile_secret", "count": "[length(parameters('secrets'))]" @@ -848,10 +870,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Cdn/profiles', parameters('name'))]" + "profile" ] }, - { + "profile_custom_domain": { "copy": { "name": "profile_custom_domain", "count": "[length(parameters('customDomains'))]" @@ -1033,11 +1055,11 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Cdn/profiles', parameters('name'))]", + "profile", "profile_secret" ] }, - { + "profile_origionGroup": { "copy": { "name": "profile_origionGroup", "count": "[length(parameters('origionGroups'))]" @@ -1410,10 +1432,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Cdn/profiles', parameters('name'))]" + "profile" ] }, - { + "profile_ruleSet": { "copy": { "name": "profile_ruleSet", "count": "[length(parameters('ruleSets'))]" @@ -1689,10 +1711,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Cdn/profiles', parameters('name'))]" + "profile" ] }, - { + "profile_afdEndpoint": { "copy": { "name": "profile_afdEndpoint", "count": "[length(parameters('afdEndpoints'))]" @@ -2113,13 +2135,13 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Cdn/profiles', parameters('name'))]", + "profile", "profile_custom_domain", "profile_origionGroup", "profile_ruleSet" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -2154,7 +2176,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Cdn/profiles', parameters('name')), '2023-05-01', 'full').location]" + "value": "[reference('profile', '2023-05-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/cognitive-services/account/main.json b/modules/cognitive-services/account/main.json index 02c0c637fc..b275573c9c 100644 --- a/modules/cognitive-services/account/main.json +++ b/modules/cognitive-services/account/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "10920180822593223575" + "templateHash": "10773995091716643755" }, "name": "Cognitive Services", "description": "This module deploys a Cognitive Service.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -157,15 +185,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -333,8 +355,8 @@ "identityType": "[if(parameters('systemAssignedIdentity'), if(not(empty(parameters('userAssignedIdentities'))), 'SystemAssigned,UserAssigned', 'SystemAssigned'), if(not(empty(parameters('userAssignedIdentities'))), 'UserAssigned', 'None'))]", "identity": "[if(not(equals(variables('identityType'), 'None')), createObject('type', variables('identityType'), 'userAssignedIdentities', if(not(empty(parameters('userAssignedIdentities'))), parameters('userAssignedIdentities'), null())), null())]" }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -348,7 +370,34 @@ } } }, - { + "cMKKeyVault": { + "condition": "[not(empty(parameters('cMKKeyVaultResourceId')))]", + "existing": true, + "type": "Microsoft.KeyVault/vaults", + "apiVersion": "2023-02-01", + "subscriptionId": "[split(parameters('cMKKeyVaultResourceId'), '/')[2]]", + "resourceGroup": "[split(parameters('cMKKeyVaultResourceId'), '/')[4]]", + "name": "[last(split(parameters('cMKKeyVaultResourceId'), '/'))]" + }, + "cMKKeyVaultKey": { + "condition": "[and(not(empty(parameters('cMKKeyVaultResourceId'))), not(empty(parameters('cMKKeyName'))))]", + "existing": true, + "type": "Microsoft.KeyVault/vaults/keys", + "apiVersion": "2023-02-01", + "subscriptionId": "[split(parameters('cMKKeyVaultResourceId'), '/')[2]]", + "resourceGroup": "[split(parameters('cMKKeyVaultResourceId'), '/')[4]]", + "name": "[format('{0}/{1}', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName'))]" + }, + "cMKUserAssignedIdentity": { + "condition": "[not(empty(parameters('cMKUserAssignedIdentityResourceId')))]", + "existing": true, + "type": "Microsoft.ManagedIdentity/userAssignedIdentities", + "apiVersion": "2023-01-31", + "subscriptionId": "[split(parameters('cMKUserAssignedIdentityResourceId'), '/')[2]]", + "resourceGroup": "[split(parameters('cMKUserAssignedIdentityResourceId'), '/')[4]]", + "name": "[last(split(parameters('cMKUserAssignedIdentityResourceId'), '/'))]" + }, + "cognitiveServices": { "type": "Microsoft.CognitiveServices/accounts", "apiVersion": "2022-12-01", "name": "[parameters('name')]", @@ -366,29 +415,34 @@ "allowedFqdnList": "[parameters('allowedFqdnList')]", "apiProperties": "[parameters('apiProperties')]", "disableLocalAuth": "[parameters('disableLocalAuth')]", - "encryption": "[if(not(empty(parameters('cMKKeyName'))), createObject('keySource', 'Microsoft.KeyVault', 'keyVaultProperties', createObject('identityClientId', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('cMKUserAssignedIdentityResourceId'), '/')[2], split(parameters('cMKUserAssignedIdentityResourceId'), '/')[4]), 'Microsoft.ManagedIdentity/userAssignedIdentities', last(split(parameters('cMKUserAssignedIdentityResourceId'), '/'))), '2023-01-31').clientId, 'keyVaultUri', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('cMKKeyVaultResourceId'), '/')[2], split(parameters('cMKKeyVaultResourceId'), '/')[4]), 'Microsoft.KeyVault/vaults', last(split(parameters('cMKKeyVaultResourceId'), '/'))), '2023-02-01').vaultUri, 'keyName', parameters('cMKKeyName'), 'keyVersion', if(not(empty(parameters('cMKKeyVersion'))), parameters('cMKKeyVersion'), last(split(reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('cMKKeyVaultResourceId'), '/')[2], split(parameters('cMKKeyVaultResourceId'), '/')[4]), 'Microsoft.KeyVault/vaults/keys', split(format('{0}/{1}', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName')), '/')[0], split(format('{0}/{1}', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName')), '/')[1]), '2023-02-01').keyUriWithVersion, '/'))))), null())]", + "encryption": "[if(not(empty(parameters('cMKKeyName'))), createObject('keySource', 'Microsoft.KeyVault', 'keyVaultProperties', createObject('identityClientId', reference('cMKUserAssignedIdentity').clientId, 'keyVaultUri', reference('cMKKeyVault').vaultUri, 'keyName', parameters('cMKKeyName'), 'keyVersion', if(not(empty(parameters('cMKKeyVersion'))), parameters('cMKKeyVersion'), last(split(reference('cMKKeyVaultKey').keyUriWithVersion, '/'))))), null())]", "migrationToken": "[if(not(empty(parameters('migrationToken'))), parameters('migrationToken'), null())]", "restore": "[parameters('restore')]", "restrictOutboundNetworkAccess": "[parameters('restrictOutboundNetworkAccess')]", "userOwnedStorage": "[if(not(empty(parameters('userOwnedStorage'))), parameters('userOwnedStorage'), null())]", "dynamicThrottlingEnabled": "[parameters('dynamicThrottlingEnabled')]" - } + }, + "dependsOn": [ + "cMKKeyVault", + "cMKKeyVaultKey", + "cMKUserAssignedIdentity" + ] }, - { - "condition": "[not(empty(parameters('lock')))]", + "cognitiveServices_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.CognitiveServices/accounts/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.CognitiveServices/accounts', parameters('name'))]" + "cognitiveServices" ] }, - { + "cognitiveServices_diagnosticSettingName": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -403,10 +457,10 @@ "logs": "[variables('diagnosticsLogs')]" }, "dependsOn": [ - "[resourceId('Microsoft.CognitiveServices/accounts', parameters('name'))]" + "cognitiveServices" ] }, - { + "cognitiveServices_privateEndpoints": { "copy": { "name": "cognitiveServices_privateEndpoints", "count": "[length(parameters('privateEndpoints'))]" @@ -930,10 +984,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.CognitiveServices/accounts', parameters('name'))]" + "cognitiveServices" ] }, - { + "cognitiveServices_roleAssignments": { "copy": { "name": "cognitiveServices_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -1102,10 +1156,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.CognitiveServices/accounts', parameters('name'))]" + "cognitiveServices" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -1133,21 +1187,21 @@ "metadata": { "description": "The service endpoint of the cognitive services account." }, - "value": "[reference(resourceId('Microsoft.CognitiveServices/accounts', parameters('name')), '2022-12-01').endpoint]" + "value": "[reference('cognitiveServices').endpoint]" }, "systemAssignedPrincipalId": { "type": "string", "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference(resourceId('Microsoft.CognitiveServices/accounts', parameters('name')), '2022-12-01', 'full').identity, 'principalId')), reference(resourceId('Microsoft.CognitiveServices/accounts', parameters('name')), '2022-12-01', 'full').identity.principalId, '')]" + "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference('cognitiveServices', '2022-12-01', 'full').identity, 'principalId')), reference('cognitiveServices', '2022-12-01', 'full').identity.principalId, '')]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.CognitiveServices/accounts', parameters('name')), '2022-12-01', 'full').location]" + "value": "[reference('cognitiveServices', '2022-12-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/compute/availability-set/main.json b/modules/compute/availability-set/main.json index 19bcaa1b81..2431428757 100644 --- a/modules/compute/availability-set/main.json +++ b/modules/compute/availability-set/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "9507883477012630410" + "templateHash": "215934081213678222" }, "name": "Availability Sets", "description": "This module deploys an Availability Set.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -54,15 +82,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -87,8 +109,8 @@ } } }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -102,7 +124,7 @@ } } }, - { + "availabilitySet": { "type": "Microsoft.Compute/availabilitySets", "apiVersion": "2022-11-01", "name": "[parameters('name')]", @@ -117,21 +139,21 @@ "name": "[parameters('skuName')]" } }, - { - "condition": "[not(empty(parameters('lock')))]", + "availabilitySet_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Compute/availabilitySets/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Compute/availabilitySets', parameters('name'))]" + "availabilitySet" ] }, - { + "availabilitySet_roleAssignments": { "copy": { "name": "availabilitySet_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -298,10 +320,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Compute/availabilitySets', parameters('name'))]" + "availabilitySet" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -329,7 +351,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Compute/availabilitySets', parameters('name')), '2022-11-01', 'full').location]" + "value": "[reference('availabilitySet', '2022-11-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/compute/disk-encryption-set/main.json b/modules/compute/disk-encryption-set/main.json index d695c7fa4b..82d040ffa9 100644 --- a/modules/compute/disk-encryption-set/main.json +++ b/modules/compute/disk-encryption-set/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "2262193414925411787" + "templateHash": "9514360048740923625" }, "name": "Disk Encryption Sets", "description": "This module deploys a Disk Encryption Set.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -26,15 +54,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "keyVaultResourceId": { @@ -124,8 +146,19 @@ "userAssignedIdentities": "[if(not(empty(parameters('userAssignedIdentities'))), parameters('userAssignedIdentities'), null())]" } }, - "resources": [ - { + "resources": { + "keyVault::key": { + "existing": true, + "type": "Microsoft.KeyVault/vaults/keys", + "apiVersion": "2021-10-01", + "subscriptionId": "[split(parameters('keyVaultResourceId'), '/')[2]]", + "resourceGroup": "[split(parameters('keyVaultResourceId'), '/')[4]]", + "name": "[format('{0}/{1}', last(split(parameters('keyVaultResourceId'), '/')), parameters('keyName'))]", + "dependsOn": [ + "keyVault" + ] + }, + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -139,7 +172,15 @@ } } }, - { + "keyVault": { + "existing": true, + "type": "Microsoft.KeyVault/vaults", + "apiVersion": "2021-10-01", + "subscriptionId": "[split(parameters('keyVaultResourceId'), '/')[2]]", + "resourceGroup": "[split(parameters('keyVaultResourceId'), '/')[4]]", + "name": "[last(split(parameters('keyVaultResourceId'), '/'))]" + }, + "diskEncryptionSet": { "type": "Microsoft.Compute/diskEncryptionSets", "apiVersion": "2022-07-02", "name": "[parameters('name')]", @@ -151,31 +192,32 @@ "sourceVault": { "id": "[parameters('keyVaultResourceId')]" }, - "keyUrl": "[if(not(empty(parameters('keyVersion'))), format('{0}/{1}', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('keyVaultResourceId'), '/')[2], split(parameters('keyVaultResourceId'), '/')[4]), 'Microsoft.KeyVault/vaults/keys', last(split(parameters('keyVaultResourceId'), '/')), parameters('keyName')), '2021-10-01').keyUri, parameters('keyVersion')), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('keyVaultResourceId'), '/')[2], split(parameters('keyVaultResourceId'), '/')[4]), 'Microsoft.KeyVault/vaults/keys', last(split(parameters('keyVaultResourceId'), '/')), parameters('keyName')), '2021-10-01').keyUriWithVersion)]" + "keyUrl": "[if(not(empty(parameters('keyVersion'))), format('{0}/{1}', reference('keyVault::key').keyUri, parameters('keyVersion')), reference('keyVault::key').keyUriWithVersion)]" }, "encryptionType": "[parameters('encryptionType')]", "federatedClientId": "[parameters('federatedClientId')]", "rotationToLatestKeyVersionEnabled": "[parameters('rotationToLatestKeyVersionEnabled')]" }, "dependsOn": [ + "keyVault", "keyVaultPermissions" ] }, - { - "condition": "[not(empty(parameters('lock')))]", + "diskEncryptionSet_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Compute/diskEncryptionSets/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Compute/diskEncryptionSets', parameters('name'))]" + "diskEncryptionSet" ] }, - { + "keyVaultPermissions": { "copy": { "name": "keyVaultPermissions", "count": "[length(items(parameters('userAssignedIdentities')))]" @@ -201,7 +243,7 @@ "value": "[items(parameters('userAssignedIdentities'))[copyIndex()].key]" }, "rbacAuthorizationEnabled": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('keyVaultResourceId'), '/')[2], split(parameters('keyVaultResourceId'), '/')[4]), 'Microsoft.KeyVault/vaults', last(split(parameters('keyVaultResourceId'), '/'))), '2021-10-01').enableRbacAuthorization]" + "value": "[reference('keyVault').enableRbacAuthorization]" } }, "template": { @@ -456,9 +498,12 @@ } ] } - } + }, + "dependsOn": [ + "keyVault" + ] }, - { + "diskEncryptionSet_roleAssignments": { "copy": { "name": "diskEncryptionSet_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -625,10 +670,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Compute/diskEncryptionSets', parameters('name'))]" + "diskEncryptionSet" ] } - ], + }, "outputs": { "resourceId": { "type": "string", @@ -656,14 +701,14 @@ "metadata": { "description": "The principal ID of the disk encryption set." }, - "value": "[if(equals(parameters('systemAssignedIdentity'), true()), reference(resourceId('Microsoft.Compute/diskEncryptionSets', parameters('name')), '2022-07-02', 'full').identity.principalId, '')]" + "value": "[if(equals(parameters('systemAssignedIdentity'), true()), reference('diskEncryptionSet', '2022-07-02', 'full').identity.principalId, '')]" }, "identities": { "type": "object", "metadata": { "description": "The idenities of the disk encryption set." }, - "value": "[reference(resourceId('Microsoft.Compute/diskEncryptionSets', parameters('name')), '2022-07-02', 'full').identity]" + "value": "[reference('diskEncryptionSet', '2022-07-02', 'full').identity]" }, "keyVaultName": { "type": "string", @@ -677,7 +722,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Compute/diskEncryptionSets', parameters('name')), '2022-07-02', 'full').location]" + "value": "[reference('diskEncryptionSet', '2022-07-02', 'full').location]" } } } \ No newline at end of file diff --git a/modules/compute/disk/main.json b/modules/compute/disk/main.json index 84ea41a567..48535f3bee 100644 --- a/modules/compute/disk/main.json +++ b/modules/compute/disk/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "12764361220335313353" + "templateHash": "8327315950062299298" }, "name": "Compute Disks", "description": "This module deploys a Compute Disk", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -223,15 +251,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -256,8 +278,8 @@ } } }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -271,7 +293,7 @@ } } }, - { + "disk": { "type": "Microsoft.Compute/disks", "apiVersion": "2022-07-02", "name": "[parameters('name')]", @@ -305,21 +327,21 @@ "supportedCapabilities": "[if(empty(parameters('osType')), createObject(), createObject('acceleratedNetwork', parameters('acceleratedNetwork'), 'architecture', if(empty(parameters('architecture')), null(), parameters('architecture'))))]" } }, - { - "condition": "[not(empty(parameters('lock')))]", + "disk_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Compute/disks/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Compute/disks', parameters('name'))]" + "disk" ] }, - { + "disk_roleAssignments": { "copy": { "name": "disk_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -486,10 +508,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Compute/disks', parameters('name'))]" + "disk" ] } - ], + }, "outputs": { "resourceGroupName": { "type": "string", @@ -517,7 +539,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Compute/disks', parameters('name')), '2022-07-02', 'full').location]" + "value": "[reference('disk', '2022-07-02', 'full').location]" } } } \ No newline at end of file diff --git a/modules/compute/gallery/main.json b/modules/compute/gallery/main.json index d1a6ae1c3b..4b41595c8f 100644 --- a/modules/compute/gallery/main.json +++ b/modules/compute/gallery/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "18299186787302449822" + "templateHash": "13827150813589575122" }, "name": "Azure Compute Galleries", "description": "This module deploys an Azure Compute Gallery (formerly known as Shared Image Gallery).", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -48,15 +76,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -84,8 +106,8 @@ "variables": { "enableReferencedModulesTelemetry": false }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -99,7 +121,7 @@ } } }, - { + "gallery": { "type": "Microsoft.Compute/galleries", "apiVersion": "2022-03-03", "name": "[parameters('name')]", @@ -110,21 +132,21 @@ "identifier": {} } }, - { - "condition": "[not(empty(parameters('lock')))]", + "gallery_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Compute/galleries/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Compute/galleries', parameters('name'))]" + "gallery" ] }, - { + "gallery_roleAssignments": { "copy": { "name": "gallery_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -291,10 +313,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Compute/galleries', parameters('name'))]" + "gallery" ] }, - { + "galleries_applications": { "copy": { "name": "galleries_applications", "count": "[length(parameters('applications'))]" @@ -671,10 +693,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Compute/galleries', parameters('name'))]" + "gallery" ] }, - { + "galleries_images": { "copy": { "name": "galleries_images", "count": "[length(parameters('images'))]" @@ -1225,10 +1247,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Compute/galleries', parameters('name'))]" + "gallery" ] } - ], + }, "outputs": { "resourceId": { "type": "string", @@ -1256,7 +1278,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Compute/galleries', parameters('name')), '2022-03-03', 'full').location]" + "value": "[reference('gallery', '2022-03-03', 'full').location]" } } } \ No newline at end of file diff --git a/modules/compute/proximity-placement-group/main.json b/modules/compute/proximity-placement-group/main.json index 515ff086af..cf86736c07 100644 --- a/modules/compute/proximity-placement-group/main.json +++ b/modules/compute/proximity-placement-group/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "6477295143375151288" + "templateHash": "9736582155386866738" }, "name": "Proximity Placement Groups", "description": "This module deploys a Proximity Placement Group.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -37,15 +65,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -91,8 +113,8 @@ } } }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -106,7 +128,7 @@ } } }, - { + "proximityPlacementGroup": { "type": "Microsoft.Compute/proximityPlacementGroups", "apiVersion": "2022-08-01", "name": "[parameters('name')]", @@ -119,21 +141,21 @@ "intent": "[if(not(empty(parameters('intent'))), parameters('intent'), null())]" } }, - { - "condition": "[not(empty(parameters('lock')))]", + "proximityPlacementGroup_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Compute/proximityPlacementGroups/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Compute/proximityPlacementGroups', parameters('name'))]" + "proximityPlacementGroup" ] }, - { + "proximityPlacementGroup_roleAssignments": { "copy": { "name": "proximityPlacementGroup_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -300,10 +322,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Compute/proximityPlacementGroups', parameters('name'))]" + "proximityPlacementGroup" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -331,7 +353,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Compute/proximityPlacementGroups', parameters('name')), '2022-08-01', 'full').location]" + "value": "[reference('proximityPlacementGroup', '2022-08-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/compute/ssh-public-key/main.json b/modules/compute/ssh-public-key/main.json index b0179a9ba4..ba8c7cbd15 100644 --- a/modules/compute/ssh-public-key/main.json +++ b/modules/compute/ssh-public-key/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "10030504426335419860" + "templateHash": "5313076718925573271" }, "name": "Public SSH Keys", "description": "This module deploys a Public SSH Key.\r\n\r\n> Note: The resource does not auto-generate the key for you.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -33,15 +61,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -66,8 +88,8 @@ } } }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -81,7 +103,7 @@ } } }, - { + "sshPublicKey": { "type": "Microsoft.Compute/sshPublicKeys", "apiVersion": "2022-08-01", "name": "[parameters('name')]", @@ -91,21 +113,21 @@ "publicKey": "[if(not(empty(parameters('publicKey'))), parameters('publicKey'), null())]" } }, - { - "condition": "[not(empty(parameters('lock')))]", + "sshPublicKey_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Compute/sshPublicKeys/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Compute/sshPublicKeys', parameters('name'))]" + "sshPublicKey" ] }, - { + "sshPublicKey_roleAssignments": { "copy": { "name": "sshPublicKey_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -272,10 +294,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Compute/sshPublicKeys', parameters('name'))]" + "sshPublicKey" ] } - ], + }, "outputs": { "resourceGroupName": { "type": "string", @@ -303,7 +325,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Compute/sshPublicKeys', parameters('name')), '2022-08-01', 'full').location]" + "value": "[reference('sshPublicKey', '2022-08-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/compute/virtual-machine-scale-set/main.json b/modules/compute/virtual-machine-scale-set/main.json index 59b04e2594..03061a4918 100644 --- a/modules/compute/virtual-machine-scale-set/main.json +++ b/modules/compute/virtual-machine-scale-set/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "1180320046795963031" + "templateHash": "11691873166192750677" }, "name": "Virtual Machine Scale Sets", "description": "This module deploys a Virtual Machine Scale Set.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -302,15 +330,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "upgradePolicyMode": { @@ -629,8 +651,8 @@ "identity": "[if(not(equals(variables('identityType'), 'None')), createObject('type', variables('identityType'), 'userAssignedIdentities', if(not(empty(parameters('userAssignedIdentities'))), parameters('userAssignedIdentities'), null())), null())]", "enableReferencedModulesTelemetry": false }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -644,7 +666,7 @@ } } }, - { + "vmss": { "type": "Microsoft.Compute/virtualMachineScaleSets", "apiVersion": "2022-11-01", "name": "[parameters('name')]", @@ -767,21 +789,30 @@ }, "plan": "[if(not(empty(parameters('plan'))), parameters('plan'), null())]" }, - { - "condition": "[not(empty(parameters('lock')))]", + "vmss_logAnalyticsWorkspace": { + "condition": "[not(empty(parameters('monitoringWorkspaceId')))]", + "existing": true, + "type": "Microsoft.OperationalInsights/workspaces", + "apiVersion": "2021-06-01", + "subscriptionId": "[split(parameters('monitoringWorkspaceId'), '/')[2]]", + "resourceGroup": "[split(parameters('monitoringWorkspaceId'), '/')[4]]", + "name": "[last(split(parameters('monitoringWorkspaceId'), '/'))]" + }, + "vmss_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Compute/virtualMachineScaleSets/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachineScaleSets', parameters('name'))]" + "vmss" ] }, - { + "vmss_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -795,10 +826,10 @@ "metrics": "[variables('diagnosticsMetrics')]" }, "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachineScaleSets', parameters('name'))]" + "vmss" ] }, - { + "vmss_domainJoinExtension": { "condition": "[parameters('extensionDomainJoinConfig').enabled]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -986,10 +1017,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachineScaleSets', parameters('name'))]" + "vmss" ] }, - { + "vmss_microsoftAntiMalwareExtension": { "condition": "[parameters('extensionAntiMalwareConfig').enabled]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -1172,10 +1203,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachineScaleSets', parameters('name'))]" + "vmss" ] }, - { + "vmss_microsoftMonitoringAgentExtension": { "condition": "[parameters('extensionMonitoringAgentConfig').enabled]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -1363,10 +1394,11 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachineScaleSets', parameters('name'))]" + "vmss", + "vmss_logAnalyticsWorkspace" ] }, - { + "vmss_dependencyAgentExtension": { "condition": "[parameters('extensionDependencyAgentConfig').enabled]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -1544,10 +1576,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachineScaleSets', parameters('name'))]" + "vmss" ] }, - { + "vmss_networkWatcherAgentExtension": { "condition": "[parameters('extensionNetworkWatcherAgentConfig').enabled]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -1725,10 +1757,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachineScaleSets', parameters('name'))]" + "vmss" ] }, - { + "vmss_desiredStateConfigurationExtension": { "condition": "[parameters('extensionDSCConfig').enabled]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -1910,10 +1942,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachineScaleSets', parameters('name'))]" + "vmss" ] }, - { + "vmss_customScriptExtension": { "condition": "[parameters('extensionCustomScriptConfig').enabled]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -2101,11 +2133,11 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachineScaleSets', parameters('name'))]", - "[resourceId('Microsoft.Resources/deployments', format('{0}-VMSS-DesiredStateConfiguration', uniqueString(deployment().name, parameters('location'))))]" + "vmss", + "vmss_desiredStateConfigurationExtension" ] }, - { + "vmss_azureDiskEncryptionExtension": { "condition": "[parameters('extensionAzureDiskEncryptionConfig').enabled]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -2287,12 +2319,12 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachineScaleSets', parameters('name'))]", - "[resourceId('Microsoft.Resources/deployments', format('{0}-VMSS-CustomScriptExtension', uniqueString(deployment().name, parameters('location'))))]", - "[resourceId('Microsoft.Resources/deployments', format('{0}-VMSS-MicrosoftMonitoringAgent', uniqueString(deployment().name, parameters('location'))))]" + "vmss", + "vmss_customScriptExtension", + "vmss_microsoftMonitoringAgentExtension" ] }, - { + "vmss_roleAssignments": { "copy": { "name": "vmss_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -2459,10 +2491,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachineScaleSets', parameters('name'))]" + "vmss" ] } - ], + }, "outputs": { "resourceId": { "type": "string", @@ -2490,14 +2522,14 @@ "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference(resourceId('Microsoft.Compute/virtualMachineScaleSets', parameters('name')), '2022-11-01', 'full').identity, 'principalId')), reference(resourceId('Microsoft.Compute/virtualMachineScaleSets', parameters('name')), '2022-11-01', 'full').identity.principalId, '')]" + "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference('vmss', '2022-11-01', 'full').identity, 'principalId')), reference('vmss', '2022-11-01', 'full').identity.principalId, '')]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Compute/virtualMachineScaleSets', parameters('name')), '2022-11-01', 'full').location]" + "value": "[reference('vmss', '2022-11-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/compute/virtual-machine/main.json b/modules/compute/virtual-machine/main.json index 202cf5e053..09e5bbc131 100644 --- a/modules/compute/virtual-machine/main.json +++ b/modules/compute/virtual-machine/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "16514436583417262148" + "templateHash": "6666222898286420921" }, "name": "Virtual Machines", "description": "This module deploys a Virtual Machine with one or multiple NICs and optionally one or multiple public IPs.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -461,15 +489,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -635,8 +657,8 @@ "identity": "[if(not(equals(variables('identityType'), 'None')), createObject('type', variables('identityType'), 'userAssignedIdentities', if(not(empty(parameters('userAssignedIdentities'))), parameters('userAssignedIdentities'), null())), null())]", "enableReferencedModulesTelemetry": false }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -650,7 +672,7 @@ } } }, - { + "vm": { "type": "Microsoft.Compute/virtualMachines", "apiVersion": "2022-11-01", "name": "[parameters('name')]", @@ -746,7 +768,7 @@ "vm_nic" ] }, - { + "vm_configurationProfileAssignment": { "condition": "[not(empty(parameters('configurationProfile')))]", "type": "Microsoft.Automanage/configurationProfileAssignments", "apiVersion": "2021-04-30-preview", @@ -756,24 +778,33 @@ "configurationProfile": "[parameters('configurationProfile')]" }, "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]" + "vm" ] }, - { - "condition": "[not(empty(parameters('lock')))]", + "vm_logAnalyticsWorkspace": { + "condition": "[not(empty(parameters('monitoringWorkspaceId')))]", + "existing": true, + "type": "Microsoft.OperationalInsights/workspaces", + "apiVersion": "2021-06-01", + "subscriptionId": "[split(parameters('monitoringWorkspaceId'), '/')[2]]", + "resourceGroup": "[split(parameters('monitoringWorkspaceId'), '/')[4]]", + "name": "[last(split(parameters('monitoringWorkspaceId'), '/'))]" + }, + "vm_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Compute/virtualMachines/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]" + "vm" ] }, - { + "vm_nic": { "copy": { "name": "vm_nic", "count": "[length(parameters('nicConfigurations'))]" @@ -840,12 +871,40 @@ }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "8548313386789098939" + "templateHash": "12516880950554869158" + } + }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true } }, "parameters": { @@ -884,8 +943,7 @@ "type": "array" }, "lock": { - "type": "string", - "defaultValue": "" + "$ref": "#/definitions/lockType" }, "diagnosticStorageAccountId": { "type": "string" @@ -933,8 +991,8 @@ "variables": { "enableReferencedModulesTelemetry": false }, - "resources": [ - { + "resources": { + "networkInterface_publicIPAddresses": { "copy": { "name": "networkInterface_publicIPAddresses", "count": "[length(parameters('ipConfigurations'))]" @@ -995,17 +1053,45 @@ }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "4317747709004918530" + "templateHash": "7177220893233117141" }, "name": "Public IP Addresses", "description": "This module deploys a Public IP Address.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -1135,15 +1221,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "location": { @@ -1232,8 +1312,8 @@ ], "diagnosticsLogs": "[if(contains(parameters('diagnosticLogCategoriesToEnable'), 'allLogs'), createArray(createObject('categoryGroup', 'allLogs', 'enabled', true())), if(contains(parameters('diagnosticLogCategoriesToEnable'), ''), createArray(), variables('diagnosticsLogsSpecified')))]" }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -1247,7 +1327,7 @@ } } }, - { + "publicIpAddress": { "type": "Microsoft.Network/publicIPAddresses", "apiVersion": "2023-04-01", "name": "[parameters('name')]", @@ -1267,21 +1347,21 @@ "ipTags": [] } }, - { - "condition": "[not(empty(parameters('lock')))]", + "publicIpAddress_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Network/publicIPAddresses/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/publicIPAddresses', parameters('name'))]" + "publicIpAddress" ] }, - { + "publicIpAddress_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -1296,10 +1376,10 @@ "logs": "[variables('diagnosticsLogs')]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/publicIPAddresses', parameters('name'))]" + "publicIpAddress" ] }, - { + "publicIpAddress_roleAssignments": { "copy": { "name": "publicIpAddress_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -1473,10 +1553,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/publicIPAddresses', parameters('name'))]" + "publicIpAddress" ] } - ], + }, "outputs": { "resourceGroupName": { "type": "string", @@ -1504,20 +1584,20 @@ "metadata": { "description": "The public IP address of the public IP address resource." }, - "value": "[if(contains(reference(resourceId('Microsoft.Network/publicIPAddresses', parameters('name')), '2023-04-01'), 'ipAddress'), reference(resourceId('Microsoft.Network/publicIPAddresses', parameters('name')), '2023-04-01').ipAddress, '')]" + "value": "[if(contains(reference('publicIpAddress'), 'ipAddress'), reference('publicIpAddress').ipAddress, '')]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Network/publicIPAddresses', parameters('name')), '2023-04-01', 'full').location]" + "value": "[reference('publicIpAddress', '2023-04-01', 'full').location]" } } } } }, - { + "networkInterface": { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('{0}-NetworkInterface', deployment().name)]", @@ -1581,17 +1661,45 @@ }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "14479255820598719580" + "templateHash": "3998904758858607142" }, "name": "Network Interface", "description": "This module deploys a Network Interface.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -1688,15 +1796,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -1767,8 +1869,8 @@ } ] }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -1782,7 +1884,7 @@ } } }, - { + "networkInterface": { "type": "Microsoft.Network/networkInterfaces", "apiVersion": "2023-04-01", "name": "[parameters('name')]", @@ -1823,7 +1925,7 @@ "networkSecurityGroup": "[if(not(empty(parameters('networkSecurityGroupResourceId'))), createObject('id', parameters('networkSecurityGroupResourceId')), null())]" } }, - { + "networkInterface_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -1837,24 +1939,24 @@ "metrics": "[variables('diagnosticsMetrics')]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/networkInterfaces', parameters('name'))]" + "networkInterface" ] }, - { - "condition": "[not(empty(parameters('lock')))]", + "networkInterface_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Network/networkInterfaces/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/networkInterfaces', parameters('name'))]" + "networkInterface" ] }, - { + "networkInterface_roleAssignments": { "copy": { "name": "networkInterface_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -2028,10 +2130,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/networkInterfaces', parameters('name'))]" + "networkInterface" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -2059,7 +2161,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Network/networkInterfaces', parameters('name')), '2023-04-01', 'full').location]" + "value": "[reference('networkInterface', '2023-04-01', 'full').location]" } } } @@ -2068,11 +2170,11 @@ "networkInterface_publicIPAddresses" ] } - ] + } } } }, - { + "vm_aadJoinExtension": { "condition": "[parameters('extensionAadJoinConfig').enabled]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -2272,10 +2374,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]" + "vm" ] }, - { + "vm_domainJoinExtension": { "condition": "[parameters('extensionDomainJoinConfig').enabled]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -2487,10 +2589,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]" + "vm" ] }, - { + "vm_microsoftAntiMalwareExtension": { "condition": "[parameters('extensionAntiMalwareConfig').enabled]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -2697,10 +2799,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]" + "vm" ] }, - { + "vm_microsoftMonitoringAgentExtension": { "condition": "[parameters('extensionMonitoringAgentConfig').enabled]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -2726,7 +2828,7 @@ "enableAutomaticUpgrade": "[if(contains(parameters('extensionMonitoringAgentConfig'), 'enableAutomaticUpgrade'), createObject('value', parameters('extensionMonitoringAgentConfig').enableAutomaticUpgrade), createObject('value', false()))]", "settings": { "value": { - "workspaceId": "[if(not(empty(parameters('monitoringWorkspaceId'))), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('monitoringWorkspaceId'), '/')[2], split(parameters('monitoringWorkspaceId'), '/')[4]), 'Microsoft.OperationalInsights/workspaces', last(split(parameters('monitoringWorkspaceId'), '/'))), '2021-06-01').customerId, '')]" + "workspaceId": "[if(not(empty(parameters('monitoringWorkspaceId'))), reference('vm_logAnalyticsWorkspace').customerId, '')]" } }, "tags": "[if(contains(parameters('extensionMonitoringAgentConfig'), 'tags'), createObject('value', parameters('extensionMonitoringAgentConfig').tags), createObject('value', createObject()))]", @@ -2912,10 +3014,11 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]" + "vm", + "vm_logAnalyticsWorkspace" ] }, - { + "vm_dependencyAgentExtension": { "condition": "[parameters('extensionDependencyAgentConfig').enabled]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -3117,10 +3220,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]" + "vm" ] }, - { + "vm_networkWatcherAgentExtension": { "condition": "[parameters('extensionNetworkWatcherAgentConfig').enabled]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -3322,10 +3425,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]" + "vm" ] }, - { + "vm_desiredStateConfigurationExtension": { "condition": "[parameters('extensionDSCConfig').enabled]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -3531,10 +3634,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]" + "vm" ] }, - { + "vm_customScriptExtension": { "condition": "[parameters('extensionCustomScriptConfig').enabled]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -3748,11 +3851,11 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]", - "[resourceId('Microsoft.Resources/deployments', format('{0}-VM-DesiredStateConfiguration', uniqueString(deployment().name, parameters('location'))))]" + "vm", + "vm_desiredStateConfigurationExtension" ] }, - { + "vm_azureDiskEncryptionExtension": { "condition": "[parameters('extensionAzureDiskEncryptionConfig').enabled]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -3958,12 +4061,12 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]", - "[resourceId('Microsoft.Resources/deployments', format('{0}-VM-CustomScriptExtension', uniqueString(deployment().name, parameters('location'))))]", - "[resourceId('Microsoft.Resources/deployments', format('{0}-VM-MicrosoftMonitoringAgent', uniqueString(deployment().name, parameters('location'))))]" + "vm", + "vm_customScriptExtension", + "vm_microsoftMonitoringAgentExtension" ] }, - { + "vm_backup": { "condition": "[not(empty(parameters('backupVaultName')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -4127,18 +4230,18 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]", - "[resourceId('Microsoft.Resources/deployments', format('{0}-VM-AADLogin', uniqueString(deployment().name, parameters('location'))))]", - "[resourceId('Microsoft.Resources/deployments', format('{0}-VM-CustomScriptExtension', uniqueString(deployment().name, parameters('location'))))]", - "[resourceId('Microsoft.Resources/deployments', format('{0}-VM-DependencyAgent', uniqueString(deployment().name, parameters('location'))))]", - "[resourceId('Microsoft.Resources/deployments', format('{0}-VM-DesiredStateConfiguration', uniqueString(deployment().name, parameters('location'))))]", - "[resourceId('Microsoft.Resources/deployments', format('{0}-VM-DomainJoin', uniqueString(deployment().name, parameters('location'))))]", - "[resourceId('Microsoft.Resources/deployments', format('{0}-VM-MicrosoftAntiMalware', uniqueString(deployment().name, parameters('location'))))]", - "[resourceId('Microsoft.Resources/deployments', format('{0}-VM-MicrosoftMonitoringAgent', uniqueString(deployment().name, parameters('location'))))]", - "[resourceId('Microsoft.Resources/deployments', format('{0}-VM-NetworkWatcherAgent', uniqueString(deployment().name, parameters('location'))))]" + "vm", + "vm_aadJoinExtension", + "vm_customScriptExtension", + "vm_dependencyAgentExtension", + "vm_desiredStateConfigurationExtension", + "vm_domainJoinExtension", + "vm_microsoftAntiMalwareExtension", + "vm_microsoftMonitoringAgentExtension", + "vm_networkWatcherAgentExtension" ] }, - { + "vm_roleAssignments": { "copy": { "name": "vm_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -4305,10 +4408,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]" + "vm" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -4336,14 +4439,14 @@ "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference(resourceId('Microsoft.Compute/virtualMachines', parameters('name')), '2022-11-01', 'full').identity, 'principalId')), reference(resourceId('Microsoft.Compute/virtualMachines', parameters('name')), '2022-11-01', 'full').identity.principalId, '')]" + "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference('vm', '2022-11-01', 'full').identity, 'principalId')), reference('vm', '2022-11-01', 'full').identity.principalId, '')]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Compute/virtualMachines', parameters('name')), '2022-11-01', 'full').location]" + "value": "[reference('vm', '2022-11-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/container-instance/container-group/main.json b/modules/container-instance/container-group/main.json index de3ed088b2..07e6df7729 100644 --- a/modules/container-instance/container-group/main.json +++ b/modules/container-instance/container-group/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "3196122826827836156" + "templateHash": "7574542077751658739" }, "name": "Container Instances Container Groups", "description": "This module deploys a Container Instance Container Group.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -132,15 +160,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "systemAssignedIdentity": { @@ -215,8 +237,8 @@ "identityType": "[if(parameters('systemAssignedIdentity'), if(not(empty(parameters('userAssignedIdentities'))), 'SystemAssigned,UserAssigned', 'SystemAssigned'), if(not(empty(parameters('userAssignedIdentities'))), 'UserAssigned', 'None'))]", "identity": "[if(not(equals(variables('identityType'), 'None')), createObject('type', variables('identityType'), 'userAssignedIdentities', if(not(empty(parameters('userAssignedIdentities'))), parameters('userAssignedIdentities'), null())), null())]" }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -230,30 +252,52 @@ } } }, - { + "cmkKeyVault": { + "condition": "[not(empty(parameters('cMKKeyVaultResourceId')))]", + "existing": true, + "type": "Microsoft.KeyVault/vaults", + "apiVersion": "2021-06-01-preview", + "subscriptionId": "[split(parameters('cMKKeyVaultResourceId'), '/')[2]]", + "resourceGroup": "[split(parameters('cMKKeyVaultResourceId'), '/')[4]]", + "name": "[last(split(parameters('cMKKeyVaultResourceId'), '/'))]" + }, + "cMKKeyVaultKey": { + "condition": "[and(not(empty(parameters('cMKKeyVaultResourceId'))), not(empty(parameters('cMKKeyName'))))]", + "existing": true, + "type": "Microsoft.KeyVault/vaults/keys", + "apiVersion": "2021-10-01", + "subscriptionId": "[split(parameters('cMKKeyVaultResourceId'), '/')[2]]", + "resourceGroup": "[split(parameters('cMKKeyVaultResourceId'), '/')[4]]", + "name": "[format('{0}/{1}', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName'))]" + }, + "containergroup": { "type": "Microsoft.ContainerInstance/containerGroups", "apiVersion": "2022-09-01", "name": "[parameters('name')]", "location": "[parameters('location')]", "identity": "[variables('identity')]", "tags": "[parameters('tags')]", - "properties": "[union(createObject('containers', parameters('containers'), 'encryptionProperties', if(not(empty(parameters('cMKKeyName'))), createObject('identity', parameters('cMKUserAssignedIdentityResourceId'), 'keyName', parameters('cMKKeyName'), 'keyVersion', if(not(empty(parameters('cMKKeyVersion'))), parameters('cMKKeyVersion'), last(split(reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('cMKKeyVaultResourceId'), '/')[2], split(parameters('cMKKeyVaultResourceId'), '/')[4]), 'Microsoft.KeyVault/vaults/keys', split(format('{0}/{1}', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName')), '/')[0], split(format('{0}/{1}', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName')), '/')[1]), '2021-10-01').keyUriWithVersion, '/'))), 'vaultBaseUrl', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('cMKKeyVaultResourceId'), '/')[2], split(parameters('cMKKeyVaultResourceId'), '/')[4]), 'Microsoft.KeyVault/vaults', last(split(parameters('cMKKeyVaultResourceId'), '/'))), '2021-06-01-preview').vaultUri), null()), 'imageRegistryCredentials', parameters('imageRegistryCredentials'), 'initContainers', parameters('initContainers'), 'restartPolicy', parameters('restartPolicy'), 'osType', parameters('osType'), 'ipAddress', createObject('type', parameters('ipAddressType'), 'autoGeneratedDomainNameLabelScope', if(not(empty(parameters('dnsNameServers'))), parameters('autoGeneratedDomainNameLabelScope'), null()), 'dnsNameLabel', parameters('dnsNameLabel'), 'ports', parameters('ipAddressPorts')), 'sku', parameters('sku'), 'subnetIds', if(not(empty(parameters('subnetId'))), createArray(createObject('id', parameters('subnetId'))), null()), 'volumes', parameters('volumes')), if(not(empty(parameters('dnsNameServers'))), createObject('dnsConfig', createObject('nameServers', parameters('dnsNameServers'), 'searchDomains', parameters('dnsSearchDomains'))), createObject()))]" + "properties": "[union(createObject('containers', parameters('containers'), 'encryptionProperties', if(not(empty(parameters('cMKKeyName'))), createObject('identity', parameters('cMKUserAssignedIdentityResourceId'), 'keyName', parameters('cMKKeyName'), 'keyVersion', if(not(empty(parameters('cMKKeyVersion'))), parameters('cMKKeyVersion'), last(split(reference('cMKKeyVaultKey').keyUriWithVersion, '/'))), 'vaultBaseUrl', reference('cmkKeyVault').vaultUri), null()), 'imageRegistryCredentials', parameters('imageRegistryCredentials'), 'initContainers', parameters('initContainers'), 'restartPolicy', parameters('restartPolicy'), 'osType', parameters('osType'), 'ipAddress', createObject('type', parameters('ipAddressType'), 'autoGeneratedDomainNameLabelScope', if(not(empty(parameters('dnsNameServers'))), parameters('autoGeneratedDomainNameLabelScope'), null()), 'dnsNameLabel', parameters('dnsNameLabel'), 'ports', parameters('ipAddressPorts')), 'sku', parameters('sku'), 'subnetIds', if(not(empty(parameters('subnetId'))), createArray(createObject('id', parameters('subnetId'))), null()), 'volumes', parameters('volumes')), if(not(empty(parameters('dnsNameServers'))), createObject('dnsConfig', createObject('nameServers', parameters('dnsNameServers'), 'searchDomains', parameters('dnsSearchDomains'))), createObject()))]", + "dependsOn": [ + "cmkKeyVault", + "cMKKeyVaultKey" + ] }, - { - "condition": "[not(empty(parameters('lock')))]", + "containergroup_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.ContainerInstance/containerGroups/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.ContainerInstance/containerGroups', parameters('name'))]" + "containergroup" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -281,21 +325,21 @@ "metadata": { "description": "The IPv4 address of the container group." }, - "value": "[reference(resourceId('Microsoft.ContainerInstance/containerGroups', parameters('name')), '2022-09-01').ipAddress.ip]" + "value": "[reference('containergroup').ipAddress.ip]" }, "systemAssignedPrincipalId": { "type": "string", "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference(resourceId('Microsoft.ContainerInstance/containerGroups', parameters('name')), '2022-09-01', 'full').identity, 'principalId')), reference(resourceId('Microsoft.ContainerInstance/containerGroups', parameters('name')), '2022-09-01', 'full').identity.principalId, '')]" + "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference('containergroup', '2022-09-01', 'full').identity, 'principalId')), reference('containergroup', '2022-09-01', 'full').identity.principalId, '')]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.ContainerInstance/containerGroups', parameters('name')), '2022-09-01', 'full').location]" + "value": "[reference('containergroup', '2022-09-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/container-registry/registry/main.json b/modules/container-registry/registry/main.json index f718008dad..4916e20f97 100644 --- a/modules/container-registry/registry/main.json +++ b/modules/container-registry/registry/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "1580319527153380248" + "templateHash": "5089509635868205582" }, "name": "Azure Container Registries (ACR)", "description": "This module deploys an Azure Container Registry (ACR).", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -214,15 +242,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "systemAssignedIdentity": { @@ -383,8 +405,8 @@ "identity": "[if(not(equals(variables('identityType'), 'None')), createObject('type', variables('identityType'), 'userAssignedIdentities', if(not(empty(parameters('userAssignedIdentities'))), parameters('userAssignedIdentities'), null())), null())]", "enableReferencedModulesTelemetry": false }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -398,7 +420,25 @@ } } }, - { + "cMKUserAssignedIdentity": { + "condition": "[not(empty(parameters('cMKUserAssignedIdentityResourceId')))]", + "existing": true, + "type": "Microsoft.ManagedIdentity/userAssignedIdentities", + "apiVersion": "2018-11-30", + "subscriptionId": "[split(parameters('cMKUserAssignedIdentityResourceId'), '/')[2]]", + "resourceGroup": "[split(parameters('cMKUserAssignedIdentityResourceId'), '/')[4]]", + "name": "[last(split(parameters('cMKUserAssignedIdentityResourceId'), '/'))]" + }, + "cMKKeyVaultKey": { + "condition": "[and(not(empty(parameters('cMKKeyVaultResourceId'))), not(empty(parameters('cMKKeyName'))))]", + "existing": true, + "type": "Microsoft.KeyVault/vaults/keys", + "apiVersion": "2021-10-01", + "subscriptionId": "[split(parameters('cMKKeyVaultResourceId'), '/')[2]]", + "resourceGroup": "[split(parameters('cMKKeyVaultResourceId'), '/')[4]]", + "name": "[format('{0}/{1}', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName'))]" + }, + "registry": { "type": "Microsoft.ContainerRegistry/registries", "apiVersion": "2023-06-01-preview", "name": "[parameters('name')]", @@ -411,7 +451,7 @@ "properties": { "anonymousPullEnabled": "[parameters('anonymousPullEnabled')]", "adminUserEnabled": "[parameters('acrAdminUserEnabled')]", - "encryption": "[if(not(empty(parameters('cMKKeyName'))), createObject('status', 'enabled', 'keyVaultProperties', createObject('identity', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('cMKUserAssignedIdentityResourceId'), '/')[2], split(parameters('cMKUserAssignedIdentityResourceId'), '/')[4]), 'Microsoft.ManagedIdentity/userAssignedIdentities', last(split(parameters('cMKUserAssignedIdentityResourceId'), '/'))), '2018-11-30').clientId, 'keyIdentifier', if(not(empty(parameters('cMKKeyVersion'))), format('{0}/{1}', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('cMKKeyVaultResourceId'), '/')[2], split(parameters('cMKKeyVaultResourceId'), '/')[4]), 'Microsoft.KeyVault/vaults/keys', split(format('{0}/{1}', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName')), '/')[0], split(format('{0}/{1}', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName')), '/')[1]), '2021-10-01').keyUri, parameters('cMKKeyVersion')), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('cMKKeyVaultResourceId'), '/')[2], split(parameters('cMKKeyVaultResourceId'), '/')[4]), 'Microsoft.KeyVault/vaults/keys', split(format('{0}/{1}', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName')), '/')[0], split(format('{0}/{1}', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName')), '/')[1]), '2021-10-01').keyUriWithVersion))), null())]", + "encryption": "[if(not(empty(parameters('cMKKeyName'))), createObject('status', 'enabled', 'keyVaultProperties', createObject('identity', reference('cMKUserAssignedIdentity').clientId, 'keyIdentifier', if(not(empty(parameters('cMKKeyVersion'))), format('{0}/{1}', reference('cMKKeyVaultKey').keyUri, parameters('cMKKeyVersion')), reference('cMKKeyVaultKey').keyUriWithVersion))), null())]", "policies": { "azureADAuthenticationAsArmPolicy": { "status": "[parameters('azureADAuthenticationAsArmPolicyStatus')]" @@ -435,23 +475,27 @@ "networkRuleBypassOptions": "[parameters('networkRuleBypassOptions')]", "networkRuleSet": "[if(not(empty(parameters('networkRuleSetIpRules'))), createObject('defaultAction', parameters('networkRuleSetDefaultAction'), 'ipRules', parameters('networkRuleSetIpRules')), null())]", "zoneRedundancy": "[if(equals(parameters('acrSku'), 'Premium'), parameters('zoneRedundancy'), null())]" - } + }, + "dependsOn": [ + "cMKKeyVaultKey", + "cMKUserAssignedIdentity" + ] }, - { - "condition": "[not(empty(parameters('lock')))]", + "registry_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.ContainerRegistry/registries/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.ContainerRegistry/registries', parameters('name'))]" + "registry" ] }, - { + "registry_diagnosticSettingName": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -466,10 +510,10 @@ "logs": "[variables('diagnosticsLogs')]" }, "dependsOn": [ - "[resourceId('Microsoft.ContainerRegistry/registries', parameters('name'))]" + "registry" ] }, - { + "registry_replications": { "copy": { "name": "registry_replications", "count": "[length(parameters('replications'))]" @@ -625,10 +669,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.ContainerRegistry/registries', parameters('name'))]" + "registry" ] }, - { + "registry_cacheRules": { "copy": { "name": "registry_cacheRules", "count": "[length(parameters('cacheRules'))]" @@ -762,10 +806,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.ContainerRegistry/registries', parameters('name'))]" + "registry" ] }, - { + "registry_webhooks": { "copy": { "name": "registry_webhooks", "count": "[length(parameters('webhooks'))]" @@ -977,10 +1021,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.ContainerRegistry/registries', parameters('name'))]" + "registry" ] }, - { + "registry_roleAssignments": { "copy": { "name": "registry_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -1131,10 +1175,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.ContainerRegistry/registries', parameters('name'))]" + "registry" ] }, - { + "registry_privateEndpoints": { "copy": { "name": "registry_privateEndpoints", "count": "[length(parameters('privateEndpoints'))]" @@ -1658,10 +1702,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.ContainerRegistry/registries', parameters('name'))]" + "registry" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -1696,14 +1740,14 @@ "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference(resourceId('Microsoft.ContainerRegistry/registries', parameters('name')), '2023-06-01-preview', 'full').identity, 'principalId')), reference(resourceId('Microsoft.ContainerRegistry/registries', parameters('name')), '2023-06-01-preview', 'full').identity.principalId, '')]" + "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference('registry', '2023-06-01-preview', 'full').identity, 'principalId')), reference('registry', '2023-06-01-preview', 'full').identity.principalId, '')]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.ContainerRegistry/registries', parameters('name')), '2023-06-01-preview', 'full').location]" + "value": "[reference('registry', '2023-06-01-preview', 'full').location]" } } } \ No newline at end of file diff --git a/modules/container-service/managed-cluster/main.json b/modules/container-service/managed-cluster/main.json index 1636bf303e..10118514e6 100644 --- a/modules/container-service/managed-cluster/main.json +++ b/modules/container-service/managed-cluster/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "7077356343713969250" + "templateHash": "10441788183325724370" }, "name": "Azure Kubernetes Service (AKS) Managed Clusters", "description": "This module deploys an Azure Kubernetes Service (AKS) Managed Cluster.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -700,15 +728,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "tags": { @@ -837,8 +859,8 @@ }, "enableReferencedModulesTelemetry": false }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -852,7 +874,7 @@ } } }, - { + "managedCluster": { "type": "Microsoft.ContainerService/managedClusters", "apiVersion": "2023-07-02-preview", "name": "[parameters('name')]", @@ -991,21 +1013,21 @@ "supportPlan": "[parameters('supportPlan')]" } }, - { - "condition": "[not(empty(parameters('lock')))]", + "managedCluster_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.ContainerService/managedClusters/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.ContainerService/managedClusters', parameters('name'))]" + "managedCluster" ] }, - { + "managedCluster_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -1020,10 +1042,17 @@ "logs": "[variables('diagnosticsLogs')]" }, "dependsOn": [ - "[resourceId('Microsoft.ContainerService/managedClusters', parameters('name'))]" + "managedCluster" ] }, - { + "dnsZone": { + "condition": "[and(not(equals(parameters('dnsZoneResourceId'), null())), parameters('webApplicationRoutingEnabled'))]", + "existing": true, + "type": "Microsoft.Network/dnsZones", + "apiVersion": "2018-05-01", + "name": "[last(split(parameters('dnsZoneResourceId'), '/'))]" + }, + "dnsZone_roleAssignment": { "condition": "[and(and(equals(parameters('enableDnsZoneContributorRoleAssignment'), true()), not(equals(parameters('dnsZoneResourceId'), null()))), parameters('webApplicationRoutingEnabled'))]", "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", @@ -1031,14 +1060,15 @@ "name": "[guid(parameters('dnsZoneResourceId'), subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'befefa01-2a29-4197-83a8-272ff33ce314'), 'DNS Zone Contributor')]", "properties": { "roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'befefa01-2a29-4197-83a8-272ff33ce314')]", - "principalId": "[reference(resourceId('Microsoft.ContainerService/managedClusters', parameters('name')), '2023-07-02-preview').ingressProfile.webAppRouting.identity.objectId]", + "principalId": "[reference('managedCluster').ingressProfile.webAppRouting.identity.objectId]", "principalType": "ServicePrincipal" }, "dependsOn": [ - "[resourceId('Microsoft.ContainerService/managedClusters', parameters('name'))]" + "dnsZone", + "managedCluster" ] }, - { + "managedCluster_agentPools": { "copy": { "name": "managedCluster_agentPools", "count": "[length(parameters('agentPools'))]" @@ -1499,10 +1529,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.ContainerService/managedClusters', parameters('name'))]" + "managedCluster" ] }, - { + "managedCluster_extension": { "condition": "[not(empty(parameters('fluxExtension')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -1892,10 +1922,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.ContainerService/managedClusters', parameters('name'))]" + "managedCluster" ] }, - { + "managedCluster_roleAssignments": { "copy": { "name": "managedCluster_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -2054,10 +2084,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.ContainerService/managedClusters', parameters('name'))]" + "managedCluster" ] } - ], + }, "outputs": { "resourceId": { "type": "string", @@ -2085,63 +2115,63 @@ "metadata": { "description": "The control plane FQDN of the managed cluster." }, - "value": "[if(parameters('enablePrivateCluster'), reference(resourceId('Microsoft.ContainerService/managedClusters', parameters('name')), '2023-07-02-preview').privateFQDN, reference(resourceId('Microsoft.ContainerService/managedClusters', parameters('name')), '2023-07-02-preview').fqdn)]" + "value": "[if(parameters('enablePrivateCluster'), reference('managedCluster').privateFQDN, reference('managedCluster').fqdn)]" }, "systemAssignedPrincipalId": { "type": "string", "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference(resourceId('Microsoft.ContainerService/managedClusters', parameters('name')), '2023-07-02-preview', 'full').identity, 'principalId')), reference(resourceId('Microsoft.ContainerService/managedClusters', parameters('name')), '2023-07-02-preview', 'full').identity.principalId, '')]" + "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference('managedCluster', '2023-07-02-preview', 'full').identity, 'principalId')), reference('managedCluster', '2023-07-02-preview', 'full').identity.principalId, '')]" }, "kubeletidentityObjectId": { "type": "string", "metadata": { "description": "The Object ID of the AKS identity." }, - "value": "[if(contains(reference(resourceId('Microsoft.ContainerService/managedClusters', parameters('name')), '2023-07-02-preview'), 'identityProfile'), if(contains(reference(resourceId('Microsoft.ContainerService/managedClusters', parameters('name')), '2023-07-02-preview').identityProfile, 'kubeletidentity'), reference(resourceId('Microsoft.ContainerService/managedClusters', parameters('name')), '2023-07-02-preview').identityProfile.kubeletidentity.objectId, ''), '')]" + "value": "[if(contains(reference('managedCluster'), 'identityProfile'), if(contains(reference('managedCluster').identityProfile, 'kubeletidentity'), reference('managedCluster').identityProfile.kubeletidentity.objectId, ''), '')]" }, "omsagentIdentityObjectId": { "type": "string", "metadata": { "description": "The Object ID of the OMS agent identity." }, - "value": "[if(contains(reference(resourceId('Microsoft.ContainerService/managedClusters', parameters('name')), '2023-07-02-preview'), 'addonProfiles'), if(contains(reference(resourceId('Microsoft.ContainerService/managedClusters', parameters('name')), '2023-07-02-preview').addonProfiles, 'omsagent'), if(contains(reference(resourceId('Microsoft.ContainerService/managedClusters', parameters('name')), '2023-07-02-preview').addonProfiles.omsagent, 'identity'), reference(resourceId('Microsoft.ContainerService/managedClusters', parameters('name')), '2023-07-02-preview').addonProfiles.omsagent.identity.objectId, ''), ''), '')]" + "value": "[if(contains(reference('managedCluster'), 'addonProfiles'), if(contains(reference('managedCluster').addonProfiles, 'omsagent'), if(contains(reference('managedCluster').addonProfiles.omsagent, 'identity'), reference('managedCluster').addonProfiles.omsagent.identity.objectId, ''), ''), '')]" }, "keyvaultIdentityObjectId": { "type": "string", "metadata": { "description": "The Object ID of the Key Vault Secrets Provider identity." }, - "value": "[if(contains(reference(resourceId('Microsoft.ContainerService/managedClusters', parameters('name')), '2023-07-02-preview'), 'addonProfiles'), if(contains(reference(resourceId('Microsoft.ContainerService/managedClusters', parameters('name')), '2023-07-02-preview').addonProfiles, 'azureKeyvaultSecretsProvider'), if(contains(reference(resourceId('Microsoft.ContainerService/managedClusters', parameters('name')), '2023-07-02-preview').addonProfiles.azureKeyvaultSecretsProvider, 'identity'), reference(resourceId('Microsoft.ContainerService/managedClusters', parameters('name')), '2023-07-02-preview').addonProfiles.azureKeyvaultSecretsProvider.identity.objectId, ''), ''), '')]" + "value": "[if(contains(reference('managedCluster'), 'addonProfiles'), if(contains(reference('managedCluster').addonProfiles, 'azureKeyvaultSecretsProvider'), if(contains(reference('managedCluster').addonProfiles.azureKeyvaultSecretsProvider, 'identity'), reference('managedCluster').addonProfiles.azureKeyvaultSecretsProvider.identity.objectId, ''), ''), '')]" }, "keyvaultIdentityClientId": { "type": "string", "metadata": { "description": "The Client ID of the Key Vault Secrets Provider identity." }, - "value": "[if(contains(reference(resourceId('Microsoft.ContainerService/managedClusters', parameters('name')), '2023-07-02-preview'), 'addonProfiles'), if(contains(reference(resourceId('Microsoft.ContainerService/managedClusters', parameters('name')), '2023-07-02-preview').addonProfiles, 'azureKeyvaultSecretsProvider'), if(contains(reference(resourceId('Microsoft.ContainerService/managedClusters', parameters('name')), '2023-07-02-preview').addonProfiles.azureKeyvaultSecretsProvider, 'identity'), reference(resourceId('Microsoft.ContainerService/managedClusters', parameters('name')), '2023-07-02-preview').addonProfiles.azureKeyvaultSecretsProvider.identity.clientId, ''), ''), '')]" + "value": "[if(contains(reference('managedCluster'), 'addonProfiles'), if(contains(reference('managedCluster').addonProfiles, 'azureKeyvaultSecretsProvider'), if(contains(reference('managedCluster').addonProfiles.azureKeyvaultSecretsProvider, 'identity'), reference('managedCluster').addonProfiles.azureKeyvaultSecretsProvider.identity.clientId, ''), ''), '')]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.ContainerService/managedClusters', parameters('name')), '2023-07-02-preview', 'full').location]" + "value": "[reference('managedCluster', '2023-07-02-preview', 'full').location]" }, "oidcIssuerUrl": { "type": "string", "metadata": { "description": "The OIDC token issuer URL." }, - "value": "[if(parameters('enableOidcIssuerProfile'), reference(resourceId('Microsoft.ContainerService/managedClusters', parameters('name')), '2023-07-02-preview').oidcIssuerProfile.issuerURL, '')]" + "value": "[if(parameters('enableOidcIssuerProfile'), reference('managedCluster').oidcIssuerProfile.issuerURL, '')]" }, "addonProfiles": { "type": "object", "metadata": { "description": "The addonProfiles of the Kubernetes cluster." }, - "value": "[if(contains(reference(resourceId('Microsoft.ContainerService/managedClusters', parameters('name')), '2023-07-02-preview'), 'addonProfiles'), reference(resourceId('Microsoft.ContainerService/managedClusters', parameters('name')), '2023-07-02-preview').addonProfiles, createObject())]" + "value": "[if(contains(reference('managedCluster'), 'addonProfiles'), reference('managedCluster').addonProfiles, createObject())]" } } } \ No newline at end of file diff --git a/modules/data-factory/factory/main.json b/modules/data-factory/factory/main.json index dcf981878b..25f320fb42 100644 --- a/modules/data-factory/factory/main.json +++ b/modules/data-factory/factory/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "2061647637227926206" + "templateHash": "6655324827358519538" }, "name": "Data Factories", "description": "This module deploys a Data Factory.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -157,15 +185,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "systemAssignedIdentity": { @@ -305,8 +327,17 @@ "identity": "[if(not(equals(variables('identityType'), 'None')), createObject('type', variables('identityType'), 'userAssignedIdentities', if(not(empty(parameters('userAssignedIdentities'))), parameters('userAssignedIdentities'), null())), null())]", "enableReferencedModulesTelemetry": false }, - "resources": [ - { + "resources": { + "cMKKeyVault": { + "condition": "[not(empty(parameters('cMKKeyVaultResourceId')))]", + "existing": true, + "type": "Microsoft.KeyVault/vaults", + "apiVersion": "2021-10-01", + "subscriptionId": "[split(parameters('cMKKeyVaultResourceId'), '/')[2]]", + "resourceGroup": "[split(parameters('cMKKeyVaultResourceId'), '/')[4]]", + "name": "[last(split(parameters('cMKKeyVaultResourceId'), '/'))]" + }, + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -320,7 +351,7 @@ } } }, - { + "dataFactory": { "type": "Microsoft.DataFactory/factories", "apiVersion": "2018-06-01", "name": "[parameters('name')]", @@ -331,24 +362,27 @@ "repoConfiguration": "[if(bool(parameters('gitConfigureLater')), null(), union(createObject('type', parameters('gitRepoType'), 'hostName', parameters('gitHostName'), 'accountName', parameters('gitAccountName'), 'repositoryName', parameters('gitRepositoryName'), 'collaborationBranch', parameters('gitCollaborationBranch'), 'rootFolder', parameters('gitRootFolder'), 'disablePublish', parameters('gitDisablePublish')), if(equals(parameters('gitRepoType'), 'FactoryVSTSConfiguration'), createObject('projectName', parameters('gitProjectName')), createObject()), createObject()))]", "globalParameters": "[if(not(empty(parameters('globalParameters'))), parameters('globalParameters'), null())]", "publicNetworkAccess": "[if(not(empty(parameters('publicNetworkAccess'))), parameters('publicNetworkAccess'), if(not(empty(parameters('privateEndpoints'))), 'Disabled', null()))]", - "encryption": "[if(not(empty(parameters('cMKKeyName'))), createObject('identity', createObject('userAssignedIdentity', parameters('cMKUserAssignedIdentityResourceId')), 'keyName', parameters('cMKKeyName'), 'keyVersion', if(not(empty(parameters('cMKKeyVersion'))), parameters('cMKKeyVersion'), null()), 'vaultBaseUrl', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('cMKKeyVaultResourceId'), '/')[2], split(parameters('cMKKeyVaultResourceId'), '/')[4]), 'Microsoft.KeyVault/vaults', last(split(parameters('cMKKeyVaultResourceId'), '/'))), '2021-10-01').vaultUri), null())]" - } + "encryption": "[if(not(empty(parameters('cMKKeyName'))), createObject('identity', createObject('userAssignedIdentity', parameters('cMKUserAssignedIdentityResourceId')), 'keyName', parameters('cMKKeyName'), 'keyVersion', if(not(empty(parameters('cMKKeyVersion'))), parameters('cMKKeyVersion'), null()), 'vaultBaseUrl', reference('cMKKeyVault').vaultUri), null())]" + }, + "dependsOn": [ + "cMKKeyVault" + ] }, - { - "condition": "[not(empty(parameters('lock')))]", + "dataFactory_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.DataFactory/factories/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.DataFactory/factories', parameters('name'))]" + "dataFactory" ] }, - { + "dataFactory_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -363,10 +397,10 @@ "logs": "[variables('diagnosticsLogs')]" }, "dependsOn": [ - "[resourceId('Microsoft.DataFactory/factories', parameters('name'))]" + "dataFactory" ] }, - { + "dataFactory_managedVirtualNetwork": { "condition": "[not(empty(parameters('managedVirtualNetworkName')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -628,10 +662,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.DataFactory/factories', parameters('name'))]" + "dataFactory" ] }, - { + "dataFactory_integrationRuntimes": { "copy": { "name": "dataFactory_integrationRuntimes", "count": "[length(parameters('integrationRuntimes'))]" @@ -772,11 +806,11 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.DataFactory/factories', parameters('name'))]", - "[resourceId('Microsoft.Resources/deployments', format('{0}-DataFactory-ManagedVNet', uniqueString(deployment().name, parameters('location'))))]" + "dataFactory", + "dataFactory_managedVirtualNetwork" ] }, - { + "dataFactory_roleAssignments": { "copy": { "name": "dataFactory_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -922,10 +956,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.DataFactory/factories', parameters('name'))]" + "dataFactory" ] }, - { + "dataFactory_privateEndpoints": { "copy": { "name": "dataFactory_privateEndpoints", "count": "[length(parameters('privateEndpoints'))]" @@ -1449,10 +1483,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.DataFactory/factories', parameters('name'))]" + "dataFactory" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -1480,14 +1514,14 @@ "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference(resourceId('Microsoft.DataFactory/factories', parameters('name')), '2018-06-01', 'full').identity, 'principalId')), reference(resourceId('Microsoft.DataFactory/factories', parameters('name')), '2018-06-01', 'full').identity.principalId, '')]" + "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference('dataFactory', '2018-06-01', 'full').identity, 'principalId')), reference('dataFactory', '2018-06-01', 'full').identity.principalId, '')]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.DataFactory/factories', parameters('name')), '2018-06-01', 'full').location]" + "value": "[reference('dataFactory', '2018-06-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/data-protection/backup-vault/main.json b/modules/data-protection/backup-vault/main.json index 0251fbd6b9..44f040b926 100644 --- a/modules/data-protection/backup-vault/main.json +++ b/modules/data-protection/backup-vault/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "758221244478675783" + "templateHash": "15651036518447625148" }, "name": "Data Protection Backup Vaults", "description": "This module deploys a Data Protection Backup Vault.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -40,15 +68,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "systemAssignedIdentity": { @@ -127,8 +149,8 @@ "identity": "[if(not(equals(variables('identityType'), 'None')), createObject('type', variables('identityType')), null())]", "enableReferencedModulesTelemetry": false }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -142,7 +164,7 @@ } } }, - { + "backupVault": { "type": "Microsoft.DataProtection/backupVaults", "apiVersion": "2023-05-01", "name": "[parameters('name')]", @@ -165,21 +187,21 @@ "securitySettings": "[parameters('securitySettings')]" } }, - { - "condition": "[not(empty(parameters('lock')))]", + "backupVault_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.DataProtection/backupVaults/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.DataProtection/backupVaults', parameters('name'))]" + "backupVault" ] }, - { + "backupVault_backupPolicies": { "copy": { "name": "backupVault_backupPolicies", "count": "[length(parameters('backupPolicies'))]" @@ -296,10 +318,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.DataProtection/backupVaults', parameters('name'))]" + "backupVault" ] }, - { + "backupVault_roleAssignments": { "copy": { "name": "backupVault_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -447,10 +469,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.DataProtection/backupVaults', parameters('name'))]" + "backupVault" ] } - ], + }, "outputs": { "resourceId": { "type": "string", @@ -478,14 +500,14 @@ "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference(resourceId('Microsoft.DataProtection/backupVaults', parameters('name')), '2023-05-01', 'full').identity, 'principalId')), reference(resourceId('Microsoft.DataProtection/backupVaults', parameters('name')), '2023-05-01', 'full').identity.principalId, '')]" + "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference('backupVault', '2023-05-01', 'full').identity, 'principalId')), reference('backupVault', '2023-05-01', 'full').identity.principalId, '')]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.DataProtection/backupVaults', parameters('name')), '2023-05-01', 'full').location]" + "value": "[reference('backupVault', '2023-05-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/databricks/access-connector/main.json b/modules/databricks/access-connector/main.json index e7e834fff8..aaaff87d8f 100644 --- a/modules/databricks/access-connector/main.json +++ b/modules/databricks/access-connector/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "8282781227910546878" + "templateHash": "8192050845924017676" }, "name": "Azure Databricks Access Connectors", "description": "This module deploys an Azure Databricks Access Connector.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -40,15 +68,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "systemAssignedIdentity": { @@ -77,8 +99,8 @@ "identityType": "[if(parameters('systemAssignedIdentity'), if(not(empty(parameters('userAssignedIdentities'))), 'SystemAssigned,UserAssigned', 'SystemAssigned'), if(not(empty(parameters('userAssignedIdentities'))), 'UserAssigned', 'None'))]", "identity": "[if(not(equals(variables('identityType'), 'None')), createObject('type', variables('identityType'), 'userAssignedIdentities', if(not(empty(parameters('userAssignedIdentities'))), parameters('userAssignedIdentities'), null())), null())]" }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -92,7 +114,7 @@ } } }, - { + "accessConnector": { "type": "Microsoft.Databricks/accessConnectors", "apiVersion": "2022-10-01-preview", "name": "[parameters('name')]", @@ -101,21 +123,21 @@ "identity": "[variables('identity')]", "properties": {} }, - { - "condition": "[not(empty(parameters('lock')))]", + "accessConnector_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Databricks/accessConnectors/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Databricks/accessConnectors', parameters('name'))]" + "accessConnector" ] }, - { + "accessConnector_roleAssignments": { "copy": { "name": "accessConnector_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -262,10 +284,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Databricks/accessConnectors', parameters('name'))]" + "accessConnector" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -293,7 +315,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Databricks/accessConnectors', parameters('name')), '2022-10-01-preview', 'full').location]" + "value": "[reference('accessConnector', '2022-10-01-preview', 'full').location]" } } } \ No newline at end of file diff --git a/modules/databricks/workspace/main.json b/modules/databricks/workspace/main.json index 2b0c724494..a19a50a1df 100644 --- a/modules/databricks/workspace/main.json +++ b/modules/databricks/workspace/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "2200640508767792289" + "templateHash": "4771414046331192124" }, "name": "Azure Databricks Workspaces", "description": "This module deploys an Azure Databricks Workspace.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -80,15 +108,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "tags": { @@ -326,8 +348,8 @@ "diagnosticsLogs": "[if(contains(parameters('diagnosticLogCategoriesToEnable'), 'allLogs'), createArray(createObject('categoryGroup', 'allLogs', 'enabled', true())), if(contains(parameters('diagnosticLogCategoriesToEnable'), ''), createArray(), variables('diagnosticsLogsSpecified')))]", "enableReferencedModulesTelemetry": false }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -341,7 +363,43 @@ } } }, - { + "cMKManagedDisksKeyVault": { + "condition": "[not(empty(parameters('cMKManagedDisksKeyVaultResourceId')))]", + "existing": true, + "type": "Microsoft.KeyVault/vaults", + "apiVersion": "2023-02-01", + "subscriptionId": "[split(parameters('cMKManagedDisksKeyVaultResourceId'), '/')[2]]", + "resourceGroup": "[split(parameters('cMKManagedDisksKeyVaultResourceId'), '/')[4]]", + "name": "[last(split(parameters('cMKManagedDisksKeyVaultResourceId'), '/'))]" + }, + "cMKManagedDisksKeyVaultKey": { + "condition": "[and(not(empty(parameters('cMKManagedDisksKeyVaultResourceId'))), not(empty(parameters('cMKManagedDisksKeyName'))))]", + "existing": true, + "type": "Microsoft.KeyVault/vaults/keys", + "apiVersion": "2023-02-01", + "subscriptionId": "[split(parameters('cMKManagedDisksKeyVaultResourceId'), '/')[2]]", + "resourceGroup": "[split(parameters('cMKManagedDisksKeyVaultResourceId'), '/')[4]]", + "name": "[format('{0}/{1}', last(split(parameters('cMKManagedDisksKeyVaultResourceId'), '/')), parameters('cMKManagedDisksKeyName'))]" + }, + "cMKManagedServicesKeyVault": { + "condition": "[not(empty(parameters('cMKManagedServicesKeyVaultResourceId')))]", + "existing": true, + "type": "Microsoft.KeyVault/vaults", + "apiVersion": "2023-02-01", + "subscriptionId": "[split(parameters('cMKManagedServicesKeyVaultResourceId'), '/')[2]]", + "resourceGroup": "[split(parameters('cMKManagedServicesKeyVaultResourceId'), '/')[4]]", + "name": "[last(split(parameters('cMKManagedServicesKeyVaultResourceId'), '/'))]" + }, + "cMKManagedServicesKeyVaultKey": { + "condition": "[and(not(empty(parameters('cMKManagedServicesKeyVaultResourceId'))), not(empty(parameters('cMKManagedServicesKeyName'))))]", + "existing": true, + "type": "Microsoft.KeyVault/vaults/keys", + "apiVersion": "2023-02-01", + "subscriptionId": "[split(parameters('cMKManagedServicesKeyVaultResourceId'), '/')[2]]", + "resourceGroup": "[split(parameters('cMKManagedServicesKeyVaultResourceId'), '/')[4]]", + "name": "[format('{0}/{1}', last(split(parameters('cMKManagedServicesKeyVaultResourceId'), '/')), parameters('cMKManagedServicesKeyName'))]" + }, + "workspace": { "type": "Microsoft.Databricks/workspaces", "apiVersion": "2023-02-01", "name": "[parameters('name')]", @@ -355,24 +413,30 @@ "parameters": "[union(createObject('enableNoPublicIp', createObject('value', parameters('disablePublicIp')), 'prepareEncryption', createObject('value', parameters('prepareEncryption')), 'vnetAddressPrefix', createObject('value', parameters('vnetAddressPrefix')), 'requireInfrastructureEncryption', createObject('value', parameters('requireInfrastructureEncryption'))), if(not(empty(parameters('customVirtualNetworkResourceId'))), createObject('customVirtualNetworkId', createObject('value', parameters('customVirtualNetworkResourceId'))), createObject()), if(not(empty(parameters('amlWorkspaceResourceId'))), createObject('amlWorkspaceId', createObject('value', parameters('amlWorkspaceResourceId'))), createObject()), if(not(empty(parameters('customPrivateSubnetName'))), createObject('customPrivateSubnetName', createObject('value', parameters('customPrivateSubnetName'))), createObject()), if(not(empty(parameters('customPublicSubnetName'))), createObject('customPublicSubnetName', createObject('value', parameters('customPublicSubnetName'))), createObject()), if(not(empty(parameters('loadBalancerBackendPoolName'))), createObject('loadBalancerBackendPoolName', createObject('value', parameters('loadBalancerBackendPoolName'))), createObject()), if(not(empty(parameters('loadBalancerResourceId'))), createObject('loadBalancerId', createObject('value', parameters('loadBalancerResourceId'))), createObject()), if(not(empty(parameters('natGatewayName'))), createObject('natGatewayName', createObject('value', parameters('natGatewayName'))), createObject()), if(not(empty(parameters('publicIpName'))), createObject('publicIpName', createObject('value', parameters('publicIpName'))), createObject()), if(not(empty(parameters('storageAccountName'))), createObject('storageAccountName', createObject('value', parameters('storageAccountName'))), createObject()), if(not(empty(parameters('storageAccountSkuName'))), createObject('storageAccountSkuName', createObject('value', parameters('storageAccountSkuName'))), createObject()))]", "publicNetworkAccess": "[parameters('publicNetworkAccess')]", "requiredNsgRules": "[parameters('requiredNsgRules')]", - "encryption": "[if(or(not(empty(parameters('cMKManagedServicesKeyName'))), not(empty(parameters('cMKManagedServicesKeyName')))), createObject('entities', createObject('managedServices', if(not(empty(parameters('cMKManagedServicesKeyName'))), createObject('keySource', 'Microsoft.Keyvault', 'keyVaultProperties', createObject('keyVaultUri', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('cMKManagedServicesKeyVaultResourceId'), '/')[2], split(parameters('cMKManagedServicesKeyVaultResourceId'), '/')[4]), 'Microsoft.KeyVault/vaults', last(split(parameters('cMKManagedServicesKeyVaultResourceId'), '/'))), '2023-02-01').vaultUri, 'keyName', parameters('cMKManagedServicesKeyName'), 'keyVersion', if(not(empty(parameters('cMKManagedServicesKeyVersion'))), parameters('cMKManagedServicesKeyVersion'), last(split(reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('cMKManagedServicesKeyVaultResourceId'), '/')[2], split(parameters('cMKManagedServicesKeyVaultResourceId'), '/')[4]), 'Microsoft.KeyVault/vaults/keys', split(format('{0}/{1}', last(split(parameters('cMKManagedServicesKeyVaultResourceId'), '/')), parameters('cMKManagedServicesKeyName')), '/')[0], split(format('{0}/{1}', last(split(parameters('cMKManagedServicesKeyVaultResourceId'), '/')), parameters('cMKManagedServicesKeyName')), '/')[1]), '2023-02-01').keyUriWithVersion, '/'))))), null()), 'managedDisk', if(not(empty(parameters('cMKManagedDisksKeyName'))), createObject('keySource', 'Microsoft.Keyvault', 'keyVaultProperties', createObject('keyVaultUri', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('cMKManagedDisksKeyVaultResourceId'), '/')[2], split(parameters('cMKManagedDisksKeyVaultResourceId'), '/')[4]), 'Microsoft.KeyVault/vaults', last(split(parameters('cMKManagedDisksKeyVaultResourceId'), '/'))), '2023-02-01').vaultUri, 'keyName', parameters('cMKManagedDisksKeyName'), 'keyVersion', if(not(empty(parameters('cMKManagedDisksKeyVersion'))), parameters('cMKManagedDisksKeyVersion'), last(split(reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('cMKManagedDisksKeyVaultResourceId'), '/')[2], split(parameters('cMKManagedDisksKeyVaultResourceId'), '/')[4]), 'Microsoft.KeyVault/vaults/keys', split(format('{0}/{1}', last(split(parameters('cMKManagedDisksKeyVaultResourceId'), '/')), parameters('cMKManagedDisksKeyName')), '/')[0], split(format('{0}/{1}', last(split(parameters('cMKManagedDisksKeyVaultResourceId'), '/')), parameters('cMKManagedDisksKeyName')), '/')[1]), '2023-02-01').keyUriWithVersion, '/')))), 'rotationToLatestKeyVersionEnabled', parameters('cMKManagedDisksKeyRotationToLatestKeyVersionEnabled')), null()))), null())]" - } + "encryption": "[if(or(not(empty(parameters('cMKManagedServicesKeyName'))), not(empty(parameters('cMKManagedServicesKeyName')))), createObject('entities', createObject('managedServices', if(not(empty(parameters('cMKManagedServicesKeyName'))), createObject('keySource', 'Microsoft.Keyvault', 'keyVaultProperties', createObject('keyVaultUri', reference('cMKManagedServicesKeyVault').vaultUri, 'keyName', parameters('cMKManagedServicesKeyName'), 'keyVersion', if(not(empty(parameters('cMKManagedServicesKeyVersion'))), parameters('cMKManagedServicesKeyVersion'), last(split(reference('cMKManagedServicesKeyVaultKey').keyUriWithVersion, '/'))))), null()), 'managedDisk', if(not(empty(parameters('cMKManagedDisksKeyName'))), createObject('keySource', 'Microsoft.Keyvault', 'keyVaultProperties', createObject('keyVaultUri', reference('cMKManagedDisksKeyVault').vaultUri, 'keyName', parameters('cMKManagedDisksKeyName'), 'keyVersion', if(not(empty(parameters('cMKManagedDisksKeyVersion'))), parameters('cMKManagedDisksKeyVersion'), last(split(reference('cMKManagedDisksKeyVaultKey').keyUriWithVersion, '/')))), 'rotationToLatestKeyVersionEnabled', parameters('cMKManagedDisksKeyRotationToLatestKeyVersionEnabled')), null()))), null())]" + }, + "dependsOn": [ + "cMKManagedDisksKeyVault", + "cMKManagedDisksKeyVaultKey", + "cMKManagedServicesKeyVault", + "cMKManagedServicesKeyVaultKey" + ] }, - { - "condition": "[not(empty(parameters('lock')))]", + "workspace_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Databricks/workspaces/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Databricks/workspaces', parameters('name'))]" + "workspace" ] }, - { + "workspace_diagnosticSettings": { "condition": "[and(equals(parameters('skuName'), 'premium'), or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName')))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -386,10 +450,10 @@ "logs": "[variables('diagnosticsLogs')]" }, "dependsOn": [ - "[resourceId('Microsoft.Databricks/workspaces', parameters('name'))]" + "workspace" ] }, - { + "workspace_roleAssignments": { "copy": { "name": "workspace_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -534,10 +598,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Databricks/workspaces', parameters('name'))]" + "workspace" ] }, - { + "workspace_privateEndpoints": { "copy": { "name": "workspace_privateEndpoints", "count": "[length(parameters('privateEndpoints'))]" @@ -1061,10 +1125,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Databricks/workspaces', parameters('name'))]" + "workspace" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -1092,7 +1156,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Databricks/workspaces', parameters('name')), '2023-02-01', 'full').location]" + "value": "[reference('workspace', '2023-02-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/db-for-my-sql/flexible-server/main.json b/modules/db-for-my-sql/flexible-server/main.json index da56c4087f..14934d696f 100644 --- a/modules/db-for-my-sql/flexible-server/main.json +++ b/modules/db-for-my-sql/flexible-server/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "1515305312622683890" + "templateHash": "9516546029876865175" }, "name": "DBforMySQL Flexible Servers", "description": "This module deploys a DBforMySQL Flexible Server.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -19,15 +47,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "location": { @@ -428,8 +450,32 @@ "identity": "[if(not(equals(variables('identityType'), 'None')), createObject('type', variables('identityType'), 'userAssignedIdentities', if(not(empty(parameters('userAssignedIdentities'))), parameters('userAssignedIdentities'), null())), null())]", "enableReferencedModulesTelemetry": false }, - "resources": [ - { + "resources": { + "cMKKeyVault::cMKKey": { + "condition": "[and(not(empty(parameters('cMKKeyVaultResourceId'))), not(empty(parameters('cMKKeyName'))))]", + "existing": true, + "type": "Microsoft.KeyVault/vaults/keys", + "apiVersion": "2022-07-01", + "subscriptionId": "[split(parameters('cMKKeyVaultResourceId'), '/')[2]]", + "resourceGroup": "[split(parameters('cMKKeyVaultResourceId'), '/')[4]]", + "name": "[format('{0}/{1}', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName'))]", + "dependsOn": [ + "cMKKeyVault" + ] + }, + "geoBackupCMKKeyVault::geoBackupCMKKey": { + "condition": "[and(not(empty(parameters('geoBackupCMKKeyVaultResourceId'))), not(empty(parameters('geoBackupCMKKeyName'))))]", + "existing": true, + "type": "Microsoft.KeyVault/vaults/keys", + "apiVersion": "2023-02-01", + "subscriptionId": "[split(parameters('geoBackupCMKKeyVaultResourceId'), '/')[2]]", + "resourceGroup": "[split(parameters('geoBackupCMKKeyVaultResourceId'), '/')[4]]", + "name": "[format('{0}/{1}', last(split(parameters('geoBackupCMKKeyVaultResourceId'), '/')), parameters('geoBackupCMKKeyName'))]", + "dependsOn": [ + "geoBackupCMKKeyVault" + ] + }, + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -443,7 +489,25 @@ } } }, - { + "cMKKeyVault": { + "condition": "[not(empty(parameters('cMKKeyVaultResourceId')))]", + "existing": true, + "type": "Microsoft.KeyVault/vaults", + "apiVersion": "2023-02-01", + "subscriptionId": "[split(parameters('cMKKeyVaultResourceId'), '/')[2]]", + "resourceGroup": "[split(parameters('cMKKeyVaultResourceId'), '/')[4]]", + "name": "[last(split(parameters('cMKKeyVaultResourceId'), '/'))]" + }, + "geoBackupCMKKeyVault": { + "condition": "[not(empty(parameters('geoBackupCMKKeyVaultResourceId')))]", + "existing": true, + "type": "Microsoft.KeyVault/vaults", + "apiVersion": "2023-02-01", + "subscriptionId": "[split(parameters('geoBackupCMKKeyVaultResourceId'), '/')[2]]", + "resourceGroup": "[split(parameters('geoBackupCMKKeyVaultResourceId'), '/')[4]]", + "name": "[last(split(parameters('geoBackupCMKKeyVaultResourceId'), '/'))]" + }, + "flexibleServer": { "type": "Microsoft.DBforMySQL/flexibleServers", "apiVersion": "2022-09-30-preview", "name": "[parameters('name')]", @@ -463,7 +527,7 @@ "geoRedundantBackup": "[parameters('geoRedundantBackup')]" }, "createMode": "[parameters('createMode')]", - "dataEncryption": "[if(not(empty(parameters('cMKKeyName'))), createObject('type', 'AzureKeyVault', 'geoBackupKeyURI', if(equals(parameters('geoRedundantBackup'), 'Enabled'), if(not(empty(parameters('geoBackupCMKKeyVersion'))), format('{0}/{1}', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('geoBackupCMKKeyVaultResourceId'), '/')[2], split(parameters('geoBackupCMKKeyVaultResourceId'), '/')[4]), 'Microsoft.KeyVault/vaults/keys', last(split(parameters('geoBackupCMKKeyVaultResourceId'), '/')), parameters('geoBackupCMKKeyName')), '2023-02-01').keyUri, parameters('geoBackupCMKKeyVersion')), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('geoBackupCMKKeyVaultResourceId'), '/')[2], split(parameters('geoBackupCMKKeyVaultResourceId'), '/')[4]), 'Microsoft.KeyVault/vaults/keys', last(split(parameters('geoBackupCMKKeyVaultResourceId'), '/')), parameters('geoBackupCMKKeyName')), '2023-02-01').keyUriWithVersion), null()), 'geoBackupUserAssignedIdentityId', if(equals(parameters('geoRedundantBackup'), 'Enabled'), parameters('geoBackupCMKUserAssignedIdentityResourceId'), null()), 'primaryKeyURI', if(not(empty(parameters('cMKKeyVersion'))), format('{0}/{1}', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('cMKKeyVaultResourceId'), '/')[2], split(parameters('cMKKeyVaultResourceId'), '/')[4]), 'Microsoft.KeyVault/vaults/keys', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName')), '2022-07-01').keyUri, parameters('cMKKeyVersion')), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('cMKKeyVaultResourceId'), '/')[2], split(parameters('cMKKeyVaultResourceId'), '/')[4]), 'Microsoft.KeyVault/vaults/keys', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName')), '2022-07-01').keyUriWithVersion), 'primaryUserAssignedIdentityId', parameters('cMKUserAssignedIdentityResourceId')), null())]", + "dataEncryption": "[if(not(empty(parameters('cMKKeyName'))), createObject('type', 'AzureKeyVault', 'geoBackupKeyURI', if(equals(parameters('geoRedundantBackup'), 'Enabled'), if(not(empty(parameters('geoBackupCMKKeyVersion'))), format('{0}/{1}', reference('geoBackupCMKKeyVault::geoBackupCMKKey').keyUri, parameters('geoBackupCMKKeyVersion')), reference('geoBackupCMKKeyVault::geoBackupCMKKey').keyUriWithVersion), null()), 'geoBackupUserAssignedIdentityId', if(equals(parameters('geoRedundantBackup'), 'Enabled'), parameters('geoBackupCMKUserAssignedIdentityResourceId'), null()), 'primaryKeyURI', if(not(empty(parameters('cMKKeyVersion'))), format('{0}/{1}', reference('cMKKeyVault::cMKKey').keyUri, parameters('cMKKeyVersion')), reference('cMKKeyVault::cMKKey').keyUriWithVersion), 'primaryUserAssignedIdentityId', parameters('cMKUserAssignedIdentityResourceId')), null())]", "highAvailability": { "mode": "[parameters('highAvailability')]", "standbyAvailabilityZone": "[if(equals(parameters('highAvailability'), 'SameZone'), parameters('availabilityZone'), null())]" @@ -480,23 +544,27 @@ "storageSizeGB": "[parameters('storageSizeGB')]" }, "version": "[parameters('version')]" - } + }, + "dependsOn": [ + "cMKKeyVault", + "geoBackupCMKKeyVault" + ] }, - { - "condition": "[not(empty(parameters('lock')))]", + "flexibleServer_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.DBforMySQL/flexibleServers/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.DBforMySQL/flexibleServers', parameters('name'))]" + "flexibleServer" ] }, - { + "flexibleServer_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -511,10 +579,10 @@ "logs": "[variables('diagnosticsLogs')]" }, "dependsOn": [ - "[resourceId('Microsoft.DBforMySQL/flexibleServers', parameters('name'))]" + "flexibleServer" ] }, - { + "flexibleServer_roleAssignments": { "copy": { "name": "flexibleServer_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -660,10 +728,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.DBforMySQL/flexibleServers', parameters('name'))]" + "flexibleServer" ] }, - { + "flexibleServer_databases": { "copy": { "name": "flexibleServer_databases", "count": "[length(parameters('databases'))]" @@ -795,10 +863,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.DBforMySQL/flexibleServers', parameters('name'))]" + "flexibleServer" ] }, - { + "flexibleServer_firewallRules": { "copy": { "name": "flexibleServer_firewallRules", "count": "[length(parameters('firewallRules'))]" @@ -925,10 +993,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.DBforMySQL/flexibleServers', parameters('name'))]" + "flexibleServer" ] }, - { + "flexibleServer_administrators": { "copy": { "name": "flexibleServer_administrators", "count": "[length(parameters('administrators'))]" @@ -1070,10 +1138,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.DBforMySQL/flexibleServers', parameters('name'))]" + "flexibleServer" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -1101,7 +1169,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.DBforMySQL/flexibleServers', parameters('name')), '2022-09-30-preview', 'full').location]" + "value": "[reference('flexibleServer', '2022-09-30-preview', 'full').location]" } } } \ No newline at end of file diff --git a/modules/db-for-postgre-sql/flexible-server/main.json b/modules/db-for-postgre-sql/flexible-server/main.json index e737116aa5..a777f2cfde 100644 --- a/modules/db-for-postgre-sql/flexible-server/main.json +++ b/modules/db-for-postgre-sql/flexible-server/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "2675797994216094359" + "templateHash": "14367037120774129856" }, "name": "DBforPostgreSQL Flexible Servers", "description": "This module deploys a DBforPostgreSQL Flexible Server.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -275,15 +303,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -397,8 +419,8 @@ "diagnosticsLogs": "[if(contains(parameters('diagnosticLogCategoriesToEnable'), 'allLogs'), createArray(createObject('categoryGroup', 'allLogs', 'enabled', true())), if(contains(parameters('diagnosticLogCategoriesToEnable'), ''), createArray(), variables('diagnosticsLogsSpecified')))]", "enableReferencedModulesTelemetry": false }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -412,7 +434,16 @@ } } }, - { + "cMKKeyVaultKey": { + "condition": "[and(not(empty(parameters('cMKKeyVaultResourceId'))), not(empty(parameters('cMKKeyName'))))]", + "existing": true, + "type": "Microsoft.KeyVault/vaults/keys", + "apiVersion": "2022-07-01", + "subscriptionId": "[split(parameters('cMKKeyVaultResourceId'), '/')[2]]", + "resourceGroup": "[split(parameters('cMKKeyVaultResourceId'), '/')[4]]", + "name": "[format('{0}/{1}', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName'))]" + }, + "flexibleServer": { "type": "Microsoft.DBforPostgreSQL/flexibleServers", "apiVersion": "2022-12-01", "name": "[parameters('name')]", @@ -440,7 +471,7 @@ "geoRedundantBackup": "[parameters('geoRedundantBackup')]" }, "createMode": "[parameters('createMode')]", - "dataEncryption": "[if(not(empty(parameters('cMKKeyName'))), createObject('primaryKeyURI', if(not(empty(parameters('cMKKeyVersion'))), format('{0}/{1}', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('cMKKeyVaultResourceId'), '/')[2], split(parameters('cMKKeyVaultResourceId'), '/')[4]), 'Microsoft.KeyVault/vaults/keys', split(format('{0}/{1}', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName')), '/')[0], split(format('{0}/{1}', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName')), '/')[1]), '2022-07-01').keyUri, parameters('cMKKeyVersion')), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('cMKKeyVaultResourceId'), '/')[2], split(parameters('cMKKeyVaultResourceId'), '/')[4]), 'Microsoft.KeyVault/vaults/keys', split(format('{0}/{1}', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName')), '/')[0], split(format('{0}/{1}', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName')), '/')[1]), '2022-07-01').keyUriWithVersion), 'primaryUserAssignedIdentityId', parameters('cMKUserAssignedIdentityResourceId'), 'type', 'AzureKeyVault'), null())]", + "dataEncryption": "[if(not(empty(parameters('cMKKeyName'))), createObject('primaryKeyURI', if(not(empty(parameters('cMKKeyVersion'))), format('{0}/{1}', reference('cMKKeyVaultKey').keyUri, parameters('cMKKeyVersion')), reference('cMKKeyVaultKey').keyUriWithVersion), 'primaryUserAssignedIdentityId', parameters('cMKUserAssignedIdentityResourceId'), 'type', 'AzureKeyVault'), null())]", "highAvailability": { "mode": "[parameters('highAvailability')]", "standbyAvailabilityZone": "[if(equals(parameters('highAvailability'), 'SameZone'), parameters('availabilityZone'), null())]" @@ -453,23 +484,26 @@ "storageSizeGB": "[parameters('storageSizeGB')]" }, "version": "[parameters('version')]" - } + }, + "dependsOn": [ + "cMKKeyVaultKey" + ] }, - { - "condition": "[not(empty(parameters('lock')))]", + "flexibleServer_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.DBforPostgreSQL/flexibleServers/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.DBforPostgreSQL/flexibleServers', parameters('name'))]" + "flexibleServer" ] }, - { + "flexibleServer_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -484,10 +518,10 @@ "logs": "[variables('diagnosticsLogs')]" }, "dependsOn": [ - "[resourceId('Microsoft.DBforPostgreSQL/flexibleServers', parameters('name'))]" + "flexibleServer" ] }, - { + "flexibleServer_roleAssignments": { "copy": { "name": "flexibleServer_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -632,10 +666,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.DBforPostgreSQL/flexibleServers', parameters('name'))]" + "flexibleServer" ] }, - { + "flexibleServer_databases": { "copy": { "name": "flexibleServer_databases", "count": "[length(parameters('databases'))]" @@ -767,10 +801,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.DBforPostgreSQL/flexibleServers', parameters('name'))]" + "flexibleServer" ] }, - { + "flexibleServer_firewallRules": { "copy": { "name": "flexibleServer_firewallRules", "count": "[length(parameters('firewallRules'))]" @@ -897,11 +931,11 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.DBforPostgreSQL/flexibleServers', parameters('name'))]", + "flexibleServer", "flexibleServer_databases" ] }, - { + "flexibleServer_configurations": { "copy": { "name": "flexibleServer_configurations", "count": "[length(parameters('configurations'))]", @@ -1035,11 +1069,11 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.DBforPostgreSQL/flexibleServers', parameters('name'))]", + "flexibleServer", "flexibleServer_firewallRules" ] }, - { + "flexibleServer_administrators": { "copy": { "name": "flexibleServer_administrators", "count": "[length(parameters('administrators'))]" @@ -1185,10 +1219,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.DBforPostgreSQL/flexibleServers', parameters('name'))]" + "flexibleServer" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -1216,7 +1250,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.DBforPostgreSQL/flexibleServers', parameters('name')), '2022-12-01', 'full').location]" + "value": "[reference('flexibleServer', '2022-12-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/desktop-virtualization/application-group/main.json b/modules/desktop-virtualization/application-group/main.json index a84976fdda..79e4a8b94c 100644 --- a/modules/desktop-virtualization/application-group/main.json +++ b/modules/desktop-virtualization/application-group/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "8705022781837382520" + "templateHash": "14151741428867025425" }, "name": "Azure Virtual Desktop (AVD) Application Groups", "description": "This module deploys an Azure Virtual Desktop (AVD) Application Group.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -92,15 +120,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "tags": { @@ -162,8 +184,8 @@ "diagnosticsLogs": "[if(contains(parameters('diagnosticLogCategoriesToEnable'), 'allLogs'), createArray(createObject('categoryGroup', 'allLogs', 'enabled', true())), if(contains(parameters('diagnosticLogCategoriesToEnable'), ''), createArray(), variables('diagnosticsLogsSpecified')))]", "enableReferencedModulesTelemetry": false }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -177,7 +199,13 @@ } } }, - { + "appGroup_hostpool": { + "existing": true, + "type": "Microsoft.DesktopVirtualization/hostPools", + "apiVersion": "2022-09-09", + "name": "[parameters('hostpoolName')]" + }, + "appGroup": { "type": "Microsoft.DesktopVirtualization/applicationGroups", "apiVersion": "2022-09-09", "name": "[parameters('name')]", @@ -188,23 +216,26 @@ "friendlyName": "[parameters('friendlyName')]", "description": "[parameters('description')]", "applicationGroupType": "[parameters('applicationGroupType')]" - } + }, + "dependsOn": [ + "appGroup_hostpool" + ] }, - { - "condition": "[not(empty(parameters('lock')))]", + "appGroup_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.DesktopVirtualization/applicationGroups/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.DesktopVirtualization/applicationGroups', parameters('name'))]" + "appGroup" ] }, - { + "appGroup_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -218,10 +249,10 @@ "logs": "[variables('diagnosticsLogs')]" }, "dependsOn": [ - "[resourceId('Microsoft.DesktopVirtualization/applicationGroups', parameters('name'))]" + "appGroup" ] }, - { + "appGroup_applications": { "copy": { "name": "appGroup_applications", "count": "[length(parameters('applications'))]" @@ -405,10 +436,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.DesktopVirtualization/applicationGroups', parameters('name'))]" + "appGroup" ] }, - { + "appGroup_roleAssignments": { "copy": { "name": "appGroup_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -567,10 +598,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.DesktopVirtualization/applicationGroups', parameters('name'))]" + "appGroup" ] } - ], + }, "outputs": { "resourceId": { "type": "string", @@ -598,7 +629,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.DesktopVirtualization/applicationGroups', parameters('name')), '2022-09-09', 'full').location]" + "value": "[reference('appGroup', '2022-09-09', 'full').location]" } } } \ No newline at end of file diff --git a/modules/desktop-virtualization/host-pool/main.json b/modules/desktop-virtualization/host-pool/main.json index 9f61db2a23..9b948e77f8 100644 --- a/modules/desktop-virtualization/host-pool/main.json +++ b/modules/desktop-virtualization/host-pool/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "15971169028304265471" + "templateHash": "14351870232207146144" }, "name": "Azure Virtual Desktop (AVD) Host Pools", "description": "This module deploys an Azure Virtual Desktop (AVD) Host Pool.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -146,15 +174,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "tags": { @@ -354,8 +376,8 @@ "diagnosticsLogs": "[if(contains(parameters('diagnosticLogCategoriesToEnable'), 'allLogs'), createArray(createObject('categoryGroup', 'allLogs', 'enabled', true())), if(contains(parameters('diagnosticLogCategoriesToEnable'), ''), createArray(), variables('diagnosticsLogsSpecified')))]", "tokenExpirationTime": "[dateTimeAdd(parameters('baseTime'), parameters('tokenValidityLength'))]" }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -369,7 +391,7 @@ } } }, - { + "hostPool": { "type": "Microsoft.DesktopVirtualization/hostPools", "apiVersion": "2022-09-09", "name": "[parameters('name')]", @@ -400,21 +422,21 @@ "ssoSecretType": "[if(not(empty(parameters('ssoSecretType'))), parameters('ssoSecretType'), null())]" } }, - { - "condition": "[not(empty(parameters('lock')))]", + "hostPool_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.DesktopVirtualization/hostPools/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.DesktopVirtualization/hostPools', parameters('name'))]" + "hostPool" ] }, - { + "hostPool_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -428,10 +450,10 @@ "logs": "[variables('diagnosticsLogs')]" }, "dependsOn": [ - "[resourceId('Microsoft.DesktopVirtualization/hostPools', parameters('name'))]" + "hostPool" ] }, - { + "hostPool_roleAssignments": { "copy": { "name": "hostPool_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -590,10 +612,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.DesktopVirtualization/hostPools', parameters('name'))]" + "hostPool" ] } - ], + }, "outputs": { "resourceId": { "type": "string", @@ -628,7 +650,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.DesktopVirtualization/hostPools', parameters('name')), '2022-09-09', 'full').location]" + "value": "[reference('hostPool', '2022-09-09', 'full').location]" } } } \ No newline at end of file diff --git a/modules/desktop-virtualization/workspace/main.json b/modules/desktop-virtualization/workspace/main.json index b96c1b5e6c..8de43e23ad 100644 --- a/modules/desktop-virtualization/workspace/main.json +++ b/modules/desktop-virtualization/workspace/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "8129248040868416848" + "templateHash": "346606574867500631" }, "name": "Azure Virtual Desktop (AVD) Workspaces", "description": "This module deploys an Azure Virtual Desktop (AVD) Workspace.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -75,15 +103,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "tags": { @@ -145,8 +167,8 @@ ], "diagnosticsLogs": "[if(contains(parameters('diagnosticLogCategoriesToEnable'), 'allLogs'), createArray(createObject('categoryGroup', 'allLogs', 'enabled', true())), if(contains(parameters('diagnosticLogCategoriesToEnable'), ''), createArray(), variables('diagnosticsLogsSpecified')))]" }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -160,7 +182,7 @@ } } }, - { + "workspace": { "type": "Microsoft.DesktopVirtualization/workspaces", "apiVersion": "2022-09-09", "name": "[parameters('name')]", @@ -172,21 +194,21 @@ "friendlyName": "[parameters('friendlyName')]" } }, - { - "condition": "[not(empty(parameters('lock')))]", + "workspace_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.DesktopVirtualization/workspaces/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.DesktopVirtualization/workspaces', parameters('name'))]" + "workspace" ] }, - { + "workspace_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -200,10 +222,10 @@ "logs": "[variables('diagnosticsLogs')]" }, "dependsOn": [ - "[resourceId('Microsoft.DesktopVirtualization/workspaces', parameters('name'))]" + "workspace" ] }, - { + "workspace_roleAssignments": { "copy": { "name": "workspace_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -362,10 +384,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.DesktopVirtualization/workspaces', parameters('name'))]" + "workspace" ] } - ], + }, "outputs": { "resourceId": { "type": "string", @@ -393,7 +415,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.DesktopVirtualization/workspaces', parameters('name')), '2022-09-09', 'full').location]" + "value": "[reference('workspace', '2022-09-09', 'full').location]" } } } \ No newline at end of file diff --git a/modules/dev-test-lab/lab/main.json b/modules/dev-test-lab/lab/main.json index a83a20dd30..75806465ef 100644 --- a/modules/dev-test-lab/lab/main.json +++ b/modules/dev-test-lab/lab/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "12564230212135431557" + "templateHash": "13792715418328262207" }, "name": "DevTest Labs", "description": "This module deploys a DevTest Lab.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -26,15 +54,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -248,8 +270,8 @@ "variables": { "enableReferencedModulesTelemetry": false }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -263,7 +285,7 @@ } } }, - { + "lab": { "type": "Microsoft.DevTestLab/labs", "apiVersion": "2018-10-15-preview", "name": "[parameters('name')]", @@ -294,21 +316,21 @@ } } }, - { - "condition": "[not(empty(parameters('lock')))]", + "lab_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.DevTestLab/labs/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.DevTestLab/labs', parameters('name'))]" + "lab" ] }, - { + "lab_virtualNetworks": { "copy": { "name": "lab_virtualNetworks", "count": "[length(parameters('virtualnetworks'))]" @@ -463,10 +485,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.DevTestLab/labs', parameters('name'))]" + "lab" ] }, - { + "lab_policies": { "copy": { "name": "lab_policies", "count": "[length(parameters('policies'))]" @@ -668,10 +690,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.DevTestLab/labs', parameters('name'))]" + "lab" ] }, - { + "lab_schedules": { "copy": { "name": "lab_schedules", "count": "[length(parameters('schedules'))]" @@ -886,10 +908,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.DevTestLab/labs', parameters('name'))]" + "lab" ] }, - { + "lab_notificationChannels": { "copy": { "name": "lab_notificationChannels", "count": "[length(parameters('notificationchannels'))]" @@ -1058,10 +1080,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.DevTestLab/labs', parameters('name'))]" + "lab" ] }, - { + "lab_artifactSources": { "copy": { "name": "lab_artifactSources", "count": "[length(parameters('artifactsources'))]" @@ -1261,10 +1283,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.DevTestLab/labs', parameters('name'))]" + "lab" ] }, - { + "lab_costs": { "condition": "[not(empty(parameters('costs')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -1599,10 +1621,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.DevTestLab/labs', parameters('name'))]" + "lab" ] }, - { + "lab_roleAssignments": { "copy": { "name": "lab_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -1749,24 +1771,24 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.DevTestLab/labs', parameters('name'))]" + "lab" ] } - ], + }, "outputs": { "systemAssignedPrincipalId": { "type": "string", "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[reference(resourceId('Microsoft.DevTestLab/labs', parameters('name')), '2018-10-15-preview', 'full').identity.principalId]" + "value": "[reference('lab', '2018-10-15-preview', 'full').identity.principalId]" }, "uniqueIdentifier": { "type": "string", "metadata": { "description": "The unique identifier for the lab. Used to track tags that the lab applies to each resource that it creates." }, - "value": "[reference(resourceId('Microsoft.DevTestLab/labs', parameters('name')), '2018-10-15-preview').uniqueIdentifier]" + "value": "[reference('lab').uniqueIdentifier]" }, "resourceGroupName": { "type": "string", @@ -1794,7 +1816,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.DevTestLab/labs', parameters('name')), '2018-10-15-preview', 'full').location]" + "value": "[reference('lab', '2018-10-15-preview', 'full').location]" } } } \ No newline at end of file diff --git a/modules/digital-twins/digital-twins-instance/main.json b/modules/digital-twins/digital-twins-instance/main.json index 958cae8390..008dddb0b2 100644 --- a/modules/digital-twins/digital-twins-instance/main.json +++ b/modules/digital-twins/digital-twins-instance/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "5421587631064538780" + "templateHash": "3204203823999755904" }, "name": "Digital Twins Instances", "description": "This module deploys an Azure Digital Twins Instance.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -35,15 +63,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "systemAssignedIdentity": { @@ -206,8 +228,8 @@ "identity": "[if(not(equals(variables('identityType'), 'None')), createObject('type', variables('identityType'), 'userAssignedIdentities', if(not(empty(parameters('userAssignedIdentities'))), parameters('userAssignedIdentities'), null())), null())]", "diagnosticsLogs": "[if(contains(parameters('diagnosticLogCategoriesToEnable'), 'allLogs'), createArray(createObject('categoryGroup', 'allLogs', 'enabled', true())), if(contains(parameters('diagnosticLogCategoriesToEnable'), ''), createArray(), variables('diagnosticsLogsSpecified')))]" }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -221,7 +243,7 @@ } } }, - { + "digitalTwinsInstance": { "type": "Microsoft.DigitalTwins/digitalTwinsInstances", "apiVersion": "2023-01-31", "name": "[parameters('name')]", @@ -232,7 +254,7 @@ "publicNetworkAccess": "[if(not(empty(parameters('publicNetworkAccess'))), parameters('publicNetworkAccess'), if(not(empty(parameters('privateEndpoints'))), 'Disabled', 'Enabled'))]" } }, - { + "digitalTwinsInstance_lock": { "condition": "[not(empty(parameters('lock')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2017-04-01", @@ -243,10 +265,10 @@ "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.DigitalTwins/digitalTwinsInstances', parameters('name'))]" + "digitalTwinsInstance" ] }, - { + "digitalTwinsInstance_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -261,10 +283,10 @@ "logs": "[variables('diagnosticsLogs')]" }, "dependsOn": [ - "[resourceId('Microsoft.DigitalTwins/digitalTwinsInstances', parameters('name'))]" + "digitalTwinsInstance" ] }, - { + "digitalTwinsInstance_eventHubEndpoint": { "condition": "[not(empty(parameters('eventHubEndpoint')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -456,10 +478,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.DigitalTwins/digitalTwinsInstances', parameters('name'))]" + "digitalTwinsInstance" ] }, - { + "digitalTwinsInstance_eventGridEndpoint": { "condition": "[not(empty(parameters('eventGridEndpoint')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -599,10 +621,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.DigitalTwins/digitalTwinsInstances', parameters('name'))]" + "digitalTwinsInstance" ] }, - { + "digitalTwinsInstance_serviceBusEndpoint": { "condition": "[not(empty(parameters('serviceBusEndpoint')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -794,10 +816,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.DigitalTwins/digitalTwinsInstances', parameters('name'))]" + "digitalTwinsInstance" ] }, - { + "digitalTwinsInstance_privateEndpoints": { "copy": { "name": "digitalTwinsInstance_privateEndpoints", "count": "[length(parameters('privateEndpoints'))]" @@ -1318,10 +1340,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.DigitalTwins/digitalTwinsInstances', parameters('name'))]" + "digitalTwinsInstance" ] }, - { + "digitalTwinsInstance_roleAssignments": { "copy": { "name": "digitalTwinsInstance_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -1469,10 +1491,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.DigitalTwins/digitalTwinsInstances', parameters('name'))]" + "digitalTwinsInstance" ] } - ], + }, "outputs": { "resourceId": { "type": "string", @@ -1500,14 +1522,14 @@ "metadata": { "description": "The hostname of the Digital Twins Instance." }, - "value": "[reference(resourceId('Microsoft.DigitalTwins/digitalTwinsInstances', parameters('name')), '2023-01-31').hostName]" + "value": "[reference('digitalTwinsInstance').hostName]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.DigitalTwins/digitalTwinsInstances', parameters('name')), '2023-01-31', 'full').location]" + "value": "[reference('digitalTwinsInstance', '2023-01-31', 'full').location]" } } } \ No newline at end of file diff --git a/modules/document-db/database-account/main.json b/modules/document-db/database-account/main.json index 92692742b6..9e1af312bc 100644 --- a/modules/document-db/database-account/main.json +++ b/modules/document-db/database-account/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "14731361995400554127" + "templateHash": "11058558663697646911" }, "name": "DocumentDB Database Accounts", "description": "This module deploys a DocumentDB Database Account.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -150,15 +178,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -375,8 +397,8 @@ "backupPolicy": "[if(equals(parameters('backupPolicyType'), 'Continuous'), createObject('type', parameters('backupPolicyType'), 'continuousModeProperties', createObject('tier', parameters('backupPolicyContinuousTier'))), createObject('type', parameters('backupPolicyType'), 'periodicModeProperties', createObject('backupIntervalInMinutes', parameters('backupIntervalInMinutes'), 'backupRetentionIntervalInHours', parameters('backupRetentionIntervalInHours'), 'backupStorageRedundancy', parameters('backupStorageRedundancy'))))]", "databaseAccount_properties": "[union(createObject('databaseAccountOfferType', parameters('databaseAccountOfferType')), if(or(or(not(empty(parameters('sqlDatabases'))), not(empty(parameters('mongodbDatabases')))), not(empty(parameters('gremlinDatabases')))), createObject('consistencyPolicy', variables('consistencyPolicy')[parameters('defaultConsistencyLevel')], 'locations', variables('databaseAccount_locations'), 'capabilities', variables('capabilities'), 'enableFreeTier', parameters('enableFreeTier'), 'backupPolicy', variables('backupPolicy')), createObject()), if(not(empty(parameters('sqlDatabases'))), createObject('enableAutomaticFailover', parameters('automaticFailover')), createObject()), if(not(empty(parameters('mongodbDatabases'))), createObject('apiProperties', createObject('serverVersion', parameters('serverVersion'))), createObject()))]" }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -390,7 +412,7 @@ } } }, - { + "databaseAccount": { "type": "Microsoft.DocumentDB/databaseAccounts", "apiVersion": "2023-04-15", "name": "[parameters('name')]", @@ -400,21 +422,21 @@ "kind": "[variables('kind')]", "properties": "[variables('databaseAccount_properties')]" }, - { - "condition": "[not(empty(parameters('lock')))]", + "databaseAccount_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.DocumentDB/databaseAccounts/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('name'))]" + "databaseAccount" ] }, - { + "databaseAccount_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -429,10 +451,10 @@ "logs": "[variables('diagnosticsLogs')]" }, "dependsOn": [ - "[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('name'))]" + "databaseAccount" ] }, - { + "databaseAccount_roleAssignments": { "copy": { "name": "databaseAccount_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -582,10 +604,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('name'))]" + "databaseAccount" ] }, - { + "databaseAccount_sqlDatabases": { "copy": { "name": "databaseAccount_sqlDatabases", "count": "[length(parameters('sqlDatabases'))]" @@ -951,10 +973,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('name'))]" + "databaseAccount" ] }, - { + "databaseAccount_mongodbDatabases": { "copy": { "name": "databaseAccount_mongodbDatabases", "count": "[length(parameters('mongodbDatabases'))]" @@ -1241,10 +1263,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('name'))]" + "databaseAccount" ] }, - { + "databaseAccount_gremlinDatabases": { "copy": { "name": "databaseAccount_gremlinDatabases", "count": "[length(parameters('gremlinDatabases'))]" @@ -1554,10 +1576,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('name'))]" + "databaseAccount" ] }, - { + "databaseAccount_privateEndpoints": { "copy": { "name": "databaseAccount_privateEndpoints", "count": "[length(parameters('privateEndpoints'))]" @@ -2081,10 +2103,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('name'))]" + "databaseAccount" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -2112,14 +2134,14 @@ "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference(resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('name')), '2023-04-15', 'full').identity, 'principalId')), reference(resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('name')), '2023-04-15', 'full').identity.principalId, '')]" + "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference('databaseAccount', '2023-04-15', 'full').identity, 'principalId')), reference('databaseAccount', '2023-04-15', 'full').identity.principalId, '')]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('name')), '2023-04-15', 'full').location]" + "value": "[reference('databaseAccount', '2023-04-15', 'full').location]" } } } \ No newline at end of file diff --git a/modules/event-grid/domain/main.json b/modules/event-grid/domain/main.json index a9c801166c..1667e5fb09 100644 --- a/modules/event-grid/domain/main.json +++ b/modules/event-grid/domain/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "4315845252350634330" + "templateHash": "6985770419689597708" }, "name": "Event Grid Domains", "description": "This module deploys an Event Grid Domain.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -101,15 +129,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "tags": { @@ -191,8 +213,8 @@ "enableReferencedModulesTelemetry": false, "diagnosticsLogs": "[if(contains(parameters('diagnosticLogCategoriesToEnable'), 'allLogs'), createArray(createObject('categoryGroup', 'allLogs', 'enabled', true())), if(contains(parameters('diagnosticLogCategoriesToEnable'), ''), createArray(), variables('diagnosticsLogsSpecified')))]" }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -206,7 +228,7 @@ } } }, - { + "domain": { "type": "Microsoft.EventGrid/domains", "apiVersion": "2022-06-15", "name": "[parameters('name')]", @@ -219,21 +241,21 @@ "autoDeleteTopicWithLastSubscription": "[parameters('autoDeleteTopicWithLastSubscription')]" } }, - { - "condition": "[not(empty(parameters('lock')))]", + "domain_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.EventGrid/domains/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.EventGrid/domains', parameters('name'))]" + "domain" ] }, - { + "domain_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -248,10 +270,10 @@ "logs": "[variables('diagnosticsLogs')]" }, "dependsOn": [ - "[resourceId('Microsoft.EventGrid/domains', parameters('name'))]" + "domain" ] }, - { + "domain_topics": { "copy": { "name": "domain_topics", "count": "[length(parameters('topics'))]" @@ -366,10 +388,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.EventGrid/domains', parameters('name'))]" + "domain" ] }, - { + "domain_privateEndpoints": { "copy": { "name": "domain_privateEndpoints", "count": "[length(parameters('privateEndpoints'))]" @@ -893,10 +915,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.EventGrid/domains', parameters('name'))]" + "domain" ] }, - { + "domain_roleAssignments": { "copy": { "name": "domain_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -1047,10 +1069,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.EventGrid/domains', parameters('name'))]" + "domain" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -1078,7 +1100,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.EventGrid/domains', parameters('name')), '2022-06-15', 'full').location]" + "value": "[reference('domain', '2022-06-15', 'full').location]" } } } \ No newline at end of file diff --git a/modules/event-grid/system-topic/main.json b/modules/event-grid/system-topic/main.json index d47e0b9d3f..56564d3be1 100644 --- a/modules/event-grid/system-topic/main.json +++ b/modules/event-grid/system-topic/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "13215489869065606829" + "templateHash": "5976620650016374171" }, "name": "Event Grid System Topics", "description": "This module deploys an Event Grid System Topic.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -80,15 +108,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "systemAssignedIdentity": { @@ -177,8 +199,8 @@ "identity": "[if(not(equals(variables('identityType'), 'None')), createObject('type', variables('identityType'), 'userAssignedIdentities', if(not(empty(parameters('userAssignedIdentities'))), parameters('userAssignedIdentities'), null())), null())]", "diagnosticsLogs": "[if(contains(parameters('diagnosticLogCategoriesToEnable'), 'allLogs'), createArray(createObject('categoryGroup', 'allLogs', 'enabled', true())), if(contains(parameters('diagnosticLogCategoriesToEnable'), ''), createArray(), variables('diagnosticsLogsSpecified')))]" }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -192,7 +214,7 @@ } } }, - { + "systemTopic": { "type": "Microsoft.EventGrid/systemTopics", "apiVersion": "2021-12-01", "name": "[parameters('name')]", @@ -204,21 +226,21 @@ "topicType": "[parameters('topicType')]" } }, - { - "condition": "[not(empty(parameters('lock')))]", + "systemTopic_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.EventGrid/systemTopics/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.EventGrid/systemTopics', parameters('name'))]" + "systemTopic" ] }, - { + "systemTopic_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -233,10 +255,10 @@ "logs": "[variables('diagnosticsLogs')]" }, "dependsOn": [ - "[resourceId('Microsoft.EventGrid/systemTopics', parameters('name'))]" + "systemTopic" ] }, - { + "systemTopics_eventSubscriptions": { "copy": { "name": "systemTopics_eventSubscriptions", "count": "[length(parameters('eventSubscriptions'))]" @@ -267,7 +289,7 @@ "expirationTimeUtc": "[if(contains(parameters('eventSubscriptions')[copyIndex()], 'expirationTimeUtc'), createObject('value', parameters('eventSubscriptions')[copyIndex()].expirationTimeUtc), createObject('value', ''))]", "filter": "[if(contains(parameters('eventSubscriptions')[copyIndex()], 'filter'), createObject('value', parameters('eventSubscriptions')[copyIndex()].filter), createObject('value', createObject()))]", "labels": "[if(contains(parameters('eventSubscriptions')[copyIndex()], 'labels'), createObject('value', parameters('eventSubscriptions')[copyIndex()].labels), createObject('value', createArray()))]", - "location": "[if(contains(parameters('eventSubscriptions')[copyIndex()], 'location'), createObject('value', parameters('eventSubscriptions')[copyIndex()].location), createObject('value', reference(resourceId('Microsoft.EventGrid/systemTopics', parameters('name')), '2021-12-01', 'full').location))]", + "location": "[if(contains(parameters('eventSubscriptions')[copyIndex()], 'location'), createObject('value', parameters('eventSubscriptions')[copyIndex()].location), createObject('value', reference('systemTopic', '2021-12-01', 'full').location))]", "retryPolicy": "[if(contains(parameters('eventSubscriptions')[copyIndex()], 'retryPolicy'), createObject('value', parameters('eventSubscriptions')[copyIndex()].retryPolicy), createObject('value', createObject()))]" }, "template": { @@ -444,10 +466,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.EventGrid/systemTopics', parameters('name'))]" + "systemTopic" ] }, - { + "systemTopic_roleAssignments": { "copy": { "name": "systemTopic_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -598,10 +620,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.EventGrid/systemTopics', parameters('name'))]" + "systemTopic" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -629,14 +651,14 @@ "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference(resourceId('Microsoft.EventGrid/systemTopics', parameters('name')), '2021-12-01', 'full').identity, 'principalId')), reference(resourceId('Microsoft.EventGrid/systemTopics', parameters('name')), '2021-12-01', 'full').identity.principalId, '')]" + "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference('systemTopic', '2021-12-01', 'full').identity, 'principalId')), reference('systemTopic', '2021-12-01', 'full').identity.principalId, '')]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.EventGrid/systemTopics', parameters('name')), '2021-12-01', 'full').location]" + "value": "[reference('systemTopic', '2021-12-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/event-grid/topic/main.json b/modules/event-grid/topic/main.json index 67baf2c2eb..745e99b9f0 100644 --- a/modules/event-grid/topic/main.json +++ b/modules/event-grid/topic/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "607231381512069832" + "templateHash": "2449284667286804249" }, "name": "Event Grid Topics", "description": "This module deploys an Event Grid Topic.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -94,15 +122,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "tags": { @@ -177,8 +199,8 @@ "enableReferencedModulesTelemetry": false, "diagnosticsLogs": "[if(contains(parameters('diagnosticLogCategoriesToEnable'), 'allLogs'), createArray(createObject('categoryGroup', 'allLogs', 'enabled', true())), if(contains(parameters('diagnosticLogCategoriesToEnable'), ''), createArray(), variables('diagnosticsLogsSpecified')))]" }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -192,7 +214,7 @@ } } }, - { + "topic": { "type": "Microsoft.EventGrid/topics", "apiVersion": "2020-06-01", "name": "[parameters('name')]", @@ -203,21 +225,21 @@ "inboundIpRules": "[if(empty(parameters('inboundIpRules')), null(), parameters('inboundIpRules'))]" } }, - { - "condition": "[not(empty(parameters('lock')))]", + "topic_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.EventGrid/topics/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.EventGrid/topics', parameters('name'))]" + "topic" ] }, - { + "topic_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -232,10 +254,10 @@ "logs": "[variables('diagnosticsLogs')]" }, "dependsOn": [ - "[resourceId('Microsoft.EventGrid/topics', parameters('name'))]" + "topic" ] }, - { + "topics_eventSubscriptions": { "copy": { "name": "topics_eventSubscriptions", "count": "[length(parameters('eventSubscriptions'))]" @@ -266,7 +288,7 @@ "expirationTimeUtc": "[if(contains(parameters('eventSubscriptions'), 'expirationTimeUtc'), createObject('value', parameters('eventSubscriptions')[copyIndex()].expirationTimeUtc), createObject('value', ''))]", "filter": "[if(contains(parameters('eventSubscriptions'), 'filter'), createObject('value', parameters('eventSubscriptions')[copyIndex()].filter), createObject('value', createObject()))]", "labels": "[if(contains(parameters('eventSubscriptions'), 'labels'), createObject('value', parameters('eventSubscriptions')[copyIndex()].labels), createObject('value', createArray()))]", - "location": "[if(contains(parameters('eventSubscriptions'), 'location'), createObject('value', parameters('eventSubscriptions')[copyIndex()].location), createObject('value', reference(resourceId('Microsoft.EventGrid/topics', parameters('name')), '2020-06-01', 'full').location))]", + "location": "[if(contains(parameters('eventSubscriptions'), 'location'), createObject('value', parameters('eventSubscriptions')[copyIndex()].location), createObject('value', reference('topic', '2020-06-01', 'full').location))]", "retryPolicy": "[if(contains(parameters('eventSubscriptions'), 'retryPolicy'), createObject('value', parameters('eventSubscriptions')[copyIndex()].retryPolicy), createObject('value', createObject()))]" }, "template": { @@ -443,10 +465,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.EventGrid/topics', parameters('name'))]" + "topic" ] }, - { + "topic_privateEndpoints": { "copy": { "name": "topic_privateEndpoints", "count": "[length(parameters('privateEndpoints'))]" @@ -970,10 +992,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.EventGrid/topics', parameters('name'))]" + "topic" ] }, - { + "topic_roleAssignments": { "copy": { "name": "topic_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -1124,10 +1146,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.EventGrid/topics', parameters('name'))]" + "topic" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -1155,7 +1177,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.EventGrid/topics', parameters('name')), '2020-06-01', 'full').location]" + "value": "[reference('topic', '2020-06-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/event-hub/namespace/eventhub/main.json b/modules/event-hub/namespace/eventhub/main.json index 9ce1247a9f..7a1ba6bd1c 100644 --- a/modules/event-hub/namespace/eventhub/main.json +++ b/modules/event-hub/namespace/eventhub/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "11568505658717744379" + "templateHash": "13288816158537037984" }, "name": "Event Hub Namespace Event Hubs", "description": "This module deploys an Event Hub Namespace Event Hub.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "namespaceName": { "type": "string", @@ -88,15 +116,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -244,8 +266,8 @@ } } }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -259,27 +281,36 @@ } } }, - { + "namespace": { + "existing": true, + "type": "Microsoft.EventHub/namespaces", + "apiVersion": "2022-10-01-preview", + "name": "[parameters('namespaceName')]" + }, + "eventHub": { "type": "Microsoft.EventHub/namespaces/eventhubs", "apiVersion": "2022-10-01-preview", "name": "[format('{0}/{1}', parameters('namespaceName'), parameters('name'))]", - "properties": "[if(parameters('captureDescriptionEnabled'), union(variables('eventHubProperties'), variables('eventHubPropertiesCapture')), variables('eventHubProperties'))]" + "properties": "[if(parameters('captureDescriptionEnabled'), union(variables('eventHubProperties'), variables('eventHubPropertiesCapture')), variables('eventHubProperties'))]", + "dependsOn": [ + "namespace" + ] }, - { - "condition": "[not(empty(parameters('lock')))]", + "eventHub_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.EventHub/namespaces/{0}/eventhubs/{1}', parameters('namespaceName'), parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.EventHub/namespaces/eventhubs', parameters('namespaceName'), parameters('name'))]" + "eventHub" ] }, - { + "eventHub_consumergroups": { "copy": { "name": "eventHub_consumergroups", "count": "[length(parameters('consumergroups'))]" @@ -404,10 +435,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.EventHub/namespaces/eventhubs', parameters('namespaceName'), parameters('name'))]" + "eventHub" ] }, - { + "eventHub_authorizationRules": { "copy": { "name": "eventHub_authorizationRules", "count": "[length(parameters('authorizationRules'))]" @@ -537,10 +568,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.EventHub/namespaces/eventhubs', parameters('namespaceName'), parameters('name'))]" + "eventHub" ] }, - { + "eventHub_roleAssignments": { "copy": { "name": "eventHub_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -690,10 +721,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.EventHub/namespaces/eventhubs', parameters('namespaceName'), parameters('name'))]" + "eventHub" ] } - ], + }, "outputs": { "name": { "type": "string", diff --git a/modules/event-hub/namespace/main.json b/modules/event-hub/namespace/main.json index c25cd5d3ef..81f3cbcd4c 100644 --- a/modules/event-hub/namespace/main.json +++ b/modules/event-hub/namespace/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "6491527792941921170" + "templateHash": "15684291913042967611" }, "name": "Event Hub Namespaces", "description": "This module deploys an Event Hub Namespace.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -168,15 +196,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "systemAssignedIdentity": { @@ -331,8 +353,29 @@ "identity": "[if(not(equals(variables('identityType'), 'None')), createObject('type', variables('identityType'), 'userAssignedIdentities', if(not(empty(parameters('userAssignedIdentities'))), parameters('userAssignedIdentities'), null())), null())]", "enableReferencedModulesTelemetry": false }, - "resources": [ - { + "resources": { + "cMKKeyVault::cMKKey": { + "condition": "[and(not(empty(parameters('cMKKeyVaultResourceId'))), not(empty(parameters('cMKKeyName'))))]", + "existing": true, + "type": "Microsoft.KeyVault/vaults/keys", + "apiVersion": "2023-02-01", + "subscriptionId": "[split(parameters('cMKKeyVaultResourceId'), '/')[2]]", + "resourceGroup": "[split(parameters('cMKKeyVaultResourceId'), '/')[4]]", + "name": "[format('{0}/{1}', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName'))]", + "dependsOn": [ + "cMKKeyVault" + ] + }, + "cMKKeyVault": { + "condition": "[not(empty(parameters('cMKKeyVaultResourceId')))]", + "existing": true, + "type": "Microsoft.KeyVault/vaults", + "apiVersion": "2023-02-01", + "subscriptionId": "[split(parameters('cMKKeyVaultResourceId'), '/')[2]]", + "resourceGroup": "[split(parameters('cMKKeyVaultResourceId'), '/')[4]]", + "name": "[last(split(parameters('cMKKeyVaultResourceId'), '/'))]" + }, + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -346,7 +389,7 @@ } } }, - { + "eventHubNamespace": { "type": "Microsoft.EventHub/namespaces", "apiVersion": "2022-10-01-preview", "name": "[parameters('name')]", @@ -360,30 +403,33 @@ }, "properties": { "disableLocalAuth": "[parameters('disableLocalAuth')]", - "encryption": "[if(not(empty(parameters('cMKKeyName'))), createObject('keySource', 'Microsoft.KeyVault', 'keyVaultProperties', createArray(createObject('identity', if(not(empty(parameters('cMKUserAssignedIdentityResourceId'))), createObject('userAssignedIdentity', parameters('cMKUserAssignedIdentityResourceId')), null()), 'keyName', parameters('cMKKeyName'), 'keyVaultUri', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('cMKKeyVaultResourceId'), '/')[2], split(parameters('cMKKeyVaultResourceId'), '/')[4]), 'Microsoft.KeyVault/vaults', last(split(parameters('cMKKeyVaultResourceId'), '/'))), '2023-02-01').vaultUri, 'keyVersion', if(not(empty(parameters('cMKKeyVersion'))), parameters('cMKKeyVersion'), last(split(reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('cMKKeyVaultResourceId'), '/')[2], split(parameters('cMKKeyVaultResourceId'), '/')[4]), 'Microsoft.KeyVault/vaults/keys', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName')), '2023-02-01').keyUriWithVersion, '/'))))), 'requireInfrastructureEncryption', parameters('requireInfrastructureEncryption')), null())]", + "encryption": "[if(not(empty(parameters('cMKKeyName'))), createObject('keySource', 'Microsoft.KeyVault', 'keyVaultProperties', createArray(createObject('identity', if(not(empty(parameters('cMKUserAssignedIdentityResourceId'))), createObject('userAssignedIdentity', parameters('cMKUserAssignedIdentityResourceId')), null()), 'keyName', parameters('cMKKeyName'), 'keyVaultUri', reference('cMKKeyVault').vaultUri, 'keyVersion', if(not(empty(parameters('cMKKeyVersion'))), parameters('cMKKeyVersion'), last(split(reference('cMKKeyVault::cMKKey').keyUriWithVersion, '/'))))), 'requireInfrastructureEncryption', parameters('requireInfrastructureEncryption')), null())]", "isAutoInflateEnabled": "[parameters('isAutoInflateEnabled')]", "kafkaEnabled": "[parameters('kafkaEnabled')]", "maximumThroughputUnits": "[variables('maximumThroughputUnitsVar')]", "minimumTlsVersion": "[parameters('minimumTlsVersion')]", "publicNetworkAccess": "[if(contains(parameters('networkRuleSets'), 'publicNetworkAccess'), parameters('networkRuleSets').publicNetworkAccess, if(and(not(empty(parameters('privateEndpoints'))), empty(parameters('networkRuleSets'))), 'Disabled', parameters('publicNetworkAccess')))]", "zoneRedundant": "[parameters('zoneRedundant')]" - } + }, + "dependsOn": [ + "cMKKeyVault" + ] }, - { - "condition": "[not(empty(parameters('lock')))]", + "eventHubNamespace_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.EventHub/namespaces/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.EventHub/namespaces', parameters('name'))]" + "eventHubNamespace" ] }, - { + "eventHubNamespace_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -398,10 +444,10 @@ "logs": "[variables('diagnosticsLogs')]" }, "dependsOn": [ - "[resourceId('Microsoft.EventHub/namespaces', parameters('name'))]" + "eventHubNamespace" ] }, - { + "eventHubNamespace_authorizationRules": { "copy": { "name": "eventHubNamespace_authorizationRules", "count": "[length(parameters('authorizationRules'))]" @@ -522,10 +568,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.EventHub/namespaces', parameters('name'))]" + "eventHubNamespace" ] }, - { + "eventHubNamespace_disasterRecoveryConfig": { "condition": "[not(empty(parameters('disasterRecoveryConfig')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -638,10 +684,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.EventHub/namespaces', parameters('name'))]" + "eventHubNamespace" ] }, - { + "eventHubNamespace_eventhubs": { "copy": { "name": "eventHubNamespace_eventhubs", "count": "[length(parameters('eventhubs'))]" @@ -686,17 +732,45 @@ }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "11568505658717744379" + "templateHash": "13288816158537037984" }, "name": "Event Hub Namespace Event Hubs", "description": "This module deploys an Event Hub Namespace Event Hub.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "namespaceName": { "type": "string", @@ -774,15 +848,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -930,8 +998,8 @@ } } }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -945,27 +1013,36 @@ } } }, - { + "namespace": { + "existing": true, + "type": "Microsoft.EventHub/namespaces", + "apiVersion": "2022-10-01-preview", + "name": "[parameters('namespaceName')]" + }, + "eventHub": { "type": "Microsoft.EventHub/namespaces/eventhubs", "apiVersion": "2022-10-01-preview", "name": "[format('{0}/{1}', parameters('namespaceName'), parameters('name'))]", - "properties": "[if(parameters('captureDescriptionEnabled'), union(variables('eventHubProperties'), variables('eventHubPropertiesCapture')), variables('eventHubProperties'))]" + "properties": "[if(parameters('captureDescriptionEnabled'), union(variables('eventHubProperties'), variables('eventHubPropertiesCapture')), variables('eventHubProperties'))]", + "dependsOn": [ + "namespace" + ] }, - { - "condition": "[not(empty(parameters('lock')))]", + "eventHub_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.EventHub/namespaces/{0}/eventhubs/{1}', parameters('namespaceName'), parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.EventHub/namespaces/eventhubs', parameters('namespaceName'), parameters('name'))]" + "eventHub" ] }, - { + "eventHub_consumergroups": { "copy": { "name": "eventHub_consumergroups", "count": "[length(parameters('consumergroups'))]" @@ -1090,10 +1167,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.EventHub/namespaces/eventhubs', parameters('namespaceName'), parameters('name'))]" + "eventHub" ] }, - { + "eventHub_authorizationRules": { "copy": { "name": "eventHub_authorizationRules", "count": "[length(parameters('authorizationRules'))]" @@ -1223,10 +1300,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.EventHub/namespaces/eventhubs', parameters('namespaceName'), parameters('name'))]" + "eventHub" ] }, - { + "eventHub_roleAssignments": { "copy": { "name": "eventHub_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -1376,10 +1453,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.EventHub/namespaces/eventhubs', parameters('namespaceName'), parameters('name'))]" + "eventHub" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -1413,10 +1490,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.EventHub/namespaces', parameters('name'))]" + "eventHubNamespace" ] }, - { + "eventHubNamespace_networkRuleSet": { "condition": "[or(not(empty(parameters('networkRuleSets'))), not(empty(parameters('privateEndpoints'))))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -1576,10 +1653,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.EventHub/namespaces', parameters('name'))]" + "eventHubNamespace" ] }, - { + "eventHubNamespace_privateEndpoints": { "copy": { "name": "eventHubNamespace_privateEndpoints", "count": "[length(parameters('privateEndpoints'))]" @@ -2103,10 +2180,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.EventHub/namespaces', parameters('name'))]" + "eventHubNamespace" ] }, - { + "eventHubNamespace_roleAssignments": { "copy": { "name": "eventHubNamespace_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -2256,10 +2333,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.EventHub/namespaces', parameters('name'))]" + "eventHubNamespace" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -2287,14 +2364,14 @@ "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference(resourceId('Microsoft.EventHub/namespaces', parameters('name')), '2022-10-01-preview', 'full').identity, 'principalId')), reference(resourceId('Microsoft.EventHub/namespaces', parameters('name')), '2022-10-01-preview', 'full').identity.principalId, '')]" + "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference('eventHubNamespace', '2022-10-01-preview', 'full').identity, 'principalId')), reference('eventHubNamespace', '2022-10-01-preview', 'full').identity.principalId, '')]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.EventHub/namespaces', parameters('name')), '2022-10-01-preview', 'full').location]" + "value": "[reference('eventHubNamespace', '2022-10-01-preview', 'full').location]" } } } \ No newline at end of file diff --git a/modules/health-bot/health-bot/main.json b/modules/health-bot/health-bot/main.json index 517c93ef00..6c4a2a9e11 100644 --- a/modules/health-bot/health-bot/main.json +++ b/modules/health-bot/health-bot/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "1397739701759067802" + "templateHash": "17507209096139592862" }, "name": "Azure Health Bots", "description": "This module deploys an Azure Health Bot.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -44,15 +72,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -81,8 +103,8 @@ "identityType": "[if(not(empty(parameters('userAssignedIdentities'))), 'UserAssigned', 'None')]", "identity": "[if(not(equals(variables('identityType'), 'None')), createObject('type', variables('identityType'), 'userAssignedIdentities', if(not(empty(parameters('userAssignedIdentities'))), parameters('userAssignedIdentities'), null())), null())]" }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -96,7 +118,7 @@ } } }, - { + "azureHealthBot": { "type": "Microsoft.HealthBot/healthBots", "apiVersion": "2022-08-08", "name": "[parameters('name')]", @@ -108,21 +130,21 @@ }, "properties": {} }, - { - "condition": "[not(empty(parameters('lock')))]", + "azureHealthBot_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.HealthBot/healthBots/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.HealthBot/healthBots', parameters('name'))]" + "azureHealthBot" ] }, - { + "healthBot_roleAssignments": { "copy": { "name": "healthBot_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -267,10 +289,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.HealthBot/healthBots', parameters('name'))]" + "azureHealthBot" ] } - ], + }, "outputs": { "resourceGroupName": { "type": "string", @@ -298,7 +320,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.HealthBot/healthBots', parameters('name')), '2022-08-08', 'full').location]" + "value": "[reference('azureHealthBot', '2022-08-08', 'full').location]" } } } \ No newline at end of file diff --git a/modules/healthcare-apis/workspace/dicomservice/main.json b/modules/healthcare-apis/workspace/dicomservice/main.json index bd72aa17df..0c22bd6db4 100644 --- a/modules/healthcare-apis/workspace/dicomservice/main.json +++ b/modules/healthcare-apis/workspace/dicomservice/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "12318721261811271092" + "templateHash": "16609630624404769037" }, "name": "Healthcare API Workspace DICOM Services", "description": "This module deploys a Healthcare API Workspace DICOM Service.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -104,15 +132,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "publicNetworkAccess": { @@ -188,8 +210,8 @@ "identityType": "[if(parameters('systemAssignedIdentity'), if(not(empty(parameters('userAssignedIdentities'))), 'SystemAssigned,UserAssigned', 'SystemAssigned'), if(not(empty(parameters('userAssignedIdentities'))), 'UserAssigned', 'None'))]", "identity": "[if(not(equals(variables('identityType'), 'None')), createObject('type', variables('identityType'), 'userAssignedIdentities', if(not(empty(parameters('userAssignedIdentities'))), parameters('userAssignedIdentities'), null())), null())]" }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -203,7 +225,13 @@ } } }, - { + "workspace": { + "existing": true, + "type": "Microsoft.HealthcareApis/workspaces", + "apiVersion": "2022-06-01", + "name": "[parameters('workspaceName')]" + }, + "dicom": { "type": "Microsoft.HealthcareApis/workspaces/dicomservices", "apiVersion": "2022-06-01", "name": "[format('{0}/{1}', parameters('workspaceName'), parameters('name'))]", @@ -219,23 +247,26 @@ "origins": "[parameters('corsOrigins')]" }, "publicNetworkAccess": "[parameters('publicNetworkAccess')]" - } + }, + "dependsOn": [ + "workspace" + ] }, - { - "condition": "[not(empty(parameters('lock')))]", + "dicom_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.HealthcareApis/workspaces/{0}/dicomservices/{1}', parameters('workspaceName'), parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.HealthcareApis/workspaces/dicomservices', parameters('workspaceName'), parameters('name'))]" + "dicom" ] }, - { + "dicom_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -250,10 +281,10 @@ "logs": "[variables('diagnosticsLogs')]" }, "dependsOn": [ - "[resourceId('Microsoft.HealthcareApis/workspaces/dicomservices', parameters('workspaceName'), parameters('name'))]" + "dicom" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -281,14 +312,14 @@ "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference(resourceId('Microsoft.HealthcareApis/workspaces/dicomservices', parameters('workspaceName'), parameters('name')), '2022-06-01', 'full').identity, 'principalId')), reference(resourceId('Microsoft.HealthcareApis/workspaces/dicomservices', parameters('workspaceName'), parameters('name')), '2022-06-01', 'full').identity.principalId, '')]" + "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference('dicom', '2022-06-01', 'full').identity, 'principalId')), reference('dicom', '2022-06-01', 'full').identity.principalId, '')]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.HealthcareApis/workspaces/dicomservices', parameters('workspaceName'), parameters('name')), '2022-06-01', 'full').location]" + "value": "[reference('dicom', '2022-06-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/healthcare-apis/workspace/fhirservice/main.json b/modules/healthcare-apis/workspace/fhirservice/main.json index 96a6c13806..bf6663e287 100644 --- a/modules/healthcare-apis/workspace/fhirservice/main.json +++ b/modules/healthcare-apis/workspace/fhirservice/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "11687946305671678451" + "templateHash": "5251491466026222190" }, "name": "Healthcare API Workspace FHIR Services", "description": "This module deploys a Healthcare API Workspace FHIR Service.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -178,15 +206,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -326,8 +348,8 @@ "storageAccountName": "[parameters('exportStorageAccountName')]" } }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -341,7 +363,13 @@ } } }, - { + "workspace": { + "existing": true, + "type": "Microsoft.HealthcareApis/workspaces", + "apiVersion": "2022-06-01", + "name": "[parameters('workspaceName')]" + }, + "fhir": { "type": "Microsoft.HealthcareApis/workspaces/fhirservices", "apiVersion": "2022-06-01", "name": "[format('{0}/{1}', parameters('workspaceName'), parameters('name'))]", @@ -378,23 +406,26 @@ "loginServers": "[parameters('acrLoginServers')]", "ociArtifacts": "[if(empty(parameters('acrOciArtifacts')), null(), parameters('acrOciArtifacts'))]" } - } + }, + "dependsOn": [ + "workspace" + ] }, - { - "condition": "[not(empty(parameters('lock')))]", + "fhir_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.HealthcareApis/workspaces/{0}/fhirservices/{1}', parameters('workspaceName'), parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.HealthcareApis/workspaces/fhirservices', parameters('workspaceName'), parameters('name'))]" + "fhir" ] }, - { + "fhir_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -409,10 +440,10 @@ "logs": "[variables('diagnosticsLogs')]" }, "dependsOn": [ - "[resourceId('Microsoft.HealthcareApis/workspaces/fhirservices', parameters('workspaceName'), parameters('name'))]" + "fhir" ] }, - { + "fhir_roleAssignments": { "copy": { "name": "fhir_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -566,10 +597,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.HealthcareApis/workspaces/fhirservices', parameters('workspaceName'), parameters('name'))]" + "fhir" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -597,14 +628,14 @@ "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference(resourceId('Microsoft.HealthcareApis/workspaces/fhirservices', parameters('workspaceName'), parameters('name')), '2022-06-01', 'full').identity, 'principalId')), reference(resourceId('Microsoft.HealthcareApis/workspaces/fhirservices', parameters('workspaceName'), parameters('name')), '2022-06-01', 'full').identity.principalId, '')]" + "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference('fhir', '2022-06-01', 'full').identity, 'principalId')), reference('fhir', '2022-06-01', 'full').identity.principalId, '')]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.HealthcareApis/workspaces/fhirservices', parameters('workspaceName'), parameters('name')), '2022-06-01', 'full').location]" + "value": "[reference('fhir', '2022-06-01', 'full').location]" }, "workspaceName": { "type": "string", diff --git a/modules/healthcare-apis/workspace/iotconnector/main.json b/modules/healthcare-apis/workspace/iotconnector/main.json index cce29e9a45..169dfcdfbb 100644 --- a/modules/healthcare-apis/workspace/iotconnector/main.json +++ b/modules/healthcare-apis/workspace/iotconnector/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "3714179156189652458" + "templateHash": "8966290140169117967" }, "name": "Healthcare API Workspace IoT Connectors", "description": "This module deploys a Healthcare API Workspace IoT Connector.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -97,15 +125,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "systemAssignedIdentity": { @@ -192,8 +214,8 @@ "identity": "[if(not(equals(variables('identityType'), 'None')), createObject('type', variables('identityType'), 'userAssignedIdentities', if(not(empty(parameters('userAssignedIdentities'))), parameters('userAssignedIdentities'), null())), null())]", "enableReferencedModulesTelemetry": false }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -207,7 +229,13 @@ } } }, - { + "workspace": { + "existing": true, + "type": "Microsoft.HealthcareApis/workspaces", + "apiVersion": "2022-06-01", + "name": "[parameters('workspaceName')]" + }, + "iotConnector": { "type": "Microsoft.HealthcareApis/workspaces/iotconnectors", "apiVersion": "2022-06-01", "name": "[format('{0}/{1}', parameters('workspaceName'), parameters('name'))]", @@ -223,23 +251,26 @@ "deviceMapping": { "content": "[parameters('deviceMapping')]" } - } + }, + "dependsOn": [ + "workspace" + ] }, - { - "condition": "[not(empty(parameters('lock')))]", + "iotConnector_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.HealthcareApis/workspaces/{0}/iotconnectors/{1}', parameters('workspaceName'), parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.HealthcareApis/workspaces/iotconnectors', parameters('workspaceName'), parameters('name'))]" + "iotConnector" ] }, - { + "iotConnector_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -254,10 +285,10 @@ "logs": "[variables('diagnosticsLogs')]" }, "dependsOn": [ - "[resourceId('Microsoft.HealthcareApis/workspaces/iotconnectors', parameters('workspaceName'), parameters('name'))]" + "iotConnector" ] }, - { + "fhir_destination": { "condition": "[not(empty(parameters('fhirdestination')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -433,10 +464,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.HealthcareApis/workspaces/iotconnectors', parameters('workspaceName'), parameters('name'))]" + "iotConnector" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -464,14 +495,14 @@ "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference(resourceId('Microsoft.HealthcareApis/workspaces/iotconnectors', parameters('workspaceName'), parameters('name')), '2022-06-01', 'full').identity, 'principalId')), reference(resourceId('Microsoft.HealthcareApis/workspaces/iotconnectors', parameters('workspaceName'), parameters('name')), '2022-06-01', 'full').identity.principalId, '')]" + "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference('iotConnector', '2022-06-01', 'full').identity, 'principalId')), reference('iotConnector', '2022-06-01', 'full').identity.principalId, '')]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.HealthcareApis/workspaces/iotconnectors', parameters('workspaceName'), parameters('name')), '2022-06-01', 'full').location]" + "value": "[reference('iotConnector', '2022-06-01', 'full').location]" }, "workspaceName": { "type": "string", diff --git a/modules/healthcare-apis/workspace/main.json b/modules/healthcare-apis/workspace/main.json index 3437138b45..621b480cc4 100644 --- a/modules/healthcare-apis/workspace/main.json +++ b/modules/healthcare-apis/workspace/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "5818866804276261569" + "templateHash": "4597929736305145660" }, "name": "Healthcare API Workspaces", "description": "This module deploys a Healthcare API Workspace.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -27,15 +55,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -95,8 +117,8 @@ "variables": { "enableReferencedModulesTelemetry": false }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -110,7 +132,7 @@ } } }, - { + "workspace": { "type": "Microsoft.HealthcareApis/workspaces", "apiVersion": "2022-06-01", "name": "[parameters('name')]", @@ -120,21 +142,21 @@ "publicNetworkAccess": "[parameters('publicNetworkAccess')]" } }, - { - "condition": "[not(empty(parameters('lock')))]", + "workspace_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.HealthcareApis/workspaces/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.HealthcareApis/workspaces', parameters('name'))]" + "workspace" ] }, - { + "workspace_roleAssignments": { "copy": { "name": "workspace_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -288,10 +310,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.HealthcareApis/workspaces', parameters('name'))]" + "workspace" ] }, - { + "workspace_fhirservices": { "copy": { "name": "workspace_fhirservices", "count": "[length(parameters('fhirservices'))]" @@ -352,17 +374,45 @@ }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "11687946305671678451" + "templateHash": "5251491466026222190" }, "name": "Healthcare API Workspace FHIR Services", "description": "This module deploys a Healthcare API Workspace FHIR Service.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -530,15 +580,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -678,8 +722,8 @@ "storageAccountName": "[parameters('exportStorageAccountName')]" } }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -693,7 +737,13 @@ } } }, - { + "workspace": { + "existing": true, + "type": "Microsoft.HealthcareApis/workspaces", + "apiVersion": "2022-06-01", + "name": "[parameters('workspaceName')]" + }, + "fhir": { "type": "Microsoft.HealthcareApis/workspaces/fhirservices", "apiVersion": "2022-06-01", "name": "[format('{0}/{1}', parameters('workspaceName'), parameters('name'))]", @@ -730,23 +780,26 @@ "loginServers": "[parameters('acrLoginServers')]", "ociArtifacts": "[if(empty(parameters('acrOciArtifacts')), null(), parameters('acrOciArtifacts'))]" } - } + }, + "dependsOn": [ + "workspace" + ] }, - { - "condition": "[not(empty(parameters('lock')))]", + "fhir_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.HealthcareApis/workspaces/{0}/fhirservices/{1}', parameters('workspaceName'), parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.HealthcareApis/workspaces/fhirservices', parameters('workspaceName'), parameters('name'))]" + "fhir" ] }, - { + "fhir_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -761,10 +814,10 @@ "logs": "[variables('diagnosticsLogs')]" }, "dependsOn": [ - "[resourceId('Microsoft.HealthcareApis/workspaces/fhirservices', parameters('workspaceName'), parameters('name'))]" + "fhir" ] }, - { + "fhir_roleAssignments": { "copy": { "name": "fhir_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -918,10 +971,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.HealthcareApis/workspaces/fhirservices', parameters('workspaceName'), parameters('name'))]" + "fhir" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -949,14 +1002,14 @@ "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference(resourceId('Microsoft.HealthcareApis/workspaces/fhirservices', parameters('workspaceName'), parameters('name')), '2022-06-01', 'full').identity, 'principalId')), reference(resourceId('Microsoft.HealthcareApis/workspaces/fhirservices', parameters('workspaceName'), parameters('name')), '2022-06-01', 'full').identity.principalId, '')]" + "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference('fhir', '2022-06-01', 'full').identity, 'principalId')), reference('fhir', '2022-06-01', 'full').identity.principalId, '')]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.HealthcareApis/workspaces/fhirservices', parameters('workspaceName'), parameters('name')), '2022-06-01', 'full').location]" + "value": "[reference('fhir', '2022-06-01', 'full').location]" }, "workspaceName": { "type": "string", @@ -969,10 +1022,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.HealthcareApis/workspaces', parameters('name'))]" + "workspace" ] }, - { + "workspace_dicomservices": { "copy": { "name": "workspace_dicomservices", "count": "[length(parameters('dicomservices'))]" @@ -1016,17 +1069,45 @@ }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "12318721261811271092" + "templateHash": "16609630624404769037" }, "name": "Healthcare API Workspace DICOM Services", "description": "This module deploys a Healthcare API Workspace DICOM Service.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -1120,15 +1201,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "publicNetworkAccess": { @@ -1204,8 +1279,8 @@ "identityType": "[if(parameters('systemAssignedIdentity'), if(not(empty(parameters('userAssignedIdentities'))), 'SystemAssigned,UserAssigned', 'SystemAssigned'), if(not(empty(parameters('userAssignedIdentities'))), 'UserAssigned', 'None'))]", "identity": "[if(not(equals(variables('identityType'), 'None')), createObject('type', variables('identityType'), 'userAssignedIdentities', if(not(empty(parameters('userAssignedIdentities'))), parameters('userAssignedIdentities'), null())), null())]" }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -1219,7 +1294,13 @@ } } }, - { + "workspace": { + "existing": true, + "type": "Microsoft.HealthcareApis/workspaces", + "apiVersion": "2022-06-01", + "name": "[parameters('workspaceName')]" + }, + "dicom": { "type": "Microsoft.HealthcareApis/workspaces/dicomservices", "apiVersion": "2022-06-01", "name": "[format('{0}/{1}', parameters('workspaceName'), parameters('name'))]", @@ -1235,23 +1316,26 @@ "origins": "[parameters('corsOrigins')]" }, "publicNetworkAccess": "[parameters('publicNetworkAccess')]" - } + }, + "dependsOn": [ + "workspace" + ] }, - { - "condition": "[not(empty(parameters('lock')))]", + "dicom_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.HealthcareApis/workspaces/{0}/dicomservices/{1}', parameters('workspaceName'), parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.HealthcareApis/workspaces/dicomservices', parameters('workspaceName'), parameters('name'))]" + "dicom" ] }, - { + "dicom_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -1266,10 +1350,10 @@ "logs": "[variables('diagnosticsLogs')]" }, "dependsOn": [ - "[resourceId('Microsoft.HealthcareApis/workspaces/dicomservices', parameters('workspaceName'), parameters('name'))]" + "dicom" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -1297,23 +1381,23 @@ "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference(resourceId('Microsoft.HealthcareApis/workspaces/dicomservices', parameters('workspaceName'), parameters('name')), '2022-06-01', 'full').identity, 'principalId')), reference(resourceId('Microsoft.HealthcareApis/workspaces/dicomservices', parameters('workspaceName'), parameters('name')), '2022-06-01', 'full').identity.principalId, '')]" + "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference('dicom', '2022-06-01', 'full').identity, 'principalId')), reference('dicom', '2022-06-01', 'full').identity.principalId, '')]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.HealthcareApis/workspaces/dicomservices', parameters('workspaceName'), parameters('name')), '2022-06-01', 'full').location]" + "value": "[reference('dicom', '2022-06-01', 'full').location]" } } } }, "dependsOn": [ - "[resourceId('Microsoft.HealthcareApis/workspaces', parameters('name'))]" + "workspace" ] }, - { + "workspace_iotconnector": { "copy": { "name": "workspace_iotconnector", "count": "[length(parameters('iotconnectors'))]" @@ -1361,17 +1445,45 @@ }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "3714179156189652458" + "templateHash": "8966290140169117967" }, "name": "Healthcare API Workspace IoT Connectors", "description": "This module deploys a Healthcare API Workspace IoT Connector.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -1458,15 +1570,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "systemAssignedIdentity": { @@ -1553,8 +1659,8 @@ "identity": "[if(not(equals(variables('identityType'), 'None')), createObject('type', variables('identityType'), 'userAssignedIdentities', if(not(empty(parameters('userAssignedIdentities'))), parameters('userAssignedIdentities'), null())), null())]", "enableReferencedModulesTelemetry": false }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -1568,7 +1674,13 @@ } } }, - { + "workspace": { + "existing": true, + "type": "Microsoft.HealthcareApis/workspaces", + "apiVersion": "2022-06-01", + "name": "[parameters('workspaceName')]" + }, + "iotConnector": { "type": "Microsoft.HealthcareApis/workspaces/iotconnectors", "apiVersion": "2022-06-01", "name": "[format('{0}/{1}', parameters('workspaceName'), parameters('name'))]", @@ -1584,23 +1696,26 @@ "deviceMapping": { "content": "[parameters('deviceMapping')]" } - } + }, + "dependsOn": [ + "workspace" + ] }, - { - "condition": "[not(empty(parameters('lock')))]", + "iotConnector_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.HealthcareApis/workspaces/{0}/iotconnectors/{1}', parameters('workspaceName'), parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.HealthcareApis/workspaces/iotconnectors', parameters('workspaceName'), parameters('name'))]" + "iotConnector" ] }, - { + "iotConnector_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -1615,10 +1730,10 @@ "logs": "[variables('diagnosticsLogs')]" }, "dependsOn": [ - "[resourceId('Microsoft.HealthcareApis/workspaces/iotconnectors', parameters('workspaceName'), parameters('name'))]" + "iotConnector" ] }, - { + "fhir_destination": { "condition": "[not(empty(parameters('fhirdestination')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -1794,10 +1909,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.HealthcareApis/workspaces/iotconnectors', parameters('workspaceName'), parameters('name'))]" + "iotConnector" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -1825,14 +1940,14 @@ "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference(resourceId('Microsoft.HealthcareApis/workspaces/iotconnectors', parameters('workspaceName'), parameters('name')), '2022-06-01', 'full').identity, 'principalId')), reference(resourceId('Microsoft.HealthcareApis/workspaces/iotconnectors', parameters('workspaceName'), parameters('name')), '2022-06-01', 'full').identity.principalId, '')]" + "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference('iotConnector', '2022-06-01', 'full').identity, 'principalId')), reference('iotConnector', '2022-06-01', 'full').identity.principalId, '')]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.HealthcareApis/workspaces/iotconnectors', parameters('workspaceName'), parameters('name')), '2022-06-01', 'full').location]" + "value": "[reference('iotConnector', '2022-06-01', 'full').location]" }, "workspaceName": { "type": "string", @@ -1845,10 +1960,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.HealthcareApis/workspaces', parameters('name'))]" + "workspace" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -1876,7 +1991,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.HealthcareApis/workspaces', parameters('name')), '2022-06-01', 'full').location]" + "value": "[reference('workspace', '2022-06-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/insights/private-link-scope/main.json b/modules/insights/private-link-scope/main.json index ee38f7fe59..0795a0fe10 100644 --- a/modules/insights/private-link-scope/main.json +++ b/modules/insights/private-link-scope/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "14715354343666542323" + "templateHash": "6332277771556701068" }, "name": "Azure Monitor Private Link Scopes", "description": "This module deploys an Azure Monitor Private Link Scope.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -27,15 +55,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -77,8 +99,8 @@ "variables": { "enableReferencedModulesTelemetry": false }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -92,7 +114,7 @@ } } }, - { + "privateLinkScope": { "type": "microsoft.insights/privateLinkScopes", "apiVersion": "2019-10-17-preview", "name": "[parameters('name')]", @@ -100,21 +122,21 @@ "tags": "[parameters('tags')]", "properties": {} }, - { - "condition": "[not(empty(parameters('lock')))]", + "privateLinkScope_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('microsoft.insights/privateLinkScopes/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('microsoft.insights/privateLinkScopes', parameters('name'))]" + "privateLinkScope" ] }, - { + "privateLinkScope_scopedResource": { "copy": { "name": "privateLinkScope_scopedResource", "count": "[length(parameters('scopedResources'))]" @@ -233,10 +255,10 @@ } }, "dependsOn": [ - "[resourceId('microsoft.insights/privateLinkScopes', parameters('name'))]" + "privateLinkScope" ] }, - { + "privateLinkScope_privateEndpoints": { "copy": { "name": "privateLinkScope_privateEndpoints", "count": "[length(parameters('privateEndpoints'))]" @@ -760,10 +782,10 @@ } }, "dependsOn": [ - "[resourceId('microsoft.insights/privateLinkScopes', parameters('name'))]" + "privateLinkScope" ] }, - { + "privateLinkScope_roleAssignments": { "copy": { "name": "privateLinkScope_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -1038,10 +1060,10 @@ } }, "dependsOn": [ - "[resourceId('microsoft.insights/privateLinkScopes', parameters('name'))]" + "privateLinkScope" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -1069,7 +1091,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('microsoft.insights/privateLinkScopes', parameters('name')), '2019-10-17-preview', 'full').location]" + "value": "[reference('privateLinkScope', '2019-10-17-preview', 'full').location]" } } } \ No newline at end of file diff --git a/modules/key-vault/vault/main.json b/modules/key-vault/vault/main.json index 18c95c024b..02d4d7b632 100644 --- a/modules/key-vault/vault/main.json +++ b/modules/key-vault/vault/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "428199812087139263" + "templateHash": "15136179719098735073" }, "name": "Key Vaults", "description": "This module deploys a Key Vault.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -162,15 +190,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -270,8 +292,8 @@ "secretList": "[if(not(empty(parameters('secrets'))), parameters('secrets').secureList, createArray())]", "enableReferencedModulesTelemetry": false }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -285,7 +307,7 @@ } } }, - { + "keyVault": { "type": "Microsoft.KeyVault/vaults", "apiVersion": "2022-07-01", "name": "[parameters('name')]", @@ -310,21 +332,21 @@ "publicNetworkAccess": "[if(not(empty(parameters('publicNetworkAccess'))), parameters('publicNetworkAccess'), if(and(not(empty(parameters('privateEndpoints'))), empty(parameters('networkAcls'))), 'Disabled', null()))]" } }, - { - "condition": "[not(empty(parameters('lock')))]", + "keyVault_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.KeyVault/vaults/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.KeyVault/vaults', parameters('name'))]" + "keyVault" ] }, - { + "keyVault_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -339,10 +361,10 @@ "logs": "[variables('diagnosticsLogs')]" }, "dependsOn": [ - "[resourceId('Microsoft.KeyVault/vaults', parameters('name'))]" + "keyVault" ] }, - { + "keyVault_accessPolicies": { "condition": "[not(empty(parameters('accessPolicies')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -462,10 +484,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.KeyVault/vaults', parameters('name'))]" + "keyVault" ] }, - { + "keyVault_secrets": { "copy": { "name": "keyVault_secrets", "count": "[length(variables('secretList'))]" @@ -796,10 +818,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.KeyVault/vaults', parameters('name'))]" + "keyVault" ] }, - { + "keyVault_keys": { "copy": { "name": "keyVault_keys", "count": "[length(parameters('keys'))]" @@ -1177,10 +1199,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.KeyVault/vaults', parameters('name'))]" + "keyVault" ] }, - { + "keyVault_privateEndpoints": { "copy": { "name": "keyVault_privateEndpoints", "count": "[length(parameters('privateEndpoints'))]" @@ -1704,10 +1726,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.KeyVault/vaults', parameters('name'))]" + "keyVault" ] }, - { + "keyVault_roleAssignments": { "copy": { "name": "keyVault_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -1863,10 +1885,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.KeyVault/vaults', parameters('name'))]" + "keyVault" ] } - ], + }, "outputs": { "resourceId": { "type": "string", @@ -1894,14 +1916,14 @@ "metadata": { "description": "The URI of the key vault." }, - "value": "[reference(resourceId('Microsoft.KeyVault/vaults', parameters('name')), '2022-07-01').vaultUri]" + "value": "[reference('keyVault').vaultUri]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.KeyVault/vaults', parameters('name')), '2022-07-01', 'full').location]" + "value": "[reference('keyVault', '2022-07-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/logic/workflow/main.json b/modules/logic/workflow/main.json index dde2332a12..8764000248 100644 --- a/modules/logic/workflow/main.json +++ b/modules/logic/workflow/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "4385100753259148556" + "templateHash": "13172151573954232150" }, "name": "Logic Apps (Workflows)", "description": "This module deploys a Logic App (Workflow).", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -117,15 +145,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -271,8 +293,8 @@ "identityType": "[if(parameters('systemAssignedIdentity'), 'SystemAssigned', if(not(empty(parameters('userAssignedIdentities'))), 'UserAssigned', 'None'))]", "identity": "[if(not(equals(variables('identityType'), 'None')), createObject('type', variables('identityType'), 'userAssignedIdentities', if(not(empty(parameters('userAssignedIdentities'))), parameters('userAssignedIdentities'), null())), null())]" }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -286,7 +308,7 @@ } } }, - { + "logicApp": { "type": "Microsoft.Logic/workflows", "apiVersion": "2019-05-01", "name": "[parameters('name')]", @@ -319,21 +341,21 @@ "parameters": "[parameters('definitionParameters')]" } }, - { - "condition": "[not(empty(parameters('lock')))]", + "logicApp_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Logic/workflows/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Logic/workflows', parameters('name'))]" + "logicApp" ] }, - { + "logicApp_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -348,10 +370,10 @@ "logs": "[variables('diagnosticsLogs')]" }, "dependsOn": [ - "[resourceId('Microsoft.Logic/workflows', parameters('name'))]" + "logicApp" ] }, - { + "logicApp_roleAssignments": { "copy": { "name": "logicApp_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -502,10 +524,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Logic/workflows', parameters('name'))]" + "logicApp" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -533,14 +555,14 @@ "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference(resourceId('Microsoft.Logic/workflows', parameters('name')), '2019-05-01', 'full').identity, 'principalId')), reference(resourceId('Microsoft.Logic/workflows', parameters('name')), '2019-05-01', 'full').identity.principalId, '')]" + "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference('logicApp', '2019-05-01', 'full').identity, 'principalId')), reference('logicApp', '2019-05-01', 'full').identity.principalId, '')]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Logic/workflows', parameters('name')), '2019-05-01', 'full').location]" + "value": "[reference('logicApp', '2019-05-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/managed-identity/user-assigned-identity/main.json b/modules/managed-identity/user-assigned-identity/main.json index 8b93e98d84..02d9a242bf 100644 --- a/modules/managed-identity/user-assigned-identity/main.json +++ b/modules/managed-identity/user-assigned-identity/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "689312003789935835" + "templateHash": "4654525005739967405" }, "name": "User Assigned Identities", "description": "This module deploys a User Assigned Identity.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -34,15 +62,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -70,8 +92,8 @@ "variables": { "enableReferencedModulesTelemetry": false }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -85,28 +107,28 @@ } } }, - { + "userMsi": { "type": "Microsoft.ManagedIdentity/userAssignedIdentities", "apiVersion": "2023-01-31", "name": "[parameters('name')]", "location": "[parameters('location')]", "tags": "[parameters('tags')]" }, - { - "condition": "[not(empty(parameters('lock')))]", + "userMsi_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.ManagedIdentity/userAssignedIdentities/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name'))]" + "userMsi" ] }, - { + "userMsi_federatedIdentityCredentials": { "copy": { "name": "userMsi_federatedIdentityCredentials", "count": "[length(parameters('federatedIdentityCredentials'))]" @@ -243,10 +265,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name'))]" + "userMsi" ] }, - { + "userMsi_roleAssignments": { "copy": { "name": "userMsi_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -393,10 +415,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name'))]" + "userMsi" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -417,14 +439,14 @@ "metadata": { "description": "The principal ID (object ID) of the user assigned identity." }, - "value": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name')), '2023-01-31').principalId]" + "value": "[reference('userMsi').principalId]" }, "clientId": { "type": "string", "metadata": { "description": "The client ID (application ID) of the user assigned identity." }, - "value": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name')), '2023-01-31').clientId]" + "value": "[reference('userMsi').clientId]" }, "resourceGroupName": { "type": "string", @@ -438,7 +460,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name')), '2023-01-31', 'full').location]" + "value": "[reference('userMsi', '2023-01-31', 'full').location]" } } } \ No newline at end of file diff --git a/modules/net-app/net-app-account/main.json b/modules/net-app/net-app-account/main.json index 60bd7acee6..1fedbb3e06 100644 --- a/modules/net-app/net-app-account/main.json +++ b/modules/net-app/net-app-account/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "5505435135426261272" + "templateHash": "9658557760968373164" }, "name": "Azure NetApp Files", "description": "This module deploys an Azure NetApp File.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -89,15 +117,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "tags": { @@ -130,8 +152,8 @@ "identityType": "[if(not(empty(parameters('userAssignedIdentities'))), 'UserAssigned', 'None')]", "identity": "[if(not(equals(variables('identityType'), 'None')), createObject('type', variables('identityType'), 'userAssignedIdentities', if(not(empty(parameters('userAssignedIdentities'))), parameters('userAssignedIdentities'), null())), null())]" }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -145,7 +167,7 @@ } } }, - { + "netAppAccount": { "type": "Microsoft.NetApp/netAppAccounts", "apiVersion": "2022-11-01", "name": "[parameters('name')]", @@ -156,21 +178,21 @@ "activeDirectories": "[if(not(empty(parameters('domainName'))), variables('activeDirectoryConnectionProperties'), null())]" } }, - { - "condition": "[not(empty(parameters('lock')))]", + "netAppAccount_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.NetApp/netAppAccounts/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.NetApp/netAppAccounts', parameters('name'))]" + "netAppAccount" ] }, - { + "netAppAccount_roleAssignments": { "copy": { "name": "netAppAccount_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -315,10 +337,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.NetApp/netAppAccounts', parameters('name'))]" + "netAppAccount" ] }, - { + "netAppAccount_capacityPools": { "copy": { "name": "netAppAccount_capacityPools", "count": "[length(parameters('capacityPools'))]" @@ -1038,10 +1060,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.NetApp/netAppAccounts', parameters('name'))]" + "netAppAccount" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -1069,7 +1091,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.NetApp/netAppAccounts', parameters('name')), '2022-11-01', 'full').location]" + "value": "[reference('netAppAccount', '2022-11-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/network/application-gateway/main.json b/modules/network/application-gateway/main.json index 9856294bf1..bac9b3eab1 100644 --- a/modules/network/application-gateway/main.json +++ b/modules/network/application-gateway/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "9800511203053042141" + "templateHash": "9567891703615152167" }, "name": "Network Application Gateways", "description": "This module deploys a Network Application Gateway.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -405,15 +433,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -484,8 +506,8 @@ "enableReferencedModulesTelemetry": false, "diagnosticsLogs": "[if(contains(parameters('diagnosticLogCategoriesToEnable'), 'allLogs'), createArray(createObject('categoryGroup', 'allLogs', 'enabled', true())), if(contains(parameters('diagnosticLogCategoriesToEnable'), ''), createArray(), variables('diagnosticsLogsSpecified')))]" }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -499,7 +521,7 @@ } } }, - { + "applicationGateway": { "type": "Microsoft.Network/applicationGateways", "apiVersion": "2023-04-01", "name": "[parameters('name')]", @@ -509,21 +531,21 @@ "properties": "[union(createObject('authenticationCertificates', parameters('authenticationCertificates'), 'autoscaleConfiguration', if(and(greater(parameters('autoscaleMaxCapacity'), 0), greaterOrEquals(parameters('autoscaleMinCapacity'), 0)), createObject('maxCapacity', parameters('autoscaleMaxCapacity'), 'minCapacity', parameters('autoscaleMinCapacity')), null()), 'backendAddressPools', parameters('backendAddressPools'), 'backendHttpSettingsCollection', parameters('backendHttpSettingsCollection'), 'backendSettingsCollection', parameters('backendSettingsCollection'), 'customErrorConfigurations', parameters('customErrorConfigurations'), 'enableHttp2', parameters('enableHttp2'), 'firewallPolicy', if(not(empty(parameters('firewallPolicyId'))), createObject('id', parameters('firewallPolicyId')), null()), 'forceFirewallPolicyAssociation', not(empty(parameters('firewallPolicyId'))), 'frontendIPConfigurations', parameters('frontendIPConfigurations'), 'frontendPorts', parameters('frontendPorts'), 'gatewayIPConfigurations', parameters('gatewayIPConfigurations'), 'globalConfiguration', if(endsWith(parameters('sku'), 'v2'), createObject('enableRequestBuffering', parameters('enableRequestBuffering'), 'enableResponseBuffering', parameters('enableResponseBuffering')), null()), 'httpListeners', parameters('httpListeners'), 'loadDistributionPolicies', parameters('loadDistributionPolicies'), 'listeners', parameters('listeners'), 'privateLinkConfigurations', parameters('privateLinkConfigurations'), 'probes', parameters('probes'), 'redirectConfigurations', parameters('redirectConfigurations'), 'requestRoutingRules', parameters('requestRoutingRules'), 'routingRules', parameters('routingRules'), 'rewriteRuleSets', parameters('rewriteRuleSets'), 'sku', createObject('name', parameters('sku'), 'tier', if(endsWith(parameters('sku'), 'v2'), parameters('sku'), substring(parameters('sku'), 0, indexOf(parameters('sku'), '_'))), 'capacity', if(and(greater(parameters('autoscaleMaxCapacity'), 0), greaterOrEquals(parameters('autoscaleMinCapacity'), 0)), null(), parameters('capacity'))), 'sslCertificates', parameters('sslCertificates'), 'sslPolicy', if(not(equals(parameters('sslPolicyType'), 'Predefined')), createObject('cipherSuites', parameters('sslPolicyCipherSuites'), 'minProtocolVersion', parameters('sslPolicyMinProtocolVersion'), 'policyName', if(empty(parameters('sslPolicyName')), null(), parameters('sslPolicyName')), 'policyType', parameters('sslPolicyType')), createObject('policyName', if(empty(parameters('sslPolicyName')), null(), parameters('sslPolicyName')), 'policyType', parameters('sslPolicyType'))), 'sslProfiles', parameters('sslProfiles'), 'trustedClientCertificates', parameters('trustedClientCertificates'), 'trustedRootCertificates', parameters('trustedRootCertificates'), 'urlPathMaps', parameters('urlPathMaps')), if(parameters('enableFips'), createObject('enableFips', parameters('enableFips')), createObject()), if(not(empty(parameters('webApplicationFirewallConfiguration'))), createObject('webApplicationFirewallConfiguration', parameters('webApplicationFirewallConfiguration')), createObject()))]", "zones": "[parameters('zones')]" }, - { - "condition": "[not(empty(parameters('lock')))]", + "applicationGateway_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Network/applicationGateways/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/applicationGateways', parameters('name'))]" + "applicationGateway" ] }, - { + "applicationGateway_diagnosticSettingName": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -538,10 +560,10 @@ "logs": "[if(and(and(and(empty(parameters('diagnosticStorageAccountId')), empty(parameters('diagnosticWorkspaceId'))), empty(parameters('diagnosticEventHubAuthorizationRuleId'))), empty(parameters('diagnosticEventHubName'))), null(), variables('diagnosticsLogs'))]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/applicationGateways', parameters('name'))]" + "applicationGateway" ] }, - { + "applicationGateway_privateEndpoints": { "copy": { "name": "applicationGateway_privateEndpoints", "count": "[length(parameters('privateEndpoints'))]" @@ -1065,10 +1087,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/applicationGateways', parameters('name'))]" + "applicationGateway" ] }, - { + "applicationGateway_roleAssignments": { "copy": { "name": "applicationGateway_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -1242,10 +1264,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/applicationGateways', parameters('name'))]" + "applicationGateway" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -1273,7 +1295,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Network/applicationGateways', parameters('name')), '2023-04-01', 'full').location]" + "value": "[reference('applicationGateway', '2023-04-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/network/application-security-group/main.json b/modules/network/application-security-group/main.json index a733a611db..a67333aaed 100644 --- a/modules/network/application-security-group/main.json +++ b/modules/network/application-security-group/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "4115045672718601619" + "templateHash": "17355011424146278209" }, "name": "Application Security Groups (ASG)", "description": "This module deploys an Application Security Group (ASG).", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -26,15 +54,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -59,8 +81,8 @@ } } }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -74,7 +96,7 @@ } } }, - { + "applicationSecurityGroup": { "type": "Microsoft.Network/applicationSecurityGroups", "apiVersion": "2023-04-01", "name": "[parameters('name')]", @@ -82,21 +104,21 @@ "tags": "[parameters('tags')]", "properties": {} }, - { - "condition": "[not(empty(parameters('lock')))]", + "applicationSecurityGroup_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Network/applicationSecurityGroups/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/applicationSecurityGroups', parameters('name'))]" + "applicationSecurityGroup" ] }, - { + "applicationSecurityGroup_roleAssignments": { "copy": { "name": "applicationSecurityGroup_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -270,10 +292,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/applicationSecurityGroups', parameters('name'))]" + "applicationSecurityGroup" ] } - ], + }, "outputs": { "resourceGroupName": { "type": "string", @@ -301,7 +323,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Network/applicationSecurityGroups', parameters('name')), '2023-04-01', 'full').location]" + "value": "[reference('applicationSecurityGroup', '2023-04-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/network/azure-firewall/main.json b/modules/network/azure-firewall/main.json index e51d5158ae..7f9ab7552b 100644 --- a/modules/network/azure-firewall/main.json +++ b/modules/network/azure-firewall/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "11388637561853566149" + "templateHash": "10604850495131804287" }, "name": "Azure Firewalls", "description": "This module deploys an Azure Firewall.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -180,15 +208,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -304,8 +326,8 @@ "diagnosticsLogs": "[if(contains(parameters('diagnosticLogCategoriesToEnable'), 'allLogs'), createArray(createObject('categoryGroup', 'allLogs', 'enabled', true())), if(contains(parameters('diagnosticLogCategoriesToEnable'), ''), createArray(), variables('diagnosticsLogsSpecified')))]", "enableReferencedModulesTelemetry": false }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -319,34 +341,34 @@ } } }, - { + "azureFirewall": { "type": "Microsoft.Network/azureFirewalls", "apiVersion": "2023-04-01", "name": "[parameters('name')]", "location": "[parameters('location')]", "zones": "[if(equals(length(parameters('zones')), 0), null(), parameters('zones'))]", "tags": "[parameters('tags')]", - "properties": "[if(equals(variables('azureSkuName'), 'AZFW_VNet'), createObject('threatIntelMode', parameters('threatIntelMode'), 'firewallPolicy', if(not(empty(parameters('firewallPolicyId'))), createObject('id', parameters('firewallPolicyId')), null()), 'ipConfigurations', concat(createArray(createObject('name', if(not(empty(parameters('publicIPResourceID'))), last(split(parameters('publicIPResourceID'), '/')), reference(resourceId('Microsoft.Resources/deployments', format('{0}-Firewall-PIP', uniqueString(deployment().name, parameters('location')))), '2022-09-01').outputs.name.value), 'properties', union(variables('subnetVar'), if(not(empty(parameters('publicIPResourceID'))), variables('existingPip'), createObject()), if(parameters('isCreateDefaultPublicIP'), createObject('publicIPAddress', if(and(empty(parameters('publicIPResourceID')), parameters('isCreateDefaultPublicIP')), createObject('id', reference(resourceId('Microsoft.Resources/deployments', format('{0}-Firewall-PIP', uniqueString(deployment().name, parameters('location')))), '2022-09-01').outputs.resourceId.value), null())), createObject())))), variables('additionalPublicIpConfigurationsVar')), 'managementIpConfiguration', if(variables('requiresManagementIp'), createObject('name', if(not(empty(parameters('managementIPResourceID'))), last(split(parameters('managementIPResourceID'), '/')), reference(resourceId('Microsoft.Resources/deployments', format('{0}-Firewall-MIP', uniqueString(deployment().name, parameters('location')))), '2022-09-01').outputs.name.value), 'properties', union(variables('managementSubnetVar'), if(not(empty(parameters('managementIPResourceID'))), variables('existingMip'), createObject()), if(variables('isCreateDefaultManagementIP'), createObject('publicIPAddress', if(and(empty(parameters('managementIPResourceID')), variables('isCreateDefaultManagementIP')), createObject('id', reference(resourceId('Microsoft.Resources/deployments', format('{0}-Firewall-MIP', uniqueString(deployment().name, parameters('location')))), '2022-09-01').outputs.resourceId.value), null())), createObject()))), null()), 'sku', createObject('name', variables('azureSkuName'), 'tier', parameters('azureSkuTier')), 'applicationRuleCollections', parameters('applicationRuleCollections'), 'natRuleCollections', parameters('natRuleCollections'), 'networkRuleCollections', parameters('networkRuleCollections')), createObject('firewallPolicy', if(not(empty(parameters('firewallPolicyId'))), createObject('id', parameters('firewallPolicyId')), null()), 'sku', createObject('name', variables('azureSkuName'), 'tier', parameters('azureSkuTier')), 'hubIPAddresses', if(not(empty(parameters('hubIPAddresses'))), parameters('hubIPAddresses'), null()), 'virtualHub', if(not(empty(parameters('virtualHubId'))), createObject('id', parameters('virtualHubId')), null())))]", + "properties": "[if(equals(variables('azureSkuName'), 'AZFW_VNet'), createObject('threatIntelMode', parameters('threatIntelMode'), 'firewallPolicy', if(not(empty(parameters('firewallPolicyId'))), createObject('id', parameters('firewallPolicyId')), null()), 'ipConfigurations', concat(createArray(createObject('name', if(not(empty(parameters('publicIPResourceID'))), last(split(parameters('publicIPResourceID'), '/')), reference('publicIPAddress').outputs.name.value), 'properties', union(variables('subnetVar'), if(not(empty(parameters('publicIPResourceID'))), variables('existingPip'), createObject()), if(parameters('isCreateDefaultPublicIP'), createObject('publicIPAddress', if(and(empty(parameters('publicIPResourceID')), parameters('isCreateDefaultPublicIP')), createObject('id', reference('publicIPAddress').outputs.resourceId.value), null())), createObject())))), variables('additionalPublicIpConfigurationsVar')), 'managementIpConfiguration', if(variables('requiresManagementIp'), createObject('name', if(not(empty(parameters('managementIPResourceID'))), last(split(parameters('managementIPResourceID'), '/')), reference('managementIPAddress').outputs.name.value), 'properties', union(variables('managementSubnetVar'), if(not(empty(parameters('managementIPResourceID'))), variables('existingMip'), createObject()), if(variables('isCreateDefaultManagementIP'), createObject('publicIPAddress', if(and(empty(parameters('managementIPResourceID')), variables('isCreateDefaultManagementIP')), createObject('id', reference('managementIPAddress').outputs.resourceId.value), null())), createObject()))), null()), 'sku', createObject('name', variables('azureSkuName'), 'tier', parameters('azureSkuTier')), 'applicationRuleCollections', parameters('applicationRuleCollections'), 'natRuleCollections', parameters('natRuleCollections'), 'networkRuleCollections', parameters('networkRuleCollections')), createObject('firewallPolicy', if(not(empty(parameters('firewallPolicyId'))), createObject('id', parameters('firewallPolicyId')), null()), 'sku', createObject('name', variables('azureSkuName'), 'tier', parameters('azureSkuTier')), 'hubIPAddresses', if(not(empty(parameters('hubIPAddresses'))), parameters('hubIPAddresses'), null()), 'virtualHub', if(not(empty(parameters('virtualHubId'))), createObject('id', parameters('virtualHubId')), null())))]", "dependsOn": [ - "[resourceId('Microsoft.Resources/deployments', format('{0}-Firewall-MIP', uniqueString(deployment().name, parameters('location'))))]", - "[resourceId('Microsoft.Resources/deployments', format('{0}-Firewall-PIP', uniqueString(deployment().name, parameters('location'))))]" + "managementIPAddress", + "publicIPAddress" ] }, - { - "condition": "[not(empty(parameters('lock')))]", + "azureFirewall_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Network/azureFirewalls/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/azureFirewalls', parameters('name'))]" + "azureFirewall" ] }, - { + "azureFirewall_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -361,10 +383,10 @@ "logs": "[variables('diagnosticsLogs')]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/azureFirewalls', parameters('name'))]" + "azureFirewall" ] }, - { + "publicIPAddress": { "condition": "[and(and(empty(parameters('publicIPResourceID')), parameters('isCreateDefaultPublicIP')), equals(variables('azureSkuName'), 'AZFW_VNet'))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -413,17 +435,45 @@ }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "4317747709004918530" + "templateHash": "7177220893233117141" }, "name": "Public IP Addresses", "description": "This module deploys a Public IP Address.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -553,15 +603,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "location": { @@ -650,8 +694,8 @@ ], "diagnosticsLogs": "[if(contains(parameters('diagnosticLogCategoriesToEnable'), 'allLogs'), createArray(createObject('categoryGroup', 'allLogs', 'enabled', true())), if(contains(parameters('diagnosticLogCategoriesToEnable'), ''), createArray(), variables('diagnosticsLogsSpecified')))]" }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -665,7 +709,7 @@ } } }, - { + "publicIpAddress": { "type": "Microsoft.Network/publicIPAddresses", "apiVersion": "2023-04-01", "name": "[parameters('name')]", @@ -685,21 +729,21 @@ "ipTags": [] } }, - { - "condition": "[not(empty(parameters('lock')))]", + "publicIpAddress_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Network/publicIPAddresses/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/publicIPAddresses', parameters('name'))]" + "publicIpAddress" ] }, - { + "publicIpAddress_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -714,10 +758,10 @@ "logs": "[variables('diagnosticsLogs')]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/publicIPAddresses', parameters('name'))]" + "publicIpAddress" ] }, - { + "publicIpAddress_roleAssignments": { "copy": { "name": "publicIpAddress_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -891,10 +935,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/publicIPAddresses', parameters('name'))]" + "publicIpAddress" ] } - ], + }, "outputs": { "resourceGroupName": { "type": "string", @@ -922,20 +966,20 @@ "metadata": { "description": "The public IP address of the public IP address resource." }, - "value": "[if(contains(reference(resourceId('Microsoft.Network/publicIPAddresses', parameters('name')), '2023-04-01'), 'ipAddress'), reference(resourceId('Microsoft.Network/publicIPAddresses', parameters('name')), '2023-04-01').ipAddress, '')]" + "value": "[if(contains(reference('publicIpAddress'), 'ipAddress'), reference('publicIpAddress').ipAddress, '')]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Network/publicIPAddresses', parameters('name')), '2023-04-01', 'full').location]" + "value": "[reference('publicIpAddress', '2023-04-01', 'full').location]" } } } } }, - { + "managementIPAddress": { "condition": "[and(and(empty(parameters('managementIPResourceID')), variables('isCreateDefaultManagementIP')), equals(variables('azureSkuName'), 'AZFW_VNet'))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -984,17 +1028,45 @@ }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "4317747709004918530" + "templateHash": "7177220893233117141" }, "name": "Public IP Addresses", "description": "This module deploys a Public IP Address.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -1124,15 +1196,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "location": { @@ -1221,8 +1287,8 @@ ], "diagnosticsLogs": "[if(contains(parameters('diagnosticLogCategoriesToEnable'), 'allLogs'), createArray(createObject('categoryGroup', 'allLogs', 'enabled', true())), if(contains(parameters('diagnosticLogCategoriesToEnable'), ''), createArray(), variables('diagnosticsLogsSpecified')))]" }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -1236,7 +1302,7 @@ } } }, - { + "publicIpAddress": { "type": "Microsoft.Network/publicIPAddresses", "apiVersion": "2023-04-01", "name": "[parameters('name')]", @@ -1256,21 +1322,21 @@ "ipTags": [] } }, - { - "condition": "[not(empty(parameters('lock')))]", + "publicIpAddress_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Network/publicIPAddresses/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/publicIPAddresses', parameters('name'))]" + "publicIpAddress" ] }, - { + "publicIpAddress_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -1285,10 +1351,10 @@ "logs": "[variables('diagnosticsLogs')]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/publicIPAddresses', parameters('name'))]" + "publicIpAddress" ] }, - { + "publicIpAddress_roleAssignments": { "copy": { "name": "publicIpAddress_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -1462,10 +1528,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/publicIPAddresses', parameters('name'))]" + "publicIpAddress" ] } - ], + }, "outputs": { "resourceGroupName": { "type": "string", @@ -1493,20 +1559,20 @@ "metadata": { "description": "The public IP address of the public IP address resource." }, - "value": "[if(contains(reference(resourceId('Microsoft.Network/publicIPAddresses', parameters('name')), '2023-04-01'), 'ipAddress'), reference(resourceId('Microsoft.Network/publicIPAddresses', parameters('name')), '2023-04-01').ipAddress, '')]" + "value": "[if(contains(reference('publicIpAddress'), 'ipAddress'), reference('publicIpAddress').ipAddress, '')]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Network/publicIPAddresses', parameters('name')), '2023-04-01', 'full').location]" + "value": "[reference('publicIpAddress', '2023-04-01', 'full').location]" } } } } }, - { + "azureFirewall_roleAssignments": { "copy": { "name": "azureFirewall_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -1680,10 +1746,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/azureFirewalls', parameters('name'))]" + "azureFirewall" ] } - ], + }, "outputs": { "resourceId": { "type": "string", @@ -1711,14 +1777,14 @@ "metadata": { "description": "The private IP of the Azure firewall." }, - "value": "[if(contains(reference(resourceId('Microsoft.Network/azureFirewalls', parameters('name')), '2023-04-01'), 'ipConfigurations'), reference(resourceId('Microsoft.Network/azureFirewalls', parameters('name')), '2023-04-01').ipConfigurations[0].properties.privateIPAddress, '')]" + "value": "[if(contains(reference('azureFirewall'), 'ipConfigurations'), reference('azureFirewall').ipConfigurations[0].properties.privateIPAddress, '')]" }, "ipConfAzureFirewallSubnet": { "type": "object", "metadata": { "description": "The Public IP configuration object for the Azure Firewall Subnet." }, - "value": "[if(contains(reference(resourceId('Microsoft.Network/azureFirewalls', parameters('name')), '2023-04-01'), 'ipConfigurations'), reference(resourceId('Microsoft.Network/azureFirewalls', parameters('name')), '2023-04-01').ipConfigurations[0], createObject())]" + "value": "[if(contains(reference('azureFirewall'), 'ipConfigurations'), reference('azureFirewall').ipConfigurations[0], createObject())]" }, "applicationRuleCollections": { "type": "array", @@ -1746,7 +1812,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Network/azureFirewalls', parameters('name')), '2023-04-01', 'full').location]" + "value": "[reference('azureFirewall', '2023-04-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/network/bastion-host/main.json b/modules/network/bastion-host/main.json index ab504b7428..057acedabb 100644 --- a/modules/network/bastion-host/main.json +++ b/modules/network/bastion-host/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "18039554301844568366" + "templateHash": "7681317257874084680" }, "name": "Bastion Hosts", "description": "This module deploys a Bastion Host.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -81,15 +109,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "skuName": { @@ -214,8 +236,8 @@ }, "enableReferencedModulesTelemetry": false }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -229,7 +251,7 @@ } } }, - { + "azureBastion": { "type": "Microsoft.Network/bastionHosts", "apiVersion": "2022-11-01", "name": "[parameters('name')]", @@ -238,26 +260,26 @@ "sku": { "name": "[parameters('skuName')]" }, - "properties": "[if(equals(parameters('skuName'), 'Standard'), createObject('scaleUnits', variables('scaleUnitsVar'), 'ipConfigurations', createArray(createObject('name', 'IpConfAzureBastionSubnet', 'properties', union(variables('subnetVar'), if(not(empty(parameters('bastionSubnetPublicIpResourceId'))), variables('existingPip'), createObject()), if(parameters('isCreateDefaultPublicIP'), createObject('publicIPAddress', if(and(empty(parameters('bastionSubnetPublicIpResourceId')), parameters('isCreateDefaultPublicIP')), createObject('id', reference(resourceId('Microsoft.Resources/deployments', format('{0}-Bastion-PIP', uniqueString(deployment().name, parameters('location')))), '2022-09-01').outputs.resourceId.value), null())), createObject())))), 'enableTunneling', variables('enableTunneling'), 'disableCopyPaste', parameters('disableCopyPaste'), 'enableFileCopy', parameters('enableFileCopy'), 'enableIpConnect', parameters('enableIpConnect'), 'enableKerberos', parameters('enableKerberos'), 'enableShareableLink', parameters('enableShareableLink')), createObject('scaleUnits', variables('scaleUnitsVar'), 'ipConfigurations', createArray(createObject('name', 'IpConfAzureBastionSubnet', 'properties', union(variables('subnetVar'), if(not(empty(parameters('bastionSubnetPublicIpResourceId'))), variables('existingPip'), createObject()), if(parameters('isCreateDefaultPublicIP'), createObject('publicIPAddress', if(and(empty(parameters('bastionSubnetPublicIpResourceId')), parameters('isCreateDefaultPublicIP')), createObject('id', reference(resourceId('Microsoft.Resources/deployments', format('{0}-Bastion-PIP', uniqueString(deployment().name, parameters('location')))), '2022-09-01').outputs.resourceId.value), null())), createObject())))), 'enableKerberos', parameters('enableKerberos')))]", + "properties": "[if(equals(parameters('skuName'), 'Standard'), createObject('scaleUnits', variables('scaleUnitsVar'), 'ipConfigurations', createArray(createObject('name', 'IpConfAzureBastionSubnet', 'properties', union(variables('subnetVar'), if(not(empty(parameters('bastionSubnetPublicIpResourceId'))), variables('existingPip'), createObject()), if(parameters('isCreateDefaultPublicIP'), createObject('publicIPAddress', if(and(empty(parameters('bastionSubnetPublicIpResourceId')), parameters('isCreateDefaultPublicIP')), createObject('id', reference('publicIPAddress').outputs.resourceId.value), null())), createObject())))), 'enableTunneling', variables('enableTunneling'), 'disableCopyPaste', parameters('disableCopyPaste'), 'enableFileCopy', parameters('enableFileCopy'), 'enableIpConnect', parameters('enableIpConnect'), 'enableKerberos', parameters('enableKerberos'), 'enableShareableLink', parameters('enableShareableLink')), createObject('scaleUnits', variables('scaleUnitsVar'), 'ipConfigurations', createArray(createObject('name', 'IpConfAzureBastionSubnet', 'properties', union(variables('subnetVar'), if(not(empty(parameters('bastionSubnetPublicIpResourceId'))), variables('existingPip'), createObject()), if(parameters('isCreateDefaultPublicIP'), createObject('publicIPAddress', if(and(empty(parameters('bastionSubnetPublicIpResourceId')), parameters('isCreateDefaultPublicIP')), createObject('id', reference('publicIPAddress').outputs.resourceId.value), null())), createObject())))), 'enableKerberos', parameters('enableKerberos')))]", "dependsOn": [ - "[resourceId('Microsoft.Resources/deployments', format('{0}-Bastion-PIP', uniqueString(deployment().name, parameters('location'))))]" + "publicIPAddress" ] }, - { - "condition": "[not(empty(parameters('lock')))]", + "azureBastion_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Network/bastionHosts/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/bastionHosts', parameters('name'))]" + "azureBastion" ] }, - { + "azureBastion_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -271,10 +293,10 @@ "logs": "[variables('diagnosticsLogs')]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/bastionHosts', parameters('name'))]" + "azureBastion" ] }, - { + "publicIPAddress": { "condition": "[and(empty(parameters('bastionSubnetPublicIpResourceId')), parameters('isCreateDefaultPublicIP'))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -322,17 +344,45 @@ }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "4317747709004918530" + "templateHash": "7177220893233117141" }, "name": "Public IP Addresses", "description": "This module deploys a Public IP Address.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -462,15 +512,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "location": { @@ -559,8 +603,8 @@ ], "diagnosticsLogs": "[if(contains(parameters('diagnosticLogCategoriesToEnable'), 'allLogs'), createArray(createObject('categoryGroup', 'allLogs', 'enabled', true())), if(contains(parameters('diagnosticLogCategoriesToEnable'), ''), createArray(), variables('diagnosticsLogsSpecified')))]" }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -574,7 +618,7 @@ } } }, - { + "publicIpAddress": { "type": "Microsoft.Network/publicIPAddresses", "apiVersion": "2023-04-01", "name": "[parameters('name')]", @@ -594,21 +638,21 @@ "ipTags": [] } }, - { - "condition": "[not(empty(parameters('lock')))]", + "publicIpAddress_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Network/publicIPAddresses/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/publicIPAddresses', parameters('name'))]" + "publicIpAddress" ] }, - { + "publicIpAddress_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -623,10 +667,10 @@ "logs": "[variables('diagnosticsLogs')]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/publicIPAddresses', parameters('name'))]" + "publicIpAddress" ] }, - { + "publicIpAddress_roleAssignments": { "copy": { "name": "publicIpAddress_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -800,10 +844,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/publicIPAddresses', parameters('name'))]" + "publicIpAddress" ] } - ], + }, "outputs": { "resourceGroupName": { "type": "string", @@ -831,20 +875,20 @@ "metadata": { "description": "The public IP address of the public IP address resource." }, - "value": "[if(contains(reference(resourceId('Microsoft.Network/publicIPAddresses', parameters('name')), '2023-04-01'), 'ipAddress'), reference(resourceId('Microsoft.Network/publicIPAddresses', parameters('name')), '2023-04-01').ipAddress, '')]" + "value": "[if(contains(reference('publicIpAddress'), 'ipAddress'), reference('publicIpAddress').ipAddress, '')]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Network/publicIPAddresses', parameters('name')), '2023-04-01', 'full').location]" + "value": "[reference('publicIpAddress', '2023-04-01', 'full').location]" } } } } }, - { + "azureBastion_roleAssignments": { "copy": { "name": "azureBastion_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -1018,10 +1062,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/bastionHosts', parameters('name'))]" + "azureBastion" ] } - ], + }, "outputs": { "resourceGroupName": { "type": "string", @@ -1049,14 +1093,14 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Network/bastionHosts', parameters('name')), '2022-11-01', 'full').location]" + "value": "[reference('azureBastion', '2022-11-01', 'full').location]" }, "ipConfAzureBastionSubnet": { "type": "object", "metadata": { "description": "The Public IPconfiguration object for the AzureBastionSubnet." }, - "value": "[reference(resourceId('Microsoft.Network/bastionHosts', parameters('name')), '2022-11-01').ipConfigurations[0]]" + "value": "[reference('azureBastion').ipConfigurations[0]]" } } } \ No newline at end of file diff --git a/modules/network/ddos-protection-plan/main.json b/modules/network/ddos-protection-plan/main.json index f67227f30a..6b377c3378 100644 --- a/modules/network/ddos-protection-plan/main.json +++ b/modules/network/ddos-protection-plan/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "10705912154060159414" + "templateHash": "5335931212602685116" }, "name": "DDoS Protection Plans", "description": "This module deploys a DDoS Protection Plan.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -27,15 +55,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -60,8 +82,8 @@ } } }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -75,7 +97,7 @@ } } }, - { + "ddosProtectionPlan": { "type": "Microsoft.Network/ddosProtectionPlans", "apiVersion": "2023-04-01", "name": "[parameters('name')]", @@ -83,21 +105,21 @@ "tags": "[parameters('tags')]", "properties": {} }, - { - "condition": "[not(empty(parameters('lock')))]", + "ddosProtectionPlan_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Network/ddosProtectionPlans/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/ddosProtectionPlans', parameters('name'))]" + "ddosProtectionPlan" ] }, - { + "ddosProtectionPlan_roleAssignments": { "copy": { "name": "ddosProtectionPlan_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -271,10 +293,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/ddosProtectionPlans', parameters('name'))]" + "ddosProtectionPlan" ] } - ], + }, "outputs": { "resourceGroupName": { "type": "string", @@ -302,7 +324,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Network/ddosProtectionPlans', parameters('name')), '2023-04-01', 'full').location]" + "value": "[reference('ddosProtectionPlan', '2023-04-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/network/dns-resolver/main.json b/modules/network/dns-resolver/main.json index f4fde16620..a9733ecbfe 100644 --- a/modules/network/dns-resolver/main.json +++ b/modules/network/dns-resolver/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "317150262818676597" + "templateHash": "11864164290736408459" }, "name": "DNS Resolvers", "description": "This module deploys a DNS Resolver.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -27,15 +55,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -80,8 +102,8 @@ } } }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -95,7 +117,7 @@ } } }, - { + "dnsResolver": { "type": "Microsoft.Network/dnsResolvers", "apiVersion": "2022-07-01", "name": "[parameters('name')]", @@ -107,7 +129,7 @@ } } }, - { + "dnsResolver_inboundEndpoint": { "copy": { "name": "dnsResolver_inboundEndpoint", "count": "[length(parameters('inboundEndpoints'))]" @@ -127,10 +149,10 @@ ] }, "dependsOn": [ - "[resourceId('Microsoft.Network/dnsResolvers', parameters('name'))]" + "dnsResolver" ] }, - { + "dnsResolver_outboundEndpoint": { "copy": { "name": "dnsResolver_outboundEndpoint", "count": "[length(parameters('outboundEndpoints'))]" @@ -146,24 +168,24 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/dnsResolvers', parameters('name'))]" + "dnsResolver" ] }, - { - "condition": "[not(empty(parameters('lock')))]", + "dnsResolver_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Network/dnsResolvers/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/dnsResolvers', parameters('name'))]" + "dnsResolver" ] }, - { + "dnsResolver_roleAssignments": { "copy": { "name": "dnsResolver_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -337,10 +359,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/dnsResolvers', parameters('name'))]" + "dnsResolver" ] } - ], + }, "outputs": { "resourceGroupName": { "type": "string", @@ -368,7 +390,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Network/dnsResolvers', parameters('name')), '2022-07-01', 'full').location]" + "value": "[reference('dnsResolver', '2022-07-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/network/dns-zone/main.json b/modules/network/dns-zone/main.json index 2050ccbfa3..6cc1b04100 100644 --- a/modules/network/dns-zone/main.json +++ b/modules/network/dns-zone/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "9774189040753970370" + "templateHash": "14872051751998229436" }, "name": "Public DNS Zones", "description": "This module deploys a Public DNS zone.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -112,15 +140,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "enableDefaultTelemetry": { @@ -134,8 +156,8 @@ "variables": { "enableReferencedModulesTelemetry": false }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -149,7 +171,7 @@ } } }, - { + "dnsZone": { "type": "Microsoft.Network/dnsZones", "apiVersion": "2018-05-01", "name": "[parameters('name')]", @@ -159,21 +181,21 @@ "zoneType": "Public" } }, - { - "condition": "[not(empty(parameters('lock')))]", + "dnsZone_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Network/dnsZones/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/dnsZones', parameters('name'))]" + "dnsZone" ] }, - { + "dnsZone_A": { "copy": { "name": "dnsZone_A", "count": "[length(parameters('a'))]" @@ -501,10 +523,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/dnsZones', parameters('name'))]" + "dnsZone" ] }, - { + "dnsZone_AAAA": { "copy": { "name": "dnsZone_AAAA", "count": "[length(parameters('aaaa'))]" @@ -832,10 +854,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/dnsZones', parameters('name'))]" + "dnsZone" ] }, - { + "dnsZone_CNAME": { "copy": { "name": "dnsZone_CNAME", "count": "[length(parameters('cname'))]" @@ -1163,10 +1185,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/dnsZones', parameters('name'))]" + "dnsZone" ] }, - { + "dnsZone_CAA": { "copy": { "name": "dnsZone_CAA", "count": "[length(parameters('caa'))]" @@ -1485,10 +1507,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/dnsZones', parameters('name'))]" + "dnsZone" ] }, - { + "dnsZone_MX": { "copy": { "name": "dnsZone_MX", "count": "[length(parameters('mx'))]" @@ -1807,10 +1829,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/dnsZones', parameters('name'))]" + "dnsZone" ] }, - { + "dnsZone_NS": { "copy": { "name": "dnsZone_NS", "count": "[length(parameters('ns'))]" @@ -2129,10 +2151,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/dnsZones', parameters('name'))]" + "dnsZone" ] }, - { + "dnsZone_PTR": { "copy": { "name": "dnsZone_PTR", "count": "[length(parameters('ptr'))]" @@ -2451,10 +2473,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/dnsZones', parameters('name'))]" + "dnsZone" ] }, - { + "dnsZone_SOA": { "copy": { "name": "dnsZone_SOA", "count": "[length(parameters('soa'))]" @@ -2773,10 +2795,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/dnsZones', parameters('name'))]" + "dnsZone" ] }, - { + "dnsZone_SRV": { "copy": { "name": "dnsZone_SRV", "count": "[length(parameters('srv'))]" @@ -3095,10 +3117,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/dnsZones', parameters('name'))]" + "dnsZone" ] }, - { + "dnsZone_TXT": { "copy": { "name": "dnsZone_TXT", "count": "[length(parameters('txt'))]" @@ -3417,10 +3439,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/dnsZones', parameters('name'))]" + "dnsZone" ] }, - { + "dnsZone_roleAssignments": { "copy": { "name": "dnsZone_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -3594,10 +3616,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/dnsZones', parameters('name'))]" + "dnsZone" ] } - ], + }, "outputs": { "resourceGroupName": { "type": "string", @@ -3625,7 +3647,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Network/dnsZones', parameters('name')), '2018-05-01', 'full').location]" + "value": "[reference('dnsZone', '2018-05-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/network/express-route-circuit/main.json b/modules/network/express-route-circuit/main.json index 74d56855cd..024719dcd6 100644 --- a/modules/network/express-route-circuit/main.json +++ b/modules/network/express-route-circuit/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "15387700502783731966" + "templateHash": "14824487476304731061" }, "name": "ExpressRoute Circuits", "description": "This module deploys an Express Route Circuit.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -176,15 +204,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -277,8 +299,8 @@ } ] }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -292,7 +314,7 @@ } } }, - { + "expressRouteCircuits": { "type": "Microsoft.Network/expressRouteCircuits", "apiVersion": "2023-04-01", "name": "[parameters('name')]", @@ -316,21 +338,21 @@ "peerings": "[if(parameters('peering'), variables('peeringConfiguration'), null())]" } }, - { - "condition": "[not(empty(parameters('lock')))]", + "expressRouteCircuits_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Network/expressRouteCircuits/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/expressRouteCircuits', parameters('name'))]" + "expressRouteCircuits" ] }, - { + "expressRouteCircuits_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -345,10 +367,10 @@ "logs": "[variables('diagnosticsLogs')]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/expressRouteCircuits', parameters('name'))]" + "expressRouteCircuits" ] }, - { + "expressRouteCircuits_roleAssignments": { "copy": { "name": "expressRouteCircuits_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -522,10 +544,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/expressRouteCircuits', parameters('name'))]" + "expressRouteCircuits" ] } - ], + }, "outputs": { "resourceId": { "type": "string", @@ -560,7 +582,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Network/expressRouteCircuits', parameters('name')), '2023-04-01', 'full').location]" + "value": "[reference('expressRouteCircuits', '2023-04-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/network/express-route-gateway/main.json b/modules/network/express-route-gateway/main.json index 084701ac54..1487410b23 100644 --- a/modules/network/express-route-gateway/main.json +++ b/modules/network/express-route-gateway/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "8092497363245159180" + "templateHash": "3687139000883539372" }, "name": "Express Route Gateways", "description": "This module deploys an Express Route Gateway.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -81,20 +109,14 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } } }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -108,7 +130,7 @@ } } }, - { + "expressRouteGateway": { "type": "Microsoft.Network/expressRouteGateways", "apiVersion": "2023-04-01", "name": "[parameters('name')]", @@ -128,21 +150,21 @@ } } }, - { - "condition": "[not(empty(parameters('lock')))]", + "expressRouteGateway_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Network/expressRouteGateways/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/expressRouteGateways', parameters('name'))]" + "expressRouteGateway" ] }, - { + "expressRouteGateway_roleAssignments": { "copy": { "name": "expressRouteGateway_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -316,10 +338,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/expressRouteGateways', parameters('name'))]" + "expressRouteGateway" ] } - ], + }, "outputs": { "resourceId": { "type": "string", @@ -347,7 +369,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Network/expressRouteGateways', parameters('name')), '2023-04-01', 'full').location]" + "value": "[reference('expressRouteGateway', '2023-04-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/network/front-door-web-application-firewall-policy/main.json b/modules/network/front-door-web-application-firewall-policy/main.json index a2dffd263e..a9208e608a 100644 --- a/modules/network/front-door-web-application-firewall-policy/main.json +++ b/modules/network/front-door-web-application-firewall-policy/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "9522616710967870505" + "templateHash": "11436451701483228580" }, "name": "Front Door Web Application Firewall (WAF) Policies", "description": "This module deploys a Front Door Web Application Firewall (WAF) Policy.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -113,15 +141,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -132,8 +154,8 @@ } } }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -147,7 +169,7 @@ } } }, - { + "frontDoorWAFPolicy": { "type": "Microsoft.Network/FrontDoorWebApplicationFirewallPolicies", "apiVersion": "2022-05-01", "name": "[parameters('name')]", @@ -162,21 +184,21 @@ "policySettings": "[parameters('policySettings')]" } }, - { - "condition": "[not(empty(parameters('lock')))]", + "frontDoorWAFPolicy_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/FrontDoorWebApplicationFirewallPolicies', parameters('name'))]" + "frontDoorWAFPolicy" ] }, - { + "frontDoorWAFPolicy_roleAssignments": { "copy": { "name": "frontDoorWAFPolicy_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -319,10 +341,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/FrontDoorWebApplicationFirewallPolicies', parameters('name'))]" + "frontDoorWAFPolicy" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -350,7 +372,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Network/FrontDoorWebApplicationFirewallPolicies', parameters('name')), '2022-05-01', 'full').location]" + "value": "[reference('frontDoorWAFPolicy', '2022-05-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/network/front-door/main.json b/modules/network/front-door/main.json index 3722abf630..bb1efe12fc 100644 --- a/modules/network/front-door/main.json +++ b/modules/network/front-door/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "1800137372393005313" + "templateHash": "4137545584331429686" }, "name": "Azure Front Doors", "description": "This module deploys an Azure Front Door.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -28,15 +56,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -197,8 +219,8 @@ ], "diagnosticsLogs": "[if(contains(parameters('diagnosticLogCategoriesToEnable'), 'allLogs'), createArray(createObject('categoryGroup', 'allLogs', 'enabled', true())), if(contains(parameters('diagnosticLogCategoriesToEnable'), ''), createArray(), variables('diagnosticsLogsSpecified')))]" }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -212,7 +234,7 @@ } } }, - { + "frontDoor": { "type": "Microsoft.Network/frontDoors", "apiVersion": "2020-05-01", "name": "[parameters('name')]", @@ -232,21 +254,21 @@ "routingRules": "[parameters('routingRules')]" } }, - { - "condition": "[not(empty(parameters('lock')))]", + "frontDoor_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Network/frontDoors/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/frontDoors', parameters('name'))]" + "frontDoor" ] }, - { + "frontDoor_diagnosticSettingName": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -261,10 +283,10 @@ "logs": "[if(and(and(and(empty(parameters('diagnosticStorageAccountId')), empty(parameters('diagnosticWorkspaceId'))), empty(parameters('diagnosticEventHubAuthorizationRuleId'))), empty(parameters('diagnosticEventHubName'))), null(), variables('diagnosticsLogs'))]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/frontDoors', parameters('name'))]" + "frontDoor" ] }, - { + "frontDoor_roleAssignments": { "copy": { "name": "frontDoor_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -438,10 +460,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/frontDoors', parameters('name'))]" + "frontDoor" ] } - ], + }, "outputs": { "name": { "type": "string", diff --git a/modules/network/ip-group/main.json b/modules/network/ip-group/main.json index 3d3b61dbe5..5df42e25f4 100644 --- a/modules/network/ip-group/main.json +++ b/modules/network/ip-group/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "3722289923159347480" + "templateHash": "1770501120161769084" }, "name": "IP Groups", "description": "This module deploys an IP Group.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -34,15 +62,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -67,8 +89,8 @@ } } }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -82,7 +104,7 @@ } } }, - { + "ipGroup": { "type": "Microsoft.Network/ipGroups", "apiVersion": "2023-04-01", "name": "[parameters('name')]", @@ -92,21 +114,21 @@ "ipAddresses": "[parameters('ipAddresses')]" } }, - { - "condition": "[not(empty(parameters('lock')))]", + "ipGroup_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Network/ipGroups/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/ipGroups', parameters('name'))]" + "ipGroup" ] }, - { + "ipGroup_roleAssignments": { "copy": { "name": "ipGroup_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -280,10 +302,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/ipGroups', parameters('name'))]" + "ipGroup" ] } - ], + }, "outputs": { "resourceId": { "type": "string", @@ -311,7 +333,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Network/ipGroups', parameters('name')), '2023-04-01', 'full').location]" + "value": "[reference('ipGroup', '2023-04-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/network/load-balancer/main.json b/modules/network/load-balancer/main.json index 974b7006fd..3762e54063 100644 --- a/modules/network/load-balancer/main.json +++ b/modules/network/load-balancer/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "4129476930281729422" + "templateHash": "10984234034894076123" }, "name": "Load Balancers", "description": "This module deploys a Load Balancer.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -93,15 +121,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -257,8 +279,8 @@ ], "enableReferencedModulesTelemetry": false }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -272,7 +294,7 @@ } } }, - { + "loadBalancer": { "type": "Microsoft.Network/loadBalancers", "apiVersion": "2023-04-01", "name": "[parameters('name')]", @@ -289,21 +311,21 @@ "probes": "[variables('probesVar')]" } }, - { - "condition": "[not(empty(parameters('lock')))]", + "loadBalancer_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Network/loadBalancers/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/loadBalancers', parameters('name'))]" + "loadBalancer" ] }, - { + "loadBalancer_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -317,10 +339,10 @@ "metrics": "[variables('diagnosticsMetrics')]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/loadBalancers', parameters('name'))]" + "loadBalancer" ] }, - { + "loadBalancer_backendAddressPools": { "copy": { "name": "loadBalancer_backendAddressPools", "count": "[length(parameters('backendAddressPools'))]" @@ -467,10 +489,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/loadBalancers', parameters('name'))]" + "loadBalancer" ] }, - { + "loadBalancer_inboundNATRules": { "copy": { "name": "loadBalancer_inboundNATRules", "count": "[length(parameters('inboundNatRules'))]" @@ -684,11 +706,11 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/loadBalancers', parameters('name'))]", + "loadBalancer", "loadBalancer_backendAddressPools" ] }, - { + "loadBalancer_roleAssignments": { "copy": { "name": "loadBalancer_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -862,10 +884,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/loadBalancers', parameters('name'))]" + "loadBalancer" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -893,14 +915,14 @@ "metadata": { "description": "The backend address pools available in the load balancer." }, - "value": "[reference(resourceId('Microsoft.Network/loadBalancers', parameters('name')), '2023-04-01').backendAddressPools]" + "value": "[reference('loadBalancer').backendAddressPools]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Network/loadBalancers', parameters('name')), '2023-04-01', 'full').location]" + "value": "[reference('loadBalancer', '2023-04-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/network/local-network-gateway/main.json b/modules/network/local-network-gateway/main.json index 7ddb2effdf..3f59f99a0b 100644 --- a/modules/network/local-network-gateway/main.json +++ b/modules/network/local-network-gateway/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "3075207124319652071" + "templateHash": "3611172321623700485" }, "name": "Local Network Gateways", "description": "This module deploys a Local Network Gateway.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -60,15 +88,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -107,8 +129,8 @@ "peerWeight": "[if(not(empty(parameters('localPeerWeight'))), parameters('localPeerWeight'), '0')]" } }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -122,7 +144,7 @@ } } }, - { + "localNetworkGateway": { "type": "Microsoft.Network/localNetworkGateways", "apiVersion": "2023-04-01", "name": "[parameters('name')]", @@ -137,21 +159,21 @@ "bgpSettings": "[if(and(not(empty(parameters('localAsn'))), not(empty(parameters('localBgpPeeringAddress')))), variables('bgpSettings'), null())]" } }, - { - "condition": "[not(empty(parameters('lock')))]", + "localNetworkGateway_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Network/localNetworkGateways/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/localNetworkGateways', parameters('name'))]" + "localNetworkGateway" ] }, - { + "localNetworkGateway_roleAssignments": { "copy": { "name": "localNetworkGateway_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -325,10 +347,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/localNetworkGateways', parameters('name'))]" + "localNetworkGateway" ] } - ], + }, "outputs": { "resourceId": { "type": "string", @@ -356,7 +378,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Network/localNetworkGateways', parameters('name')), '2023-04-01', 'full').location]" + "value": "[reference('localNetworkGateway', '2023-04-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/network/nat-gateway/main.json b/modules/network/nat-gateway/main.json index ffc7620f1a..eaa850c981 100644 --- a/modules/network/nat-gateway/main.json +++ b/modules/network/nat-gateway/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "9634258356447527908" + "templateHash": "17911120011754183628" }, "name": "NAT Gateways", "description": "This module deploys a NAT Gateway.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -110,15 +138,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -197,8 +219,8 @@ ], "enableReferencedModulesTelemetry": false }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -212,7 +234,7 @@ } } }, - { + "natGateway": { "type": "Microsoft.Network/natGateways", "apiVersion": "2023-04-01", "name": "[parameters('name')]", @@ -228,24 +250,24 @@ }, "zones": "[parameters('zones')]", "dependsOn": [ - "[resourceId('Microsoft.Resources/deployments', format('{0}-NatGateway-PIP', uniqueString(deployment().name, parameters('location'))))]" + "publicIPAddress" ] }, - { - "condition": "[not(empty(parameters('lock')))]", + "natGateway_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Network/natGateways/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/natGateways', parameters('name'))]" + "natGateway" ] }, - { + "publicIPAddress": { "condition": "[parameters('natGatewayPublicIpAddress')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -310,17 +332,45 @@ }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "4317747709004918530" + "templateHash": "7177220893233117141" }, "name": "Public IP Addresses", "description": "This module deploys a Public IP Address.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -450,15 +500,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "location": { @@ -547,8 +591,8 @@ ], "diagnosticsLogs": "[if(contains(parameters('diagnosticLogCategoriesToEnable'), 'allLogs'), createArray(createObject('categoryGroup', 'allLogs', 'enabled', true())), if(contains(parameters('diagnosticLogCategoriesToEnable'), ''), createArray(), variables('diagnosticsLogsSpecified')))]" }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -562,7 +606,7 @@ } } }, - { + "publicIpAddress": { "type": "Microsoft.Network/publicIPAddresses", "apiVersion": "2023-04-01", "name": "[parameters('name')]", @@ -582,21 +626,21 @@ "ipTags": [] } }, - { - "condition": "[not(empty(parameters('lock')))]", + "publicIpAddress_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Network/publicIPAddresses/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/publicIPAddresses', parameters('name'))]" + "publicIpAddress" ] }, - { + "publicIpAddress_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -611,10 +655,10 @@ "logs": "[variables('diagnosticsLogs')]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/publicIPAddresses', parameters('name'))]" + "publicIpAddress" ] }, - { + "publicIpAddress_roleAssignments": { "copy": { "name": "publicIpAddress_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -788,10 +832,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/publicIPAddresses', parameters('name'))]" + "publicIpAddress" ] } - ], + }, "outputs": { "resourceGroupName": { "type": "string", @@ -819,20 +863,20 @@ "metadata": { "description": "The public IP address of the public IP address resource." }, - "value": "[if(contains(reference(resourceId('Microsoft.Network/publicIPAddresses', parameters('name')), '2023-04-01'), 'ipAddress'), reference(resourceId('Microsoft.Network/publicIPAddresses', parameters('name')), '2023-04-01').ipAddress, '')]" + "value": "[if(contains(reference('publicIpAddress'), 'ipAddress'), reference('publicIpAddress').ipAddress, '')]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Network/publicIPAddresses', parameters('name')), '2023-04-01', 'full').location]" + "value": "[reference('publicIpAddress', '2023-04-01', 'full').location]" } } } } }, - { + "natGateway_roleAssignments": { "copy": { "name": "natGateway_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -1006,10 +1050,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/natGateways', parameters('name'))]" + "natGateway" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -1037,7 +1081,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Network/natGateways', parameters('name')), '2023-04-01', 'full').location]" + "value": "[reference('natGateway', '2023-04-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/network/network-interface/main.json b/modules/network/network-interface/main.json index 20e292dd8f..299670b87c 100644 --- a/modules/network/network-interface/main.json +++ b/modules/network/network-interface/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "14479255820598719580" + "templateHash": "3998904758858607142" }, "name": "Network Interface", "description": "This module deploys a Network Interface.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -107,15 +135,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -186,8 +208,8 @@ } ] }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -201,7 +223,7 @@ } } }, - { + "networkInterface": { "type": "Microsoft.Network/networkInterfaces", "apiVersion": "2023-04-01", "name": "[parameters('name')]", @@ -242,7 +264,7 @@ "networkSecurityGroup": "[if(not(empty(parameters('networkSecurityGroupResourceId'))), createObject('id', parameters('networkSecurityGroupResourceId')), null())]" } }, - { + "networkInterface_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -256,24 +278,24 @@ "metrics": "[variables('diagnosticsMetrics')]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/networkInterfaces', parameters('name'))]" + "networkInterface" ] }, - { - "condition": "[not(empty(parameters('lock')))]", + "networkInterface_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Network/networkInterfaces/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/networkInterfaces', parameters('name'))]" + "networkInterface" ] }, - { + "networkInterface_roleAssignments": { "copy": { "name": "networkInterface_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -447,10 +469,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/networkInterfaces', parameters('name'))]" + "networkInterface" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -478,7 +500,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Network/networkInterfaces', parameters('name')), '2023-04-01', 'full').location]" + "value": "[reference('networkInterface', '2023-04-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/network/network-security-group/main.json b/modules/network/network-security-group/main.json index abb0e70fca..bf1db4aa59 100644 --- a/modules/network/network-security-group/main.json +++ b/modules/network/network-security-group/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "8128749516786730234" + "templateHash": "10938606814486481441" }, "name": "Network Security Groups", "description": "This module deploys a Network security Group (NSG).", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -68,15 +96,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -137,8 +159,8 @@ "enableReferencedModulesTelemetry": false, "diagnosticsLogs": "[if(contains(parameters('diagnosticLogCategoriesToEnable'), 'allLogs'), createArray(createObject('categoryGroup', 'allLogs', 'enabled', true())), if(contains(parameters('diagnosticLogCategoriesToEnable'), ''), createArray(), variables('diagnosticsLogsSpecified')))]" }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -152,7 +174,7 @@ } } }, - { + "networkSecurityGroup": { "type": "Microsoft.Network/networkSecurityGroups", "apiVersion": "2023-04-01", "name": "[parameters('name')]", @@ -188,21 +210,21 @@ "flushConnection": "[parameters('flushConnection')]" } }, - { - "condition": "[not(empty(parameters('lock')))]", + "networkSecurityGroup_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Network/networkSecurityGroups/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('name'))]" + "networkSecurityGroup" ] }, - { + "networkSecurityGroup_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -216,10 +238,10 @@ "logs": "[variables('diagnosticsLogs')]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('name'))]" + "networkSecurityGroup" ] }, - { + "networkSecurityGroup_securityRules": { "copy": { "name": "networkSecurityGroup_securityRules", "count": "[length(parameters('securityRules'))]" @@ -483,10 +505,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('name'))]" + "networkSecurityGroup" ] }, - { + "networkSecurityGroup_roleAssignments": { "copy": { "name": "networkSecurityGroup_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -660,10 +682,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('name'))]" + "networkSecurityGroup" ] } - ], + }, "outputs": { "resourceGroupName": { "type": "string", @@ -691,7 +713,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Network/networkSecurityGroups', parameters('name')), '2023-04-01', 'full').location]" + "value": "[reference('networkSecurityGroup', '2023-04-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/network/network-watcher/main.json b/modules/network/network-watcher/main.json index 7d746b120d..0997ef0280 100644 --- a/modules/network/network-watcher/main.json +++ b/modules/network/network-watcher/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "3515911577845014451" + "templateHash": "11619532621785794685" }, "name": "Network Watchers", "description": "This module deploys a Network Watcher.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -42,15 +70,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -78,8 +100,8 @@ "variables": { "enableReferencedModulesTelemetry": false }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -93,7 +115,7 @@ } } }, - { + "networkWatcher": { "type": "Microsoft.Network/networkWatchers", "apiVersion": "2023-04-01", "name": "[parameters('name')]", @@ -101,21 +123,21 @@ "tags": "[parameters('tags')]", "properties": {} }, - { - "condition": "[not(empty(parameters('lock')))]", + "networkWatcher_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Network/networkWatchers/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/networkWatchers', parameters('name'))]" + "networkWatcher" ] }, - { + "networkWatcher_roleAssignments": { "copy": { "name": "networkWatcher_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -289,10 +311,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/networkWatchers', parameters('name'))]" + "networkWatcher" ] }, - { + "networkWatcher_connectionMonitors": { "copy": { "name": "networkWatcher_connectionMonitors", "count": "[length(parameters('connectionMonitors'))]" @@ -462,10 +484,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/networkWatchers', parameters('name'))]" + "networkWatcher" ] }, - { + "networkWatcher_flowLogs": { "copy": { "name": "networkWatcher_flowLogs", "count": "[length(parameters('flowLogs'))]" @@ -679,10 +701,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/networkWatchers', parameters('name'))]" + "networkWatcher" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -710,7 +732,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Network/networkWatchers', parameters('name')), '2023-04-01', 'full').location]" + "value": "[reference('networkWatcher', '2023-04-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/network/private-dns-zone/main.json b/modules/network/private-dns-zone/main.json index 575b535727..aebba29c1e 100644 --- a/modules/network/private-dns-zone/main.json +++ b/modules/network/private-dns-zone/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "7094231343264488816" + "templateHash": "13138896803212134974" }, "name": "Private DNS Zones", "description": "This module deploys a Private DNS zone.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -103,15 +131,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "enableDefaultTelemetry": { @@ -125,8 +147,8 @@ "variables": { "enableReferencedModulesTelemetry": false }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -140,28 +162,28 @@ } } }, - { + "privateDnsZone": { "type": "Microsoft.Network/privateDnsZones", "apiVersion": "2020-06-01", "name": "[parameters('name')]", "location": "[parameters('location')]", "tags": "[parameters('tags')]" }, - { - "condition": "[not(empty(parameters('lock')))]", + "privateDnsZone_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Network/privateDnsZones/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/privateDnsZones', parameters('name'))]" + "privateDnsZone" ] }, - { + "privateDnsZone_A": { "copy": { "name": "privateDnsZone_A", "count": "[length(parameters('a'))]" @@ -480,10 +502,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/privateDnsZones', parameters('name'))]" + "privateDnsZone" ] }, - { + "privateDnsZone_AAAA": { "copy": { "name": "privateDnsZone_AAAA", "count": "[length(parameters('aaaa'))]" @@ -802,10 +824,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/privateDnsZones', parameters('name'))]" + "privateDnsZone" ] }, - { + "privateDnsZone_CNAME": { "copy": { "name": "privateDnsZone_CNAME", "count": "[length(parameters('cname'))]" @@ -1130,10 +1152,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/privateDnsZones', parameters('name'))]" + "privateDnsZone" ] }, - { + "privateDnsZone_MX": { "copy": { "name": "privateDnsZone_MX", "count": "[length(parameters('mx'))]" @@ -1452,10 +1474,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/privateDnsZones', parameters('name'))]" + "privateDnsZone" ] }, - { + "privateDnsZone_PTR": { "copy": { "name": "privateDnsZone_PTR", "count": "[length(parameters('ptr'))]" @@ -1774,10 +1796,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/privateDnsZones', parameters('name'))]" + "privateDnsZone" ] }, - { + "privateDnsZone_SOA": { "copy": { "name": "privateDnsZone_SOA", "count": "[length(parameters('soa'))]" @@ -2096,10 +2118,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/privateDnsZones', parameters('name'))]" + "privateDnsZone" ] }, - { + "privateDnsZone_SRV": { "copy": { "name": "privateDnsZone_SRV", "count": "[length(parameters('srv'))]" @@ -2418,10 +2440,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/privateDnsZones', parameters('name'))]" + "privateDnsZone" ] }, - { + "privateDnsZone_TXT": { "copy": { "name": "privateDnsZone_TXT", "count": "[length(parameters('txt'))]" @@ -2740,10 +2762,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/privateDnsZones', parameters('name'))]" + "privateDnsZone" ] }, - { + "privateDnsZone_virtualNetworkLinks": { "copy": { "name": "privateDnsZone_virtualNetworkLinks", "count": "[length(parameters('virtualNetworkLinks'))]" @@ -2895,10 +2917,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/privateDnsZones', parameters('name'))]" + "privateDnsZone" ] }, - { + "privateDnsZone_roleAssignments": { "copy": { "name": "privateDnsZone_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -3072,10 +3094,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/privateDnsZones', parameters('name'))]" + "privateDnsZone" ] } - ], + }, "outputs": { "resourceGroupName": { "type": "string", @@ -3103,7 +3125,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Network/privateDnsZones', parameters('name')), '2020-06-01', 'full').location]" + "value": "[reference('privateDnsZone', '2020-06-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/network/private-link-service/main.json b/modules/network/private-link-service/main.json index fedfe30695..bca152c1d8 100644 --- a/modules/network/private-link-service/main.json +++ b/modules/network/private-link-service/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "15026904267969319263" + "templateHash": "8807571087134722220" }, "name": "Private Link Services", "description": "This module deploys a Private Link Service.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -26,15 +54,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "tags": { @@ -108,8 +130,8 @@ } } }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -123,7 +145,7 @@ } } }, - { + "privateLinkService": { "type": "Microsoft.Network/privateLinkServices", "apiVersion": "2022-11-01", "name": "[parameters('name')]", @@ -139,21 +161,21 @@ "visibility": "[parameters('visibility')]" } }, - { - "condition": "[not(empty(parameters('lock')))]", + "privateLinkService_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Network/privateLinkServices/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/privateLinkServices', parameters('name'))]" + "privateLinkService" ] }, - { + "privateLinkService_roleAssignments": { "copy": { "name": "privateLinkService_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -327,10 +349,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/privateLinkServices', parameters('name'))]" + "privateLinkService" ] } - ], + }, "outputs": { "resourceGroupName": { "type": "string", @@ -358,7 +380,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Network/privateLinkServices', parameters('name')), '2022-11-01', 'full').location]" + "value": "[reference('privateLinkService', '2022-11-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/network/public-ip-address/main.json b/modules/network/public-ip-address/main.json index 583eea8a97..6f690a5a8f 100644 --- a/modules/network/public-ip-address/main.json +++ b/modules/network/public-ip-address/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "4317747709004918530" + "templateHash": "7177220893233117141" }, "name": "Public IP Addresses", "description": "This module deploys a Public IP Address.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -140,15 +168,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "location": { @@ -237,8 +259,8 @@ ], "diagnosticsLogs": "[if(contains(parameters('diagnosticLogCategoriesToEnable'), 'allLogs'), createArray(createObject('categoryGroup', 'allLogs', 'enabled', true())), if(contains(parameters('diagnosticLogCategoriesToEnable'), ''), createArray(), variables('diagnosticsLogsSpecified')))]" }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -252,7 +274,7 @@ } } }, - { + "publicIpAddress": { "type": "Microsoft.Network/publicIPAddresses", "apiVersion": "2023-04-01", "name": "[parameters('name')]", @@ -272,21 +294,21 @@ "ipTags": [] } }, - { - "condition": "[not(empty(parameters('lock')))]", + "publicIpAddress_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Network/publicIPAddresses/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/publicIPAddresses', parameters('name'))]" + "publicIpAddress" ] }, - { + "publicIpAddress_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -301,10 +323,10 @@ "logs": "[variables('diagnosticsLogs')]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/publicIPAddresses', parameters('name'))]" + "publicIpAddress" ] }, - { + "publicIpAddress_roleAssignments": { "copy": { "name": "publicIpAddress_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -478,10 +500,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/publicIPAddresses', parameters('name'))]" + "publicIpAddress" ] } - ], + }, "outputs": { "resourceGroupName": { "type": "string", @@ -509,14 +531,14 @@ "metadata": { "description": "The public IP address of the public IP address resource." }, - "value": "[if(contains(reference(resourceId('Microsoft.Network/publicIPAddresses', parameters('name')), '2023-04-01'), 'ipAddress'), reference(resourceId('Microsoft.Network/publicIPAddresses', parameters('name')), '2023-04-01').ipAddress, '')]" + "value": "[if(contains(reference('publicIpAddress'), 'ipAddress'), reference('publicIpAddress').ipAddress, '')]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Network/publicIPAddresses', parameters('name')), '2023-04-01', 'full').location]" + "value": "[reference('publicIpAddress', '2023-04-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/network/public-ip-prefix/main.json b/modules/network/public-ip-prefix/main.json index be4b9e2e6f..24715f2bfe 100644 --- a/modules/network/public-ip-prefix/main.json +++ b/modules/network/public-ip-prefix/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "823818284337127737" + "templateHash": "15055641726196349086" }, "name": "Public IP Prefixes", "description": "This module deploys a Public IP Prefix.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -35,15 +63,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -75,8 +97,8 @@ } } }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -90,7 +112,7 @@ } } }, - { + "publicIpPrefix": { "type": "Microsoft.Network/publicIPPrefixes", "apiVersion": "2023-04-01", "name": "[parameters('name')]", @@ -105,21 +127,21 @@ "prefixLength": "[parameters('prefixLength')]" } }, - { - "condition": "[not(empty(parameters('lock')))]", + "publicIpPrefix_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Network/publicIPPrefixes/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/publicIPPrefixes', parameters('name'))]" + "publicIpPrefix" ] }, - { + "publicIpPrefix_roleAssignments": { "copy": { "name": "publicIpPrefix_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -293,10 +315,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/publicIPPrefixes', parameters('name'))]" + "publicIpPrefix" ] } - ], + }, "outputs": { "resourceId": { "type": "string", @@ -324,7 +346,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Network/publicIPPrefixes', parameters('name')), '2023-04-01', 'full').location]" + "value": "[reference('publicIpPrefix', '2023-04-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/network/route-table/main.json b/modules/network/route-table/main.json index af2f4acac1..06b736128a 100644 --- a/modules/network/route-table/main.json +++ b/modules/network/route-table/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "14175124869769293837" + "templateHash": "7087068475486809138" }, "name": "Route Tables", "description": "This module deploys a User Defined Route Table (UDR).", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -40,15 +68,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -73,8 +95,8 @@ } } }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -88,7 +110,7 @@ } } }, - { + "routeTable": { "type": "Microsoft.Network/routeTables", "apiVersion": "2023-04-01", "name": "[parameters('name')]", @@ -99,21 +121,21 @@ "disableBgpRoutePropagation": "[parameters('disableBgpRoutePropagation')]" } }, - { - "condition": "[not(empty(parameters('lock')))]", + "routeTable_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Network/routeTables/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/routeTables', parameters('name'))]" + "routeTable" ] }, - { + "routeTable_roleAssignments": { "copy": { "name": "routeTable_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -287,10 +309,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/routeTables', parameters('name'))]" + "routeTable" ] } - ], + }, "outputs": { "resourceGroupName": { "type": "string", @@ -318,7 +340,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Network/routeTables', parameters('name')), '2023-04-01', 'full').location]" + "value": "[reference('routeTable', '2023-04-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/network/service-endpoint-policy/main.json b/modules/network/service-endpoint-policy/main.json index da6271e05c..9f43b9b6b0 100644 --- a/modules/network/service-endpoint-policy/main.json +++ b/modules/network/service-endpoint-policy/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "702238259297546605" + "templateHash": "13410463869934874502" }, "name": "Service Endpoint Policies", "description": "This module deploys a Service Endpoint Policy.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -47,15 +75,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -80,8 +102,8 @@ } } }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -95,7 +117,7 @@ } } }, - { + "serviceEndpointPolicy": { "type": "Microsoft.Network/serviceEndpointPolicies", "apiVersion": "2023-04-01", "name": "[parameters('name')]", @@ -107,21 +129,21 @@ "serviceEndpointPolicyDefinitions": "[if(not(empty(parameters('serviceEndpointPolicyDefinitions'))), parameters('serviceEndpointPolicyDefinitions'), null())]" } }, - { - "condition": "[not(empty(parameters('lock')))]", + "serviceEndpointPolicy_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Network/serviceEndpointPolicies/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/serviceEndpointPolicies', parameters('name'))]" + "serviceEndpointPolicy" ] }, - { + "serviceEndpointPolicy_roleAssignments": { "copy": { "name": "serviceEndpointPolicy_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -295,10 +317,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/serviceEndpointPolicies', parameters('name'))]" + "serviceEndpointPolicy" ] } - ], + }, "outputs": { "resourceGroupName": { "type": "string", @@ -326,7 +348,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Network/serviceEndpointPolicies', parameters('name')), '2023-04-01', 'full').location]" + "value": "[reference('serviceEndpointPolicy', '2023-04-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/network/trafficmanagerprofile/main.json b/modules/network/trafficmanagerprofile/main.json index 2d333fa853..74da3a3382 100644 --- a/modules/network/trafficmanagerprofile/main.json +++ b/modules/network/trafficmanagerprofile/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "10820097547945525322" + "templateHash": "15585979978664772684" }, "name": "Traffic Manager Profiles", "description": "This module deploys a Traffic Manager Profile.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -123,15 +151,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -211,8 +233,8 @@ ], "diagnosticsLogs": "[if(contains(parameters('diagnosticLogCategoriesToEnable'), 'allLogs'), createArray(createObject('categoryGroup', 'allLogs', 'enabled', true())), if(contains(parameters('diagnosticLogCategoriesToEnable'), ''), createArray(), variables('diagnosticsLogsSpecified')))]" }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -226,7 +248,7 @@ } } }, - { + "trafficManagerProfile": { "type": "Microsoft.Network/trafficmanagerprofiles", "apiVersion": "2018-08-01", "name": "[parameters('name')]", @@ -245,21 +267,21 @@ "maxReturn": "[parameters('maxReturn')]" } }, - { - "condition": "[not(empty(parameters('lock')))]", + "trafficManagerProfile_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Network/trafficmanagerprofiles/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/trafficmanagerprofiles', parameters('name'))]" + "trafficManagerProfile" ] }, - { + "trafficManagerProfile_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -274,10 +296,10 @@ "logs": "[variables('diagnosticsLogs')]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/trafficmanagerprofiles', parameters('name'))]" + "trafficManagerProfile" ] }, - { + "trafficManagerProfile_roleAssignments": { "copy": { "name": "trafficManagerProfile_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -451,10 +473,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/trafficmanagerprofiles', parameters('name'))]" + "trafficManagerProfile" ] } - ], + }, "outputs": { "resourceId": { "type": "string", diff --git a/modules/network/virtual-hub/main.json b/modules/network/virtual-hub/main.json index 5e0c591d00..b5d004bbf0 100644 --- a/modules/network/virtual-hub/main.json +++ b/modules/network/virtual-hub/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "6969570927166088400" + "templateHash": "18370273919471051889" }, "name": "Virtual Hubs", "description": "This module deploys a Virtual Hub.\r\nIf you are planning to deploy a Secure Virtual Hub (with an Azure Firewall integrated), please refer to the Azure Firewall module.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -153,15 +181,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "enableDefaultTelemetry": { @@ -175,8 +197,8 @@ "variables": { "enableReferencedModulesTelemetry": false }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -190,7 +212,7 @@ } } }, - { + "virtualHub": { "type": "Microsoft.Network/virtualHubs", "apiVersion": "2022-11-01", "name": "[parameters('name')]", @@ -215,21 +237,21 @@ "vpnGateway": "[if(not(empty(parameters('vpnGatewayId'))), createObject('id', parameters('vpnGatewayId')), null())]" } }, - { - "condition": "[not(empty(parameters('lock')))]", + "virtualHub_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Network/virtualHubs/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/virtualHubs', parameters('name'))]" + "virtualHub" ] }, - { + "virtualHub_routeTables": { "copy": { "name": "virtualHub_routeTables", "count": "[length(parameters('hubRouteTables'))]" @@ -354,10 +376,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/virtualHubs', parameters('name'))]" + "virtualHub" ] }, - { + "virtualHub_hubVirtualNetworkConnections": { "copy": { "name": "virtualHub_hubVirtualNetworkConnections", "count": "[length(parameters('hubVirtualNetworkConnections'))]" @@ -494,11 +516,11 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/virtualHubs', parameters('name'))]", + "virtualHub", "virtualHub_routeTables" ] } - ], + }, "outputs": { "resourceGroupName": { "type": "string", @@ -526,7 +548,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Network/virtualHubs', parameters('name')), '2022-11-01', 'full').location]" + "value": "[reference('virtualHub', '2022-11-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/network/virtual-network-gateway/main.json b/modules/network/virtual-network-gateway/main.json index 0404971daa..8e213cc2b9 100644 --- a/modules/network/virtual-network-gateway/main.json +++ b/modules/network/virtual-network-gateway/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "1318421731566619997" + "templateHash": "13696920156449738955" }, "name": "Virtual Network Gateways", "description": "This module deploys a Virtual Network Gateway.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -258,15 +286,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "tags": { @@ -395,8 +417,8 @@ "vpnClientConfiguration": "[if(not(empty(parameters('clientRootCertData'))), createObject('vpnClientAddressPool', createObject('addressPrefixes', createArray(parameters('vpnClientAddressPoolPrefix'))), 'vpnClientRootCertificates', createArray(createObject('name', 'RootCert1', 'properties', createObject('PublicCertData', parameters('clientRootCertData')))), 'vpnClientRevokedCertificates', if(not(empty(parameters('clientRevokedCertThumbprint'))), createArray(createObject('name', 'RevokedCert1', 'properties', createObject('Thumbprint', parameters('clientRevokedCertThumbprint')))), null())), if(not(empty(parameters('vpnClientAadConfiguration'))), createObject('vpnClientAddressPool', createObject('addressPrefixes', createArray(parameters('vpnClientAddressPoolPrefix'))), 'aadTenant', parameters('vpnClientAadConfiguration').aadTenant, 'aadAudience', parameters('vpnClientAadConfiguration').aadAudience, 'aadIssuer', parameters('vpnClientAadConfiguration').aadIssuer, 'vpnAuthenticationTypes', parameters('vpnClientAadConfiguration').vpnAuthenticationTypes, 'vpnClientProtocols', parameters('vpnClientAadConfiguration').vpnClientProtocols), null()))]", "enableReferencedModulesTelemetry": false }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -410,7 +432,7 @@ } } }, - { + "virtualNetworkGateway": { "type": "Microsoft.Network/virtualNetworkGateways", "apiVersion": "2023-04-01", "name": "[parameters('name')]", @@ -441,21 +463,21 @@ "publicIPAddress" ] }, - { - "condition": "[not(empty(parameters('lock')))]", + "virtualNetworkGateway_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Network/virtualNetworkGateways/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/virtualNetworkGateways', parameters('name'))]" + "virtualNetworkGateway" ] }, - { + "virtualNetworkGateway_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -470,10 +492,10 @@ "logs": "[variables('virtualNetworkGatewayDiagnosticsLogs')]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/virtualNetworkGateways', parameters('name'))]" + "virtualNetworkGateway" ] }, - { + "publicIPAddress": { "copy": { "name": "publicIPAddress", "count": "[length(variables('virtualGatewayPipNameVar'))]", @@ -535,17 +557,45 @@ }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "4317747709004918530" + "templateHash": "7177220893233117141" }, "name": "Public IP Addresses", "description": "This module deploys a Public IP Address.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -675,15 +725,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "location": { @@ -772,8 +816,8 @@ ], "diagnosticsLogs": "[if(contains(parameters('diagnosticLogCategoriesToEnable'), 'allLogs'), createArray(createObject('categoryGroup', 'allLogs', 'enabled', true())), if(contains(parameters('diagnosticLogCategoriesToEnable'), ''), createArray(), variables('diagnosticsLogsSpecified')))]" }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -787,7 +831,7 @@ } } }, - { + "publicIpAddress": { "type": "Microsoft.Network/publicIPAddresses", "apiVersion": "2023-04-01", "name": "[parameters('name')]", @@ -807,21 +851,21 @@ "ipTags": [] } }, - { - "condition": "[not(empty(parameters('lock')))]", + "publicIpAddress_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Network/publicIPAddresses/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/publicIPAddresses', parameters('name'))]" + "publicIpAddress" ] }, - { + "publicIpAddress_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -836,10 +880,10 @@ "logs": "[variables('diagnosticsLogs')]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/publicIPAddresses', parameters('name'))]" + "publicIpAddress" ] }, - { + "publicIpAddress_roleAssignments": { "copy": { "name": "publicIpAddress_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -1013,10 +1057,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/publicIPAddresses', parameters('name'))]" + "publicIpAddress" ] } - ], + }, "outputs": { "resourceGroupName": { "type": "string", @@ -1044,20 +1088,20 @@ "metadata": { "description": "The public IP address of the public IP address resource." }, - "value": "[if(contains(reference(resourceId('Microsoft.Network/publicIPAddresses', parameters('name')), '2023-04-01'), 'ipAddress'), reference(resourceId('Microsoft.Network/publicIPAddresses', parameters('name')), '2023-04-01').ipAddress, '')]" + "value": "[if(contains(reference('publicIpAddress'), 'ipAddress'), reference('publicIpAddress').ipAddress, '')]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Network/publicIPAddresses', parameters('name')), '2023-04-01', 'full').location]" + "value": "[reference('publicIpAddress', '2023-04-01', 'full').location]" } } } } }, - { + "virtualNetworkGateway_natRules": { "copy": { "name": "virtualNetworkGateway_natRules", "count": "[length(parameters('natRules'))]" @@ -1219,10 +1263,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/virtualNetworkGateways', parameters('name'))]" + "virtualNetworkGateway" ] }, - { + "virtualNetworkGateway_roleAssignments": { "copy": { "name": "virtualNetworkGateway_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -1396,10 +1440,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/virtualNetworkGateways', parameters('name'))]" + "virtualNetworkGateway" ] } - ], + }, "outputs": { "resourceGroupName": { "type": "string", @@ -1427,14 +1471,14 @@ "metadata": { "description": "Shows if the virtual network gateway is configured in active-active mode." }, - "value": "[reference(resourceId('Microsoft.Network/virtualNetworkGateways', parameters('name')), '2023-04-01').activeActive]" + "value": "[reference('virtualNetworkGateway').activeActive]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Network/virtualNetworkGateways', parameters('name')), '2023-04-01', 'full').location]" + "value": "[reference('virtualNetworkGateway', '2023-04-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/network/virtual-network/main.json b/modules/network/virtual-network/main.json index 2da9232c9d..aa8e8ff76e 100644 --- a/modules/network/virtual-network/main.json +++ b/modules/network/virtual-network/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "6996162426151376576" + "templateHash": "13568581294067247622" }, "name": "Virtual Networks", "description": "This module deploys a Virtual Network (vNet).", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -114,15 +142,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -209,8 +231,8 @@ }, "enableReferencedModulesTelemetry": false }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -224,7 +246,7 @@ } } }, - { + "virtualNetwork": { "type": "Microsoft.Network/virtualNetworks", "apiVersion": "2023-04-01", "name": "[parameters('name')]", @@ -264,21 +286,21 @@ "flowTimeoutInMinutes": "[if(not(equals(parameters('flowTimeoutInMinutes'), 0)), parameters('flowTimeoutInMinutes'), null())]" } }, - { - "condition": "[not(empty(parameters('lock')))]", + "virtualNetwork_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Network/virtualNetworks/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/virtualNetworks', parameters('name'))]" + "virtualNetwork" ] }, - { + "virtualNetwork_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -293,10 +315,10 @@ "logs": "[variables('diagnosticsLogs')]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/virtualNetworks', parameters('name'))]" + "virtualNetwork" ] }, - { + "virtualNetwork_subnets": { "copy": { "name": "virtualNetwork_subnets", "count": "[length(parameters('subnets'))]" @@ -721,10 +743,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/virtualNetworks', parameters('name'))]" + "virtualNetwork" ] }, - { + "virtualNetwork_peering_local": { "copy": { "name": "virtualNetwork_peering_local", "count": "[length(parameters('peerings'))]" @@ -887,10 +909,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/virtualNetworks', parameters('name'))]" + "virtualNetwork" ] }, - { + "virtualNetwork_peering_remote": { "copy": { "name": "virtualNetwork_peering_remote", "count": "[length(parameters('peerings'))]" @@ -1056,10 +1078,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/virtualNetworks', parameters('name'))]" + "virtualNetwork" ] }, - { + "virtualNetwork_roleAssignments": { "copy": { "name": "virtualNetwork_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -1233,10 +1255,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/virtualNetworks', parameters('name'))]" + "virtualNetwork" ] } - ], + }, "outputs": { "resourceGroupName": { "type": "string", @@ -1284,7 +1306,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Network/virtualNetworks', parameters('name')), '2023-04-01', 'full').location]" + "value": "[reference('virtualNetwork', '2023-04-01', 'full').location]" }, "diagnosticsLogs": { "type": "array", diff --git a/modules/network/virtual-wan/main.json b/modules/network/virtual-wan/main.json index f7c0e84e62..6c7e53b57c 100644 --- a/modules/network/virtual-wan/main.json +++ b/modules/network/virtual-wan/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "6166970702359791938" + "templateHash": "11532161823681864290" }, "name": "Virtual WANs", "description": "This module deploys a Virtual WAN.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "location": { "type": "string", @@ -79,20 +107,14 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } } }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -106,7 +128,7 @@ } } }, - { + "virtualWan": { "type": "Microsoft.Network/virtualWans", "apiVersion": "2023-04-01", "name": "[parameters('name')]", @@ -119,21 +141,21 @@ "type": "[parameters('type')]" } }, - { - "condition": "[not(empty(parameters('lock')))]", + "virtualWan_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Network/virtualWans/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/virtualWans', parameters('name'))]" + "virtualWan" ] }, - { + "virtualWan_roleAssignments": { "copy": { "name": "virtualWan_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -307,10 +329,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/virtualWans', parameters('name'))]" + "virtualWan" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -338,7 +360,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Network/virtualWans', parameters('name')), '2023-04-01', 'full').location]" + "value": "[reference('virtualWan', '2023-04-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/network/vpn-gateway/main.json b/modules/network/vpn-gateway/main.json index 16bd090a25..553c9b6c38 100644 --- a/modules/network/vpn-gateway/main.json +++ b/modules/network/vpn-gateway/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "9631635231747205865" + "templateHash": "18343688551152828699" }, "name": "VPN Gateways", "description": "This module deploys a VPN Gateway.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -81,15 +109,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "enableDefaultTelemetry": { @@ -103,8 +125,8 @@ "variables": { "enableReferencedModulesTelemetry": false }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -118,7 +140,7 @@ } } }, - { + "vpnGateway": { "type": "Microsoft.Network/vpnGateways", "apiVersion": "2023-04-01", "name": "[parameters('name')]", @@ -134,21 +156,21 @@ } } }, - { - "condition": "[not(empty(parameters('lock')))]", + "vpnGateway_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Network/vpnGateways/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/vpnGateways', parameters('name'))]" + "vpnGateway" ] }, - { + "vpnGateway_natRules": { "copy": { "name": "vpnGateway_natRules", "count": "[length(parameters('natRules'))]" @@ -310,10 +332,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/vpnGateways', parameters('name'))]" + "vpnGateway" ] }, - { + "vpnGateway_vpnConnections": { "copy": { "name": "vpnGateway_vpnConnections", "count": "[length(parameters('vpnConnections'))]" @@ -550,10 +572,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/vpnGateways', parameters('name'))]" + "vpnGateway" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -581,7 +603,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Network/vpnGateways', parameters('name')), '2023-04-01', 'full').location]" + "value": "[reference('vpnGateway', '2023-04-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/network/vpn-site/main.json b/modules/network/vpn-site/main.json index 859ddc6ba1..5e8f72b522 100644 --- a/modules/network/vpn-site/main.json +++ b/modules/network/vpn-site/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "1375112363272688444" + "templateHash": "18191511551539064045" }, "name": "VPN Sites", "description": "This module deploys a VPN Site.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -95,15 +123,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -114,8 +136,8 @@ } } }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -129,7 +151,7 @@ } } }, - { + "vpnSite": { "type": "Microsoft.Network/vpnSites", "apiVersion": "2023-04-01", "name": "[parameters('name')]", @@ -148,21 +170,21 @@ "vpnSiteLinks": "[if(not(empty(parameters('vpnSiteLinks'))), parameters('vpnSiteLinks'), null())]" } }, - { - "condition": "[not(empty(parameters('lock')))]", + "vpnSite_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Network/vpnSites/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/vpnSites', parameters('name'))]" + "vpnSite" ] }, - { + "vpnSite_roleAssignments": { "copy": { "name": "vpnSite_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -277,10 +299,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/vpnSites', parameters('name'))]" + "vpnSite" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -308,7 +330,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Network/vpnSites', parameters('name')), '2023-04-01', 'full').location]" + "value": "[reference('vpnSite', '2023-04-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/operational-insights/workspace/main.json b/modules/operational-insights/workspace/main.json index 67aba2675c..df8e6a3a74 100644 --- a/modules/operational-insights/workspace/main.json +++ b/modules/operational-insights/workspace/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "13390587976888913833" + "templateHash": "8781060608655801013" }, "name": "Log Analytics Workspaces", "description": "This module deploys a Log Analytics Workspace.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -203,15 +231,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -295,8 +317,8 @@ "identityType": "[if(parameters('systemAssignedIdentity'), 'SystemAssigned', if(not(empty(parameters('userAssignedIdentities'))), 'UserAssigned', 'None'))]", "identity": "[if(not(equals(variables('identityType'), 'None')), createObject('type', variables('identityType'), 'userAssignedIdentities', if(not(empty(parameters('userAssignedIdentities'))), parameters('userAssignedIdentities'), null())), null())]" }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -310,7 +332,7 @@ } } }, - { + "logAnalyticsWorkspace": { "type": "Microsoft.OperationalInsights/workspaces", "apiVersion": "2022-10-01", "name": "[parameters('name')]", @@ -335,7 +357,7 @@ }, "identity": "[variables('identity')]" }, - { + "logAnalyticsWorkspace_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -350,24 +372,24 @@ "logs": "[variables('diagnosticsLogs')]" }, "dependsOn": [ - "[resourceId('Microsoft.OperationalInsights/workspaces', parameters('name'))]" + "logAnalyticsWorkspace" ] }, - { - "condition": "[not(empty(parameters('lock')))]", + "logAnalyticsWorkspace_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.OperationalInsights/workspaces/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.OperationalInsights/workspaces', parameters('name'))]" + "logAnalyticsWorkspace" ] }, - { + "logAnalyticsWorkspace_storageInsightConfigs": { "copy": { "name": "logAnalyticsWorkspace_storageInsightConfigs", "count": "[length(parameters('storageInsightsConfigs'))]" @@ -511,10 +533,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.OperationalInsights/workspaces', parameters('name'))]" + "logAnalyticsWorkspace" ] }, - { + "logAnalyticsWorkspace_linkedServices": { "copy": { "name": "logAnalyticsWorkspace_linkedServices", "count": "[length(parameters('linkedServices'))]" @@ -647,10 +669,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.OperationalInsights/workspaces', parameters('name'))]" + "logAnalyticsWorkspace" ] }, - { + "logAnalyticsWorkspace_linkedStorageAccounts": { "copy": { "name": "logAnalyticsWorkspace_linkedStorageAccounts", "count": "[length(parameters('linkedStorageAccounts'))]" @@ -775,10 +797,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.OperationalInsights/workspaces', parameters('name'))]" + "logAnalyticsWorkspace" ] }, - { + "logAnalyticsWorkspace_savedSearches": { "copy": { "name": "logAnalyticsWorkspace_savedSearches", "count": "[length(parameters('savedSearches'))]" @@ -959,11 +981,11 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.OperationalInsights/workspaces', parameters('name'))]", + "logAnalyticsWorkspace", "logAnalyticsWorkspace_linkedStorageAccounts" ] }, - { + "logAnalyticsWorkspace_dataExports": { "copy": { "name": "logAnalyticsWorkspace_dataExports", "count": "[length(parameters('dataExports'))]" @@ -1099,10 +1121,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.OperationalInsights/workspaces', parameters('name'))]" + "logAnalyticsWorkspace" ] }, - { + "logAnalyticsWorkspace_dataSources": { "copy": { "name": "logAnalyticsWorkspace_dataSources", "count": "[length(parameters('dataSources'))]" @@ -1337,10 +1359,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.OperationalInsights/workspaces', parameters('name'))]" + "logAnalyticsWorkspace" ] }, - { + "logAnalyticsWorkspace_tables": { "copy": { "name": "logAnalyticsWorkspace_tables", "count": "[length(parameters('tables'))]" @@ -1509,10 +1531,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.OperationalInsights/workspaces', parameters('name'))]" + "logAnalyticsWorkspace" ] }, - { + "logAnalyticsWorkspace_solutions": { "copy": { "name": "logAnalyticsWorkspace_solutions", "count": "[length(parameters('gallerySolutions'))]" @@ -1665,10 +1687,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.OperationalInsights/workspaces', parameters('name'))]" + "logAnalyticsWorkspace" ] }, - { + "logAnalyticsWorkspace_roleAssignments": { "copy": { "name": "logAnalyticsWorkspace_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -1821,10 +1843,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.OperationalInsights/workspaces', parameters('name'))]" + "logAnalyticsWorkspace" ] } - ], + }, "outputs": { "resourceId": { "type": "string", @@ -1852,21 +1874,21 @@ "metadata": { "description": "The ID associated with the workspace." }, - "value": "[reference(resourceId('Microsoft.OperationalInsights/workspaces', parameters('name')), '2022-10-01').customerId]" + "value": "[reference('logAnalyticsWorkspace').customerId]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.OperationalInsights/workspaces', parameters('name')), '2022-10-01', 'full').location]" + "value": "[reference('logAnalyticsWorkspace', '2022-10-01', 'full').location]" }, "systemAssignedIdentityPrincipalId": { "type": "string", "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference(resourceId('Microsoft.OperationalInsights/workspaces', parameters('name')), '2022-10-01', 'full').identity, 'principalId')), reference(resourceId('Microsoft.OperationalInsights/workspaces', parameters('name')), '2022-10-01', 'full').identity.principalId, '')]" + "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference('logAnalyticsWorkspace', '2022-10-01', 'full').identity, 'principalId')), reference('logAnalyticsWorkspace', '2022-10-01', 'full').identity.principalId, '')]" } } } \ No newline at end of file diff --git a/modules/recovery-services/vault/main.json b/modules/recovery-services/vault/main.json index e8468c9338..0923b4d86e 100644 --- a/modules/recovery-services/vault/main.json +++ b/modules/recovery-services/vault/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "1948691212198738102" + "templateHash": "10835536863288360568" }, "name": "Recovery Services Vaults", "description": "This module deploys a Recovery Services Vault.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -120,15 +148,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "systemAssignedIdentity": { @@ -256,8 +278,8 @@ "identity": "[if(not(equals(variables('identityType'), 'None')), createObject('type', variables('identityType'), 'userAssignedIdentities', if(not(empty(parameters('userAssignedIdentities'))), parameters('userAssignedIdentities'), null())), null())]", "enableReferencedModulesTelemetry": false }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -271,7 +293,7 @@ } } }, - { + "rsv": { "type": "Microsoft.RecoveryServices/vaults", "apiVersion": "2023-01-01", "name": "[parameters('name')]", @@ -288,21 +310,21 @@ "publicNetworkAccess": "[parameters('publicNetworkAccess')]" } }, - { - "condition": "[not(empty(parameters('lock')))]", + "rsv_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.RecoveryServices/vaults/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.RecoveryServices/vaults', parameters('name'))]" + "rsv" ] }, - { + "rsv_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -317,10 +339,10 @@ "logs": "[variables('diagnosticsLogs')]" }, "dependsOn": [ - "[resourceId('Microsoft.RecoveryServices/vaults', parameters('name'))]" + "rsv" ] }, - { + "rsv_replicationFabrics": { "copy": { "name": "rsv_replicationFabrics", "count": "[length(parameters('replicationFabrics'))]" @@ -763,11 +785,11 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.RecoveryServices/vaults', parameters('name'))]", + "rsv", "rsv_replicationPolicies" ] }, - { + "rsv_replicationPolicies": { "copy": { "name": "rsv_replicationPolicies", "count": "[length(parameters('replicationPolicies'))]" @@ -917,10 +939,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.RecoveryServices/vaults', parameters('name'))]" + "rsv" ] }, - { + "rsv_backupStorageConfiguration": { "condition": "[not(empty(parameters('backupStorageConfig')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -1050,10 +1072,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.RecoveryServices/vaults', parameters('name'))]" + "rsv" ] }, - { + "rsv_backupFabric_protectionContainers": { "copy": { "name": "rsv_backupFabric_protectionContainers", "count": "[length(parameters('protectionContainers'))]" @@ -1421,10 +1443,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.RecoveryServices/vaults', parameters('name'))]" + "rsv" ] }, - { + "rsv_backupPolicies": { "copy": { "name": "rsv_backupPolicies", "count": "[length(parameters('backupPolicies'))]" @@ -1539,10 +1561,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.RecoveryServices/vaults', parameters('name'))]" + "rsv" ] }, - { + "rsv_backupConfig": { "condition": "[not(empty(parameters('backupConfig')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -1732,10 +1754,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.RecoveryServices/vaults', parameters('name'))]" + "rsv" ] }, - { + "rsv_replicationAlertSettings": { "condition": "[not(empty(parameters('replicationAlertSettings')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -1871,10 +1893,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.RecoveryServices/vaults', parameters('name'))]" + "rsv" ] }, - { + "rsv_privateEndpoints": { "copy": { "name": "rsv_privateEndpoints", "count": "[length(parameters('privateEndpoints'))]" @@ -2398,10 +2420,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.RecoveryServices/vaults', parameters('name'))]" + "rsv" ] }, - { + "rsv_roleAssignments": { "copy": { "name": "rsv_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -2553,10 +2575,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.RecoveryServices/vaults', parameters('name'))]" + "rsv" ] } - ], + }, "outputs": { "resourceId": { "type": "string", @@ -2584,14 +2606,14 @@ "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference(resourceId('Microsoft.RecoveryServices/vaults', parameters('name')), '2023-01-01', 'full').identity, 'principalId')), reference(resourceId('Microsoft.RecoveryServices/vaults', parameters('name')), '2023-01-01', 'full').identity.principalId, '')]" + "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference('rsv', '2023-01-01', 'full').identity, 'principalId')), reference('rsv', '2023-01-01', 'full').identity.principalId, '')]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.RecoveryServices/vaults', parameters('name')), '2023-01-01', 'full').location]" + "value": "[reference('rsv', '2023-01-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/relay/namespace/hybrid-connection/main.json b/modules/relay/namespace/hybrid-connection/main.json index 0056c9f29a..6f5b28688d 100644 --- a/modules/relay/namespace/hybrid-connection/main.json +++ b/modules/relay/namespace/hybrid-connection/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "8795172246215834185" + "templateHash": "5557057389279222101" }, "name": "Relay Namespace Hybrid Connections", "description": "This module deploys a Relay Namespace Hybrid Connection.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "namespaceName": { "type": "string", @@ -70,15 +98,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -99,8 +121,8 @@ "variables": { "enableReferencedModulesTelemetry": false }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -114,30 +136,39 @@ } } }, - { + "namespace": { + "existing": true, + "type": "Microsoft.Relay/namespaces", + "apiVersion": "2021-11-01", + "name": "[parameters('namespaceName')]" + }, + "hybridConnection": { "type": "Microsoft.Relay/namespaces/hybridConnections", "apiVersion": "2021-11-01", "name": "[format('{0}/{1}', parameters('namespaceName'), parameters('name'))]", "properties": { "requiresClientAuthorization": "[parameters('requiresClientAuthorization')]", "userMetadata": "[parameters('userMetadata')]" - } + }, + "dependsOn": [ + "namespace" + ] }, - { - "condition": "[not(empty(parameters('lock')))]", + "hybridConnection_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Relay/namespaces/{0}/hybridConnections/{1}', parameters('namespaceName'), parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Relay/namespaces/hybridConnections', parameters('namespaceName'), parameters('name'))]" + "hybridConnection" ] }, - { + "hybridConnection_authorizationRules": { "copy": { "name": "hybridConnection_authorizationRules", "count": "[length(parameters('authorizationRules'))]" @@ -267,10 +298,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Relay/namespaces/hybridConnections', parameters('namespaceName'), parameters('name'))]" + "hybridConnection" ] }, - { + "hybridConnection_roleAssignments": { "copy": { "name": "hybridConnection_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -419,10 +450,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Relay/namespaces/hybridConnections', parameters('namespaceName'), parameters('name'))]" + "hybridConnection" ] } - ], + }, "outputs": { "name": { "type": "string", diff --git a/modules/relay/namespace/main.json b/modules/relay/namespace/main.json index b055137299..79d218037b 100644 --- a/modules/relay/namespace/main.json +++ b/modules/relay/namespace/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "23772418360996492" + "templateHash": "7566101248506523817" }, "name": "Relay Namespaces", "description": "This module deploys a Relay Namespace", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -82,15 +110,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -201,8 +223,8 @@ "diagnosticsLogs": "[if(contains(parameters('diagnosticLogCategoriesToEnable'), 'allLogs'), createArray(createObject('categoryGroup', 'allLogs', 'enabled', true())), if(contains(parameters('diagnosticLogCategoriesToEnable'), ''), createArray(), variables('diagnosticsLogsSpecified')))]", "enableReferencedModulesTelemetry": false }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -216,7 +238,7 @@ } } }, - { + "namespace": { "type": "Microsoft.Relay/namespaces", "apiVersion": "2021-11-01", "name": "[parameters('name')]", @@ -227,21 +249,21 @@ }, "properties": {} }, - { - "condition": "[not(empty(parameters('lock')))]", + "namespace_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Relay/namespaces/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Relay/namespaces', parameters('name'))]" + "namespace" ] }, - { + "namespace_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -256,10 +278,10 @@ "logs": "[variables('diagnosticsLogs')]" }, "dependsOn": [ - "[resourceId('Microsoft.Relay/namespaces', parameters('name'))]" + "namespace" ] }, - { + "namespace_authorizationRules": { "copy": { "name": "namespace_authorizationRules", "count": "[length(parameters('authorizationRules'))]" @@ -382,10 +404,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Relay/namespaces', parameters('name'))]" + "namespace" ] }, - { + "namespace_networkRuleSet": { "condition": "[or(not(empty(parameters('networkRuleSets'))), not(empty(parameters('privateEndpoints'))))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -517,10 +539,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Relay/namespaces', parameters('name'))]" + "namespace" ] }, - { + "namespace_hybridConnections": { "copy": { "name": "namespace_hybridConnections", "count": "[length(parameters('hybridConnections'))]" @@ -551,17 +573,45 @@ }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "8795172246215834185" + "templateHash": "5557057389279222101" }, "name": "Relay Namespace Hybrid Connections", "description": "This module deploys a Relay Namespace Hybrid Connection.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "namespaceName": { "type": "string", @@ -621,15 +671,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -650,8 +694,8 @@ "variables": { "enableReferencedModulesTelemetry": false }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -665,30 +709,39 @@ } } }, - { + "namespace": { + "existing": true, + "type": "Microsoft.Relay/namespaces", + "apiVersion": "2021-11-01", + "name": "[parameters('namespaceName')]" + }, + "hybridConnection": { "type": "Microsoft.Relay/namespaces/hybridConnections", "apiVersion": "2021-11-01", "name": "[format('{0}/{1}', parameters('namespaceName'), parameters('name'))]", "properties": { "requiresClientAuthorization": "[parameters('requiresClientAuthorization')]", "userMetadata": "[parameters('userMetadata')]" - } + }, + "dependsOn": [ + "namespace" + ] }, - { - "condition": "[not(empty(parameters('lock')))]", + "hybridConnection_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Relay/namespaces/{0}/hybridConnections/{1}', parameters('namespaceName'), parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Relay/namespaces/hybridConnections', parameters('namespaceName'), parameters('name'))]" + "hybridConnection" ] }, - { + "hybridConnection_authorizationRules": { "copy": { "name": "hybridConnection_authorizationRules", "count": "[length(parameters('authorizationRules'))]" @@ -818,10 +871,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Relay/namespaces/hybridConnections', parameters('namespaceName'), parameters('name'))]" + "hybridConnection" ] }, - { + "hybridConnection_roleAssignments": { "copy": { "name": "hybridConnection_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -970,10 +1023,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Relay/namespaces/hybridConnections', parameters('namespaceName'), parameters('name'))]" + "hybridConnection" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -1000,10 +1053,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Relay/namespaces', parameters('name'))]" + "namespace" ] }, - { + "namespace_wcfRelays": { "copy": { "name": "namespace_wcfRelays", "count": "[length(parameters('wcfRelays'))]" @@ -1036,17 +1089,45 @@ }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "16339805298138761905" + "templateHash": "6670763361607677898" }, "name": "Relay Namespace WCF Relays", "description": "This module deploys a Relay Namespace WCF Relay.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "namespaceName": { "type": "string", @@ -1124,15 +1205,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -1153,8 +1228,8 @@ "variables": { "enableReferencedModulesTelemetry": false }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -1168,7 +1243,13 @@ } } }, - { + "namespace": { + "existing": true, + "type": "Microsoft.Relay/namespaces", + "apiVersion": "2021-11-01", + "name": "[parameters('namespaceName')]" + }, + "wcfRelay": { "type": "Microsoft.Relay/namespaces/wcfRelays", "apiVersion": "2021-11-01", "name": "[format('{0}/{1}', parameters('namespaceName'), parameters('name'))]", @@ -1177,23 +1258,26 @@ "requiresClientAuthorization": "[parameters('requiresClientAuthorization')]", "requiresTransportSecurity": "[parameters('requiresTransportSecurity')]", "userMetadata": "[if(not(empty(parameters('userMetadata'))), parameters('userMetadata'), null())]" - } + }, + "dependsOn": [ + "namespace" + ] }, - { - "condition": "[not(empty(parameters('lock')))]", + "wcfRelay_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Relay/namespaces/{0}/wcfRelays/{1}', parameters('namespaceName'), parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Relay/namespaces/wcfRelays', parameters('namespaceName'), parameters('name'))]" + "wcfRelay" ] }, - { + "wcfRelay_authorizationRules": { "copy": { "name": "wcfRelay_authorizationRules", "count": "[length(parameters('authorizationRules'))]" @@ -1323,10 +1407,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Relay/namespaces/wcfRelays', parameters('namespaceName'), parameters('name'))]" + "wcfRelay" ] }, - { + "wcfRelay_roleAssignments": { "copy": { "name": "wcfRelay_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -1475,10 +1559,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Relay/namespaces/wcfRelays', parameters('namespaceName'), parameters('name'))]" + "wcfRelay" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -1505,10 +1589,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Relay/namespaces', parameters('name'))]" + "namespace" ] }, - { + "namespace_privateEndpoints": { "copy": { "name": "namespace_privateEndpoints", "count": "[length(parameters('privateEndpoints'))]" @@ -2032,10 +2116,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Relay/namespaces', parameters('name'))]" + "namespace" ] }, - { + "namespace_roleAssignments": { "copy": { "name": "namespace_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -2184,10 +2268,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Relay/namespaces', parameters('name'))]" + "namespace" ] } - ], + }, "outputs": { "resourceId": { "type": "string", @@ -2215,7 +2299,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Relay/namespaces', parameters('name')), '2021-11-01', 'full').location]" + "value": "[reference('namespace', '2021-11-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/relay/namespace/wcf-relay/main.json b/modules/relay/namespace/wcf-relay/main.json index 4ad90c10ee..305d7a9463 100644 --- a/modules/relay/namespace/wcf-relay/main.json +++ b/modules/relay/namespace/wcf-relay/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "16339805298138761905" + "templateHash": "6670763361607677898" }, "name": "Relay Namespace WCF Relays", "description": "This module deploys a Relay Namespace WCF Relay.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "namespaceName": { "type": "string", @@ -88,15 +116,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -117,8 +139,8 @@ "variables": { "enableReferencedModulesTelemetry": false }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -132,7 +154,13 @@ } } }, - { + "namespace": { + "existing": true, + "type": "Microsoft.Relay/namespaces", + "apiVersion": "2021-11-01", + "name": "[parameters('namespaceName')]" + }, + "wcfRelay": { "type": "Microsoft.Relay/namespaces/wcfRelays", "apiVersion": "2021-11-01", "name": "[format('{0}/{1}', parameters('namespaceName'), parameters('name'))]", @@ -141,23 +169,26 @@ "requiresClientAuthorization": "[parameters('requiresClientAuthorization')]", "requiresTransportSecurity": "[parameters('requiresTransportSecurity')]", "userMetadata": "[if(not(empty(parameters('userMetadata'))), parameters('userMetadata'), null())]" - } + }, + "dependsOn": [ + "namespace" + ] }, - { - "condition": "[not(empty(parameters('lock')))]", + "wcfRelay_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Relay/namespaces/{0}/wcfRelays/{1}', parameters('namespaceName'), parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Relay/namespaces/wcfRelays', parameters('namespaceName'), parameters('name'))]" + "wcfRelay" ] }, - { + "wcfRelay_authorizationRules": { "copy": { "name": "wcfRelay_authorizationRules", "count": "[length(parameters('authorizationRules'))]" @@ -287,10 +318,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Relay/namespaces/wcfRelays', parameters('namespaceName'), parameters('name'))]" + "wcfRelay" ] }, - { + "wcfRelay_roleAssignments": { "copy": { "name": "wcfRelay_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -439,10 +470,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Relay/namespaces/wcfRelays', parameters('namespaceName'), parameters('name'))]" + "wcfRelay" ] } - ], + }, "outputs": { "name": { "type": "string", diff --git a/modules/resource-graph/query/main.json b/modules/resource-graph/query/main.json index 637ac21f0a..e771012ee7 100644 --- a/modules/resource-graph/query/main.json +++ b/modules/resource-graph/query/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "5318766686585928680" + "templateHash": "17790521881386542677" }, "name": "Resource Graph Queries", "description": "This module deploys a Resource Graph Query.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -26,15 +54,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -72,8 +94,8 @@ } } }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -87,7 +109,7 @@ } } }, - { + "rgQuery": { "type": "Microsoft.ResourceGraph/queries", "apiVersion": "2018-09-01-preview", "name": "[parameters('name')]", @@ -98,21 +120,21 @@ "description": "[parameters('queryDescription')]" } }, - { - "condition": "[not(empty(parameters('lock')))]", + "rgQuery_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.ResourceGraph/queries/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.ResourceGraph/queries', parameters('name'))]" + "rgQuery" ] }, - { + "rgQuery_roleAssignments": { "copy": { "name": "rgQuery_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -258,10 +280,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.ResourceGraph/queries', parameters('name'))]" + "rgQuery" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -289,7 +311,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.ResourceGraph/queries', parameters('name')), '2018-09-01-preview', 'full').location]" + "value": "[reference('rgQuery', '2018-09-01-preview', 'full').location]" } } } \ No newline at end of file diff --git a/modules/resources/deployment-script/main.json b/modules/resources/deployment-script/main.json index 2f4d4f4a0d..fc7ac9db4a 100644 --- a/modules/resources/deployment-script/main.json +++ b/modules/resources/deployment-script/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "13171333688007785690" + "templateHash": "2858511394966028740" }, "name": "Deployment Scripts", "description": "This module deploys a Deployment Script.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -147,15 +175,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "tags": { @@ -180,8 +202,8 @@ "identityType": "[if(not(empty(parameters('userAssignedIdentities'))), 'UserAssigned', 'None')]", "identity": "[if(not(equals(variables('identityType'), 'None')), createObject('type', variables('identityType'), 'userAssignedIdentities', if(not(empty(parameters('userAssignedIdentities'))), parameters('userAssignedIdentities'), null())), null())]" }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -195,7 +217,7 @@ } } }, - { + "deploymentScript": { "type": "Microsoft.Resources/deploymentScripts", "apiVersion": "2020-10-01", "name": "[parameters('name')]", @@ -219,21 +241,21 @@ "timeout": "[parameters('timeout')]" } }, - { - "condition": "[not(empty(parameters('lock')))]", + "deploymentScript_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Resources/deploymentScripts/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Resources/deploymentScripts', parameters('name'))]" + "deploymentScript" ] } - ], + }, "outputs": { "resourceId": { "type": "string", @@ -261,14 +283,14 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Resources/deploymentScripts', parameters('name')), '2020-10-01', 'full').location]" + "value": "[reference('deploymentScript', '2020-10-01', 'full').location]" }, "outputs": { "type": "object", "metadata": { "description": "The output of the deployment script." }, - "value": "[if(contains(reference(resourceId('Microsoft.Resources/deploymentScripts', parameters('name')), '2020-10-01'), 'outputs'), reference(resourceId('Microsoft.Resources/deploymentScripts', parameters('name')), '2020-10-01').outputs, createObject())]" + "value": "[if(contains(reference('deploymentScript'), 'outputs'), reference('deploymentScript').outputs, createObject())]" } } } \ No newline at end of file diff --git a/modules/resources/resource-group/main.json b/modules/resources/resource-group/main.json index 311d143451..4744fa0a19 100644 --- a/modules/resources/resource-group/main.json +++ b/modules/resources/resource-group/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "698589074683460032" + "templateHash": "7603780541507519847" }, "name": "Resource Groups", "description": "This module deploys a Resource Group.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -26,15 +54,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -66,8 +88,8 @@ } } }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -82,7 +104,7 @@ } } }, - { + "resourceGroup": { "type": "Microsoft.Resources/resourceGroups", "apiVersion": "2021-04-01", "name": "[parameters('name')]", @@ -91,7 +113,7 @@ "managedBy": "[parameters('managedBy')]", "properties": {} }, - { + "resourceGroup_lock": { "condition": "[not(empty(parameters('lock')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -214,10 +236,10 @@ } }, "dependsOn": [ - "[subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('name'))]" + "resourceGroup" ] }, - { + "resourceGroup_roleAssignments": { "copy": { "name": "resourceGroup_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -545,10 +567,10 @@ } }, "dependsOn": [ - "[subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('name'))]" + "resourceGroup" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -569,7 +591,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('name')), '2021-04-01', 'full').location]" + "value": "[reference('resourceGroup', '2021-04-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/service-bus/namespace/main.json b/modules/service-bus/namespace/main.json index 4e96afbb9d..d8616f2f98 100644 --- a/modules/service-bus/namespace/main.json +++ b/modules/service-bus/namespace/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "662928290271524993" + "templateHash": "15731951409926327801" }, "name": "Service Bus Namespaces", "description": "This module deploys a Service Bus Namespace.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -145,15 +173,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "systemAssignedIdentity": { @@ -333,8 +355,8 @@ "identity": "[if(not(equals(variables('identityType'), 'None')), createObject('type', variables('identityType'), 'userAssignedIdentities', if(not(empty(parameters('userAssignedIdentities'))), parameters('userAssignedIdentities'), null())), null())]", "enableReferencedModulesTelemetry": false }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -348,7 +370,25 @@ } } }, - { + "cMKKeyVault": { + "condition": "[not(empty(parameters('cMKKeyVaultResourceId')))]", + "existing": true, + "type": "Microsoft.KeyVault/vaults", + "apiVersion": "2021-10-01", + "subscriptionId": "[split(parameters('cMKKeyVaultResourceId'), '/')[2]]", + "resourceGroup": "[split(parameters('cMKKeyVaultResourceId'), '/')[4]]", + "name": "[last(split(parameters('cMKKeyVaultResourceId'), '/'))]" + }, + "cMKKeyVaultKey": { + "condition": "[and(not(empty(parameters('cMKKeyVaultResourceId'))), not(empty(parameters('cMKKeyName'))))]", + "existing": true, + "type": "Microsoft.KeyVault/vaults/keys", + "apiVersion": "2021-10-01", + "subscriptionId": "[split(parameters('cMKKeyVaultResourceId'), '/')[2]]", + "resourceGroup": "[split(parameters('cMKKeyVaultResourceId'), '/')[4]]", + "name": "[format('{0}/{1}', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName'))]" + }, + "serviceBusNamespace": { "type": "Microsoft.ServiceBus/namespaces", "apiVersion": "2022-10-01-preview", "name": "[parameters('name')]", @@ -366,24 +406,28 @@ "zoneRedundant": "[parameters('zoneRedundant')]", "disableLocalAuth": "[parameters('disableLocalAuth')]", "premiumMessagingPartitions": "[if(equals(parameters('skuName'), 'Premium'), parameters('premiumMessagingPartitions'), 0)]", - "encryption": "[if(not(empty(parameters('cMKKeyName'))), createObject('keySource', 'Microsoft.KeyVault', 'keyVaultProperties', createArray(createObject('identity', if(not(empty(parameters('cMKUserAssignedIdentityResourceId'))), createObject('userAssignedIdentity', parameters('cMKUserAssignedIdentityResourceId')), null()), 'keyName', parameters('cMKKeyName'), 'keyVaultUri', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('cMKKeyVaultResourceId'), '/')[2], split(parameters('cMKKeyVaultResourceId'), '/')[4]), 'Microsoft.KeyVault/vaults', last(split(parameters('cMKKeyVaultResourceId'), '/'))), '2021-10-01').vaultUri, 'keyVersion', if(not(empty(parameters('cMKKeyVersion'))), parameters('cMKKeyVersion'), last(split(reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('cMKKeyVaultResourceId'), '/')[2], split(parameters('cMKKeyVaultResourceId'), '/')[4]), 'Microsoft.KeyVault/vaults/keys', split(format('{0}/{1}', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName')), '/')[0], split(format('{0}/{1}', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName')), '/')[1]), '2021-10-01').keyUriWithVersion, '/'))))), 'requireInfrastructureEncryption', parameters('requireInfrastructureEncryption')), null())]" - } + "encryption": "[if(not(empty(parameters('cMKKeyName'))), createObject('keySource', 'Microsoft.KeyVault', 'keyVaultProperties', createArray(createObject('identity', if(not(empty(parameters('cMKUserAssignedIdentityResourceId'))), createObject('userAssignedIdentity', parameters('cMKUserAssignedIdentityResourceId')), null()), 'keyName', parameters('cMKKeyName'), 'keyVaultUri', reference('cMKKeyVault').vaultUri, 'keyVersion', if(not(empty(parameters('cMKKeyVersion'))), parameters('cMKKeyVersion'), last(split(reference('cMKKeyVaultKey').keyUriWithVersion, '/'))))), 'requireInfrastructureEncryption', parameters('requireInfrastructureEncryption')), null())]" + }, + "dependsOn": [ + "cMKKeyVault", + "cMKKeyVaultKey" + ] }, - { - "condition": "[not(empty(parameters('lock')))]", + "serviceBusNamespace_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.ServiceBus/namespaces/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.ServiceBus/namespaces', parameters('name'))]" + "serviceBusNamespace" ] }, - { + "serviceBusNamespace_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -398,10 +442,10 @@ "logs": "[variables('diagnosticsLogs')]" }, "dependsOn": [ - "[resourceId('Microsoft.ServiceBus/namespaces', parameters('name'))]" + "serviceBusNamespace" ] }, - { + "serviceBusNamespace_authorizationRules": { "copy": { "name": "serviceBusNamespace_authorizationRules", "count": "[length(parameters('authorizationRules'))]" @@ -524,10 +568,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.ServiceBus/namespaces', parameters('name'))]" + "serviceBusNamespace" ] }, - { + "serviceBusNamespace_disasterRecoveryConfig": { "condition": "[not(empty(parameters('disasterRecoveryConfigs')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -650,10 +694,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.ServiceBus/namespaces', parameters('name'))]" + "serviceBusNamespace" ] }, - { + "serviceBusNamespace_migrationConfigurations": { "condition": "[not(empty(parameters('migrationConfigurations')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -770,10 +814,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.ServiceBus/namespaces', parameters('name'))]" + "serviceBusNamespace" ] }, - { + "serviceBusNamespace_networkRuleSet": { "condition": "[or(not(empty(parameters('networkRuleSets'))), not(empty(parameters('privateEndpoints'))))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -935,10 +979,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.ServiceBus/namespaces', parameters('name'))]" + "serviceBusNamespace" ] }, - { + "serviceBusNamespace_queues": { "copy": { "name": "serviceBusNamespace_queues", "count": "[length(parameters('queues'))]" @@ -983,17 +1027,45 @@ }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "14235495639787970719" + "templateHash": "2387432860804743160" }, "name": "Service Bus Namespace Queue", "description": "This module deploys a Service Bus Namespace Queue.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "namespaceName": { "type": "string", @@ -1153,15 +1225,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -1182,8 +1248,8 @@ "variables": { "enableReferencedModulesTelemetry": false }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -1197,7 +1263,13 @@ } } }, - { + "namespace": { + "existing": true, + "type": "Microsoft.ServiceBus/namespaces", + "apiVersion": "2022-10-01-preview", + "name": "[parameters('namespaceName')]" + }, + "queue": { "type": "Microsoft.ServiceBus/namespaces/queues", "apiVersion": "2022-10-01-preview", "name": "[format('{0}/{1}', parameters('namespaceName'), parameters('name'))]", @@ -1213,28 +1285,31 @@ "forwardTo": "[if(not(empty(parameters('forwardTo'))), parameters('forwardTo'), null())]", "lockDuration": "[parameters('lockDuration')]", "maxDeliveryCount": "[parameters('maxDeliveryCount')]", - "maxMessageSizeInKilobytes": "[if(equals(reference(resourceId('Microsoft.ServiceBus/namespaces', parameters('namespaceName')), '2022-10-01-preview', 'full').sku.name, 'Premium'), parameters('maxMessageSizeInKilobytes'), null())]", + "maxMessageSizeInKilobytes": "[if(equals(reference('namespace', '2022-10-01-preview', 'full').sku.name, 'Premium'), parameters('maxMessageSizeInKilobytes'), null())]", "maxSizeInMegabytes": "[parameters('maxSizeInMegabytes')]", "requiresDuplicateDetection": "[parameters('requiresDuplicateDetection')]", "requiresSession": "[parameters('requiresSession')]", "status": "[parameters('status')]" - } + }, + "dependsOn": [ + "namespace" + ] }, - { - "condition": "[not(empty(parameters('lock')))]", + "queue_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.ServiceBus/namespaces/{0}/queues/{1}', parameters('namespaceName'), parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.ServiceBus/namespaces/queues', parameters('namespaceName'), parameters('name'))]" + "queue" ] }, - { + "queue_authorizationRules": { "copy": { "name": "queue_authorizationRules", "count": "[length(parameters('authorizationRules'))]" @@ -1364,10 +1439,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.ServiceBus/namespaces/queues', parameters('namespaceName'), parameters('name'))]" + "queue" ] }, - { + "queue_roleAssignments": { "copy": { "name": "queue_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -1515,10 +1590,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.ServiceBus/namespaces/queues', parameters('namespaceName'), parameters('name'))]" + "queue" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -1545,10 +1620,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.ServiceBus/namespaces', parameters('name'))]" + "serviceBusNamespace" ] }, - { + "serviceBusNamespace_topics": { "copy": { "name": "serviceBusNamespace_topics", "count": "[length(parameters('topics'))]" @@ -1588,17 +1663,45 @@ }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "7517242660485501194" + "templateHash": "17853944786928243085" }, "name": "Service Bus Namespace Topic", "description": "This module deploys a Service Bus Namespace Topic.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "namespaceName": { "type": "string", @@ -1723,15 +1826,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -1752,8 +1849,8 @@ "variables": { "enableReferencedModulesTelemetry": false }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -1767,7 +1864,13 @@ } } }, - { + "namespace": { + "existing": true, + "type": "Microsoft.ServiceBus/namespaces", + "apiVersion": "2022-10-01-preview", + "name": "[parameters('namespaceName')]" + }, + "topic": { "type": "Microsoft.ServiceBus/namespaces/topics", "apiVersion": "2022-10-01-preview", "name": "[format('{0}/{1}', parameters('namespaceName'), parameters('name'))]", @@ -1783,23 +1886,26 @@ "requiresDuplicateDetection": "[parameters('requiresDuplicateDetection')]", "status": "[parameters('status')]", "supportOrdering": "[parameters('supportOrdering')]" - } + }, + "dependsOn": [ + "namespace" + ] }, - { - "condition": "[not(empty(parameters('lock')))]", + "topic_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.ServiceBus/namespaces/{0}/topics/{1}', parameters('namespaceName'), parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.ServiceBus/namespaces/topics', parameters('namespaceName'), parameters('name'))]" + "topic" ] }, - { + "topic_authorizationRules": { "copy": { "name": "topic_authorizationRules", "count": "[length(parameters('authorizationRules'))]" @@ -1929,10 +2035,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.ServiceBus/namespaces/topics', parameters('namespaceName'), parameters('name'))]" + "topic" ] }, - { + "topic_roleAssignments": { "copy": { "name": "topic_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -2080,10 +2186,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.ServiceBus/namespaces/topics', parameters('namespaceName'), parameters('name'))]" + "topic" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -2110,10 +2216,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.ServiceBus/namespaces', parameters('name'))]" + "serviceBusNamespace" ] }, - { + "serviceBusNamespace_privateEndpoints": { "copy": { "name": "serviceBusNamespace_privateEndpoints", "count": "[length(parameters('privateEndpoints'))]" @@ -2637,10 +2743,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.ServiceBus/namespaces', parameters('name'))]" + "serviceBusNamespace" ] }, - { + "serviceBusNamespace_roleAssignments": { "copy": { "name": "serviceBusNamespace_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -2788,10 +2894,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.ServiceBus/namespaces', parameters('name'))]" + "serviceBusNamespace" ] } - ], + }, "outputs": { "resourceId": { "type": "string", @@ -2819,14 +2925,14 @@ "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference(resourceId('Microsoft.ServiceBus/namespaces', parameters('name')), '2022-10-01-preview', 'full').identity, 'principalId')), reference(resourceId('Microsoft.ServiceBus/namespaces', parameters('name')), '2022-10-01-preview', 'full').identity.principalId, '')]" + "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference('serviceBusNamespace', '2022-10-01-preview', 'full').identity, 'principalId')), reference('serviceBusNamespace', '2022-10-01-preview', 'full').identity.principalId, '')]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.ServiceBus/namespaces', parameters('name')), '2022-10-01-preview', 'full').location]" + "value": "[reference('serviceBusNamespace', '2022-10-01-preview', 'full').location]" } } } \ No newline at end of file diff --git a/modules/service-bus/namespace/queue/main.json b/modules/service-bus/namespace/queue/main.json index db9c7d315a..8eaa66214c 100644 --- a/modules/service-bus/namespace/queue/main.json +++ b/modules/service-bus/namespace/queue/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "14235495639787970719" + "templateHash": "2387432860804743160" }, "name": "Service Bus Namespace Queue", "description": "This module deploys a Service Bus Namespace Queue.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "namespaceName": { "type": "string", @@ -170,15 +198,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -199,8 +221,8 @@ "variables": { "enableReferencedModulesTelemetry": false }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -214,7 +236,13 @@ } } }, - { + "namespace": { + "existing": true, + "type": "Microsoft.ServiceBus/namespaces", + "apiVersion": "2022-10-01-preview", + "name": "[parameters('namespaceName')]" + }, + "queue": { "type": "Microsoft.ServiceBus/namespaces/queues", "apiVersion": "2022-10-01-preview", "name": "[format('{0}/{1}', parameters('namespaceName'), parameters('name'))]", @@ -230,28 +258,31 @@ "forwardTo": "[if(not(empty(parameters('forwardTo'))), parameters('forwardTo'), null())]", "lockDuration": "[parameters('lockDuration')]", "maxDeliveryCount": "[parameters('maxDeliveryCount')]", - "maxMessageSizeInKilobytes": "[if(equals(reference(resourceId('Microsoft.ServiceBus/namespaces', parameters('namespaceName')), '2022-10-01-preview', 'full').sku.name, 'Premium'), parameters('maxMessageSizeInKilobytes'), null())]", + "maxMessageSizeInKilobytes": "[if(equals(reference('namespace', '2022-10-01-preview', 'full').sku.name, 'Premium'), parameters('maxMessageSizeInKilobytes'), null())]", "maxSizeInMegabytes": "[parameters('maxSizeInMegabytes')]", "requiresDuplicateDetection": "[parameters('requiresDuplicateDetection')]", "requiresSession": "[parameters('requiresSession')]", "status": "[parameters('status')]" - } + }, + "dependsOn": [ + "namespace" + ] }, - { - "condition": "[not(empty(parameters('lock')))]", + "queue_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.ServiceBus/namespaces/{0}/queues/{1}', parameters('namespaceName'), parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.ServiceBus/namespaces/queues', parameters('namespaceName'), parameters('name'))]" + "queue" ] }, - { + "queue_authorizationRules": { "copy": { "name": "queue_authorizationRules", "count": "[length(parameters('authorizationRules'))]" @@ -381,10 +412,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.ServiceBus/namespaces/queues', parameters('namespaceName'), parameters('name'))]" + "queue" ] }, - { + "queue_roleAssignments": { "copy": { "name": "queue_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -532,10 +563,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.ServiceBus/namespaces/queues', parameters('namespaceName'), parameters('name'))]" + "queue" ] } - ], + }, "outputs": { "name": { "type": "string", diff --git a/modules/service-bus/namespace/topic/main.json b/modules/service-bus/namespace/topic/main.json index 52d011eb5d..e7341c8e2d 100644 --- a/modules/service-bus/namespace/topic/main.json +++ b/modules/service-bus/namespace/topic/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "7517242660485501194" + "templateHash": "17853944786928243085" }, "name": "Service Bus Namespace Topic", "description": "This module deploys a Service Bus Namespace Topic.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "namespaceName": { "type": "string", @@ -135,15 +163,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -164,8 +186,8 @@ "variables": { "enableReferencedModulesTelemetry": false }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -179,7 +201,13 @@ } } }, - { + "namespace": { + "existing": true, + "type": "Microsoft.ServiceBus/namespaces", + "apiVersion": "2022-10-01-preview", + "name": "[parameters('namespaceName')]" + }, + "topic": { "type": "Microsoft.ServiceBus/namespaces/topics", "apiVersion": "2022-10-01-preview", "name": "[format('{0}/{1}', parameters('namespaceName'), parameters('name'))]", @@ -195,23 +223,26 @@ "requiresDuplicateDetection": "[parameters('requiresDuplicateDetection')]", "status": "[parameters('status')]", "supportOrdering": "[parameters('supportOrdering')]" - } + }, + "dependsOn": [ + "namespace" + ] }, - { - "condition": "[not(empty(parameters('lock')))]", + "topic_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.ServiceBus/namespaces/{0}/topics/{1}', parameters('namespaceName'), parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.ServiceBus/namespaces/topics', parameters('namespaceName'), parameters('name'))]" + "topic" ] }, - { + "topic_authorizationRules": { "copy": { "name": "topic_authorizationRules", "count": "[length(parameters('authorizationRules'))]" @@ -341,10 +372,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.ServiceBus/namespaces/topics', parameters('namespaceName'), parameters('name'))]" + "topic" ] }, - { + "topic_roleAssignments": { "copy": { "name": "topic_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -492,10 +523,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.ServiceBus/namespaces/topics', parameters('namespaceName'), parameters('name'))]" + "topic" ] } - ], + }, "outputs": { "name": { "type": "string", diff --git a/modules/service-fabric/cluster/main.json b/modules/service-fabric/cluster/main.json index 66d8a1770e..7573b8a154 100644 --- a/modules/service-fabric/cluster/main.json +++ b/modules/service-fabric/cluster/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "212662749954902934" + "templateHash": "3676240704825809090" }, "name": "Service Fabric Clusters", "description": "This module deploys a Service Fabric Cluster.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -33,15 +61,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "enableDefaultTelemetry": { @@ -342,8 +364,8 @@ "enableReferencedModulesTelemetry": false, "upgradeDescriptionVar": "[union(createObject('deltaHealthPolicy', createObject('applicationDeltaHealthPolicies', if(contains(parameters('upgradeDescription'), 'applicationDeltaHealthPolicies'), parameters('upgradeDescription').applicationDeltaHealthPolicies, createObject()), 'maxPercentDeltaUnhealthyApplications', if(contains(parameters('upgradeDescription'), 'maxPercentDeltaUnhealthyApplications'), parameters('upgradeDescription').maxPercentDeltaUnhealthyApplications, 0), 'maxPercentDeltaUnhealthyNodes', if(contains(parameters('upgradeDescription'), 'maxPercentDeltaUnhealthyNodes'), parameters('upgradeDescription').maxPercentDeltaUnhealthyNodes, 0), 'maxPercentUpgradeDomainDeltaUnhealthyNodes', if(contains(parameters('upgradeDescription'), 'maxPercentUpgradeDomainDeltaUnhealthyNodes'), parameters('upgradeDescription').maxPercentUpgradeDomainDeltaUnhealthyNodes, 0)), 'forceRestart', if(contains(parameters('upgradeDescription'), 'forceRestart'), parameters('upgradeDescription').forceRestart, false()), 'healthCheckRetryTimeout', if(contains(parameters('upgradeDescription'), 'healthCheckRetryTimeout'), parameters('upgradeDescription').healthCheckRetryTimeout, '00:45:00'), 'healthCheckStableDuration', if(contains(parameters('upgradeDescription'), 'healthCheckStableDuration'), parameters('upgradeDescription').healthCheckStableDuration, '00:01:00'), 'healthCheckWaitDuration', if(contains(parameters('upgradeDescription'), 'healthCheckWaitDuration'), parameters('upgradeDescription').healthCheckWaitDuration, '00:00:30'), 'upgradeDomainTimeout', if(contains(parameters('upgradeDescription'), 'upgradeDomainTimeout'), parameters('upgradeDescription').upgradeDomainTimeout, '02:00:00'), 'upgradeReplicaSetCheckTimeout', if(contains(parameters('upgradeDescription'), 'upgradeReplicaSetCheckTimeout'), parameters('upgradeDescription').upgradeReplicaSetCheckTimeout, '1.00:00:00'), 'upgradeTimeout', if(contains(parameters('upgradeDescription'), 'upgradeTimeout'), parameters('upgradeDescription').upgradeTimeout, '02:00:00')), if(contains(parameters('upgradeDescription'), 'healthPolicy'), createObject('healthPolicy', createObject('applicationHealthPolicies', if(contains(parameters('upgradeDescription').healthPolicy, 'applicationHealthPolicies'), parameters('upgradeDescription').healthPolicy.applicationHealthPolicies, createObject()), 'maxPercentUnhealthyApplications', if(contains(parameters('upgradeDescription').healthPolicy, 'maxPercentUnhealthyApplications'), parameters('upgradeDescription').healthPolicy.maxPercentUnhealthyApplications, 0), 'maxPercentUnhealthyNodes', if(contains(parameters('upgradeDescription').healthPolicy, 'maxPercentUnhealthyNodes'), parameters('upgradeDescription').healthPolicy.maxPercentUnhealthyNodes, 0))), createObject()))]" }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -357,7 +379,7 @@ } } }, - { + "serviceFabricCluster": { "type": "Microsoft.ServiceFabric/clusters", "apiVersion": "2021-06-01", "name": "[parameters('name')]", @@ -395,21 +417,21 @@ "waveUpgradePaused": "[parameters('waveUpgradePaused')]" } }, - { - "condition": "[not(empty(parameters('lock')))]", + "serviceFabricCluster_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.ServiceFabric/clusters/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.ServiceFabric/clusters', parameters('name'))]" + "serviceFabricCluster" ] }, - { + "serviceFabricCluster_roleAssignments": { "copy": { "name": "serviceFabricCluster_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -554,10 +576,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.ServiceFabric/clusters', parameters('name'))]" + "serviceFabricCluster" ] }, - { + "serviceFabricCluster_applicationTypes": { "copy": { "name": "serviceFabricCluster_applicationTypes", "count": "[length(parameters('applicationTypes'))]" @@ -672,10 +694,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.ServiceFabric/clusters', parameters('name'))]" + "serviceFabricCluster" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -703,14 +725,14 @@ "metadata": { "description": "The Service Fabric Cluster endpoint." }, - "value": "[reference(resourceId('Microsoft.ServiceFabric/clusters', parameters('name')), '2021-06-01').clusterEndpoint]" + "value": "[reference('serviceFabricCluster').clusterEndpoint]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.ServiceFabric/clusters', parameters('name')), '2021-06-01', 'full').location]" + "value": "[reference('serviceFabricCluster', '2021-06-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/signal-r-service/signal-r/main.json b/modules/signal-r-service/signal-r/main.json index cae060bd25..03a7ce05d8 100644 --- a/modules/signal-r-service/signal-r/main.json +++ b/modules/signal-r-service/signal-r/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "18228985273880895122" + "templateHash": "7305808861075102392" }, "name": "SignalR Service SignalR", "description": "This module deploys a SignalR Service SignalR.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "location": { "type": "string", @@ -170,15 +198,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -216,8 +238,8 @@ } ] }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -231,7 +253,7 @@ } } }, - { + "signalR": { "type": "Microsoft.SignalRService/signalR", "apiVersion": "2022-02-01", "name": "[parameters('name')]", @@ -262,21 +284,21 @@ "upstream": "[if(not(empty(parameters('upstreamTemplatesToEnable'))), createObject('templates', parameters('upstreamTemplatesToEnable')), createObject())]" } }, - { - "condition": "[not(empty(parameters('lock')))]", + "signalR_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.SignalRService/signalR/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.SignalRService/signalR', parameters('name'))]" + "signalR" ] }, - { + "signalR_privateEndpoints": { "copy": { "name": "signalR_privateEndpoints", "count": "[length(parameters('privateEndpoints'))]" @@ -797,10 +819,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.SignalRService/signalR', parameters('name'))]" + "signalR" ] }, - { + "signalR_rbac": { "copy": { "name": "signalR_rbac", "count": "[length(parameters('roleAssignments'))]" @@ -953,10 +975,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.SignalRService/signalR', parameters('name'))]" + "signalR" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -984,7 +1006,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.SignalRService/signalR', parameters('name')), '2022-02-01', 'full').location]" + "value": "[reference('signalR', '2022-02-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/signal-r-service/web-pub-sub/main.json b/modules/signal-r-service/web-pub-sub/main.json index 7bca5bb716..12fb3b6219 100644 --- a/modules/signal-r-service/web-pub-sub/main.json +++ b/modules/signal-r-service/web-pub-sub/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "11691998078416920042" + "templateHash": "6758590720754314081" }, "name": "SignalR Web PubSub Services", "description": "This module deploys a SignalR Web PubSub Service.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "location": { "type": "string", @@ -33,15 +61,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -169,8 +191,8 @@ "userAssignedIdentities": "[if(not(empty(parameters('userAssignedIdentities'))), parameters('userAssignedIdentities'), null())]" } }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -184,7 +206,7 @@ } } }, - { + "webPubSub": { "type": "Microsoft.SignalRService/webPubSub", "apiVersion": "2021-10-01", "name": "[parameters('name')]", @@ -209,21 +231,21 @@ } } }, - { - "condition": "[not(empty(parameters('lock')))]", + "webPubSub_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.SignalRService/webPubSub/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.SignalRService/webPubSub', parameters('name'))]" + "webPubSub" ] }, - { + "webPubSub_privateEndpoints": { "copy": { "name": "webPubSub_privateEndpoints", "count": "[length(parameters('privateEndpoints'))]" @@ -744,10 +766,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.SignalRService/webPubSub', parameters('name'))]" + "webPubSub" ] }, - { + "webPubSub_rbac": { "copy": { "name": "webPubSub_rbac", "count": "[length(parameters('roleAssignments'))]" @@ -900,10 +922,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.SignalRService/webPubSub', parameters('name'))]" + "webPubSub" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -931,35 +953,35 @@ "metadata": { "description": "The Web PubSub externalIP." }, - "value": "[reference(resourceId('Microsoft.SignalRService/webPubSub', parameters('name')), '2021-10-01').externalIP]" + "value": "[reference('webPubSub').externalIP]" }, "hostName": { "type": "string", "metadata": { "description": "The Web PubSub hostName." }, - "value": "[reference(resourceId('Microsoft.SignalRService/webPubSub', parameters('name')), '2021-10-01').hostName]" + "value": "[reference('webPubSub').hostName]" }, "publicPort": { "type": "int", "metadata": { "description": "The Web PubSub publicPort." }, - "value": "[reference(resourceId('Microsoft.SignalRService/webPubSub', parameters('name')), '2021-10-01').publicPort]" + "value": "[reference('webPubSub').publicPort]" }, "serverPort": { "type": "int", "metadata": { "description": "The Web PubSub serverPort." }, - "value": "[reference(resourceId('Microsoft.SignalRService/webPubSub', parameters('name')), '2021-10-01').serverPort]" + "value": "[reference('webPubSub').serverPort]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.SignalRService/webPubSub', parameters('name')), '2021-10-01', 'full').location]" + "value": "[reference('webPubSub', '2021-10-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/sql/managed-instance/database/main.json b/modules/sql/managed-instance/database/main.json index a22c997575..eb042f863f 100644 --- a/modules/sql/managed-instance/database/main.json +++ b/modules/sql/managed-instance/database/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "6503511608072200864" + "templateHash": "6248092272830092402" }, "name": "SQL Managed Instance Databases", "description": "This module deploys a SQL Managed Instance Database.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -137,15 +165,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "backupShortTermRetentionPoliciesObj": { @@ -215,8 +237,8 @@ "diagnosticsLogs": "[if(contains(parameters('diagnosticLogCategoriesToEnable'), 'allLogs'), createArray(createObject('categoryGroup', 'allLogs', 'enabled', true())), if(contains(parameters('diagnosticLogCategoriesToEnable'), ''), createArray(), variables('diagnosticsLogsSpecified')))]", "enableReferencedModulesTelemetry": false }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -230,7 +252,13 @@ } } }, - { + "managedInstance": { + "existing": true, + "type": "Microsoft.Sql/managedInstances", + "apiVersion": "2022-05-01-preview", + "name": "[parameters('managedInstanceName')]" + }, + "database": { "type": "Microsoft.Sql/managedInstances/databases", "apiVersion": "2022-05-01-preview", "name": "[format('{0}/{1}', parameters('managedInstanceName'), parameters('name'))]", @@ -247,9 +275,12 @@ "storageContainerSasToken": "[if(empty(parameters('storageContainerSasToken')), null(), parameters('storageContainerSasToken'))]", "recoverableDatabaseId": "[if(empty(parameters('recoverableDatabaseId')), null(), parameters('recoverableDatabaseId'))]", "longTermRetentionBackupResourceId": "[if(empty(parameters('longTermRetentionBackupResourceId')), null(), parameters('longTermRetentionBackupResourceId'))]" - } + }, + "dependsOn": [ + "managedInstance" + ] }, - { + "database_lock": { "condition": "[not(empty(parameters('lock')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", @@ -260,10 +291,10 @@ "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Sql/managedInstances/databases', parameters('managedInstanceName'), parameters('name'))]" + "database" ] }, - { + "database_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -277,10 +308,10 @@ "logs": "[variables('diagnosticsLogs')]" }, "dependsOn": [ - "[resourceId('Microsoft.Sql/managedInstances/databases', parameters('managedInstanceName'), parameters('name'))]" + "database" ] }, - { + "database_backupShortTermRetentionPolicy": { "condition": "[not(empty(parameters('backupShortTermRetentionPoliciesObj')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -402,10 +433,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Sql/managedInstances/databases', parameters('managedInstanceName'), parameters('name'))]" + "database" ] }, - { + "database_backupLongTermRetentionPolicy": { "condition": "[not(empty(parameters('backupLongTermRetentionPoliciesObj')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -554,10 +585,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Sql/managedInstances/databases', parameters('managedInstanceName'), parameters('name'))]" + "database" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -585,7 +616,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Sql/managedInstances/databases', parameters('managedInstanceName'), parameters('name')), '2022-05-01-preview', 'full').location]" + "value": "[reference('database', '2022-05-01-preview', 'full').location]" } } } \ No newline at end of file diff --git a/modules/sql/managed-instance/main.json b/modules/sql/managed-instance/main.json index 8313b95372..1a369b5e40 100644 --- a/modules/sql/managed-instance/main.json +++ b/modules/sql/managed-instance/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "8514585732181524503" + "templateHash": "10725109912402429439" }, "name": "SQL Managed Instances", "description": "This module deploys a SQL Managed Instance.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -208,15 +236,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -389,8 +411,8 @@ "identity": "[if(not(equals(variables('identityType'), 'None')), createObject('type', variables('identityType'), 'userAssignedIdentities', if(not(empty(parameters('userAssignedIdentities'))), parameters('userAssignedIdentities'), null())), null())]", "enableReferencedModulesTelemetry": false }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -404,7 +426,7 @@ } } }, - { + "managedInstance": { "type": "Microsoft.Sql/managedInstances", "apiVersion": "2022-05-01-preview", "name": "[parameters('name')]", @@ -441,21 +463,21 @@ "minimalTlsVersion": "[parameters('minimalTlsVersion')]" } }, - { - "condition": "[not(empty(parameters('lock')))]", + "managedInstance_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Sql/managedInstances/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Sql/managedInstances', parameters('name'))]" + "managedInstance" ] }, - { + "managedInstance_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -470,10 +492,10 @@ "logs": "[variables('diagnosticsLogs')]" }, "dependsOn": [ - "[resourceId('Microsoft.Sql/managedInstances', parameters('name'))]" + "managedInstance" ] }, - { + "managedInstance_roleAssignments": { "copy": { "name": "managedInstance_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -627,10 +649,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Sql/managedInstances', parameters('name'))]" + "managedInstance" ] }, - { + "managedInstance_databases": { "copy": { "name": "managedInstance_databases", "count": "[length(parameters('databases'))]" @@ -656,7 +678,7 @@ "diagnosticStorageAccountId": "[if(contains(parameters('databases')[copyIndex()], 'diagnosticStorageAccountId'), createObject('value', parameters('databases')[copyIndex()].diagnosticStorageAccountId), createObject('value', ''))]", "diagnosticEventHubAuthorizationRuleId": "[if(contains(parameters('databases')[copyIndex()], 'diagnosticEventHubAuthorizationRuleId'), createObject('value', parameters('databases')[copyIndex()].diagnosticEventHubAuthorizationRuleId), createObject('value', ''))]", "diagnosticEventHubName": "[if(contains(parameters('databases')[copyIndex()], 'diagnosticEventHubName'), createObject('value', parameters('databases')[copyIndex()].diagnosticEventHubName), createObject('value', ''))]", - "location": "[if(contains(parameters('databases')[copyIndex()], 'location'), createObject('value', parameters('databases')[copyIndex()].location), createObject('value', reference(resourceId('Microsoft.Sql/managedInstances', parameters('name')), '2022-05-01-preview', 'full').location))]", + "location": "[if(contains(parameters('databases')[copyIndex()], 'location'), createObject('value', parameters('databases')[copyIndex()].location), createObject('value', reference('managedInstance', '2022-05-01-preview', 'full').location))]", "lock": "[if(contains(parameters('databases')[copyIndex()], 'lock'), createObject('value', parameters('databases')[copyIndex()].lock), createObject('value', ''))]", "longTermRetentionBackupResourceId": "[if(contains(parameters('databases')[copyIndex()], 'longTermRetentionBackupResourceId'), createObject('value', parameters('databases')[copyIndex()].longTermRetentionBackupResourceId), createObject('value', ''))]", "recoverableDatabaseId": "[if(contains(parameters('databases')[copyIndex()], 'recoverableDatabaseId'), createObject('value', parameters('databases')[copyIndex()].recoverableDatabaseId), createObject('value', ''))]", @@ -675,17 +697,45 @@ }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "6503511608072200864" + "templateHash": "6248092272830092402" }, "name": "SQL Managed Instance Databases", "description": "This module deploys a SQL Managed Instance Database.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -812,15 +862,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "backupShortTermRetentionPoliciesObj": { @@ -890,8 +934,8 @@ "diagnosticsLogs": "[if(contains(parameters('diagnosticLogCategoriesToEnable'), 'allLogs'), createArray(createObject('categoryGroup', 'allLogs', 'enabled', true())), if(contains(parameters('diagnosticLogCategoriesToEnable'), ''), createArray(), variables('diagnosticsLogsSpecified')))]", "enableReferencedModulesTelemetry": false }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -905,7 +949,13 @@ } } }, - { + "managedInstance": { + "existing": true, + "type": "Microsoft.Sql/managedInstances", + "apiVersion": "2022-05-01-preview", + "name": "[parameters('managedInstanceName')]" + }, + "database": { "type": "Microsoft.Sql/managedInstances/databases", "apiVersion": "2022-05-01-preview", "name": "[format('{0}/{1}', parameters('managedInstanceName'), parameters('name'))]", @@ -922,9 +972,12 @@ "storageContainerSasToken": "[if(empty(parameters('storageContainerSasToken')), null(), parameters('storageContainerSasToken'))]", "recoverableDatabaseId": "[if(empty(parameters('recoverableDatabaseId')), null(), parameters('recoverableDatabaseId'))]", "longTermRetentionBackupResourceId": "[if(empty(parameters('longTermRetentionBackupResourceId')), null(), parameters('longTermRetentionBackupResourceId'))]" - } + }, + "dependsOn": [ + "managedInstance" + ] }, - { + "database_lock": { "condition": "[not(empty(parameters('lock')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", @@ -935,10 +988,10 @@ "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Sql/managedInstances/databases', parameters('managedInstanceName'), parameters('name'))]" + "database" ] }, - { + "database_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -952,10 +1005,10 @@ "logs": "[variables('diagnosticsLogs')]" }, "dependsOn": [ - "[resourceId('Microsoft.Sql/managedInstances/databases', parameters('managedInstanceName'), parameters('name'))]" + "database" ] }, - { + "database_backupShortTermRetentionPolicy": { "condition": "[not(empty(parameters('backupShortTermRetentionPoliciesObj')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -1077,10 +1130,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Sql/managedInstances/databases', parameters('managedInstanceName'), parameters('name'))]" + "database" ] }, - { + "database_backupLongTermRetentionPolicy": { "condition": "[not(empty(parameters('backupLongTermRetentionPoliciesObj')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -1229,10 +1282,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Sql/managedInstances/databases', parameters('managedInstanceName'), parameters('name'))]" + "database" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -1260,16 +1313,16 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Sql/managedInstances/databases', parameters('managedInstanceName'), parameters('name')), '2022-05-01-preview', 'full').location]" + "value": "[reference('database', '2022-05-01-preview', 'full').location]" } } } }, "dependsOn": [ - "[resourceId('Microsoft.Sql/managedInstances', parameters('name'))]" + "managedInstance" ] }, - { + "managedInstance_securityAlertPolicy": { "condition": "[not(empty(parameters('securityAlertPoliciesObj')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -1395,10 +1448,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Sql/managedInstances', parameters('name'))]" + "managedInstance" ] }, - { + "managedInstance_vulnerabilityAssessment": { "condition": "[and(not(empty(parameters('vulnerabilityAssessmentsObj'))), parameters('systemAssignedIdentity'))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -1614,11 +1667,11 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Sql/managedInstances', parameters('name'))]", - "[resourceId('Microsoft.Resources/deployments', format('{0}-SqlMi-SecAlertPol', uniqueString(deployment().name, parameters('location'))))]" + "managedInstance", + "managedInstance_securityAlertPolicy" ] }, - { + "managedInstance_keys": { "copy": { "name": "managedInstance_keys", "count": "[length(parameters('keys'))]" @@ -1751,10 +1804,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Sql/managedInstances', parameters('name'))]" + "managedInstance" ] }, - { + "managedInstance_encryptionProtector": { "condition": "[not(empty(parameters('encryptionProtectorObj')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -1881,11 +1934,11 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Sql/managedInstances', parameters('name'))]", + "managedInstance", "managedInstance_keys" ] }, - { + "managedInstance_administrator": { "condition": "[not(empty(parameters('administratorsObj')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -2010,10 +2063,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Sql/managedInstances', parameters('name'))]" + "managedInstance" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -2041,14 +2094,14 @@ "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference(resourceId('Microsoft.Sql/managedInstances', parameters('name')), '2022-05-01-preview', 'full').identity, 'principalId')), reference(resourceId('Microsoft.Sql/managedInstances', parameters('name')), '2022-05-01-preview', 'full').identity.principalId, '')]" + "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference('managedInstance', '2022-05-01-preview', 'full').identity, 'principalId')), reference('managedInstance', '2022-05-01-preview', 'full').identity.principalId, '')]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Sql/managedInstances', parameters('name')), '2022-05-01-preview', 'full').location]" + "value": "[reference('managedInstance', '2022-05-01-preview', 'full').location]" } } } \ No newline at end of file diff --git a/modules/sql/server/main.json b/modules/sql/server/main.json index ce9273e1dc..110e3c4ea3 100644 --- a/modules/sql/server/main.json +++ b/modules/sql/server/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "4323187915659355433" + "templateHash": "5215810648913031869" }, "name": "Azure SQL Servers", "description": "This module deploys an Azure SQL Server.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "administratorLogin": { "type": "string", @@ -61,15 +89,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -205,8 +227,8 @@ "identity": "[if(not(equals(variables('identityType'), 'None')), createObject('type', variables('identityType'), 'userAssignedIdentities', if(not(empty(parameters('userAssignedIdentities'))), parameters('userAssignedIdentities'), null())), null())]", "enableReferencedModulesTelemetry": false }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -220,7 +242,7 @@ } } }, - { + "server": { "type": "Microsoft.Sql/servers", "apiVersion": "2022-05-01-preview", "name": "[parameters('name')]", @@ -238,21 +260,21 @@ "restrictOutboundNetworkAccess": "[if(not(empty(parameters('restrictOutboundNetworkAccess'))), parameters('restrictOutboundNetworkAccess'), null())]" } }, - { - "condition": "[not(empty(parameters('lock')))]", + "server_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Sql/servers/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Sql/servers', parameters('name'))]" + "server" ] }, - { + "server_roleAssignments": { "copy": { "name": "server_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -404,10 +426,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Sql/servers', parameters('name'))]" + "server" ] }, - { + "server_databases": { "copy": { "name": "server_databases", "count": "[length(parameters('databases'))]" @@ -1176,11 +1198,11 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Sql/servers', parameters('name'))]", + "server", "server_elasticPools" ] }, - { + "server_elasticPools": { "copy": { "name": "server_elasticPools", "count": "[length(parameters('elasticPools'))]" @@ -1421,10 +1443,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Sql/servers', parameters('name'))]" + "server" ] }, - { + "server_privateEndpoints": { "copy": { "name": "server_privateEndpoints", "count": "[length(parameters('privateEndpoints'))]" @@ -1948,10 +1970,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Sql/servers', parameters('name'))]" + "server" ] }, - { + "server_firewallRules": { "copy": { "name": "server_firewallRules", "count": "[length(parameters('firewallRules'))]" @@ -2076,10 +2098,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Sql/servers', parameters('name'))]" + "server" ] }, - { + "server_virtualNetworkRules": { "copy": { "name": "server_virtualNetworkRules", "count": "[length(parameters('virtualNetworkRules'))]" @@ -2205,10 +2227,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Sql/servers', parameters('name'))]" + "server" ] }, - { + "server_securityAlertPolicies": { "copy": { "name": "server_securityAlertPolicies", "count": "[length(parameters('securityAlertPolicies'))]" @@ -2382,10 +2404,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Sql/servers', parameters('name'))]" + "server" ] }, - { + "server_vulnerabilityAssessment": { "condition": "[not(empty(parameters('vulnerabilityAssessmentsObj')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -2528,11 +2550,11 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Sql/servers', parameters('name'))]", + "server", "server_securityAlertPolicies" ] }, - { + "server_keys": { "copy": { "name": "server_keys", "count": "[length(parameters('keys'))]" @@ -2665,10 +2687,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Sql/servers', parameters('name'))]" + "server" ] }, - { + "server_encryptionProtector": { "condition": "[not(empty(parameters('encryptionProtectorObj')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -2795,11 +2817,11 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Sql/servers', parameters('name'))]", + "server", "server_keys" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -2827,14 +2849,14 @@ "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference(resourceId('Microsoft.Sql/servers', parameters('name')), '2022-05-01-preview', 'full').identity, 'principalId')), reference(resourceId('Microsoft.Sql/servers', parameters('name')), '2022-05-01-preview', 'full').identity.principalId, '')]" + "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference('server', '2022-05-01-preview', 'full').identity, 'principalId')), reference('server', '2022-05-01-preview', 'full').identity.principalId, '')]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Sql/servers', parameters('name')), '2022-05-01-preview', 'full').location]" + "value": "[reference('server', '2022-05-01-preview', 'full').location]" } } } \ No newline at end of file diff --git a/modules/storage/storage-account/main.json b/modules/storage/storage-account/main.json index 37226f763b..67d020ccc9 100644 --- a/modules/storage/storage-account/main.json +++ b/modules/storage/storage-account/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "4491569988152591675" + "templateHash": "7623420689086339166" }, "name": "Storage Accounts", "description": "This module deploys a Storage Account.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -294,15 +322,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "tags": { @@ -423,8 +445,8 @@ "identity": "[if(not(equals(variables('identityType'), 'None')), createObject('type', variables('identityType'), 'userAssignedIdentities', if(not(empty(parameters('userAssignedIdentities'))), parameters('userAssignedIdentities'), null())), null())]", "enableReferencedModulesTelemetry": false }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -438,7 +460,16 @@ } } }, - { + "keyVault": { + "condition": "[not(empty(parameters('cMKKeyVaultResourceId')))]", + "existing": true, + "type": "Microsoft.KeyVault/vaults", + "apiVersion": "2021-06-01-preview", + "subscriptionId": "[split(parameters('cMKKeyVaultResourceId'), '/')[2]]", + "resourceGroup": "[split(parameters('cMKKeyVaultResourceId'), '/')[4]]", + "name": "[last(split(parameters('cMKKeyVaultResourceId'), '/'))]" + }, + "storageAccount": { "type": "Microsoft.Storage/storageAccounts", "apiVersion": "2022-09-01", "name": "[parameters('name')]", @@ -473,7 +504,7 @@ } }, "requireInfrastructureEncryption": "[if(not(equals(parameters('kind'), 'Storage')), parameters('requireInfrastructureEncryption'), null())]", - "keyvaultproperties": "[if(not(empty(parameters('cMKKeyName'))), createObject('keyname', parameters('cMKKeyName'), 'keyvaulturi', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('cMKKeyVaultResourceId'), '/')[2], split(parameters('cMKKeyVaultResourceId'), '/')[4]), 'Microsoft.KeyVault/vaults', last(split(parameters('cMKKeyVaultResourceId'), '/'))), '2021-06-01-preview').vaultUri, 'keyversion', if(not(empty(parameters('cMKKeyVersion'))), parameters('cMKKeyVersion'), null())), null())]", + "keyvaultproperties": "[if(not(empty(parameters('cMKKeyName'))), createObject('keyname', parameters('cMKKeyName'), 'keyvaulturi', reference('keyVault').vaultUri, 'keyversion', if(not(empty(parameters('cMKKeyVersion'))), parameters('cMKKeyVersion'), null())), null())]", "identity": "[if(not(empty(parameters('cMKKeyName'))), createObject('userAssignedIdentity', parameters('cMKUserAssignedIdentityResourceId')), null())]" }, "accessTier": "[if(not(equals(parameters('kind'), 'Storage')), parameters('accessTier'), null())]", @@ -488,9 +519,12 @@ "allowBlobPublicAccess": "[parameters('allowBlobPublicAccess')]", "publicNetworkAccess": "[if(not(empty(parameters('publicNetworkAccess'))), parameters('publicNetworkAccess'), if(and(not(empty(parameters('privateEndpoints'))), empty(parameters('networkAcls'))), 'Disabled', null()))]", "azureFilesIdentityBasedAuthentication": "[if(not(empty(parameters('azureFilesIdentityBasedAuthentication'))), parameters('azureFilesIdentityBasedAuthentication'), null())]" - } + }, + "dependsOn": [ + "keyVault" + ] }, - { + "storageAccount_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -504,24 +538,24 @@ "metrics": "[variables('diagnosticsMetrics')]" }, "dependsOn": [ - "[resourceId('Microsoft.Storage/storageAccounts', parameters('name'))]" + "storageAccount" ] }, - { - "condition": "[not(empty(parameters('lock')))]", + "storageAccount_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Storage/storageAccounts/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Storage/storageAccounts', parameters('name'))]" + "storageAccount" ] }, - { + "storageAccount_roleAssignments": { "copy": { "name": "storageAccount_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -699,10 +733,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Storage/storageAccounts', parameters('name'))]" + "storageAccount" ] }, - { + "storageAccount_privateEndpoints": { "copy": { "name": "storageAccount_privateEndpoints", "count": "[length(parameters('privateEndpoints'))]" @@ -1226,10 +1260,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Storage/storageAccounts', parameters('name'))]" + "storageAccount" ] }, - { + "storageAccount_managementPolicies": { "condition": "[not(empty(parameters('managementPolicyRules')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -1338,11 +1372,11 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Storage/storageAccounts', parameters('name'))]", - "[resourceId('Microsoft.Resources/deployments', format('{0}-Storage-BlobServices', uniqueString(deployment().name, parameters('location'))))]" + "storageAccount", + "storageAccount_blobServices" ] }, - { + "storageAccount_localUsers": { "copy": { "name": "storageAccount_localUsers", "count": "[length(parameters('localUsers'))]" @@ -1507,10 +1541,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Storage/storageAccounts', parameters('name'))]" + "storageAccount" ] }, - { + "storageAccount_blobServices": { "condition": "[not(empty(parameters('blobServices')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -2399,10 +2433,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Storage/storageAccounts', parameters('name'))]" + "storageAccount" ] }, - { + "storageAccount_fileServices": { "condition": "[not(empty(parameters('fileServices')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -3005,10 +3039,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Storage/storageAccounts', parameters('name'))]" + "storageAccount" ] }, - { + "storageAccount_queueServices": { "condition": "[not(empty(parameters('queueServices')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -3528,10 +3562,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Storage/storageAccounts', parameters('name'))]" + "storageAccount" ] }, - { + "storageAccount_tableServices": { "condition": "[not(empty(parameters('tableServices')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -3851,10 +3885,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Storage/storageAccounts', parameters('name'))]" + "storageAccount" ] } - ], + }, "outputs": { "resourceId": { "type": "string", @@ -3889,14 +3923,14 @@ "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference(resourceId('Microsoft.Storage/storageAccounts', parameters('name')), '2022-09-01', 'full').identity, 'principalId')), reference(resourceId('Microsoft.Storage/storageAccounts', parameters('name')), '2022-09-01', 'full').identity.principalId, '')]" + "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference('storageAccount', '2022-09-01', 'full').identity, 'principalId')), reference('storageAccount', '2022-09-01', 'full').identity.principalId, '')]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Storage/storageAccounts', parameters('name')), '2022-09-01', 'full').location]" + "value": "[reference('storageAccount', '2022-09-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/synapse/private-link-hub/main.json b/modules/synapse/private-link-hub/main.json index 080b2e1d7a..2d31fec701 100644 --- a/modules/synapse/private-link-hub/main.json +++ b/modules/synapse/private-link-hub/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "11333441944276260174" + "templateHash": "15056932991564143086" }, "name": "Azure Synapse Analytics", "description": "This module deploys an Azure Synapse Analytics (Private Link Hub).", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -33,15 +61,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "enableDefaultTelemetry": { @@ -69,8 +91,8 @@ "variables": { "enableReferencedModulesTelemetry": false }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -84,28 +106,28 @@ } } }, - { + "privateLinkHub": { "type": "Microsoft.Synapse/privateLinkHubs", "apiVersion": "2021-06-01", "name": "[parameters('name')]", "location": "[parameters('location')]", "tags": "[parameters('tags')]" }, - { - "condition": "[not(empty(parameters('lock')))]", + "privateLinkHub_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Synapse/privateLinkHubs/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Synapse/privateLinkHubs', parameters('name'))]" + "privateLinkHub" ] }, - { + "privateLinkHub_roleAssignments": { "copy": { "name": "privateLinkHub_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -250,10 +272,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Synapse/privateLinkHubs', parameters('name'))]" + "privateLinkHub" ] }, - { + "privateLinkHub_privateEndpoints": { "copy": { "name": "privateLinkHub_privateEndpoints", "count": "[length(parameters('privateEndpoints'))]" @@ -777,10 +799,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Synapse/privateLinkHubs', parameters('name'))]" + "privateLinkHub" ] } - ], + }, "outputs": { "resourceId": { "type": "string", @@ -808,7 +830,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Synapse/privateLinkHubs', parameters('name')), '2021-06-01', 'full').location]" + "value": "[reference('privateLinkHub', '2021-06-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/synapse/workspace/main.json b/modules/synapse/workspace/main.json index 3f91c6fb88..e942cacbd9 100644 --- a/modules/synapse/workspace/main.json +++ b/modules/synapse/workspace/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "14717079863067599908" + "templateHash": "15611146682849530670" }, "name": "Synapse Workspaces", "description": "This module deploys a Synapse Workspace.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -204,15 +232,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -306,8 +328,26 @@ "diagnosticsLogs": "[if(contains(parameters('diagnosticLogCategoriesToEnable'), 'allLogs'), createArray(createObject('categoryGroup', 'allLogs', 'enabled', true())), if(contains(parameters('diagnosticLogCategoriesToEnable'), ''), createArray(), variables('diagnosticsLogsSpecified')))]", "enableReferencedModulesTelemetry": false }, - "resources": [ - { + "resources": { + "cMKKeyVault": { + "condition": "[not(empty(parameters('cMKKeyVaultResourceId')))]", + "existing": true, + "type": "Microsoft.KeyVault/vaults", + "apiVersion": "2021-10-01", + "subscriptionId": "[split(parameters('cMKKeyVaultResourceId'), '/')[2]]", + "resourceGroup": "[split(parameters('cMKKeyVaultResourceId'), '/')[4]]", + "name": "[last(split(parameters('cMKKeyVaultResourceId'), '/'))]" + }, + "cMKKeyVaultKey": { + "condition": "[and(not(empty(parameters('cMKKeyVaultResourceId'))), not(empty(parameters('cMKKeyName'))))]", + "existing": true, + "type": "Microsoft.KeyVault/vaults/keys", + "apiVersion": "2021-10-01", + "subscriptionId": "[split(parameters('cMKKeyVaultResourceId'), '/')[2]]", + "resourceGroup": "[split(parameters('cMKKeyVaultResourceId'), '/')[4]]", + "name": "[format('{0}/{1}', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName'))]" + }, + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -321,7 +361,7 @@ } } }, - { + "workspace": { "type": "Microsoft.Synapse/workspaces", "apiVersion": "2021-06-01", "name": "[parameters('name')]", @@ -337,7 +377,7 @@ "filesystem": "[parameters('defaultDataLakeStorageFilesystem')]", "createManagedPrivateEndpoint": "[if(parameters('managedVirtualNetwork'), parameters('defaultDataLakeStorageCreateManagedPrivateEndpoint'), null())]" }, - "encryption": "[if(parameters('encryption'), createObject('cmk', createObject('kekIdentity', createObject('userAssignedIdentity', if(not(empty(parameters('cMKUserAssignedIdentityResourceId'))), parameters('cMKUserAssignedIdentityResourceId'), null()), 'useSystemAssignedIdentity', parameters('cMKUseSystemAssignedIdentity')), 'key', createObject('keyVaultUrl', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('cMKKeyVaultResourceId'), '/')[2], split(parameters('cMKKeyVaultResourceId'), '/')[4]), 'Microsoft.KeyVault/vaults/keys', split(format('{0}/{1}', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName')), '/')[0], split(format('{0}/{1}', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName')), '/')[1]), '2021-10-01').keyUri, 'name', parameters('cMKKeyName')))), null())]", + "encryption": "[if(parameters('encryption'), createObject('cmk', createObject('kekIdentity', createObject('userAssignedIdentity', if(not(empty(parameters('cMKUserAssignedIdentityResourceId'))), parameters('cMKUserAssignedIdentityResourceId'), null()), 'useSystemAssignedIdentity', parameters('cMKUseSystemAssignedIdentity')), 'key', createObject('keyVaultUrl', reference('cMKKeyVaultKey').keyUri, 'name', parameters('cMKKeyName')))), null())]", "managedResourceGroupName": "[if(not(empty(parameters('managedResourceGroupName'))), parameters('managedResourceGroupName'), null())]", "managedVirtualNetwork": "[if(parameters('managedVirtualNetwork'), 'default', null())]", "managedVirtualNetworkSettings": "[if(parameters('managedVirtualNetwork'), createObject('allowedAadTenantIdsForLinking', parameters('allowedAadTenantIdsForLinking'), 'linkedAccessCheckOnTargetResource', parameters('linkedAccessCheckOnTargetResource'), 'preventDataExfiltration', parameters('preventDataExfiltration')), null())]", @@ -346,23 +386,26 @@ "sqlAdministratorLogin": "[parameters('sqlAdministratorLogin')]", "sqlAdministratorLoginPassword": "[if(not(empty(parameters('sqlAdministratorLoginPassword'))), parameters('sqlAdministratorLoginPassword'), null())]", "workspaceRepositoryConfiguration": "[parameters('workspaceRepositoryConfiguration')]" - } + }, + "dependsOn": [ + "cMKKeyVaultKey" + ] }, - { - "condition": "[not(empty(parameters('lock')))]", + "workspace_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Synapse/workspaces/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Synapse/workspaces', parameters('name'))]" + "workspace" ] }, - { + "workspace_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -376,10 +419,10 @@ "logs": "[variables('diagnosticsLogs')]" }, "dependsOn": [ - "[resourceId('Microsoft.Synapse/workspaces', parameters('name'))]" + "workspace" ] }, - { + "synapse_integrationRuntimes": { "copy": { "name": "synapse_integrationRuntimes", "count": "[length(parameters('integrationRuntimes'))]" @@ -506,10 +549,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Synapse/workspaces', parameters('name'))]" + "workspace" ] }, - { + "workspace_cmk_rbac": { "condition": "[parameters('encryptionActivateWorkspace')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -521,10 +564,10 @@ "mode": "Incremental", "parameters": { "workspaceIndentityPrincipalId": { - "value": "[reference(resourceId('Microsoft.Synapse/workspaces', parameters('name')), '2021-06-01', 'full').identity.principalId]" + "value": "[reference('workspace', '2021-06-01', 'full').identity.principalId]" }, "keyvaultName": "[if(not(empty(parameters('cMKKeyVaultResourceId'))), createObject('value', last(split(parameters('cMKKeyVaultResourceId'), '/'))), createObject('value', ''))]", - "usesRbacAuthorization": "[if(not(empty(parameters('cMKKeyVaultResourceId'))), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('cMKKeyVaultResourceId'), '/')[2], split(parameters('cMKKeyVaultResourceId'), '/')[4]), 'Microsoft.KeyVault/vaults', last(split(parameters('cMKKeyVaultResourceId'), '/'))), '2021-10-01').enableRbacAuthorization), createObject('value', true()))]" + "usesRbacAuthorization": "[if(not(empty(parameters('cMKKeyVaultResourceId'))), createObject('value', reference('cMKKeyVault').enableRbacAuthorization), createObject('value', true()))]" }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", @@ -586,10 +629,11 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Synapse/workspaces', parameters('name'))]" + "cMKKeyVault", + "workspace" ] }, - { + "workspace_key": { "condition": "[parameters('encryptionActivateWorkspace')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -718,11 +762,11 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Synapse/workspaces', parameters('name'))]", - "[resourceId('Microsoft.Resources/deployments', format('{0}-cmk-rbac', parameters('name')))]" + "workspace", + "workspace_cmk_rbac" ] }, - { + "workspace_rbac": { "copy": { "name": "workspace_rbac", "count": "[length(parameters('roleAssignments'))]" @@ -803,10 +847,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Synapse/workspaces', parameters('name'))]" + "workspace" ] }, - { + "workspace_privateEndpoints": { "copy": { "name": "workspace_privateEndpoints", "count": "[length(parameters('privateEndpoints'))]" @@ -1330,10 +1374,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Synapse/workspaces', parameters('name'))]" + "workspace" ] } - ], + }, "outputs": { "resourceID": { "type": "string", @@ -1361,21 +1405,21 @@ "metadata": { "description": "The workspace connectivity endpoints." }, - "value": "[reference(resourceId('Microsoft.Synapse/workspaces', parameters('name')), '2021-06-01').connectivityEndpoints]" + "value": "[reference('workspace').connectivityEndpoints]" }, "systemAssignedPrincipalId": { "type": "string", "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[if(contains(reference(resourceId('Microsoft.Synapse/workspaces', parameters('name')), '2021-06-01', 'full').identity, 'principalId'), reference(resourceId('Microsoft.Synapse/workspaces', parameters('name')), '2021-06-01', 'full').identity.principalId, '')]" + "value": "[if(contains(reference('workspace', '2021-06-01', 'full').identity, 'principalId'), reference('workspace', '2021-06-01', 'full').identity.principalId, '')]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Synapse/workspaces', parameters('name')), '2021-06-01', 'full').location]" + "value": "[reference('workspace', '2021-06-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/virtual-machine-images/image-template/main.json b/modules/virtual-machine-images/image-template/main.json index 0905d7ecbb..82a30b1eec 100644 --- a/modules/virtual-machine-images/image-template/main.json +++ b/modules/virtual-machine-images/image-template/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "2649219392883054229" + "templateHash": "7243500275007115201" }, "name": "Virtual Machine Image Templates", "description": "This module deploys a Virtual Machine Image Template that can be consumed by Azure Image Builder (AIB).", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -148,15 +176,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "tags": { @@ -248,8 +270,8 @@ "subnetId": "[parameters('subnetId')]" } }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -263,7 +285,7 @@ } } }, - { + "imageTemplate": { "type": "Microsoft.VirtualMachineImages/imageTemplates", "apiVersion": "2022-02-14", "name": "[format('{0}-{1}', parameters('name'), parameters('baseTime'))]", @@ -289,21 +311,21 @@ "stagingResourceGroup": "[parameters('stagingResourceGroup')]" } }, - { - "condition": "[not(empty(parameters('lock')))]", + "imageTemplate_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.VirtualMachineImages/imageTemplates/{0}', format('{0}-{1}', parameters('name'), parameters('baseTime')))]", - "name": "[format('{0}-{1}-lock', format('{0}-{1}', parameters('name'), parameters('baseTime')), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.VirtualMachineImages/imageTemplates', format('{0}-{1}', parameters('name'), parameters('baseTime')))]" + "imageTemplate" ] }, - { + "imageTemplate_roleAssignments": { "copy": { "name": "imageTemplate_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -448,10 +470,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.VirtualMachineImages/imageTemplates', format('{0}-{1}', parameters('name'), parameters('baseTime')))]" + "imageTemplate" ] } - ], + }, "outputs": { "resourceId": { "type": "string", @@ -493,7 +515,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.VirtualMachineImages/imageTemplates', format('{0}-{1}', parameters('name'), parameters('baseTime'))), '2022-02-14', 'full').location]" + "value": "[reference('imageTemplate', '2022-02-14', 'full').location]" } } } \ No newline at end of file diff --git a/modules/web/connection/main.json b/modules/web/connection/main.json index 46f8e7e722..b74ef8effb 100644 --- a/modules/web/connection/main.json +++ b/modules/web/connection/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "1868688579888274089" + "templateHash": "9051119645490158211" }, "name": "API Connections", "description": "This module deploys an Azure API Connection.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "api": { "type": "object", @@ -81,15 +109,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "tags": { @@ -107,8 +129,8 @@ } } }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -122,7 +144,7 @@ } } }, - { + "connection": { "type": "Microsoft.Web/connections", "apiVersion": "2016-06-01", "name": "[parameters('name')]", @@ -138,21 +160,21 @@ "statuses": "[if(not(empty(parameters('statuses'))), parameters('statuses'), null())]" } }, - { - "condition": "[not(empty(parameters('lock')))]", + "connection_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Web/connections/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Web/connections', parameters('name'))]" + "connection" ] }, - { + "connection_roleAssignments": { "copy": { "name": "connection_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -303,10 +325,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Web/connections', parameters('name'))]" + "connection" ] } - ], + }, "outputs": { "resourceId": { "type": "string", @@ -334,7 +356,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Web/connections', parameters('name')), '2016-06-01', 'full').location]" + "value": "[reference('connection', '2016-06-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/web/hosting-environment/main.json b/modules/web/hosting-environment/main.json index 5c6d2298d8..8536c48b22 100644 --- a/modules/web/hosting-environment/main.json +++ b/modules/web/hosting-environment/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "3036162001475975434" + "templateHash": "9619387957951306854" }, "name": "App Service Environments", "description": "This module deploys an App Service Environment.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -27,15 +55,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -305,8 +327,8 @@ "enableReferencedModulesTelemetry": false, "identity": "[if(not(equals(variables('identityType'), 'None')), createObject('type', variables('identityType'), 'userAssignedIdentities', if(not(empty(parameters('userAssignedIdentities'))), parameters('userAssignedIdentities'), null())), null())]" }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -320,7 +342,7 @@ } } }, - { + "appServiceEnvironment": { "type": "Microsoft.Web/hostingEnvironments", "apiVersion": "2022-03-01", "name": "[parameters('name')]", @@ -345,21 +367,21 @@ "zoneRedundant": "[parameters('zoneRedundant')]" } }, - { - "condition": "[not(empty(parameters('lock')))]", + "appServiceEnvironment_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Web/hostingEnvironments/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Web/hostingEnvironments', parameters('name'))]" + "appServiceEnvironment" ] }, - { + "appServiceEnvironment_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -373,10 +395,10 @@ "logs": "[variables('diagnosticsLogs')]" }, "dependsOn": [ - "[resourceId('Microsoft.Web/hostingEnvironments', parameters('name'))]" + "appServiceEnvironment" ] }, - { + "appServiceEnvironment_configurations_networking": { "condition": "[equals(parameters('kind'), 'ASEv3')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -515,10 +537,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Web/hostingEnvironments', parameters('name'))]" + "appServiceEnvironment" ] }, - { + "appServiceEnvironment_configurations_customDnsSuffix": { "condition": "[and(equals(parameters('kind'), 'ASEv3'), not(empty(parameters('customDnsSuffix'))))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -643,10 +665,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Web/hostingEnvironments', parameters('name'))]" + "appServiceEnvironment" ] }, - { + "appServiceEnvironment_roleAssignments": { "copy": { "name": "appServiceEnvironment_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -797,10 +819,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Web/hostingEnvironments', parameters('name'))]" + "appServiceEnvironment" ] } - ], + }, "outputs": { "resourceId": { "type": "string", @@ -828,7 +850,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Web/hostingEnvironments', parameters('name')), '2022-03-01', 'full').location]" + "value": "[reference('appServiceEnvironment', '2022-03-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/web/serverfarm/main.json b/modules/web/serverfarm/main.json index b89ace3754..7f5bd9f651 100644 --- a/modules/web/serverfarm/main.json +++ b/modules/web/serverfarm/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "1970232317602434102" + "templateHash": "7158644970816385337" }, "name": "App Service Plans", "description": "This module deploys an App Service Plan.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -92,15 +120,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -192,8 +214,8 @@ } ] }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -207,7 +229,7 @@ } } }, - { + "appServicePlan": { "type": "Microsoft.Web/serverfarms", "apiVersion": "2021-02-01", "name": "[parameters('name')]", @@ -226,7 +248,7 @@ "zoneRedundant": "[parameters('zoneRedundant')]" } }, - { + "appServicePlan_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -241,24 +263,24 @@ "logs": [] }, "dependsOn": [ - "[resourceId('Microsoft.Web/serverfarms', parameters('name'))]" + "appServicePlan" ] }, - { - "condition": "[not(empty(parameters('lock')))]", + "appServicePlan_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Web/serverfarms/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Web/serverfarms', parameters('name'))]" + "appServicePlan" ] }, - { + "appServicePlan_roleAssignments": { "copy": { "name": "appServicePlan_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -409,10 +431,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Web/serverfarms', parameters('name'))]" + "appServicePlan" ] } - ], + }, "outputs": { "resourceGroupName": { "type": "string", @@ -440,7 +462,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Web/serverfarms', parameters('name')), '2021-02-01', 'full').location]" + "value": "[reference('appServicePlan', '2021-02-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/web/site/main.json b/modules/web/site/main.json index b4f7e806bc..9dfad5b232 100644 --- a/modules/web/site/main.json +++ b/modules/web/site/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "1810314773455463979" + "templateHash": "7460887566183851311" }, "name": "Web/Function Apps", "description": "This module deploys a Web or Function App.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -171,15 +199,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "privateEndpoints": { @@ -423,8 +445,8 @@ "identity": "[if(not(equals(variables('identityType'), 'None')), createObject('type', variables('identityType'), 'userAssignedIdentities', if(not(empty(parameters('userAssignedIdentities'))), parameters('userAssignedIdentities'), null())), null())]", "enableReferencedModulesTelemetry": false }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -438,7 +460,7 @@ } } }, - { + "app": { "type": "Microsoft.Web/sites", "apiVersion": "2022-09-01", "name": "[parameters('name')]", @@ -473,21 +495,21 @@ "scmSiteAlsoStopped": "[parameters('scmSiteAlsoStopped')]" } }, - { - "condition": "[not(empty(parameters('lock')))]", + "app_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Web/sites/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Web/sites', parameters('name'))]" + "app" ] }, - { + "app_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -502,10 +524,10 @@ "logs": "[variables('diagnosticsLogs')]" }, "dependsOn": [ - "[resourceId('Microsoft.Web/sites', parameters('name'))]" + "app" ] }, - { + "app_appsettings": { "condition": "[not(empty(parameters('appSettingsKeyValuePairs')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -656,10 +678,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Web/sites', parameters('name'))]" + "app" ] }, - { + "app_authsettingsv2": { "condition": "[not(empty(parameters('authSettingV2Configuration')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -779,10 +801,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Web/sites', parameters('name'))]" + "app" ] }, - { + "app_slots": { "copy": { "name": "app_slots", "count": "[length(parameters('slots'))]", @@ -861,17 +883,45 @@ }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "10608087316287962337" + "templateHash": "11970423164192274405" }, "name": "Web/Function App Deployment Slots", "description": "This module deploys a Web or Function App Deployment Slot.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -1011,15 +1061,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "privateEndpoints": { @@ -1267,8 +1311,14 @@ "identity": "[if(not(equals(variables('identityType'), 'None')), createObject('type', variables('identityType'), 'userAssignedIdentities', if(not(empty(parameters('userAssignedIdentities'))), parameters('userAssignedIdentities'), null())), null())]", "enableReferencedModulesTelemetry": false }, - "resources": [ - { + "resources": { + "app": { + "existing": true, + "type": "Microsoft.Web/sites", + "apiVersion": "2021-03-01", + "name": "[parameters('appName')]" + }, + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -1282,7 +1332,7 @@ } } }, - { + "slot": { "type": "Microsoft.Web/sites/slots", "apiVersion": "2022-09-01", "name": "[format('{0}/{1}', parameters('appName'), parameters('name'))]", @@ -1314,9 +1364,12 @@ "vnetContentShareEnabled": "[parameters('vnetContentShareEnabled')]", "vnetImagePullEnabled": "[parameters('vnetImagePullEnabled')]", "vnetRouteAllEnabled": "[parameters('vnetRouteAllEnabled')]" - } + }, + "dependsOn": [ + "app" + ] }, - { + "slot_lock": { "condition": "[not(empty(parameters('lock')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2017-04-01", @@ -1327,10 +1380,10 @@ "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Web/sites/slots', parameters('appName'), parameters('name'))]" + "slot" ] }, - { + "slot_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -1345,10 +1398,10 @@ "logs": "[variables('diagnosticsLogs')]" }, "dependsOn": [ - "[resourceId('Microsoft.Web/sites/slots', parameters('appName'), parameters('name'))]" + "slot" ] }, - { + "slot_appsettings": { "condition": "[not(empty(parameters('appSettingsKeyValuePairs')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -1508,10 +1561,11 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Web/sites/slots', parameters('appName'), parameters('name'))]" + "app", + "slot" ] }, - { + "slot_authsettingsv2": { "condition": "[not(empty(parameters('authSettingV2Configuration')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -1640,10 +1694,11 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Web/sites/slots', parameters('appName'), parameters('name'))]" + "app", + "slot" ] }, - { + "slot_hybridConnectionRelays": { "copy": { "name": "slot_hybridConnectionRelays", "count": "[length(parameters('hybridConnectionRelays'))]" @@ -1782,10 +1837,11 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Web/sites/slots', parameters('appName'), parameters('name'))]" + "app", + "slot" ] }, - { + "slot_rbac": { "copy": { "name": "slot_rbac", "count": "[length(parameters('roleAssignments'))]" @@ -1909,10 +1965,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Web/sites/slots', parameters('appName'), parameters('name'))]" + "slot" ] }, - { + "slot_privateEndpoints": { "copy": { "name": "slot_privateEndpoints", "count": "[length(parameters('privateEndpoints'))]" @@ -2433,10 +2489,11 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Web/sites/slots', parameters('appName'), parameters('name'))]" + "app", + "slot" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -2464,23 +2521,23 @@ "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[if(and(parameters('systemAssignedIdentity'), if(contains(reference(resourceId('Microsoft.Web/sites/slots', parameters('appName'), parameters('name')), '2022-09-01', 'full'), 'identity'), contains(reference(resourceId('Microsoft.Web/sites/slots', parameters('appName'), parameters('name')), '2022-09-01', 'full').identity, 'principalId'), false())), reference(resourceId('Microsoft.Web/sites/slots', parameters('appName'), parameters('name')), '2022-09-01', 'full').identity.principalId, '')]" + "value": "[if(and(parameters('systemAssignedIdentity'), if(contains(reference('slot', '2022-09-01', 'full'), 'identity'), contains(reference('slot', '2022-09-01', 'full').identity, 'principalId'), false())), reference('slot', '2022-09-01', 'full').identity.principalId, '')]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Web/sites/slots', parameters('appName'), parameters('name')), '2022-09-01', 'full').location]" + "value": "[reference('slot', '2022-09-01', 'full').location]" } } } }, "dependsOn": [ - "[resourceId('Microsoft.Web/sites', parameters('name'))]" + "app" ] }, - { + "app_basicPublishingCredentialsPolicies": { "copy": { "name": "app_basicPublishingCredentialsPolicies", "count": "[length(parameters('basicPublishingCredentialsPolicies'))]" @@ -2607,10 +2664,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Web/sites', parameters('name'))]" + "app" ] }, - { + "app_hybridConnectionRelays": { "copy": { "name": "app_hybridConnectionRelays", "count": "[length(parameters('hybridConnectionRelays'))]" @@ -2740,10 +2797,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Web/sites', parameters('name'))]" + "app" ] }, - { + "app_roleAssignments": { "copy": { "name": "app_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -2895,10 +2952,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Web/sites', parameters('name'))]" + "app" ] }, - { + "app_privateEndpoints": { "copy": { "name": "app_privateEndpoints", "count": "[length(parameters('privateEndpoints'))]" @@ -3422,10 +3479,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Web/sites', parameters('name'))]" + "app" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -3458,7 +3515,7 @@ }, "copy": { "count": "[length(parameters('slots'))]", - "input": "[reference(resourceId('Microsoft.Resources/deployments', format('{0}-Slot-{1}', uniqueString(deployment().name, parameters('location')), parameters('slots')[copyIndex()].name)), '2022-09-01').outputs.resourceId.value]" + "input": "[reference(format('app_slots[{0}]', copyIndex())).outputs.resourceId.value]" } }, "resourceGroupName": { @@ -3473,7 +3530,7 @@ "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference(resourceId('Microsoft.Web/sites', parameters('name')), '2022-09-01', 'full').identity, 'principalId')), reference(resourceId('Microsoft.Web/sites', parameters('name')), '2022-09-01', 'full').identity.principalId, '')]" + "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference('app', '2022-09-01', 'full').identity, 'principalId')), reference('app', '2022-09-01', 'full').identity.principalId, '')]" }, "slotSystemAssignedPrincipalIds": { "type": "array", @@ -3482,7 +3539,7 @@ }, "copy": { "count": "[length(parameters('slots'))]", - "input": "[reference(resourceId('Microsoft.Resources/deployments', format('{0}-Slot-{1}', uniqueString(deployment().name, parameters('location')), parameters('slots')[copyIndex()].name)), '2022-09-01').outputs.systemAssignedPrincipalId.value]" + "input": "[reference(format('app_slots[{0}]', copyIndex())).outputs.systemAssignedPrincipalId.value]" } }, "location": { @@ -3490,14 +3547,14 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Web/sites', parameters('name')), '2022-09-01', 'full').location]" + "value": "[reference('app', '2022-09-01', 'full').location]" }, "defaultHostname": { "type": "string", "metadata": { "description": "Default hostname of the app." }, - "value": "[reference(resourceId('Microsoft.Web/sites', parameters('name')), '2022-09-01').defaultHostName]" + "value": "[reference('app').defaultHostName]" } } } \ No newline at end of file diff --git a/modules/web/site/slot/main.json b/modules/web/site/slot/main.json index 2201875b2b..23a30a5469 100644 --- a/modules/web/site/slot/main.json +++ b/modules/web/site/slot/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "10608087316287962337" + "templateHash": "11970423164192274405" }, "name": "Web/Function App Deployment Slots", "description": "This module deploys a Web or Function App Deployment Slot.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -150,15 +178,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "privateEndpoints": { @@ -406,8 +428,14 @@ "identity": "[if(not(equals(variables('identityType'), 'None')), createObject('type', variables('identityType'), 'userAssignedIdentities', if(not(empty(parameters('userAssignedIdentities'))), parameters('userAssignedIdentities'), null())), null())]", "enableReferencedModulesTelemetry": false }, - "resources": [ - { + "resources": { + "app": { + "existing": true, + "type": "Microsoft.Web/sites", + "apiVersion": "2021-03-01", + "name": "[parameters('appName')]" + }, + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -421,7 +449,7 @@ } } }, - { + "slot": { "type": "Microsoft.Web/sites/slots", "apiVersion": "2022-09-01", "name": "[format('{0}/{1}', parameters('appName'), parameters('name'))]", @@ -453,9 +481,12 @@ "vnetContentShareEnabled": "[parameters('vnetContentShareEnabled')]", "vnetImagePullEnabled": "[parameters('vnetImagePullEnabled')]", "vnetRouteAllEnabled": "[parameters('vnetRouteAllEnabled')]" - } + }, + "dependsOn": [ + "app" + ] }, - { + "slot_lock": { "condition": "[not(empty(parameters('lock')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2017-04-01", @@ -466,10 +497,10 @@ "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Web/sites/slots', parameters('appName'), parameters('name'))]" + "slot" ] }, - { + "slot_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -484,10 +515,10 @@ "logs": "[variables('diagnosticsLogs')]" }, "dependsOn": [ - "[resourceId('Microsoft.Web/sites/slots', parameters('appName'), parameters('name'))]" + "slot" ] }, - { + "slot_appsettings": { "condition": "[not(empty(parameters('appSettingsKeyValuePairs')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -647,10 +678,11 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Web/sites/slots', parameters('appName'), parameters('name'))]" + "app", + "slot" ] }, - { + "slot_authsettingsv2": { "condition": "[not(empty(parameters('authSettingV2Configuration')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -779,10 +811,11 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Web/sites/slots', parameters('appName'), parameters('name'))]" + "app", + "slot" ] }, - { + "slot_hybridConnectionRelays": { "copy": { "name": "slot_hybridConnectionRelays", "count": "[length(parameters('hybridConnectionRelays'))]" @@ -921,10 +954,11 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Web/sites/slots', parameters('appName'), parameters('name'))]" + "app", + "slot" ] }, - { + "slot_rbac": { "copy": { "name": "slot_rbac", "count": "[length(parameters('roleAssignments'))]" @@ -1048,10 +1082,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Web/sites/slots', parameters('appName'), parameters('name'))]" + "slot" ] }, - { + "slot_privateEndpoints": { "copy": { "name": "slot_privateEndpoints", "count": "[length(parameters('privateEndpoints'))]" @@ -1572,10 +1606,11 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Web/sites/slots', parameters('appName'), parameters('name'))]" + "app", + "slot" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -1603,14 +1638,14 @@ "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[if(and(parameters('systemAssignedIdentity'), if(contains(reference(resourceId('Microsoft.Web/sites/slots', parameters('appName'), parameters('name')), '2022-09-01', 'full'), 'identity'), contains(reference(resourceId('Microsoft.Web/sites/slots', parameters('appName'), parameters('name')), '2022-09-01', 'full').identity, 'principalId'), false())), reference(resourceId('Microsoft.Web/sites/slots', parameters('appName'), parameters('name')), '2022-09-01', 'full').identity.principalId, '')]" + "value": "[if(and(parameters('systemAssignedIdentity'), if(contains(reference('slot', '2022-09-01', 'full'), 'identity'), contains(reference('slot', '2022-09-01', 'full').identity, 'principalId'), false())), reference('slot', '2022-09-01', 'full').identity.principalId, '')]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Web/sites/slots', parameters('appName'), parameters('name')), '2022-09-01', 'full').location]" + "value": "[reference('slot', '2022-09-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/web/static-site/main.json b/modules/web/static-site/main.json index 5e59eef334..a2816e64ab 100644 --- a/modules/web/static-site/main.json +++ b/modules/web/static-site/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "3230698398886586988" + "templateHash": "6573777061618915096" }, "name": "Static Web Apps", "description": "This module deploys a Static Web App.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -126,15 +154,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "privateEndpoints": { @@ -199,8 +221,8 @@ "identityType": "[if(parameters('systemAssignedIdentity'), if(not(empty(parameters('userAssignedIdentities'))), 'SystemAssigned,UserAssigned', 'SystemAssigned'), if(not(empty(parameters('userAssignedIdentities'))), 'UserAssigned', 'None'))]", "identity": "[if(not(equals(variables('identityType'), 'None')), createObject('type', variables('identityType'), 'userAssignedIdentities', if(not(empty(parameters('userAssignedIdentities'))), parameters('userAssignedIdentities'), null())), null())]" }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -214,7 +236,7 @@ } } }, - { + "staticSite": { "type": "Microsoft.Web/staticSites", "apiVersion": "2021-03-01", "name": "[parameters('name')]", @@ -237,21 +259,21 @@ "templateProperties": "[if(not(empty(parameters('templateProperties'))), parameters('templateProperties'), null())]" } }, - { - "condition": "[not(empty(parameters('lock')))]", + "staticSite_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Web/staticSites/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Web/staticSites', parameters('name'))]" + "staticSite" ] }, - { + "staticSite_linkedBackend": { "condition": "[not(empty(parameters('linkedBackend')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -379,10 +401,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Web/staticSites', parameters('name'))]" + "staticSite" ] }, - { + "staticSite_appSettings": { "condition": "[not(empty(parameters('appSettings')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -505,10 +527,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Web/staticSites', parameters('name'))]" + "staticSite" ] }, - { + "staticSite_functionAppSettings": { "condition": "[not(empty(parameters('functionAppSettings')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -631,10 +653,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Web/staticSites', parameters('name'))]" + "staticSite" ] }, - { + "staticSite_customDomains": { "copy": { "name": "staticSite_customDomains", "count": "[length(parameters('customDomains'))]" @@ -757,10 +779,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Web/staticSites', parameters('name'))]" + "staticSite" ] }, - { + "staticSite_roleAssignments": { "copy": { "name": "staticSite_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -852,10 +874,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Web/staticSites', parameters('name'))]" + "staticSite" ] }, - { + "staticSite_privateEndpoints": { "copy": { "name": "staticSite_privateEndpoints", "count": "[length(parameters('privateEndpoints'))]" @@ -1379,10 +1401,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Web/staticSites', parameters('name'))]" + "staticSite" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -1410,21 +1432,21 @@ "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference(resourceId('Microsoft.Web/staticSites', parameters('name')), '2021-03-01', 'full').identity, 'principalId')), reference(resourceId('Microsoft.Web/staticSites', parameters('name')), '2021-03-01', 'full').identity.principalId, '')]" + "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference('staticSite', '2021-03-01', 'full').identity, 'principalId')), reference('staticSite', '2021-03-01', 'full').identity.principalId, '')]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Web/staticSites', parameters('name')), '2021-03-01', 'full').location]" + "value": "[reference('staticSite', '2021-03-01', 'full').location]" }, "defaultHostname": { "type": "string", "metadata": { "description": "The default autogenerated hostname for the static site." }, - "value": "[reference(resourceId('Microsoft.Web/staticSites', parameters('name')), '2021-03-01').defaultHostname]" + "value": "[reference('staticSite').defaultHostname]" } } } \ No newline at end of file From bf4279f47587ab898e0c75bf20d5be275f02b063 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Thu, 19 Oct 2023 18:16:13 +0200 Subject: [PATCH 07/52] Fixed bicep templates --- modules/insights/webtest/main.bicep | 12 +++++++++++ .../workspace/main.bicep | 21 ++++++++++++------- modules/network/connection/main.bicep | 21 ++++++++++++------- modules/network/network-manager/main.bicep | 12 +++++++++++ modules/search/search-service/main.bicep | 21 ++++++++++++------- 5 files changed, 66 insertions(+), 21 deletions(-) diff --git a/modules/insights/webtest/main.bicep b/modules/insights/webtest/main.bicep index a2781f68de..8dc56e6208 100644 --- a/modules/insights/webtest/main.bicep +++ b/modules/insights/webtest/main.bicep @@ -142,3 +142,15 @@ output resourceGroupName string = resourceGroup().name @sys.description('The location the resource was deployed into.') output location string = webtest.location + +// =============== // +// Definitions // +// =============== // + +type lockType = { + @sys.description('Optional. Specify the name of lock.') + name: string? + + @sys.description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/machine-learning-services/workspace/main.bicep b/modules/machine-learning-services/workspace/main.bicep index 7ac42162f0..1bb055ed21 100644 --- a/modules/machine-learning-services/workspace/main.bicep +++ b/modules/machine-learning-services/workspace/main.bicep @@ -32,13 +32,8 @@ param associatedApplicationInsightsResourceId string @sys.description('Optional. The resource ID of the associated Container Registry.') param associatedContainerRegistryResourceId string = '' -@sys.allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@sys.description('Optional. Specify the type of lock.') -param lock string = '' +@sys.description('Optional. The lock settings of the service.') +param lock lockType @sys.description('Optional. The flag to signal HBI data in the workspace and reduce diagnostic data collected by the service.') param hbiWorkspace bool = false @@ -328,3 +323,15 @@ output principalId string = (!empty(identity) && contains(identity.type, 'System @sys.description('The location the resource was deployed into.') output location string = workspace.location + +// =============== // +// Definitions // +// =============== // + +type lockType = { + @sys.description('Optional. Specify the name of lock.') + name: string? + + @sys.description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/network/connection/main.bicep b/modules/network/connection/main.bicep index 7ae38ce990..0cdd0d0a83 100644 --- a/modules/network/connection/main.bicep +++ b/modules/network/connection/main.bicep @@ -71,13 +71,8 @@ param customIPSecPolicy object = { @description('Optional. The weight added to routes learned from this BGP speaker.') param routingWeight int = -1 -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the connectionType of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Tags of the resource.') param tags object = {} @@ -169,3 +164,15 @@ output resourceId string = connection.id @description('The location the resource was deployed into.') output location string = connection.location + +// =============== // +// Definitions // +// =============== // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/network/network-manager/main.bicep b/modules/network/network-manager/main.bicep index 6bd51f09c8..60d9286d7b 100644 --- a/modules/network/network-manager/main.bicep +++ b/modules/network/network-manager/main.bicep @@ -154,3 +154,15 @@ output name string = networkManager.name @sys.description('The location the resource was deployed into.') output location string = networkManager.location + +// =============== // +// Definitions // +// =============== // + +type lockType = { + @sys.description('Optional. Specify the name of lock.') + name: string? + + @sys.description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/search/search-service/main.bicep b/modules/search/search-service/main.bicep index 808c9dfded..4be0ba1260 100644 --- a/modules/search/search-service/main.bicep +++ b/modules/search/search-service/main.bicep @@ -36,13 +36,8 @@ param hostingMode string = 'default' @description('Optional. Location for all Resources.') param location string = resourceGroup().location -@description('Optional. Specify the type of lock.') -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Network specific rules that determine how the Azure Cognitive Search service may be reached.') param networkRuleSet object = {} @@ -274,3 +269,15 @@ output resourceGroupName string = resourceGroup().name @description('The location the resource was deployed into.') output location string = searchService.location + +// =============== // +// Definitions // +// =============== // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? From 9cd2e7147e2aba4cebd3cfb78dc29aedd05cb7d8 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Thu, 19 Oct 2023 18:36:22 +0200 Subject: [PATCH 08/52] Further fixes --- modules/insights/webtest/main.json | 66 +++++++---- .../workspace/main.json | 96 +++++++++++----- modules/network/connection/main.json | 62 ++++++---- .../network/dns-forwarding-ruleset/main.bicep | 6 +- .../network/dns-forwarding-ruleset/main.json | 76 +++++++----- modules/network/network-manager/main.json | 82 ++++++++----- modules/purview/account/main.bicep | 8 +- modules/purview/account/main.json | 108 +++++++++++------- modules/search/search-service/main.json | 78 ++++++++----- 9 files changed, 374 insertions(+), 208 deletions(-) diff --git a/modules/insights/webtest/main.json b/modules/insights/webtest/main.json index 334ab5e53b..3421143fd2 100644 --- a/modules/insights/webtest/main.json +++ b/modules/insights/webtest/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "17812769147790423288" + "templateHash": "5083769874568956542" }, "name": "Web Tests", "description": "This module deploys a Web Test.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -135,15 +163,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -161,8 +183,8 @@ } } }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -176,7 +198,7 @@ } } }, - { + "webtest": { "type": "Microsoft.Insights/webtests", "apiVersion": "2022-06-15", "name": "[parameters('name')]", @@ -197,21 +219,21 @@ "Configuration": "[parameters('configuration')]" } }, - { - "condition": "[not(empty(parameters('lock')))]", + "webtest_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Insights/webtests/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Insights/webtests', parameters('name'))]" + "webtest" ] }, - { + "webtest_roleAssignments": { "copy": { "name": "webtest_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -486,10 +508,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Insights/webtests', parameters('name'))]" + "webtest" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -517,7 +539,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Insights/webtests', parameters('name')), '2022-06-15', 'full').location]" + "value": "[reference('webtest', '2022-06-15', 'full').location]" } } } \ No newline at end of file diff --git a/modules/machine-learning-services/workspace/main.json b/modules/machine-learning-services/workspace/main.json index 7d2fd747c0..3e9554dda3 100644 --- a/modules/machine-learning-services/workspace/main.json +++ b/modules/machine-learning-services/workspace/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "15631837219684432270" + "templateHash": "1531955896967450540" }, "name": "Machine Learning Services Workspaces", "description": "This module deploys a Machine Learning Services Workspace.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -63,15 +91,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "hbiWorkspace": { @@ -310,8 +332,8 @@ "identity": "[if(not(equals(variables('identityType'), 'None')), createObject('type', variables('identityType'), 'userAssignedIdentities', if(not(empty(parameters('userAssignedIdentities'))), parameters('userAssignedIdentities'), null())), null())]", "diagnosticsLogs": "[if(contains(parameters('diagnosticLogCategoriesToEnable'), 'allLogs'), createArray(createObject('categoryGroup', 'allLogs', 'enabled', true())), if(contains(parameters('diagnosticLogCategoriesToEnable'), ''), createArray(), variables('diagnosticsLogsSpecified')))]" }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -325,7 +347,16 @@ } } }, - { + "cMKKeyVaultKey": { + "condition": "[and(not(empty(parameters('cMKKeyVaultResourceId'))), not(empty(parameters('cMKKeyName'))))]", + "existing": true, + "type": "Microsoft.KeyVault/vaults/keys", + "apiVersion": "2021-10-01", + "subscriptionId": "[split(parameters('cMKKeyVaultResourceId'), '/')[2]]", + "resourceGroup": "[split(parameters('cMKKeyVaultResourceId'), '/')[4]]", + "name": "[format('{0}/{1}', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName'))]" + }, + "workspace": { "type": "Microsoft.MachineLearningServices/workspaces", "apiVersion": "2022-10-01", "name": "[parameters('name')]", @@ -346,29 +377,32 @@ "allowPublicAccessWhenBehindVnet": "[parameters('allowPublicAccessWhenBehindVnet')]", "description": "[parameters('description')]", "discoveryUrl": "[parameters('discoveryUrl')]", - "encryption": "[if(not(empty(parameters('cMKKeyName'))), createObject('status', 'Enabled', 'identity', if(not(empty(parameters('cMKUserAssignedIdentityResourceId'))), createObject('userAssignedIdentity', parameters('cMKUserAssignedIdentityResourceId')), null()), 'keyVaultProperties', createObject('keyVaultArmId', parameters('cMKKeyVaultResourceId'), 'keyIdentifier', if(not(empty(parameters('cMKKeyVersion'))), format('{0}/{1}', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('cMKKeyVaultResourceId'), '/')[2], split(parameters('cMKKeyVaultResourceId'), '/')[4]), 'Microsoft.KeyVault/vaults/keys', split(format('{0}/{1}', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName')), '/')[0], split(format('{0}/{1}', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName')), '/')[1]), '2021-10-01').keyUri, parameters('cMKKeyVersion')), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('cMKKeyVaultResourceId'), '/')[2], split(parameters('cMKKeyVaultResourceId'), '/')[4]), 'Microsoft.KeyVault/vaults/keys', split(format('{0}/{1}', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName')), '/')[0], split(format('{0}/{1}', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName')), '/')[1]), '2021-10-01').keyUriWithVersion))), null())]", + "encryption": "[if(not(empty(parameters('cMKKeyName'))), createObject('status', 'Enabled', 'identity', if(not(empty(parameters('cMKUserAssignedIdentityResourceId'))), createObject('userAssignedIdentity', parameters('cMKUserAssignedIdentityResourceId')), null()), 'keyVaultProperties', createObject('keyVaultArmId', parameters('cMKKeyVaultResourceId'), 'keyIdentifier', if(not(empty(parameters('cMKKeyVersion'))), format('{0}/{1}', reference('cMKKeyVaultKey').keyUri, parameters('cMKKeyVersion')), reference('cMKKeyVaultKey').keyUriWithVersion))), null())]", "imageBuildCompute": "[parameters('imageBuildCompute')]", "primaryUserAssignedIdentity": "[parameters('primaryUserAssignedIdentity')]", "publicNetworkAccess": "[if(not(empty(parameters('publicNetworkAccess'))), parameters('publicNetworkAccess'), if(not(empty(parameters('privateEndpoints'))), 'Disabled', 'Enabled'))]", "serviceManagedResourcesSettings": "[parameters('serviceManagedResourcesSettings')]", "sharedPrivateLinkResources": "[parameters('sharedPrivateLinkResources')]" - } + }, + "dependsOn": [ + "cMKKeyVaultKey" + ] }, - { - "condition": "[not(empty(parameters('lock')))]", + "workspace_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.MachineLearningServices/workspaces/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.MachineLearningServices/workspaces', parameters('name'))]" + "workspace" ] }, - { + "workspace_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -383,10 +417,10 @@ "logs": "[variables('diagnosticsLogs')]" }, "dependsOn": [ - "[resourceId('Microsoft.MachineLearningServices/workspaces', parameters('name'))]" + "workspace" ] }, - { + "workspace_computes": { "copy": { "name": "workspace_computes", "count": "[length(parameters('computes'))]" @@ -634,11 +668,11 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.MachineLearningServices/workspaces', parameters('name'))]", + "workspace", "workspace_privateEndpoints" ] }, - { + "workspace_privateEndpoints": { "copy": { "name": "workspace_privateEndpoints", "count": "[length(parameters('privateEndpoints'))]" @@ -1159,10 +1193,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.MachineLearningServices/workspaces', parameters('name'))]" + "workspace" ] }, - { + "workspace_roleAssignments": { "copy": { "name": "workspace_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -1312,10 +1346,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.MachineLearningServices/workspaces', parameters('name'))]" + "workspace" ] } - ], + }, "outputs": { "resourceId": { "type": "string", @@ -1343,14 +1377,14 @@ "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[if(and(not(empty(variables('identity'))), contains(variables('identity').type, 'SystemAssigned')), reference(resourceId('Microsoft.MachineLearningServices/workspaces', parameters('name')), '2022-10-01', 'full').identity.principalId, '')]" + "value": "[if(and(not(empty(variables('identity'))), contains(variables('identity').type, 'SystemAssigned')), reference('workspace', '2022-10-01', 'full').identity.principalId, '')]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.MachineLearningServices/workspaces', parameters('name')), '2022-10-01', 'full').location]" + "value": "[reference('workspace', '2022-10-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/network/connection/main.json b/modules/network/connection/main.json index e72fe07213..1166323e83 100644 --- a/modules/network/connection/main.json +++ b/modules/network/connection/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "4819464445955431710" + "templateHash": "10325872136554369855" }, "name": "Virtual Network Gateway Connections", "description": "This module deploys a Virtual Network Gateway Connection.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -136,15 +164,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the connectionType of lock." + "description": "Optional. The lock settings of the service." } }, "tags": { @@ -196,8 +218,8 @@ } } }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -211,7 +233,7 @@ } } }, - { + "connection": { "type": "Microsoft.Network/connections", "apiVersion": "2023-04-01", "name": "[parameters('name')]", @@ -237,21 +259,21 @@ "useLocalAzureIpAddress": "[if(equals(parameters('connectionType'), 'IPsec'), parameters('useLocalAzureIpAddress'), null())]" } }, - { - "condition": "[not(empty(parameters('lock')))]", + "connection_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Network/connections/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/connections', parameters('name'))]" + "connection" ] } - ], + }, "outputs": { "resourceGroupName": { "type": "string", @@ -279,7 +301,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Network/connections', parameters('name')), '2023-04-01', 'full').location]" + "value": "[reference('connection', '2023-04-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/network/dns-forwarding-ruleset/main.bicep b/modules/network/dns-forwarding-ruleset/main.bicep index 54cd672c91..368c9d487e 100644 --- a/modules/network/dns-forwarding-ruleset/main.bicep +++ b/modules/network/dns-forwarding-ruleset/main.bicep @@ -72,16 +72,16 @@ module dnsForwardingRuleset_virtualNetworkLinks 'virtual-network-link/main.bicep } }] -resource dnsForwardingRulesets_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { +resource dnsForwardingRuleset_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { name: lock.?name ?? 'lock-${name}' properties: { level: lock.?kind ?? '' notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } - scope: dnsForwardingRulesets + scope: dnsForwardingRuleset } -module dnsForwardingRulesets_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module dnsForwardingRuleset_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-dnsResolver-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/modules/network/dns-forwarding-ruleset/main.json b/modules/network/dns-forwarding-ruleset/main.json index 19ee04a44f..494c2005b7 100644 --- a/modules/network/dns-forwarding-ruleset/main.json +++ b/modules/network/dns-forwarding-ruleset/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "3259269947258844338" + "templateHash": "7214112438295019717" }, "name": "Dns Forwarding Rulesets", "description": "This template deploys an dns forwarding ruleset.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -27,15 +55,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -80,8 +102,8 @@ } } }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -95,7 +117,7 @@ } } }, - { + "dnsForwardingRuleset": { "type": "Microsoft.Network/dnsForwardingRulesets", "apiVersion": "2022-07-01", "name": "[parameters('name')]", @@ -113,21 +135,21 @@ ] } }, - { - "condition": "[not(empty(parameters('lock')))]", + "dnsForwardingRuleset_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Network/dnsForwardingRulesets/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/dnsForwardingRulesets', parameters('name'))]" + "dnsForwardingRuleset" ] }, - { + "dnsForwardingRuleset_forwardingRule": { "copy": { "name": "dnsForwardingRuleset_forwardingRule", "count": "[length(parameters('forwardingRules'))]" @@ -282,10 +304,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/dnsForwardingRulesets', parameters('name'))]" + "dnsForwardingRuleset" ] }, - { + "dnsForwardingRuleset_virtualNetworkLinks": { "copy": { "name": "dnsForwardingRuleset_virtualNetworkLinks", "count": "[length(parameters('vNetLinks'))]" @@ -404,12 +426,12 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/dnsForwardingRulesets', parameters('name'))]" + "dnsForwardingRuleset" ] }, - { + "dnsForwardingRuleset_roleAssignments": { "copy": { - "name": "dnsForwardingRulesets_roleAssignments", + "name": "dnsForwardingRuleset_roleAssignments", "count": "[length(parameters('roleAssignments'))]" }, "type": "Microsoft.Resources/deployments", @@ -581,10 +603,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/dnsForwardingRulesets', parameters('name'))]" + "dnsForwardingRuleset" ] } - ], + }, "outputs": { "resourceGroupName": { "type": "string", @@ -612,7 +634,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Network/dnsForwardingRulesets', parameters('name')), '2022-07-01', 'full').location]" + "value": "[reference('dnsForwardingRuleset', '2022-07-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/network/network-manager/main.json b/modules/network/network-manager/main.json index be5b31c5ee..8ad603bd07 100644 --- a/modules/network/network-manager/main.json +++ b/modules/network/network-manager/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "17206951315494060900" + "templateHash": "10611241672258166058" }, "name": "Network Managers", "description": "This module deploys a Network Manager.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -28,15 +56,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -112,8 +134,8 @@ "variables": { "enableReferencedModulesTelemetry": false }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -127,7 +149,7 @@ } } }, - { + "networkManager": { "type": "Microsoft.Network/networkManagers", "apiVersion": "2023-02-01", "name": "[parameters('name')]", @@ -139,21 +161,21 @@ "networkManagerScopes": "[parameters('networkManagerScopes')]" } }, - { - "condition": "[not(empty(parameters('lock')))]", + "networkManager_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Network/networkManagers/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Network/networkManagers', parameters('name'))]" + "networkManager" ] }, - { + "networkManager_networkGroups": { "copy": { "name": "networkManager_networkGroups", "count": "[length(parameters('networkGroups'))]" @@ -411,10 +433,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/networkManagers', parameters('name'))]" + "networkManager" ] }, - { + "networkManager_connectivityConfigurations": { "copy": { "name": "networkManager_connectivityConfigurations", "count": "[length(parameters('connectivityConfigurations'))]" @@ -592,11 +614,11 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/networkManagers', parameters('name'))]", + "networkManager", "networkManager_networkGroups" ] }, - { + "networkManager_scopeConnections": { "copy": { "name": "networkManager_scopeConnections", "count": "[length(parameters('scopeConnections'))]" @@ -734,10 +756,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/networkManagers', parameters('name'))]" + "networkManager" ] }, - { + "networkManager_securityAdminConfigurations": { "copy": { "name": "networkManager_securityAdminConfigurations", "count": "[length(parameters('securityAdminConfigurations'))]" @@ -1268,11 +1290,11 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/networkManagers', parameters('name'))]", + "networkManager", "networkManager_networkGroups" ] }, - { + "networkManager_roleAssignments": { "copy": { "name": "networkManager_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -1446,10 +1468,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/networkManagers', parameters('name'))]" + "networkManager" ] } - ], + }, "outputs": { "resourceGroupName": { "type": "string", @@ -1477,7 +1499,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Network/networkManagers', parameters('name')), '2023-02-01', 'full').location]" + "value": "[reference('networkManager', '2023-02-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/purview/account/main.bicep b/modules/purview/account/main.bicep index 4a76c5ef69..c479719a27 100644 --- a/modules/purview/account/main.bicep +++ b/modules/purview/account/main.bicep @@ -141,16 +141,16 @@ resource account 'Microsoft.Purview/accounts@2021-07-01' = { } } -resource purview_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { +resource account_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { name: lock.?name ?? 'lock-${name}' properties: { level: lock.?kind ?? '' notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } - scope: purview + scope: account } -resource purview_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { +resource account_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: !empty(diagnosticSettingsName) ? diagnosticSettingsName : '${name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null @@ -283,7 +283,7 @@ module eventHub_privateEndpoints '../../network/private-endpoint/main.bicep' = [ } }] -module purview_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { +module account_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { name: '${uniqueString(deployment().name, location)}-Account-Rbac-${index}' params: { description: contains(roleAssignment, 'description') ? roleAssignment.description : '' diff --git a/modules/purview/account/main.json b/modules/purview/account/main.json index 6e06abbf04..e785fc3670 100644 --- a/modules/purview/account/main.json +++ b/modules/purview/account/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "15558179031727764706" + "templateHash": "5461425938112973059" }, "name": "Purview Accounts", "description": "This module deploys a Purview Account.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -173,15 +201,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } } }, @@ -210,8 +232,8 @@ "identity": "[if(not(equals(variables('identityType'), 'None')), createObject('type', variables('identityType'), 'userAssignedIdentities', if(not(empty(parameters('userAssignedIdentities'))), parameters('userAssignedIdentities'), null())), null())]", "enableReferencedModulesTelemetry": false }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -225,7 +247,7 @@ } } }, - { + "account": { "type": "Microsoft.Purview/accounts", "apiVersion": "2021-07-01", "name": "[parameters('name')]", @@ -238,21 +260,21 @@ "publicNetworkAccess": "[parameters('publicNetworkAccess')]" } }, - { - "condition": "[not(empty(parameters('lock')))]", + "account_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Purview/accounts/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Purview/accounts', parameters('name'))]" + "account" ] }, - { + "account_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -267,10 +289,10 @@ "logs": "[variables('diagnosticsLogs')]" }, "dependsOn": [ - "[resourceId('Microsoft.Purview/accounts', parameters('name'))]" + "account" ] }, - { + "account_privateEndpoints": { "copy": { "name": "account_privateEndpoints", "count": "[length(parameters('accountPrivateEndpoints'))]" @@ -794,10 +816,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Purview/accounts', parameters('name'))]" + "account" ] }, - { + "portal_privateEndpoints": { "copy": { "name": "portal_privateEndpoints", "count": "[length(parameters('portalPrivateEndpoints'))]" @@ -1321,10 +1343,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Purview/accounts', parameters('name'))]" + "account" ] }, - { + "blob_privateEndpoints": { "copy": { "name": "blob_privateEndpoints", "count": "[length(parameters('storageBlobPrivateEndpoints'))]" @@ -1345,7 +1367,7 @@ }, "name": "[if(contains(parameters('storageBlobPrivateEndpoints')[copyIndex()], 'name'), createObject('value', parameters('storageBlobPrivateEndpoints')[copyIndex()].name), createObject('value', format('pe-{0}-{1}-{2}', last(split(resourceId('Microsoft.Purview/accounts', parameters('name')), '/')), parameters('storageBlobPrivateEndpoints')[copyIndex()].service, copyIndex())))]", "serviceResourceId": { - "value": "[reference(resourceId('Microsoft.Purview/accounts', parameters('name')), '2021-07-01').managedResources.storageAccount]" + "value": "[reference('account').managedResources.storageAccount]" }, "subnetResourceId": { "value": "[parameters('storageBlobPrivateEndpoints')[copyIndex()].subnetResourceId]" @@ -1848,10 +1870,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Purview/accounts', parameters('name'))]" + "account" ] }, - { + "queue_privateEndpoints": { "copy": { "name": "queue_privateEndpoints", "count": "[length(parameters('storageQueuePrivateEndpoints'))]" @@ -1872,7 +1894,7 @@ }, "name": "[if(contains(parameters('storageQueuePrivateEndpoints')[copyIndex()], 'name'), createObject('value', parameters('storageQueuePrivateEndpoints')[copyIndex()].name), createObject('value', format('pe-{0}-{1}-{2}', last(split(resourceId('Microsoft.Purview/accounts', parameters('name')), '/')), parameters('storageQueuePrivateEndpoints')[copyIndex()].service, copyIndex())))]", "serviceResourceId": { - "value": "[reference(resourceId('Microsoft.Purview/accounts', parameters('name')), '2021-07-01').managedResources.storageAccount]" + "value": "[reference('account').managedResources.storageAccount]" }, "subnetResourceId": { "value": "[parameters('storageQueuePrivateEndpoints')[copyIndex()].subnetResourceId]" @@ -2375,10 +2397,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Purview/accounts', parameters('name'))]" + "account" ] }, - { + "eventHub_privateEndpoints": { "copy": { "name": "eventHub_privateEndpoints", "count": "[length(parameters('eventHubPrivateEndpoints'))]" @@ -2399,7 +2421,7 @@ }, "name": "[if(contains(parameters('eventHubPrivateEndpoints')[copyIndex()], 'name'), createObject('value', parameters('eventHubPrivateEndpoints')[copyIndex()].name), createObject('value', format('pe-{0}-{1}-{2}', last(split(resourceId('Microsoft.Purview/accounts', parameters('name')), '/')), parameters('eventHubPrivateEndpoints')[copyIndex()].service, copyIndex())))]", "serviceResourceId": { - "value": "[reference(resourceId('Microsoft.Purview/accounts', parameters('name')), '2021-07-01').managedResources.eventHubNamespace]" + "value": "[reference('account').managedResources.eventHubNamespace]" }, "subnetResourceId": { "value": "[parameters('eventHubPrivateEndpoints')[copyIndex()].subnetResourceId]" @@ -2902,12 +2924,12 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Purview/accounts', parameters('name'))]" + "account" ] }, - { + "account_roleAssignments": { "copy": { - "name": "purview_roleAssignments", + "name": "account_roleAssignments", "count": "[length(parameters('roleAssignments'))]" }, "type": "Microsoft.Resources/deployments", @@ -3053,10 +3075,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Purview/accounts', parameters('name'))]" + "account" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -3084,42 +3106,42 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Purview/accounts', parameters('name')), '2021-07-01', 'full').location]" + "value": "[reference('account', '2021-07-01', 'full').location]" }, "managedResourceGroupName": { "type": "string", "metadata": { "description": "The name of the managed resource group." }, - "value": "[reference(resourceId('Microsoft.Purview/accounts', parameters('name')), '2021-07-01').managedResourceGroupName]" + "value": "[reference('account').managedResourceGroupName]" }, "managedResourceGroupId": { "type": "string", "metadata": { "description": "The resource ID of the managed resource group." }, - "value": "[reference(resourceId('Microsoft.Purview/accounts', parameters('name')), '2021-07-01').managedResources.resourceGroup]" + "value": "[reference('account').managedResources.resourceGroup]" }, "managedStorageAccountId": { "type": "string", "metadata": { "description": "The resource ID of the managed storage account." }, - "value": "[reference(resourceId('Microsoft.Purview/accounts', parameters('name')), '2021-07-01').managedResources.storageAccount]" + "value": "[reference('account').managedResources.storageAccount]" }, "managedEventHubId": { "type": "string", "metadata": { "description": "The resource ID of the managed Event Hub Namespace." }, - "value": "[reference(resourceId('Microsoft.Purview/accounts', parameters('name')), '2021-07-01').managedResources.eventHubNamespace]" + "value": "[reference('account').managedResources.eventHubNamespace]" }, "systemAssignedPrincipalId": { "type": "string", "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[reference(resourceId('Microsoft.Purview/accounts', parameters('name')), '2021-07-01', 'full').identity.principalId]" + "value": "[reference('account', '2021-07-01', 'full').identity.principalId]" } } } \ No newline at end of file diff --git a/modules/search/search-service/main.json b/modules/search/search-service/main.json index 1b70046741..668e348cf1 100644 --- a/modules/search/search-service/main.json +++ b/modules/search/search-service/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "3190976543296510988" + "templateHash": "3130433689552802225" }, "name": "Search Services", "description": "This module deploys a Search Service.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -70,15 +98,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "networkRuleSet": { @@ -252,8 +274,8 @@ "identityType": "[if(parameters('systemAssignedIdentity'), 'SystemAssigned', 'None')]", "identity": "[if(not(equals(variables('identityType'), 'None')), createObject('type', variables('identityType')), null())]" }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -267,7 +289,7 @@ } } }, - { + "searchService": { "type": "Microsoft.Search/searchServices", "apiVersion": "2022-09-01", "name": "[parameters('name')]", @@ -290,7 +312,7 @@ "publicNetworkAccess": "[parameters('publicNetworkAccess')]" } }, - { + "searchService_diagnosticSettings": { "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", @@ -305,24 +327,24 @@ "logs": "[variables('diagnosticsLogs')]" }, "dependsOn": [ - "[resourceId('Microsoft.Search/searchServices', parameters('name'))]" + "searchService" ] }, - { - "condition": "[not(empty(parameters('lock')))]", + "searchService_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Search/searchServices/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Search/searchServices', parameters('name'))]" + "searchService" ] }, - { + "searchService_roleAssignments": { "copy": { "name": "searchService_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -471,10 +493,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Search/searchServices', parameters('name'))]" + "searchService" ] }, - { + "searchService_privateEndpoints": { "copy": { "name": "searchService_privateEndpoints", "count": "[length(parameters('privateEndpoints'))]" @@ -998,10 +1020,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Search/searchServices', parameters('name'))]" + "searchService" ] }, - { + "searchService_sharedPrivateLinkResources": { "copy": { "name": "searchService_sharedPrivateLinkResources", "count": "[length(parameters('sharedPrivateLinkResources'))]", @@ -1143,10 +1165,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Search/searchServices', parameters('name'))]" + "searchService" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -1174,7 +1196,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Search/searchServices', parameters('name')), '2022-09-01', 'full').location]" + "value": "[reference('searchService', '2022-09-01', 'full').location]" } } } \ No newline at end of file From 9ff03a06431bda56bf3d96c53a9d054b829badfd Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Thu, 19 Oct 2023 18:38:31 +0200 Subject: [PATCH 09/52] Updated PE lock --- modules/aad/domain-service/README.md | 32 +++++++++++--- modules/analysis-services/server/README.md | 37 +++++++++++++--- modules/api-management/service/README.md | 37 +++++++++++++--- .../configuration-store/README.md | 32 +++++++++++--- .../configuration-store/main.bicep | 2 +- modules/app/container-app/README.md | 32 +++++++++++--- modules/app/managed-environment/README.md | 32 +++++++++++--- .../automation/automation-account/README.md | 32 +++++++++++--- .../automation/automation-account/main.bicep | 2 +- modules/batch/batch-account/README.md | 32 +++++++++++--- modules/batch/batch-account/main.bicep | 2 +- modules/cache/redis-enterprise/README.md | 32 +++++++++++--- modules/cache/redis-enterprise/main.bicep | 2 +- modules/cache/redis/README.md | 32 +++++++++++--- modules/cache/redis/main.bicep | 2 +- modules/cdn/profile/README.md | 37 +++++++++++++--- modules/cognitive-services/account/README.md | 32 +++++++++++--- modules/cognitive-services/account/main.bicep | 2 +- modules/compute/availability-set/README.md | 32 +++++++++++--- modules/compute/disk-encryption-set/README.md | 32 +++++++++++--- modules/compute/disk/README.md | 32 +++++++++++--- modules/compute/gallery/README.md | 32 +++++++++++--- .../proximity-placement-group/README.md | 32 +++++++++++--- modules/compute/ssh-public-key/README.md | 27 ++++++++++-- .../virtual-machine-scale-set/README.md | 37 +++++++++++++--- modules/compute/virtual-machine/README.md | 37 +++++++++++++--- .../container-group/README.md | 42 +++++++++++++++---- modules/container-registry/registry/README.md | 32 +++++++++++--- .../container-registry/registry/main.bicep | 2 +- .../managed-cluster/README.md | 32 +++++++++++--- modules/data-factory/factory/README.md | 32 +++++++++++--- modules/data-factory/factory/main.bicep | 2 +- .../data-protection/backup-vault/README.md | 32 +++++++++++--- modules/databricks/access-connector/README.md | 32 +++++++++++--- modules/databricks/workspace/README.md | 32 +++++++++++--- modules/databricks/workspace/main.bicep | 2 +- .../db-for-my-sql/flexible-server/README.md | 37 +++++++++++++--- .../flexible-server/README.md | 27 ++++++++++-- .../application-group/README.md | 32 +++++++++++--- .../host-pool/README.md | 32 +++++++++++--- .../workspace/README.md | 32 +++++++++++--- modules/dev-test-lab/lab/README.md | 32 +++++++++++--- .../digital-twins-instance/README.md | 32 +++++++++++--- .../digital-twins-instance/main.bicep | 2 +- .../document-db/database-account/README.md | 32 +++++++++++--- .../document-db/database-account/main.bicep | 2 +- modules/event-grid/domain/README.md | 32 +++++++++++--- modules/event-grid/domain/main.bicep | 2 +- modules/event-grid/system-topic/README.md | 32 +++++++++++--- modules/event-grid/topic/README.md | 32 +++++++++++--- modules/event-grid/topic/main.bicep | 2 +- modules/event-hub/namespace/README.md | 32 +++++++++++--- .../event-hub/namespace/eventhub/README.md | 27 ++++++++++-- modules/event-hub/namespace/main.bicep | 2 +- modules/health-bot/health-bot/README.md | 34 ++++++++++++--- modules/healthcare-apis/workspace/README.md | 34 +++++++++++---- .../workspace/dicomservice/README.md | 27 ++++++++++-- .../workspace/fhirservice/README.md | 27 ++++++++++-- .../workspace/iotconnector/README.md | 27 ++++++++++-- .../data-collection-endpoint/README.md | 12 +++--- .../insights/data-collection-rule/README.md | 25 ++++++++--- modules/insights/private-link-scope/README.md | 27 ++++++++++-- .../insights/private-link-scope/main.bicep | 2 +- modules/insights/webtest/README.md | 32 +++++++++++--- modules/key-vault/vault/README.md | 32 +++++++++++--- modules/key-vault/vault/main.bicep | 2 +- modules/logic/workflow/README.md | 32 +++++++++++--- .../workspace/README.md | 32 +++++++++++--- .../workspace/main.bicep | 2 +- .../maintenance-configuration/README.md | 19 ++++----- .../user-assigned-identity/README.md | 32 +++++++++++--- modules/net-app/net-app-account/README.md | 32 +++++++++++--- modules/network/application-gateway/README.md | 32 +++++++++++--- .../network/application-gateway/main.bicep | 2 +- .../application-security-group/README.md | 32 +++++++++++--- modules/network/azure-firewall/README.md | 32 +++++++++++--- modules/network/bastion-host/README.md | 32 +++++++++++--- modules/network/connection/README.md | 32 +++++++++++--- .../network/ddos-protection-plan/README.md | 32 +++++++++++--- .../network/dns-forwarding-ruleset/README.md | 32 +++++++++++--- modules/network/dns-resolver/README.md | 27 ++++++++++-- modules/network/dns-zone/README.md | 32 +++++++++++--- .../network/express-route-circuit/README.md | 32 +++++++++++--- .../network/express-route-gateway/README.md | 32 +++++++++++--- .../README.md | 32 +++++++++++--- modules/network/front-door/README.md | 32 +++++++++++--- modules/network/ip-group/README.md | 32 +++++++++++--- modules/network/load-balancer/README.md | 32 +++++++++++--- .../network/local-network-gateway/README.md | 32 +++++++++++--- modules/network/nat-gateway/README.md | 32 +++++++++++--- modules/network/network-interface/README.md | 32 +++++++++++--- modules/network/network-manager/README.md | 32 +++++++++++--- .../network/network-security-group/README.md | 32 +++++++++++--- modules/network/network-watcher/README.md | 27 ++++++++++-- modules/network/private-dns-zone/README.md | 32 +++++++++++--- modules/network/private-endpoint/README.md | 3 +- .../network/private-link-service/README.md | 32 +++++++++++--- modules/network/public-ip-address/README.md | 32 +++++++++++--- modules/network/public-ip-prefix/README.md | 32 +++++++++++--- modules/network/route-table/README.md | 32 +++++++++++--- .../network/service-endpoint-policy/README.md | 32 +++++++++++--- .../network/trafficmanagerprofile/README.md | 32 +++++++++++--- modules/network/virtual-hub/README.md | 32 +++++++++++--- .../network/virtual-network-gateway/README.md | 37 +++++++++++++--- modules/network/virtual-network/README.md | 32 +++++++++++--- modules/network/virtual-wan/README.md | 32 +++++++++++--- modules/network/vpn-gateway/README.md | 32 +++++++++++--- modules/network/vpn-site/README.md | 32 +++++++++++--- .../operational-insights/workspace/README.md | 37 +++++++++++++--- modules/power-bi-dedicated/capacity/README.md | 12 +++--- modules/purview/account/README.md | 32 +++++++++++--- modules/purview/account/main.bicep | 10 ++--- modules/recovery-services/vault/README.md | 32 +++++++++++--- modules/recovery-services/vault/main.bicep | 2 +- modules/relay/namespace/README.md | 32 +++++++++++--- .../namespace/hybrid-connection/README.md | 27 ++++++++++-- modules/relay/namespace/main.bicep | 2 +- modules/relay/namespace/wcf-relay/README.md | 27 ++++++++++-- modules/resource-graph/query/README.md | 32 +++++++++++--- modules/resources/deployment-script/README.md | 32 +++++++++++--- modules/resources/resource-group/README.md | 32 +++++++++++--- modules/search/search-service/README.md | 32 +++++++++++--- modules/search/search-service/main.bicep | 2 +- modules/service-bus/namespace/README.md | 32 +++++++++++--- modules/service-bus/namespace/main.bicep | 2 +- modules/service-bus/namespace/queue/README.md | 27 ++++++++++-- modules/service-bus/namespace/topic/README.md | 27 ++++++++++-- modules/service-fabric/cluster/README.md | 32 +++++++++++--- modules/signal-r-service/signal-r/README.md | 32 +++++++++++--- modules/signal-r-service/signal-r/main.bicep | 2 +- .../signal-r-service/web-pub-sub/README.md | 32 +++++++++++--- .../signal-r-service/web-pub-sub/main.bicep | 2 +- modules/sql/managed-instance/README.md | 32 +++++++++++--- .../sql/managed-instance/database/README.md | 29 ++++++++++--- modules/sql/server/README.md | 32 +++++++++++--- modules/sql/server/main.bicep | 2 +- modules/storage/storage-account/README.md | 37 +++++++++++++--- modules/storage/storage-account/main.bicep | 2 +- modules/synapse/private-link-hub/README.md | 32 +++++++++++--- modules/synapse/private-link-hub/main.bicep | 2 +- modules/synapse/workspace/README.md | 27 ++++++++++-- modules/synapse/workspace/main.bicep | 2 +- .../image-template/README.md | 32 +++++++++++--- modules/web/connection/README.md | 32 +++++++++++--- modules/web/hosting-environment/README.md | 37 +++++++++++++--- modules/web/serverfarm/README.md | 32 +++++++++++--- modules/web/site/README.md | 32 +++++++++++--- modules/web/site/main.bicep | 2 +- modules/web/site/slot/README.md | 27 ++++++++++-- modules/web/site/slot/main.bicep | 2 +- modules/web/static-site/README.md | 32 +++++++++++--- modules/web/static-site/main.bicep | 2 +- 152 files changed, 3167 insertions(+), 642 deletions(-) diff --git a/modules/aad/domain-service/README.md b/modules/aad/domain-service/README.md index 18b23f5174..88cbe897e8 100644 --- a/modules/aad/domain-service/README.md +++ b/modules/aad/domain-service/README.md @@ -115,7 +115,10 @@ module domainService 'br:bicep/modules/aad.domain-service:1.0.0' = { "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "name": { "value": "aaddscom001" @@ -185,7 +188,7 @@ module domainService 'br:bicep/modules/aad.domain-service:1.0.0' = { | [`kerberosRc4Encryption`](#parameter-kerberosrc4encryption) | string | The value is to enable Kerberos requests that use RC4 encryption. | | [`ldaps`](#parameter-ldaps) | string | A flag to determine whether or not Secure LDAP is enabled or disabled. | | [`location`](#parameter-location) | string | The location to deploy the Azure ADDS Services. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`name`](#parameter-name) | string | The name of the AADDS resource. Defaults to the domain name specific to the Azure ADDS service. | | [`notifyDcAdmins`](#parameter-notifydcadmins) | string | The value is to notify the DC Admins. | | [`notifyGlobalAdmins`](#parameter-notifyglobaladmins) | string | The value is to notify the Global Admins. | @@ -310,11 +313,30 @@ The location to deploy the Azure ADDS Services. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/analysis-services/server/README.md b/modules/analysis-services/server/README.md index 3a76d70c5c..1464915f28 100644 --- a/modules/analysis-services/server/README.md +++ b/modules/analysis-services/server/README.md @@ -108,7 +108,10 @@ module server 'br:bicep/modules/analysis-services.server:1.0.0' = { "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "roleAssignments": { "value": [ @@ -248,7 +251,10 @@ module server 'br:bicep/modules/analysis-services.server:1.0.0' = { } }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "roleAssignments": { "value": [ @@ -345,7 +351,7 @@ module server 'br:bicep/modules/analysis-services.server:1.0.0' = { | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`firewallSettings`](#parameter-firewallsettings) | object | The inbound firewall rules to define on the server. If not specified, firewall is disabled. | | [`location`](#parameter-location) | string | Location for all Resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`skuCapacity`](#parameter-skucapacity) | int | The total number of query replica scale-out instances. | | [`skuName`](#parameter-skuname) | string | The SKU name of the Azure Analysis Services server to create. | @@ -425,11 +431,30 @@ Location for all Resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/api-management/service/README.md b/modules/api-management/service/README.md index c4fc816503..b026c84175 100644 --- a/modules/api-management/service/README.md +++ b/modules/api-management/service/README.md @@ -138,7 +138,10 @@ module service 'br:bicep/modules/api-management.service:1.0.0' = { "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "policies": { "value": [ @@ -447,7 +450,10 @@ module service 'br:bicep/modules/api-management.service:1.0.0' = { ] }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "namedValues": { "value": [ @@ -637,7 +643,7 @@ module service 'br:bicep/modules/api-management.service:1.0.0' = { | [`hostnameConfigurations`](#parameter-hostnameconfigurations) | array | Custom hostname configuration of the API Management service. | | [`identityProviders`](#parameter-identityproviders) | array | Identity providers. | | [`location`](#parameter-location) | string | Location for all Resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`minApiVersion`](#parameter-minapiversion) | string | Limit control plane API calls to API Management service with version equal to or newer than this value. | | [`namedValues`](#parameter-namedvalues) | array | Named values. | | [`newGuidValue`](#parameter-newguidvalue) | string | Necessary to create a new GUID. | @@ -808,11 +814,30 @@ Location for all Resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `minApiVersion` diff --git a/modules/app-configuration/configuration-store/README.md b/modules/app-configuration/configuration-store/README.md index 29c37df3ba..96a2a864de 100644 --- a/modules/app-configuration/configuration-store/README.md +++ b/modules/app-configuration/configuration-store/README.md @@ -162,7 +162,10 @@ module configurationStore 'br:bicep/modules/app-configuration.configuration-stor ] }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "roleAssignments": { "value": [ @@ -537,7 +540,7 @@ module configurationStore 'br:bicep/modules/app-configuration.configuration-stor | [`enablePurgeProtection`](#parameter-enablepurgeprotection) | bool | Property specifying whether protection against purge is enabled for this configuration store. | | [`keyValues`](#parameter-keyvalues) | array | All Key / Values to create. Requires local authentication to be enabled. | | [`location`](#parameter-location) | string | Location for all Resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | | [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | @@ -671,11 +674,30 @@ Location for all Resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/app-configuration/configuration-store/main.bicep b/modules/app-configuration/configuration-store/main.bicep index 199f8d3eab..136fd6ec40 100644 --- a/modules/app-configuration/configuration-store/main.bicep +++ b/modules/app-configuration/configuration-store/main.bicep @@ -245,7 +245,7 @@ module configurationStore_privateEndpoints '../../network/private-endpoint/main. subnetResourceId: privateEndpoint.subnetResourceId enableDefaultTelemetry: enableReferencedModulesTelemetry location: contains(privateEndpoint, 'location') ? privateEndpoint.location : reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location - lock: contains(privateEndpoint, 'lock') ? privateEndpoint.lock : null + lock: privateEndpoint.?lock ?? lock privateDnsZoneGroupName: contains(privateEndpoint, 'privateDnsZoneGroupName') ? privateEndpoint.privateDnsZoneGroupName : 'default' privateDnsZoneResourceIds: contains(privateEndpoint, 'privateDnsZoneResourceIds') ? privateEndpoint.privateDnsZoneResourceIds : [] roleAssignments: contains(privateEndpoint, 'roleAssignments') ? privateEndpoint.roleAssignments : [] diff --git a/modules/app/container-app/README.md b/modules/app/container-app/README.md index 9efafb66cb..a37030cd5c 100644 --- a/modules/app/container-app/README.md +++ b/modules/app/container-app/README.md @@ -154,7 +154,10 @@ module containerApp 'br:bicep/modules/app.container-app:1.0.0' = { "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "secrets": { "value": { @@ -299,7 +302,7 @@ module containerApp 'br:bicep/modules/app.container-app:1.0.0' = { | [`initContainersTemplate`](#parameter-initcontainerstemplate) | array | List of specialized containers that run before app containers. | | [`ipSecurityRestrictions`](#parameter-ipsecurityrestrictions) | array | Rules to restrict incoming IP address. | | [`location`](#parameter-location) | string | Location for all Resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`maxInactiveRevisions`](#parameter-maxinactiverevisions) | int | Max inactive revisions a Container App can have. | | [`registries`](#parameter-registries) | array | Collection of private container registry credentials for containers used by the Container app. | | [`revisionSuffix`](#parameter-revisionsuffix) | string | User friendly suffix that is appended to the revision name. | @@ -418,11 +421,30 @@ Location for all Resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `maxInactiveRevisions` diff --git a/modules/app/managed-environment/README.md b/modules/app/managed-environment/README.md index 6a39b46bc3..b334bdfcb5 100644 --- a/modules/app/managed-environment/README.md +++ b/modules/app/managed-environment/README.md @@ -102,7 +102,10 @@ module managedEnvironment 'br:bicep/modules/app.managed-environment:1.0.0' = { "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "platformReservedCidr": { "value": "172.17.17.0/24" @@ -205,7 +208,7 @@ module managedEnvironment 'br:bicep/modules/app.managed-environment:1.0.0' = { | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`internal`](#parameter-internal) | bool | Boolean indicating the environment only has an internal load balancer. These environments do not have a public static IP resource. If set to true, then "infrastructureSubnetId" must be provided. | | [`location`](#parameter-location) | string | Location for all Resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`logsDestination`](#parameter-logsdestination) | string | Logs destination. | | [`platformReservedCidr`](#parameter-platformreservedcidr) | string | IP range in CIDR notation that can be reserved for environment infrastructure IP addresses. It must not overlap with any other provided IP ranges and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform. | | [`platformReservedDnsIP`](#parameter-platformreserveddnsip) | string | An IP address from the IP range defined by "platformReservedCidr" that will be reserved for the internal DNS server. It must not be the first address in the range and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform. | @@ -286,11 +289,30 @@ Location for all Resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `logAnalyticsWorkspaceResourceId` diff --git a/modules/automation/automation-account/README.md b/modules/automation/automation-account/README.md index a755e5f4c0..b4ace1295b 100644 --- a/modules/automation/automation-account/README.md +++ b/modules/automation/automation-account/README.md @@ -297,7 +297,10 @@ module automationAccount 'br:bicep/modules/automation.automation-account:1.0.0' "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "modules": { "value": [ @@ -630,7 +633,7 @@ module automationAccount 'br:bicep/modules/automation.automation-account:1.0.0' | [`jobSchedules`](#parameter-jobschedules) | array | List of jobSchedules to be created in the automation account. | | [`linkedWorkspaceResourceId`](#parameter-linkedworkspaceresourceid) | string | ID of the log analytics workspace to be linked to the deployed automation account. | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`modules`](#parameter-modules) | array | List of modules to be created in the automation account. | | [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | | [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | @@ -767,11 +770,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `modules` diff --git a/modules/automation/automation-account/main.bicep b/modules/automation/automation-account/main.bicep index 3e96adfe8f..ce12ca57a5 100644 --- a/modules/automation/automation-account/main.bicep +++ b/modules/automation/automation-account/main.bicep @@ -376,7 +376,7 @@ module automationAccount_privateEndpoints '../../network/private-endpoint/main.b subnetResourceId: privateEndpoint.subnetResourceId enableDefaultTelemetry: enableReferencedModulesTelemetry location: contains(privateEndpoint, 'location') ? privateEndpoint.location : reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location - lock: contains(privateEndpoint, 'lock') ? privateEndpoint.lock : null + lock: privateEndpoint.?lock ?? lock privateDnsZoneGroupName: contains(privateEndpoint, 'privateDnsZoneGroupName') ? privateEndpoint.privateDnsZoneGroupName : 'default' privateDnsZoneResourceIds: contains(privateEndpoint, 'privateDnsZoneResourceIds') ? privateEndpoint.privateDnsZoneResourceIds : [] roleAssignments: contains(privateEndpoint, 'roleAssignments') ? privateEndpoint.roleAssignments : [] diff --git a/modules/batch/batch-account/README.md b/modules/batch/batch-account/README.md index a93b4cfecb..538f346570 100644 --- a/modules/batch/batch-account/README.md +++ b/modules/batch/batch-account/README.md @@ -131,7 +131,10 @@ module batchAccount 'br:bicep/modules/batch.batch-account:1.0.0' = { "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "poolAllocationMode": { "value": "BatchService" @@ -388,7 +391,7 @@ module batchAccount 'br:bicep/modules/batch.batch-account:1.0.0' = { | [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`location`](#parameter-location) | string | Location for all Resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`networkProfileAllowedIpRanges`](#parameter-networkprofileallowedipranges) | array | Array of IP ranges to filter client IP address. It is only applicable when publicNetworkAccess is not explicitly disabled. | | [`networkProfileDefaultAction`](#parameter-networkprofiledefaultaction) | string | The network profile default action for endpoint access. It is only applicable when publicNetworkAccess is not explicitly disabled. | | [`poolAllocationMode`](#parameter-poolallocationmode) | string | The allocation mode for creating pools in the Batch account. Determines which quota will be used. | @@ -503,11 +506,30 @@ Location for all Resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/batch/batch-account/main.bicep b/modules/batch/batch-account/main.bicep index 826c2612c0..25ac3e4f4b 100644 --- a/modules/batch/batch-account/main.bicep +++ b/modules/batch/batch-account/main.bicep @@ -243,7 +243,7 @@ module batchAccount_privateEndpoints '../../network/private-endpoint/main.bicep' subnetResourceId: privateEndpoint.subnetResourceId enableDefaultTelemetry: enableReferencedModulesTelemetry location: contains(privateEndpoint, 'location') ? privateEndpoint.location : reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location - lock: contains(privateEndpoint, 'lock') ? privateEndpoint.lock : null + lock: privateEndpoint.?lock ?? lock privateDnsZoneGroupName: contains(privateEndpoint, 'privateDnsZoneGroupName') ? privateEndpoint.privateDnsZoneGroupName : 'default' privateDnsZoneResourceIds: contains(privateEndpoint, 'privateDnsZoneResourceIds') ? privateEndpoint.privateDnsZoneResourceIds : [] roleAssignments: contains(privateEndpoint, 'roleAssignments') ? privateEndpoint.roleAssignments : [] diff --git a/modules/cache/redis-enterprise/README.md b/modules/cache/redis-enterprise/README.md index 88b4b37d65..d6a9d4dcf8 100644 --- a/modules/cache/redis-enterprise/README.md +++ b/modules/cache/redis-enterprise/README.md @@ -175,7 +175,10 @@ module redisEnterprise 'br:bicep/modules/cache.redis-enterprise:1.0.0' = { "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "minimumTlsVersion": { "value": "1.2" @@ -418,7 +421,7 @@ module redisEnterprise 'br:bicep/modules/cache.redis-enterprise:1.0.0' = { | [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`location`](#parameter-location) | string | The geo-location where the resource lives. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`minimumTlsVersion`](#parameter-minimumtlsversion) | string | Requires clients to use a specified TLS version (or higher) to connect. | | [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | @@ -507,11 +510,30 @@ The geo-location where the resource lives. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `minimumTlsVersion` diff --git a/modules/cache/redis-enterprise/main.bicep b/modules/cache/redis-enterprise/main.bicep index 40afd6355c..be865f3cda 100644 --- a/modules/cache/redis-enterprise/main.bicep +++ b/modules/cache/redis-enterprise/main.bicep @@ -199,7 +199,7 @@ module redisCacheEnterprise_privateEndpoints '../../network/private-endpoint/mai subnetResourceId: privateEndpoint.subnetResourceId enableDefaultTelemetry: enableReferencedModulesTelemetry location: contains(privateEndpoint, 'location') ? privateEndpoint.location : reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location - lock: contains(privateEndpoint, 'lock') ? privateEndpoint.lock : null + lock: privateEndpoint.?lock ?? lock privateDnsZoneGroupName: contains(privateEndpoint, 'privateDnsZoneGroupName') ? privateEndpoint.privateDnsZoneGroupName : 'default' privateDnsZoneResourceIds: contains(privateEndpoint, 'privateDnsZoneResourceIds') ? privateEndpoint.privateDnsZoneResourceIds : [] roleAssignments: contains(privateEndpoint, 'roleAssignments') ? privateEndpoint.roleAssignments : [] diff --git a/modules/cache/redis/README.md b/modules/cache/redis/README.md index 9d31cff1f5..bfff9fc338 100644 --- a/modules/cache/redis/README.md +++ b/modules/cache/redis/README.md @@ -138,7 +138,10 @@ module redis 'br:bicep/modules/cache.redis:1.0.0' = { "value": true }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "minimumTlsVersion": { "value": "1.2" @@ -270,7 +273,7 @@ module redis 'br:bicep/modules/cache.redis:1.0.0' = { | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`enableNonSslPort`](#parameter-enablenonsslport) | bool | Specifies whether the non-ssl Redis server port (6379) is enabled. | | [`location`](#parameter-location) | string | The location to deploy the Redis cache service. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`minimumTlsVersion`](#parameter-minimumtlsversion) | string | Requires clients to use a specified TLS version (or higher) to connect. | | [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | | [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | @@ -372,11 +375,30 @@ The location to deploy the Redis cache service. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `minimumTlsVersion` diff --git a/modules/cache/redis/main.bicep b/modules/cache/redis/main.bicep index 8ed3a2d8a9..3c78068ad7 100644 --- a/modules/cache/redis/main.bicep +++ b/modules/cache/redis/main.bicep @@ -251,7 +251,7 @@ module redisCache_privateEndpoints '../../network/private-endpoint/main.bicep' = subnetResourceId: privateEndpoint.subnetResourceId enableDefaultTelemetry: enableReferencedModulesTelemetry location: contains(privateEndpoint, 'location') ? privateEndpoint.location : reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location - lock: contains(privateEndpoint, 'lock') ? privateEndpoint.lock : null + lock: privateEndpoint.?lock ?? lock privateDnsZoneGroupName: contains(privateEndpoint, 'privateDnsZoneGroupName') ? privateEndpoint.privateDnsZoneGroupName : 'default' privateDnsZoneResourceIds: contains(privateEndpoint, 'privateDnsZoneResourceIds') ? privateEndpoint.privateDnsZoneResourceIds : [] roleAssignments: contains(privateEndpoint, 'roleAssignments') ? privateEndpoint.roleAssignments : [] diff --git a/modules/cdn/profile/README.md b/modules/cdn/profile/README.md index a3bceeb2be..0648822403 100644 --- a/modules/cdn/profile/README.md +++ b/modules/cdn/profile/README.md @@ -191,7 +191,10 @@ module profile 'br:bicep/modules/cdn.profile:1.0.0' = { "value": "global" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "originResponseTimeoutSeconds": { "value": 60 @@ -383,7 +386,10 @@ module profile 'br:bicep/modules/cdn.profile:1.0.0' = { "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "originResponseTimeoutSeconds": { "value": 60 @@ -432,7 +438,7 @@ module profile 'br:bicep/modules/cdn.profile:1.0.0' = { | [`endpointName`](#parameter-endpointname) | string | Name of the endpoint under the profile which is unique globally. | | [`endpointProperties`](#parameter-endpointproperties) | object | Endpoint properties (see https://learn.microsoft.com/en-us/azure/templates/microsoft.cdn/profiles/endpoints?pivots=deployment-language-bicep#endpointproperties for details). | | [`location`](#parameter-location) | string | Location for all Resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`originResponseTimeoutSeconds`](#parameter-originresponsetimeoutseconds) | int | Send and receive timeout on forwarding request to the origin. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`ruleSets`](#parameter-rulesets) | array | Array of rule set objects. | @@ -483,11 +489,30 @@ Location for all Resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/cognitive-services/account/README.md b/modules/cognitive-services/account/README.md index c9867949a5..5613b3b75f 100644 --- a/modules/cognitive-services/account/README.md +++ b/modules/cognitive-services/account/README.md @@ -152,7 +152,10 @@ module account 'br:bicep/modules/cognitive-services.account:1.0.0' = { "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "networkAcls": { "value": { @@ -504,7 +507,7 @@ module account 'br:bicep/modules/cognitive-services.account:1.0.0' = { | [`dynamicThrottlingEnabled`](#parameter-dynamicthrottlingenabled) | bool | The flag to enable dynamic throttling. | | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`location`](#parameter-location) | string | Location for all Resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`migrationToken`](#parameter-migrationtoken) | string | Resource migration token. | | [`networkAcls`](#parameter-networkacls) | object | A collection of rules governing the accessibility from specific network locations. | | [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | @@ -654,11 +657,30 @@ Location for all Resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `migrationToken` diff --git a/modules/cognitive-services/account/main.bicep b/modules/cognitive-services/account/main.bicep index e0e0d1d8b2..06494998b2 100644 --- a/modules/cognitive-services/account/main.bicep +++ b/modules/cognitive-services/account/main.bicep @@ -286,7 +286,7 @@ module cognitiveServices_privateEndpoints '../../network/private-endpoint/main.b subnetResourceId: privateEndpoint.subnetResourceId enableDefaultTelemetry: enableReferencedModulesTelemetry location: contains(privateEndpoint, 'location') ? privateEndpoint.location : reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location - lock: contains(privateEndpoint, 'lock') ? privateEndpoint.lock : null + lock: privateEndpoint.?lock ?? lock privateDnsZoneGroupName: contains(privateEndpoint, 'privateDnsZoneGroupName') ? privateEndpoint.privateDnsZoneGroupName : 'default' privateDnsZoneResourceIds: contains(privateEndpoint, 'privateDnsZoneResourceIds') ? privateEndpoint.privateDnsZoneResourceIds : [] roleAssignments: contains(privateEndpoint, 'roleAssignments') ? privateEndpoint.roleAssignments : [] diff --git a/modules/compute/availability-set/README.md b/modules/compute/availability-set/README.md index b024ce9960..cddca05dfe 100644 --- a/modules/compute/availability-set/README.md +++ b/modules/compute/availability-set/README.md @@ -90,7 +90,10 @@ module availabilitySet 'br:bicep/modules/compute.availability-set:1.0.0' = { "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "proximityPlacementGroupResourceId": { "value": "" @@ -183,7 +186,7 @@ module availabilitySet 'br:bicep/modules/compute.availability-set:1.0.0' = { | :-- | :-- | :-- | | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`location`](#parameter-location) | string | Resource location. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`platformFaultDomainCount`](#parameter-platformfaultdomaincount) | int | The number of fault domains to use. | | [`platformUpdateDomainCount`](#parameter-platformupdatedomaincount) | int | The number of update domains to use. | | [`proximityPlacementGroupResourceId`](#parameter-proximityplacementgroupresourceid) | string | Resource ID of a proximity placement group. | @@ -207,11 +210,30 @@ Resource location. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/compute/disk-encryption-set/README.md b/modules/compute/disk-encryption-set/README.md index d4c090d028..c1dc0eef08 100644 --- a/modules/compute/disk-encryption-set/README.md +++ b/modules/compute/disk-encryption-set/README.md @@ -200,7 +200,10 @@ module diskEncryptionSet 'br:bicep/modules/compute.disk-encryption-set:1.0.0' = "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "roleAssignments": { "value": [ @@ -262,7 +265,7 @@ module diskEncryptionSet 'br:bicep/modules/compute.disk-encryption-set:1.0.0' = | [`federatedClientId`](#parameter-federatedclientid) | string | Multi-tenant application client ID to access key vault in a different tenant. Setting the value to "None" will clear the property. | | [`keyVersion`](#parameter-keyversion) | string | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | | [`location`](#parameter-location) | string | Resource location. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`rotationToLatestKeyVersionEnabled`](#parameter-rotationtolatestkeyversionenabled) | bool | Set this flag to true to enable auto-updating of this disk encryption set to the latest key version. | | [`tags`](#parameter-tags) | object | Tags of the disk encryption resource. | @@ -317,11 +320,30 @@ Resource location. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/compute/disk/README.md b/modules/compute/disk/README.md index 1fa1865dca..0a099cb76c 100644 --- a/modules/compute/disk/README.md +++ b/modules/compute/disk/README.md @@ -110,7 +110,10 @@ module disk 'br:bicep/modules/compute.disk:1.0.0' = { "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "logicalSectorSize": { "value": 512 @@ -416,7 +419,7 @@ module disk 'br:bicep/modules/compute.disk:1.0.0' = { | [`hyperVGeneration`](#parameter-hypervgeneration) | string | The hypervisor generation of the Virtual Machine. Applicable to OS disks only. | | [`imageReferenceId`](#parameter-imagereferenceid) | string | A relative uri containing either a Platform Image Repository or user image reference. | | [`location`](#parameter-location) | string | Resource location. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`logicalSectorSize`](#parameter-logicalsectorsize) | int | Logical sector size in bytes for Ultra disks. Supported values are 512 ad 4096. | | [`maxShares`](#parameter-maxshares) | int | The maximum number of VMs that can attach to the disk at the same time. Default value is 0. | | [`networkAccessPolicy`](#parameter-networkaccesspolicy) | string | Policy for accessing the disk via network. | @@ -519,11 +522,30 @@ Resource location. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `logicalSectorSize` diff --git a/modules/compute/gallery/README.md b/modules/compute/gallery/README.md index 5a0779b929..bc21780e0a 100644 --- a/modules/compute/gallery/README.md +++ b/modules/compute/gallery/README.md @@ -349,7 +349,10 @@ module gallery 'br:bicep/modules/compute.gallery:1.0.0' = { ] }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "roleAssignments": { "value": [ @@ -442,7 +445,7 @@ module gallery 'br:bicep/modules/compute.gallery:1.0.0' = { | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`images`](#parameter-images) | array | Images to create. | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`tags`](#parameter-tags) | object | Tags for all resources. | @@ -483,11 +486,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/compute/proximity-placement-group/README.md b/modules/compute/proximity-placement-group/README.md index 5ff85121d6..36c6b39b63 100644 --- a/modules/compute/proximity-placement-group/README.md +++ b/modules/compute/proximity-placement-group/README.md @@ -121,7 +121,10 @@ module proximityPlacementGroup 'br:bicep/modules/compute.proximity-placement-gro } }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "roleAssignments": { "value": [ @@ -221,7 +224,7 @@ module proximityPlacementGroup 'br:bicep/modules/compute.proximity-placement-gro | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`intent`](#parameter-intent) | object | Specifies the user intent of the proximity placement group. | | [`location`](#parameter-location) | string | Resource location. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`tags`](#parameter-tags) | object | Tags of the proximity placement group resource. | | [`type`](#parameter-type) | string | Specifies the type of the proximity placement group. | @@ -257,11 +260,30 @@ Resource location. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/compute/ssh-public-key/README.md b/modules/compute/ssh-public-key/README.md index d55794c19a..210914120a 100644 --- a/modules/compute/ssh-public-key/README.md +++ b/modules/compute/ssh-public-key/README.md @@ -146,7 +146,7 @@ module sshPublicKey 'br:bicep/modules/compute.ssh-public-key:1.0.0' = { | :-- | :-- | :-- | | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`location`](#parameter-location) | string | Resource location. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`publicKey`](#parameter-publickey) | string | SSH public key used to authenticate to a virtual machine through SSH. If this property is not initially provided when the resource is created, the publicKey property will be populated when generateKeyPair is called. If the public key is provided upon resource creation, the provided public key needs to be at least 2048-bit and in ssh-rsa format. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`tags`](#parameter-tags) | object | Tags of the availability set resource. | @@ -167,11 +167,30 @@ Resource location. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/compute/virtual-machine-scale-set/README.md b/modules/compute/virtual-machine-scale-set/README.md index 6b893830bd..0bef11fad9 100644 --- a/modules/compute/virtual-machine-scale-set/README.md +++ b/modules/compute/virtual-machine-scale-set/README.md @@ -315,7 +315,10 @@ module virtualMachineScaleSet 'br:bicep/modules/compute.virtual-machine-scale-se } }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "nicConfigurations": { "value": [ @@ -983,7 +986,10 @@ module virtualMachineScaleSet 'br:bicep/modules/compute.virtual-machine-scale-se } }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "nicConfigurations": { "value": [ @@ -1224,7 +1230,7 @@ module virtualMachineScaleSet 'br:bicep/modules/compute.virtual-machine-scale-se | [`gracePeriod`](#parameter-graceperiod) | string | The amount of time for which automatic repairs are suspended due to a state change on VM. The grace time starts after the state change has completed. This helps avoid premature or accidental repairs. The time duration should be specified in ISO 8601 format. The minimum allowed grace period is 30 minutes (PT30M). The maximum allowed grace period is 90 minutes (PT90M). | | [`licenseType`](#parameter-licensetype) | string | Specifies that the image or disk that is being used was licensed on-premises. This element is only used for images that contain the Windows Server operating system. | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`maxBatchInstancePercent`](#parameter-maxbatchinstancepercent) | int | The maximum percent of total virtual machine instances that will be upgraded simultaneously by the rolling upgrade in one batch. As this is a maximum, unhealthy instances in previous or future batches can cause the percentage of instances in a batch to decrease to ensure higher reliability. | | [`maxPriceForLowPriorityVm`](#parameter-maxpriceforlowpriorityvm) | string | Specifies the maximum price you are willing to pay for a low priority VM/VMSS. This price is in US Dollars. | | [`maxUnhealthyInstancePercent`](#parameter-maxunhealthyinstancepercent) | int | The maximum percentage of the total virtual machine instances in the scale set that can be simultaneously unhealthy, either as a result of being upgraded, or by being found in an unhealthy state by the virtual machine health checks before the rolling upgrade aborts. This constraint will be checked prior to starting any batch. | @@ -1519,11 +1525,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `maxBatchInstancePercent` diff --git a/modules/compute/virtual-machine/README.md b/modules/compute/virtual-machine/README.md index 310d694b1c..9fbeb457c1 100644 --- a/modules/compute/virtual-machine/README.md +++ b/modules/compute/virtual-machine/README.md @@ -511,7 +511,10 @@ module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = { "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "monitoringWorkspaceId": { "value": "" @@ -1396,7 +1399,10 @@ module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = { "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "monitoringWorkspaceId": { "value": "" @@ -1909,7 +1915,7 @@ module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = { | [`extensionNetworkWatcherAgentConfig`](#parameter-extensionnetworkwatcheragentconfig) | object | The configuration for the [Network Watcher Agent] extension. Must at least contain the ["enabled": true] property to be executed. | | [`licenseType`](#parameter-licensetype) | string | Specifies that the image or disk that is being used was licensed on-premises. This element is only used for images that contain the Windows Server operating system. | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`maxPriceForLowPriorityVm`](#parameter-maxpriceforlowpriorityvm) | string | Specifies the maximum price you are willing to pay for a low priority VM/VMSS. This price is in US Dollars. | | [`monitoringWorkspaceId`](#parameter-monitoringworkspaceid) | string | Resource ID of the monitoring log analytics workspace. Must be set when extensionMonitoringAgentConfig is set to true. | | [`name`](#parameter-name) | string | The name of the virtual machine to be created. You should use a unique prefix to reduce name collisions in Active Directory. If no value is provided, a 10 character long unique string will be generated based on the Resource Group's name. | @@ -2240,11 +2246,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `maxPriceForLowPriorityVm` diff --git a/modules/container-instance/container-group/README.md b/modules/container-instance/container-group/README.md index 957b6d4137..b59196c147 100644 --- a/modules/container-instance/container-group/README.md +++ b/modules/container-instance/container-group/README.md @@ -202,7 +202,10 @@ module containerGroup 'br:bicep/modules/container-instance.container-group:1.0.0 ] }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "systemAssignedIdentity": { "value": true @@ -406,7 +409,10 @@ module containerGroup 'br:bicep/modules/container-instance.container-group:1.0.0 ] }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "systemAssignedIdentity": { "value": true @@ -733,7 +739,10 @@ module containerGroup 'br:bicep/modules/container-instance.container-group:1.0.0 "value": "Private" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "subnetId": { "value": "" @@ -801,7 +810,7 @@ module containerGroup 'br:bicep/modules/container-instance.container-group:1.0.0 | [`initContainers`](#parameter-initcontainers) | array | A list of container definitions which will be executed before the application container starts. | | [`ipAddressType`](#parameter-ipaddresstype) | string | Specifies if the IP is exposed to the public internet or private VNET. - Public or Private. | | [`location`](#parameter-location) | string | Location for all Resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`osType`](#parameter-ostype) | string | The operating system type required by the containers in the container group. - Windows or Linux. | | [`restartPolicy`](#parameter-restartpolicy) | string | Restart policy for all containers within the container group. - Always: Always restart. OnFailure: Restart on failure. Never: Never restart. - Always, OnFailure, Never. | | [`sku`](#parameter-sku) | string | The container group SKU. | @@ -919,11 +928,30 @@ Location for all Resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/container-registry/registry/README.md b/modules/container-registry/registry/README.md index d3dc883386..84e25e335c 100644 --- a/modules/container-registry/registry/README.md +++ b/modules/container-registry/registry/README.md @@ -191,7 +191,10 @@ module registry 'br:bicep/modules/container-registry.registry:1.0.0' = { "value": "enabled" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "networkRuleSetIpRules": { "value": [ @@ -540,7 +543,7 @@ module registry 'br:bicep/modules/container-registry.registry:1.0.0' = { | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`exportPolicyStatus`](#parameter-exportpolicystatus) | string | The value that indicates whether the export policy is enabled or not. | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`networkRuleBypassOptions`](#parameter-networkrulebypassoptions) | string | Whether to allow trusted Azure services to access a network restricted registry. | | [`networkRuleSetDefaultAction`](#parameter-networkrulesetdefaultaction) | string | The default action of allow or deny when no other rules match. | | [`networkRuleSetIpRules`](#parameter-networkrulesetiprules) | array | The IP ACL rules. Note, requires the 'acrSku' to be 'Premium'. | @@ -707,11 +710,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/container-registry/registry/main.bicep b/modules/container-registry/registry/main.bicep index fb779b389f..1f4ac8544c 100644 --- a/modules/container-registry/registry/main.bicep +++ b/modules/container-registry/registry/main.bicep @@ -377,7 +377,7 @@ module registry_privateEndpoints '../../network/private-endpoint/main.bicep' = [ subnetResourceId: privateEndpoint.subnetResourceId enableDefaultTelemetry: enableReferencedModulesTelemetry location: contains(privateEndpoint, 'location') ? privateEndpoint.location : reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location - lock: contains(privateEndpoint, 'lock') ? privateEndpoint.lock : null + lock: privateEndpoint.?lock ?? lock privateDnsZoneGroupName: contains(privateEndpoint, 'privateDnsZoneGroupName') ? privateEndpoint.privateDnsZoneGroupName : 'default' privateDnsZoneResourceIds: contains(privateEndpoint, 'privateDnsZoneResourceIds') ? privateEndpoint.privateDnsZoneResourceIds : [] roleAssignments: contains(privateEndpoint, 'roleAssignments') ? privateEndpoint.roleAssignments : [] diff --git a/modules/container-service/managed-cluster/README.md b/modules/container-service/managed-cluster/README.md index 933b57ff45..e95c168a1c 100644 --- a/modules/container-service/managed-cluster/README.md +++ b/modules/container-service/managed-cluster/README.md @@ -440,7 +440,10 @@ module managedCluster 'br:bicep/modules/container-service.managed-cluster:1.0.0' } }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "monitoringWorkspaceId": { "value": "" @@ -1152,7 +1155,7 @@ module managedCluster 'br:bicep/modules/container-service.managed-cluster:1.0.0' | [`kubernetesVersion`](#parameter-kubernetesversion) | string | Version of Kubernetes specified when creating the managed cluster. | | [`loadBalancerSku`](#parameter-loadbalancersku) | string | Specifies the sku of the load balancer used by the virtual machine scale sets used by nodepools. | | [`location`](#parameter-location) | string | Specifies the location of AKS cluster. It picks up Resource Group's location by default. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`managedOutboundIPCount`](#parameter-managedoutboundipcount) | int | Outbound IP Count for the Load balancer. | | [`monitoringWorkspaceId`](#parameter-monitoringworkspaceid) | string | Resource ID of the monitoring log analytics workspace. | | [`networkDataplane`](#parameter-networkdataplane) | string | Network dataplane used in the Kubernetes cluster. Not compatible with kubenet network plugin. | @@ -1687,11 +1690,30 @@ Specifies the location of AKS cluster. It picks up Resource Group's location by ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `managedOutboundIPCount` diff --git a/modules/data-factory/factory/README.md b/modules/data-factory/factory/README.md index f2f15d118a..ae8a6fd889 100644 --- a/modules/data-factory/factory/README.md +++ b/modules/data-factory/factory/README.md @@ -206,7 +206,10 @@ module factory 'br:bicep/modules/data-factory.factory:1.0.0' = { ] }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "managedPrivateEndpoints": { "value": [ @@ -363,7 +366,7 @@ module factory 'br:bicep/modules/data-factory.factory:1.0.0' = { | [`globalParameters`](#parameter-globalparameters) | object | List of Global Parameters for the factory. | | [`integrationRuntimes`](#parameter-integrationruntimes) | array | An array of objects for the configuration of an Integration Runtime. | | [`location`](#parameter-location) | string | Location for all Resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`managedPrivateEndpoints`](#parameter-managedprivateendpoints) | array | An array of managed private endpoints objects created in the Data Factory managed virtual network. | | [`managedVirtualNetworkName`](#parameter-managedvirtualnetworkname) | string | The name of the Managed Virtual Network. | | [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration Details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | @@ -545,11 +548,30 @@ Location for all Resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `managedPrivateEndpoints` diff --git a/modules/data-factory/factory/main.bicep b/modules/data-factory/factory/main.bicep index 3937c402ae..8a0685e3ae 100644 --- a/modules/data-factory/factory/main.bicep +++ b/modules/data-factory/factory/main.bicep @@ -274,7 +274,7 @@ module dataFactory_privateEndpoints '../../network/private-endpoint/main.bicep' subnetResourceId: privateEndpoint.subnetResourceId enableDefaultTelemetry: enableReferencedModulesTelemetry location: contains(privateEndpoint, 'location') ? privateEndpoint.location : reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location - lock: contains(privateEndpoint, 'lock') ? privateEndpoint.lock : null + lock: privateEndpoint.?lock ?? lock privateDnsZoneGroupName: contains(privateEndpoint, 'privateDnsZoneGroupName') ? privateEndpoint.privateDnsZoneGroupName : 'default' privateDnsZoneResourceIds: contains(privateEndpoint, 'privateDnsZoneResourceIds') ? privateEndpoint.privateDnsZoneResourceIds : [] roleAssignments: contains(privateEndpoint, 'roleAssignments') ? privateEndpoint.roleAssignments : [] diff --git a/modules/data-protection/backup-vault/README.md b/modules/data-protection/backup-vault/README.md index 5e02dbb852..9fcda953f4 100644 --- a/modules/data-protection/backup-vault/README.md +++ b/modules/data-protection/backup-vault/README.md @@ -222,7 +222,10 @@ module backupVault 'br:bicep/modules/data-protection.backup-vault:1.0.0' = { "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "roleAssignments": { "value": [ @@ -319,7 +322,7 @@ module backupVault 'br:bicep/modules/data-protection.backup-vault:1.0.0' = { | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`featureSettings`](#parameter-featuresettings) | object | Feature settings for the backup vault. | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`securitySettings`](#parameter-securitysettings) | object | Security settings for the backup vault. | | [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | @@ -372,11 +375,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/databricks/access-connector/README.md b/modules/databricks/access-connector/README.md index d358c5f991..f282d649ca 100644 --- a/modules/databricks/access-connector/README.md +++ b/modules/databricks/access-connector/README.md @@ -97,7 +97,10 @@ module accessConnector 'br:bicep/modules/databricks.access-connector:1.0.0' = { "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "roleAssignments": { "value": [ @@ -195,7 +198,7 @@ module accessConnector 'br:bicep/modules/databricks.access-connector:1.0.0' = { | :-- | :-- | :-- | | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`location`](#parameter-location) | string | Location for all Resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | | [`tags`](#parameter-tags) | object | Tags of the resource. | @@ -217,11 +220,30 @@ Location for all Resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/databricks/workspace/README.md b/modules/databricks/workspace/README.md index 07ec094178..5b747b5dbd 100644 --- a/modules/databricks/workspace/README.md +++ b/modules/databricks/workspace/README.md @@ -201,7 +201,10 @@ module workspace 'br:bicep/modules/databricks.workspace:1.0.0' = { "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "managedResourceGroupResourceId": { "value": "" @@ -366,7 +369,7 @@ module workspace 'br:bicep/modules/databricks.workspace:1.0.0' = { | [`loadBalancerBackendPoolName`](#parameter-loadbalancerbackendpoolname) | string | Name of the outbound Load Balancer Backend Pool for Secure Cluster Connectivity (No Public IP). | | [`loadBalancerResourceId`](#parameter-loadbalancerresourceid) | string | Resource URI of Outbound Load balancer for Secure Cluster Connectivity (No Public IP) workspace. | | [`location`](#parameter-location) | string | Location for all Resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`managedResourceGroupResourceId`](#parameter-managedresourcegroupresourceid) | string | The managed resource group ID. It is created by the module as per the to-be resource ID you provide. | | [`natGatewayName`](#parameter-natgatewayname) | string | Name of the NAT gateway for Secure Cluster Connectivity (No Public IP) workspace subnets. | | [`prepareEncryption`](#parameter-prepareencryption) | bool | Prepare the workspace for encryption. Enables the Managed Identity for managed storage account. | @@ -539,11 +542,30 @@ Location for all Resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `managedResourceGroupResourceId` diff --git a/modules/databricks/workspace/main.bicep b/modules/databricks/workspace/main.bicep index 8ffa925f08..adcc98225c 100644 --- a/modules/databricks/workspace/main.bicep +++ b/modules/databricks/workspace/main.bicep @@ -339,7 +339,7 @@ module workspace_privateEndpoints '../../network/private-endpoint/main.bicep' = subnetResourceId: privateEndpoint.subnetResourceId enableDefaultTelemetry: enableReferencedModulesTelemetry location: contains(privateEndpoint, 'location') ? privateEndpoint.location : reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location - lock: contains(privateEndpoint, 'lock') ? privateEndpoint.lock : null + lock: privateEndpoint.?lock ?? lock privateDnsZoneGroupName: contains(privateEndpoint, 'privateDnsZoneGroupName') ? privateEndpoint.privateDnsZoneGroupName : 'default' privateDnsZoneResourceIds: contains(privateEndpoint, 'privateDnsZoneResourceIds') ? privateEndpoint.privateDnsZoneResourceIds : [] roleAssignments: contains(privateEndpoint, 'roleAssignments') ? privateEndpoint.roleAssignments : [] diff --git a/modules/db-for-my-sql/flexible-server/README.md b/modules/db-for-my-sql/flexible-server/README.md index e4bffab0b8..bce5faa7d7 100644 --- a/modules/db-for-my-sql/flexible-server/README.md +++ b/modules/db-for-my-sql/flexible-server/README.md @@ -239,7 +239,10 @@ module flexibleServer 'br:bicep/modules/db-for-my-sql.flexible-server:1.0.0' = { "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "privateDnsZoneResourceId": { "value": "" @@ -486,7 +489,10 @@ module flexibleServer 'br:bicep/modules/db-for-my-sql.flexible-server:1.0.0' = { "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "roleAssignments": { "value": [ @@ -587,7 +593,7 @@ module flexibleServer 'br:bicep/modules/db-for-my-sql.flexible-server:1.0.0' = { | [`geoRedundantBackup`](#parameter-georedundantbackup) | string | A value indicating whether Geo-Redundant backup is enabled on the server. If "Enabled" and "cMKKeyName" is not empty, then "geoBackupCMKKeyVaultResourceId" and "cMKUserAssignedIdentityResourceId" are also required. | | [`highAvailability`](#parameter-highavailability) | string | The mode for High Availability (HA). It is not supported for the Burstable pricing tier and Zone redundant HA can only be set during server provisioning. | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`maintenanceWindow`](#parameter-maintenancewindow) | object | Properties for the maintenence window. If provided, "customWindow" property must exist and set to "Enabled". | | [`replicationRole`](#parameter-replicationrole) | string | The replication role. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the "roleDefinitionIdOrName" and "principalId" to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11". | @@ -801,11 +807,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `maintenanceWindow` diff --git a/modules/db-for-postgre-sql/flexible-server/README.md b/modules/db-for-postgre-sql/flexible-server/README.md index 4895dea492..152b9d243a 100644 --- a/modules/db-for-postgre-sql/flexible-server/README.md +++ b/modules/db-for-postgre-sql/flexible-server/README.md @@ -516,7 +516,7 @@ module flexibleServer 'br:bicep/modules/db-for-postgre-sql.flexible-server:1.0.0 | [`geoRedundantBackup`](#parameter-georedundantbackup) | string | A value indicating whether Geo-Redundant backup is enabled on the server. Should be left disabled if 'cMKKeyName' is not empty. | | [`highAvailability`](#parameter-highavailability) | string | The mode for high availability. | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`maintenanceWindow`](#parameter-maintenancewindow) | object | Properties for the maintenence window. If provided, "customWindow" property must exist and set to "Enabled". | | [`passwordAuth`](#parameter-passwordauth) | string | If Enabled, password authentication is enabled. | | [`privateDnsZoneArmResourceId`](#parameter-privatednszonearmresourceid) | string | Private dns zone arm resource ID. Used when the desired connectivity mode is "Private Access" and required when "delegatedSubnetResourceId" is used. The Private DNS Zone must be lined to the Virtual Network referenced in "delegatedSubnetResourceId". | @@ -717,11 +717,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `maintenanceWindow` diff --git a/modules/desktop-virtualization/application-group/README.md b/modules/desktop-virtualization/application-group/README.md index d93fe35a01..69318e6750 100644 --- a/modules/desktop-virtualization/application-group/README.md +++ b/modules/desktop-virtualization/application-group/README.md @@ -165,7 +165,10 @@ module applicationGroup 'br:bicep/modules/desktop-virtualization.application-gro "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "roleAssignments": { "value": [ @@ -274,7 +277,7 @@ module applicationGroup 'br:bicep/modules/desktop-virtualization.application-gro | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`friendlyName`](#parameter-friendlyname) | string | The friendly name of the Application Group to be created. | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`tags`](#parameter-tags) | object | Tags of the resource. | @@ -371,11 +374,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/desktop-virtualization/host-pool/README.md b/modules/desktop-virtualization/host-pool/README.md index 6ab851ae3c..0d1ab1e93e 100644 --- a/modules/desktop-virtualization/host-pool/README.md +++ b/modules/desktop-virtualization/host-pool/README.md @@ -178,7 +178,10 @@ module hostPool 'br:bicep/modules/desktop-virtualization.host-pool:1.0.0' = { "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "maxSessionLimit": { "value": 99999 @@ -313,7 +316,7 @@ module hostPool 'br:bicep/modules/desktop-virtualization.host-pool:1.0.0' = { | [`friendlyName`](#parameter-friendlyname) | string | The friendly name of the Host Pool to be created. | | [`loadBalancerType`](#parameter-loadbalancertype) | string | Type of load balancer algorithm. | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`maxSessionLimit`](#parameter-maxsessionlimit) | int | Maximum number of sessions. | | [`personalDesktopAssignmentType`](#parameter-personaldesktopassignmenttype) | string | Set the type of assignment for a Personal Host Pool type. | | [`preferredAppGroupType`](#parameter-preferredappgrouptype) | string | The type of preferred application group type, default to Desktop Application Group. | @@ -482,11 +485,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `maxSessionLimit` diff --git a/modules/desktop-virtualization/workspace/README.md b/modules/desktop-virtualization/workspace/README.md index dabe45018f..c864a267f3 100644 --- a/modules/desktop-virtualization/workspace/README.md +++ b/modules/desktop-virtualization/workspace/README.md @@ -126,7 +126,10 @@ module workspace 'br:bicep/modules/desktop-virtualization.workspace:1.0.0' = { "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "roleAssignments": { "value": [ @@ -225,7 +228,7 @@ module workspace 'br:bicep/modules/desktop-virtualization.workspace:1.0.0' = { | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`friendlyName`](#parameter-friendlyname) | string | The friendly name of the Workspace to be created. | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`tags`](#parameter-tags) | object | Tags of the resource. | @@ -309,11 +312,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/dev-test-lab/lab/README.md b/modules/dev-test-lab/lab/README.md index 128505fa57..086d52b067 100644 --- a/modules/dev-test-lab/lab/README.md +++ b/modules/dev-test-lab/lab/README.md @@ -370,7 +370,10 @@ module lab 'br:bicep/modules/dev-test-lab.lab:1.0.0' = { "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "managementIdentities": { "value": { @@ -655,7 +658,7 @@ module lab 'br:bicep/modules/dev-test-lab.lab:1.0.0' = { | [`isolateLabResources`](#parameter-isolatelabresources) | string | Enable lab resources isolation from the public internet. | | [`labStorageType`](#parameter-labstoragetype) | string | Type of storage used by the lab. It can be either Premium or Standard. | | [`location`](#parameter-location) | string | Location for all Resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`managementIdentities`](#parameter-managementidentities) | object | The ID(s) to assign to the virtual machines associated with this lab. | | [`mandatoryArtifactsResourceIdsLinux`](#parameter-mandatoryartifactsresourceidslinux) | array | The ordered list of artifact resource IDs that should be applied on all Linux VM creations by default, prior to the artifacts specified by the user. | | [`mandatoryArtifactsResourceIdsWindows`](#parameter-mandatoryartifactsresourceidswindows) | array | The ordered list of artifact resource IDs that should be applied on all Windows VM creations by default, prior to the artifacts specified by the user. | @@ -774,11 +777,30 @@ Location for all Resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `managementIdentities` diff --git a/modules/digital-twins/digital-twins-instance/README.md b/modules/digital-twins/digital-twins-instance/README.md index 2e32d90721..1075d78369 100644 --- a/modules/digital-twins/digital-twins-instance/README.md +++ b/modules/digital-twins/digital-twins-instance/README.md @@ -154,7 +154,10 @@ module digitalTwinsInstance 'br:bicep/modules/digital-twins.digital-twins-instan } }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "privateEndpoints": { "value": [ @@ -279,7 +282,7 @@ module digitalTwinsInstance 'br:bicep/modules/digital-twins.digital-twins-instan | [`eventGridEndpoint`](#parameter-eventgridendpoint) | object | Event Grid Endpoint. | | [`eventHubEndpoint`](#parameter-eventhubendpoint) | object | Event Hub Endpoint. | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | | [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | @@ -369,11 +372,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/digital-twins/digital-twins-instance/main.bicep b/modules/digital-twins/digital-twins-instance/main.bicep index 3f8b61e23f..7b803a5b93 100644 --- a/modules/digital-twins/digital-twins-instance/main.bicep +++ b/modules/digital-twins/digital-twins-instance/main.bicep @@ -195,7 +195,7 @@ module digitalTwinsInstance_privateEndpoints '../../network/private-endpoint/mai subnetResourceId: privateEndpoint.subnetResourceId enableDefaultTelemetry: enableReferencedModulesTelemetry location: contains(privateEndpoint, 'location') ? privateEndpoint.location : reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location - lock: contains(privateEndpoint, 'lock') ? privateEndpoint.lock : null + lock: privateEndpoint.?lock ?? lock privateDnsZoneGroupName: contains(privateEndpoint, 'privateDnsZoneGroupName') ? privateEndpoint.privateDnsZoneGroupName : 'default' privateDnsZoneResourceIds: contains(privateEndpoint, 'privateDnsZoneResourceIds') ? privateEndpoint.privateDnsZoneResourceIds : [] roleAssignments: contains(privateEndpoint, 'roleAssignments') ? privateEndpoint.roleAssignments : [] diff --git a/modules/document-db/database-account/README.md b/modules/document-db/database-account/README.md index ceecfd5651..0fd34843a5 100644 --- a/modules/document-db/database-account/README.md +++ b/modules/document-db/database-account/README.md @@ -869,7 +869,10 @@ module databaseAccount 'br:bicep/modules/document-db.database-account:1.0.0' = { "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "roleAssignments": { "value": [ @@ -1249,7 +1252,7 @@ module databaseAccount 'br:bicep/modules/document-db.database-account:1.0.0' = { | [`enableFreeTier`](#parameter-enablefreetier) | bool | Flag to indicate whether Free Tier is enabled. | | [`gremlinDatabases`](#parameter-gremlindatabases) | array | Gremlin Databases configurations. | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`maxIntervalInSeconds`](#parameter-maxintervalinseconds) | int | Max lag time (minutes). Required for BoundedStaleness. Valid ranges, Single Region: 5 to 84600. Multi Region: 300 to 86400. | | [`maxStalenessPrefix`](#parameter-maxstalenessprefix) | int | Max stale requests. Required for BoundedStaleness. Valid ranges, Single Region: 10 to 1000000. Multi Region: 100000 to 1000000. | | [`mongodbDatabases`](#parameter-mongodbdatabases) | array | MongoDB Databases configurations. | @@ -1417,11 +1420,30 @@ Locations enabled for the Cosmos DB account. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `maxIntervalInSeconds` diff --git a/modules/document-db/database-account/main.bicep b/modules/document-db/database-account/main.bicep index 3b2a7aa12b..37ab5669f4 100644 --- a/modules/document-db/database-account/main.bicep +++ b/modules/document-db/database-account/main.bicep @@ -357,7 +357,7 @@ module databaseAccount_privateEndpoints '../../network/private-endpoint/main.bic subnetResourceId: privateEndpoint.subnetResourceId enableDefaultTelemetry: enableReferencedModulesTelemetry location: contains(privateEndpoint, 'location') ? privateEndpoint.location : reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location - lock: contains(privateEndpoint, 'lock') ? privateEndpoint.lock : null + lock: privateEndpoint.?lock ?? lock privateDnsZoneGroupName: contains(privateEndpoint, 'privateDnsZoneGroupName') ? privateEndpoint.privateDnsZoneGroupName : 'default' privateDnsZoneResourceIds: contains(privateEndpoint, 'privateDnsZoneResourceIds') ? privateEndpoint.privateDnsZoneResourceIds : [] roleAssignments: contains(privateEndpoint, 'roleAssignments') ? privateEndpoint.roleAssignments : [] diff --git a/modules/event-grid/domain/README.md b/modules/event-grid/domain/README.md index 0a137c4229..f384027758 100644 --- a/modules/event-grid/domain/README.md +++ b/modules/event-grid/domain/README.md @@ -141,7 +141,10 @@ module domain 'br:bicep/modules/event-grid.domain:1.0.0' = { ] }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "privateEndpoints": { "value": [ @@ -349,7 +352,7 @@ module domain 'br:bicep/modules/event-grid.domain:1.0.0' = { | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`inboundIpRules`](#parameter-inboundiprules) | array | This can be used to restrict traffic from specific IPs instead of all IPs. Note: These are considered only if PublicNetworkAccess is enabled. | | [`location`](#parameter-location) | string | Location for all Resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | | [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and inboundIpRules are not set. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | @@ -444,11 +447,30 @@ Location for all Resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/event-grid/domain/main.bicep b/modules/event-grid/domain/main.bicep index f964392407..3a3c6dbf0f 100644 --- a/modules/event-grid/domain/main.bicep +++ b/modules/event-grid/domain/main.bicep @@ -164,7 +164,7 @@ module domain_privateEndpoints '../../network/private-endpoint/main.bicep' = [fo subnetResourceId: privateEndpoint.subnetResourceId enableDefaultTelemetry: enableReferencedModulesTelemetry location: contains(privateEndpoint, 'location') ? privateEndpoint.location : reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location - lock: contains(privateEndpoint, 'lock') ? privateEndpoint.lock : null + lock: privateEndpoint.?lock ?? lock privateDnsZoneGroupName: contains(privateEndpoint, 'privateDnsZoneGroupName') ? privateEndpoint.privateDnsZoneGroupName : 'default' privateDnsZoneResourceIds: contains(privateEndpoint, 'privateDnsZoneResourceIds') ? privateEndpoint.privateDnsZoneResourceIds : [] roleAssignments: contains(privateEndpoint, 'roleAssignments') ? privateEndpoint.roleAssignments : [] diff --git a/modules/event-grid/system-topic/README.md b/modules/event-grid/system-topic/README.md index 3a4e1fc8b8..e70f28338f 100644 --- a/modules/event-grid/system-topic/README.md +++ b/modules/event-grid/system-topic/README.md @@ -165,7 +165,10 @@ module systemTopic 'br:bicep/modules/event-grid.system-topic:1.0.0' = { ] }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "roleAssignments": { "value": [ @@ -273,7 +276,7 @@ module systemTopic 'br:bicep/modules/event-grid.system-topic:1.0.0' = { | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`eventSubscriptions`](#parameter-eventsubscriptions) | array | Event subscriptions to deploy. | | [`location`](#parameter-location) | string | Location for all Resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | | [`tags`](#parameter-tags) | object | Tags of the resource. | @@ -353,11 +356,30 @@ Location for all Resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/event-grid/topic/README.md b/modules/event-grid/topic/README.md index 10d66e846e..ce94a6b52d 100644 --- a/modules/event-grid/topic/README.md +++ b/modules/event-grid/topic/README.md @@ -188,7 +188,10 @@ module topic 'br:bicep/modules/event-grid.topic:1.0.0' = { ] }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "privateEndpoints": { "value": [ @@ -390,7 +393,7 @@ module topic 'br:bicep/modules/event-grid.topic:1.0.0' = { | [`eventSubscriptions`](#parameter-eventsubscriptions) | array | Event subscriptions to deploy. | | [`inboundIpRules`](#parameter-inboundiprules) | array | This can be used to restrict traffic from specific IPs instead of all IPs. Note: These are considered only if PublicNetworkAccess is enabled. | | [`location`](#parameter-location) | string | Location for all Resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | | [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and inboundIpRules are not set. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | @@ -477,11 +480,30 @@ Location for all Resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/event-grid/topic/main.bicep b/modules/event-grid/topic/main.bicep index e7ef288c85..2ad0af32b8 100644 --- a/modules/event-grid/topic/main.bicep +++ b/modules/event-grid/topic/main.bicep @@ -166,7 +166,7 @@ module topic_privateEndpoints '../../network/private-endpoint/main.bicep' = [for subnetResourceId: privateEndpoint.subnetResourceId enableDefaultTelemetry: enableReferencedModulesTelemetry location: contains(privateEndpoint, 'location') ? privateEndpoint.location : reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location - lock: contains(privateEndpoint, 'lock') ? privateEndpoint.lock : null + lock: privateEndpoint.?lock ?? lock privateDnsZoneGroupName: contains(privateEndpoint, 'privateDnsZoneGroupName') ? privateEndpoint.privateDnsZoneGroupName : 'default' privateDnsZoneResourceIds: contains(privateEndpoint, 'privateDnsZoneResourceIds') ? privateEndpoint.privateDnsZoneResourceIds : [] roleAssignments: contains(privateEndpoint, 'roleAssignments') ? privateEndpoint.roleAssignments : [] diff --git a/modules/event-hub/namespace/README.md b/modules/event-hub/namespace/README.md index 8af28c7603..68c432211b 100644 --- a/modules/event-hub/namespace/README.md +++ b/modules/event-hub/namespace/README.md @@ -342,7 +342,10 @@ module namespace 'br:bicep/modules/event-hub.namespace:1.0.0' = { "value": true }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "maximumThroughputUnits": { "value": 4 @@ -706,7 +709,7 @@ module namespace 'br:bicep/modules/event-hub.namespace:1.0.0' = { | [`isAutoInflateEnabled`](#parameter-isautoinflateenabled) | bool | Switch to enable the Auto Inflate feature of Event Hub. Auto Inflate is not supported in Premium SKU EventHub. | | [`kafkaEnabled`](#parameter-kafkaenabled) | bool | Value that indicates whether Kafka is enabled for Event Hubs Namespace. | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`maximumThroughputUnits`](#parameter-maximumthroughputunits) | int | Upper limit of throughput units when AutoInflate is enabled, value should be within 0 to 20 throughput units. | | [`minimumTlsVersion`](#parameter-minimumtlsversion) | string | The minimum TLS version for the cluster to support. | | [`networkRuleSets`](#parameter-networkrulesets) | object | Configure networking options. This object contains IPs/Subnets to allow or restrict access to private endpoints only. For security reasons, it is recommended to configure this object on the Namespace. | @@ -858,11 +861,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `maximumThroughputUnits` diff --git a/modules/event-hub/namespace/eventhub/README.md b/modules/event-hub/namespace/eventhub/README.md index 006f14d3e3..936f144c4d 100644 --- a/modules/event-hub/namespace/eventhub/README.md +++ b/modules/event-hub/namespace/eventhub/README.md @@ -49,7 +49,7 @@ This module deploys an Event Hub Namespace Event Hub. | [`captureDescriptionSkipEmptyArchives`](#parameter-capturedescriptionskipemptyarchives) | bool | A value that indicates whether to Skip Empty Archives. | | [`consumergroups`](#parameter-consumergroups) | array | The consumer groups to create in this event hub instance. | | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`messageRetentionInDays`](#parameter-messageretentionindays) | int | Number of days to retain the events for this Event Hub, value should be 1 to 7 days. Will be automatically set to infinite retention if cleanup policy is set to "Compact". | | [`partitionCount`](#parameter-partitioncount) | int | Number of partitions created for the Event Hub, allowed values are from 1 to 32 partitions. | | [`retentionDescriptionCleanupPolicy`](#parameter-retentiondescriptioncleanuppolicy) | string | Retention cleanup policy. Enumerates the possible values for cleanup policy. | @@ -145,11 +145,30 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `messageRetentionInDays` diff --git a/modules/event-hub/namespace/main.bicep b/modules/event-hub/namespace/main.bicep index a67715a8f3..0a7f3c6c3c 100644 --- a/modules/event-hub/namespace/main.bicep +++ b/modules/event-hub/namespace/main.bicep @@ -320,7 +320,7 @@ module eventHubNamespace_privateEndpoints '../../network/private-endpoint/main.b subnetResourceId: privateEndpoint.subnetResourceId enableDefaultTelemetry: enableReferencedModulesTelemetry location: contains(privateEndpoint, 'location') ? privateEndpoint.location : reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location - lock: contains(privateEndpoint, 'lock') ? privateEndpoint.lock : null + lock: privateEndpoint.?lock ?? lock privateDnsZoneGroupName: contains(privateEndpoint, 'privateDnsZoneGroupName') ? privateEndpoint.privateDnsZoneGroupName : 'default' privateDnsZoneResourceIds: contains(privateEndpoint, 'privateDnsZoneResourceIds') ? privateEndpoint.privateDnsZoneResourceIds : [] roleAssignments: contains(privateEndpoint, 'roleAssignments') ? privateEndpoint.roleAssignments : [] diff --git a/modules/health-bot/health-bot/README.md b/modules/health-bot/health-bot/README.md index 8abb43ad9b..3b2c460319 100644 --- a/modules/health-bot/health-bot/README.md +++ b/modules/health-bot/health-bot/README.md @@ -16,7 +16,7 @@ This module deploys an Azure Health Bot. | :-- | :-- | | `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | -| `Microsoft.HealthBot/healthBots` | [2022-08-08](https://learn.microsoft.com/en-us/azure/templates/Microsoft.HealthBot/2022-08-08/healthBots) | +| `Microsoft.HealthBot/healthBots` | [2022-08-08](https://learn.microsoft.com/en-us/azure/templates/Microsoft.HealthBot/healthBots) | ## Usage examples @@ -96,7 +96,10 @@ module healthBot 'br:bicep/modules/health-bot.health-bot:1.0.0' = { "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "roleAssignments": { "value": [ @@ -196,7 +199,7 @@ module healthBot 'br:bicep/modules/health-bot.health-bot:1.0.0' = { | :-- | :-- | :-- | | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`tags`](#parameter-tags) | object | Tags of the resource. | | [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | @@ -217,11 +220,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/healthcare-apis/workspace/README.md b/modules/healthcare-apis/workspace/README.md index 075bb5dbba..0bcdd3fd54 100644 --- a/modules/healthcare-apis/workspace/README.md +++ b/modules/healthcare-apis/workspace/README.md @@ -32,13 +32,10 @@ The following section provides usage examples for the module, which were used to >**Note**: To reference the module, please use the following syntax `br:bicep/modules/healthcare-apis.workspace:1.0.0`. -- [Using large parameter set](#example-1-using-large-parameter-set) +- [Common](#example-1-common) - [Using only defaults](#example-2-using-only-defaults) -### Example 1: _Using large parameter set_ - -This instance deploys the module with most of its features enabled. - +### Example 1: _Common_
@@ -325,7 +322,7 @@ module workspace 'br:bicep/modules/healthcare-apis.workspace:1.0.0' = { | [`fhirservices`](#parameter-fhirservices) | array | Deploy FHIR services. | | [`iotconnectors`](#parameter-iotconnectors) | array | Deploy IOT connectors. | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Control permission for data plane traffic coming from public networks while private endpoint is enabled. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`tags`](#parameter-tags) | object | Tags of the resource. | @@ -367,11 +364,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/healthcare-apis/workspace/dicomservice/README.md b/modules/healthcare-apis/workspace/dicomservice/README.md index 4fa8abe468..8310adf22f 100644 --- a/modules/healthcare-apis/workspace/dicomservice/README.md +++ b/modules/healthcare-apis/workspace/dicomservice/README.md @@ -48,7 +48,7 @@ This module deploys a Healthcare API Workspace DICOM Service. | [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via the Customer Usage Attribution ID (GUID). | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Control permission for data plane traffic coming from public networks while private endpoint is enabled. | | [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | | [`tags`](#parameter-tags) | object | Tags of the resource. | @@ -149,11 +149,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/healthcare-apis/workspace/fhirservice/README.md b/modules/healthcare-apis/workspace/fhirservice/README.md index 710e6b336b..54b9c8776c 100644 --- a/modules/healthcare-apis/workspace/fhirservice/README.md +++ b/modules/healthcare-apis/workspace/fhirservice/README.md @@ -61,7 +61,7 @@ This module deploys a Healthcare API Workspace FHIR Service. | [`initialImportMode`](#parameter-initialimportmode) | bool | If the FHIR service is in InitialImportMode. | | [`kind`](#parameter-kind) | string | The kind of the service. Defaults to R4. | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Control permission for data plane traffic coming from public networks while private endpoint is enabled. | | [`resourceVersionOverrides`](#parameter-resourceversionoverrides) | object | A list of FHIR Resources and their version policy overrides. | | [`resourceVersionPolicy`](#parameter-resourceversionpolicy) | string | The default value for tracking history across all resources. | @@ -245,11 +245,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/healthcare-apis/workspace/iotconnector/README.md b/modules/healthcare-apis/workspace/iotconnector/README.md index d250583016..bde9fa418c 100644 --- a/modules/healthcare-apis/workspace/iotconnector/README.md +++ b/modules/healthcare-apis/workspace/iotconnector/README.md @@ -51,7 +51,7 @@ This module deploys a Healthcare API Workspace IoT Connector. | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via the Customer Usage Attribution ID (GUID). | | [`fhirdestination`](#parameter-fhirdestination) | object | FHIR Destination. | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | | [`tags`](#parameter-tags) | object | Tags of the resource. | | [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | @@ -156,11 +156,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/insights/data-collection-endpoint/README.md b/modules/insights/data-collection-endpoint/README.md index 271245b309..65a2f07130 100644 --- a/modules/insights/data-collection-endpoint/README.md +++ b/modules/insights/data-collection-endpoint/README.md @@ -26,13 +26,10 @@ The following section provides usage examples for the module, which were used to >**Note**: To reference the module, please use the following syntax `br:bicep/modules/insights.data-collection-endpoint:1.0.0`. -- [Using large parameter set](#example-1-using-large-parameter-set) +- [Common](#example-1-common) - [Using only defaults](#example-2-using-only-defaults) -### Example 1: _Using large parameter set_ - -This instance deploys the module with most of its features enabled. - +### Example 1: _Common_
@@ -94,7 +91,10 @@ module dataCollectionEndpoint 'br:bicep/modules/insights.data-collection-endpoin "value": "Windows" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "publicNetworkAccess": { "value": "Enabled" diff --git a/modules/insights/data-collection-rule/README.md b/modules/insights/data-collection-rule/README.md index c9de367624..495a3a8734 100644 --- a/modules/insights/data-collection-rule/README.md +++ b/modules/insights/data-collection-rule/README.md @@ -218,7 +218,10 @@ module dataCollectionRule 'br:bicep/modules/insights.data-collection-rule:1.0.0' "value": "Windows" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "roleAssignments": { "value": [ @@ -446,7 +449,10 @@ module dataCollectionRule 'br:bicep/modules/insights.data-collection-rule:1.0.0' "value": "Windows" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "roleAssignments": { "value": [ @@ -630,7 +636,10 @@ module dataCollectionRule 'br:bicep/modules/insights.data-collection-rule:1.0.0' "value": "Windows" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "roleAssignments": { "value": [ @@ -1022,7 +1031,10 @@ module dataCollectionRule 'br:bicep/modules/insights.data-collection-rule:1.0.0' "value": "Linux" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "roleAssignments": { "value": [ @@ -1456,7 +1468,10 @@ module dataCollectionRule 'br:bicep/modules/insights.data-collection-rule:1.0.0' "value": "Windows" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "roleAssignments": { "value": [ diff --git a/modules/insights/private-link-scope/README.md b/modules/insights/private-link-scope/README.md index c268c5b76d..3009c78913 100644 --- a/modules/insights/private-link-scope/README.md +++ b/modules/insights/private-link-scope/README.md @@ -221,7 +221,7 @@ This instance deploys the module with the minimum set of required parameters. | :-- | :-- | :-- | | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`location`](#parameter-location) | string | The location of the private link scope. Should be global. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`scopedResources`](#parameter-scopedresources) | array | Configuration details for Azure Monitor Resources. | @@ -243,11 +243,30 @@ The location of the private link scope. Should be global. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/insights/private-link-scope/main.bicep b/modules/insights/private-link-scope/main.bicep index 6f0402329e..dd426808f0 100644 --- a/modules/insights/private-link-scope/main.bicep +++ b/modules/insights/private-link-scope/main.bicep @@ -78,7 +78,7 @@ module privateLinkScope_privateEndpoints '../../network/private-endpoint/main.bi subnetResourceId: privateEndpoint.subnetResourceId enableDefaultTelemetry: enableReferencedModulesTelemetry location: contains(privateEndpoint, 'location') ? privateEndpoint.location : reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location - lock: contains(privateEndpoint, 'lock') ? privateEndpoint.lock : null + lock: privateEndpoint.?lock ?? lock privateDnsZoneGroupName: contains(privateEndpoint, 'privateDnsZoneGroupName') ? privateEndpoint.privateDnsZoneGroupName : 'default' privateDnsZoneResourceIds: contains(privateEndpoint, 'privateDnsZoneResourceIds') ? privateEndpoint.privateDnsZoneResourceIds : [] roleAssignments: contains(privateEndpoint, 'roleAssignments') ? privateEndpoint.roleAssignments : [] diff --git a/modules/insights/webtest/README.md b/modules/insights/webtest/README.md index 1a38a283a2..f04f2eedbb 100644 --- a/modules/insights/webtest/README.md +++ b/modules/insights/webtest/README.md @@ -112,7 +112,10 @@ module webtest 'br:bicep/modules/insights.webtest:1.0.0' = { ] }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "syntheticMonitorId": { "value": "iwtcom001" @@ -220,7 +223,7 @@ module webtest 'br:bicep/modules/insights.webtest:1.0.0' = { | [`kind`](#parameter-kind) | string | The kind of WebTest that this web test watches. | | [`location`](#parameter-location) | string | Location for all Resources. | | [`locations`](#parameter-locations) | array | List of where to physically run the tests from to give global coverage for accessibility of your application. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`retryEnabled`](#parameter-retryenabled) | bool | Allow for retries should this WebTest fail. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`syntheticMonitorId`](#parameter-syntheticmonitorid) | string | Unique ID of this WebTest. | @@ -286,11 +289,30 @@ List of where to physically run the tests from to give global coverage for acces ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/key-vault/vault/README.md b/modules/key-vault/vault/README.md index ed3f29f3f8..2fdec6d246 100644 --- a/modules/key-vault/vault/README.md +++ b/modules/key-vault/vault/README.md @@ -424,7 +424,10 @@ module vault 'br:bicep/modules/key-vault.vault:1.0.0' = { ] }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "networkAcls": { "value": { @@ -743,7 +746,7 @@ module vault 'br:bicep/modules/key-vault.vault:1.0.0' = { | [`enableVaultForTemplateDeployment`](#parameter-enablevaultfortemplatedeployment) | bool | Specifies if the vault is enabled for a template deployment. | | [`keys`](#parameter-keys) | array | All keys to create. | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`networkAcls`](#parameter-networkacls) | object | Service endpoint object information. For security reasons, it is recommended to set the DefaultAction Deny. | | [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | | [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and networkAcls are not set. | @@ -883,11 +886,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/key-vault/vault/main.bicep b/modules/key-vault/vault/main.bicep index e0ad36a049..2c57f21433 100644 --- a/modules/key-vault/vault/main.bicep +++ b/modules/key-vault/vault/main.bicep @@ -266,7 +266,7 @@ module keyVault_privateEndpoints '../../network/private-endpoint/main.bicep' = [ subnetResourceId: privateEndpoint.subnetResourceId enableDefaultTelemetry: enableReferencedModulesTelemetry location: contains(privateEndpoint, 'location') ? privateEndpoint.location : reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location - lock: contains(privateEndpoint, 'lock') ? privateEndpoint.lock : null + lock: privateEndpoint.?lock ?? lock privateDnsZoneGroupName: contains(privateEndpoint, 'privateDnsZoneGroupName') ? privateEndpoint.privateDnsZoneGroupName : 'default' privateDnsZoneResourceIds: contains(privateEndpoint, 'privateDnsZoneResourceIds') ? privateEndpoint.privateDnsZoneResourceIds : [] roleAssignments: contains(privateEndpoint, 'roleAssignments') ? privateEndpoint.roleAssignments : [] diff --git a/modules/logic/workflow/README.md b/modules/logic/workflow/README.md index d01c7eda1f..268e6d4d36 100644 --- a/modules/logic/workflow/README.md +++ b/modules/logic/workflow/README.md @@ -140,7 +140,10 @@ module workflow 'br:bicep/modules/logic.workflow:1.0.0' = { "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "roleAssignments": { "value": [ @@ -235,7 +238,7 @@ module workflow 'br:bicep/modules/logic.workflow:1.0.0' = { | [`integrationAccount`](#parameter-integrationaccount) | object | The integration account. | | [`integrationServiceEnvironmentResourceId`](#parameter-integrationserviceenvironmentresourceid) | string | The integration service environment Id. | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`state`](#parameter-state) | string | The state. - NotSpecified, Completed, Enabled, Disabled, Deleted, Suspended. | | [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | @@ -359,11 +362,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/machine-learning-services/workspace/README.md b/modules/machine-learning-services/workspace/README.md index 08ec3fc663..2ee7b8950f 100644 --- a/modules/machine-learning-services/workspace/README.md +++ b/modules/machine-learning-services/workspace/README.md @@ -216,7 +216,10 @@ module workspace 'br:bicep/modules/machine-learning-services.workspace:1.0.0' = "value": "testcompute" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "primaryUserAssignedIdentity": { "value": "" @@ -514,7 +517,7 @@ module workspace 'br:bicep/modules/machine-learning-services.workspace:1.0.0' = | [`hbiWorkspace`](#parameter-hbiworkspace) | bool | The flag to signal HBI data in the workspace and reduce diagnostic data collected by the service. | | [`imageBuildCompute`](#parameter-imagebuildcompute) | string | The compute name for image build. | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | | [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | @@ -684,11 +687,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/machine-learning-services/workspace/main.bicep b/modules/machine-learning-services/workspace/main.bicep index 1bb055ed21..ad3c021a6a 100644 --- a/modules/machine-learning-services/workspace/main.bicep +++ b/modules/machine-learning-services/workspace/main.bicep @@ -282,7 +282,7 @@ module workspace_privateEndpoints '../../network/private-endpoint/main.bicep' = subnetResourceId: privateEndpoint.subnetResourceId enableDefaultTelemetry: enableReferencedModulesTelemetry location: contains(privateEndpoint, 'location') ? privateEndpoint.location : reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location - lock: contains(privateEndpoint, 'lock') ? privateEndpoint.lock : null + lock: privateEndpoint.?lock ?? lock privateDnsZoneGroupName: contains(privateEndpoint, 'privateDnsZoneGroupName') ? privateEndpoint.privateDnsZoneGroupName : 'default' privateDnsZoneResourceIds: contains(privateEndpoint, 'privateDnsZoneResourceIds') ? privateEndpoint.privateDnsZoneResourceIds : [] roleAssignments: contains(privateEndpoint, 'roleAssignments') ? privateEndpoint.roleAssignments : [] diff --git a/modules/maintenance/maintenance-configuration/README.md b/modules/maintenance/maintenance-configuration/README.md index 8a38be4d68..31f87cd13f 100644 --- a/modules/maintenance/maintenance-configuration/README.md +++ b/modules/maintenance/maintenance-configuration/README.md @@ -26,13 +26,10 @@ The following section provides usage examples for the module, which were used to >**Note**: To reference the module, please use the following syntax `br:bicep/modules/maintenance.maintenance-configuration:1.0.0`. -- [Using large parameter set](#example-1-using-large-parameter-set) -- [Using only defaults](#example-2-using-only-defaults) - -### Example 1: _Using large parameter set_ - -This instance deploys the module with most of its features enabled. +- [Common](#example-1-common) +- [Min](#example-2-min) +### Example 1: _Common_
@@ -140,7 +137,10 @@ module maintenanceConfiguration 'br:bicep/modules/maintenance.maintenance-config } }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "maintenanceWindow": { "value": { @@ -182,10 +182,7 @@ module maintenanceConfiguration 'br:bicep/modules/maintenance.maintenance-config

-### Example 2: _Using only defaults_ - -This instance deploys the module with the minimum set of required parameters. - +### Example 2: _Min_

diff --git a/modules/managed-identity/user-assigned-identity/README.md b/modules/managed-identity/user-assigned-identity/README.md index eb013519f9..e37e89000b 100644 --- a/modules/managed-identity/user-assigned-identity/README.md +++ b/modules/managed-identity/user-assigned-identity/README.md @@ -105,7 +105,10 @@ module userAssignedIdentity 'br:bicep/modules/managed-identity.user-assigned-ide ] }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "name": { "value": "miuaicom001" @@ -185,7 +188,7 @@ module userAssignedIdentity 'br:bicep/modules/managed-identity.user-assigned-ide | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`federatedIdentityCredentials`](#parameter-federatedidentitycredentials) | array | The federated identity credentials list to indicate which token from the external IdP should be trusted by your application. Federated identity credentials are supported on applications only. A maximum of 20 federated identity credentials can be added per application object. | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`name`](#parameter-name) | string | Name of the User Assigned Identity. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`tags`](#parameter-tags) | object | Tags of the resource. | @@ -213,11 +216,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/net-app/net-app-account/README.md b/modules/net-app/net-app-account/README.md index e36caba0bd..41ea771920 100644 --- a/modules/net-app/net-app-account/README.md +++ b/modules/net-app/net-app-account/README.md @@ -279,7 +279,10 @@ module netAppAccount 'br:bicep/modules/net-app.net-app-account:1.0.0' = { "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "roleAssignments": { "value": [ @@ -582,7 +585,7 @@ module netAppAccount 'br:bicep/modules/net-app.net-app-account:1.0.0' = { | [`domainName`](#parameter-domainname) | string | Fully Qualified Active Directory DNS Domain Name (e.g. 'contoso.com'). | | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`smbServerNamePrefix`](#parameter-smbservernameprefix) | string | Required if domainName is specified. NetBIOS name of the SMB server. A computer account with this prefix will be registered in the AD and used to mount volumes. | | [`tags`](#parameter-tags) | object | Tags for all resources. | @@ -646,11 +649,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/network/application-gateway/README.md b/modules/network/application-gateway/README.md index ef4e18b065..872745291e 100644 --- a/modules/network/application-gateway/README.md +++ b/modules/network/application-gateway/README.md @@ -683,7 +683,10 @@ module applicationGateway 'br:bicep/modules/network.application-gateway:1.0.0' = ] }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "privateEndpoints": { "value": [ @@ -989,7 +992,7 @@ module applicationGateway 'br:bicep/modules/network.application-gateway:1.0.0' = | [`listeners`](#parameter-listeners) | array | Listeners of the application gateway resource. For default limits, see [Application Gateway limits](https://learn.microsoft.com/en-us/azure/azure-subscription-service-limits#application-gateway-limits). | | [`loadDistributionPolicies`](#parameter-loaddistributionpolicies) | array | Load distribution policies of the application gateway resource. | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | | [`privateLinkConfigurations`](#parameter-privatelinkconfigurations) | array | PrivateLink configurations on application gateway. | | [`probes`](#parameter-probes) | array | Probes of the application gateway resource. | @@ -1213,11 +1216,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/network/application-gateway/main.bicep b/modules/network/application-gateway/main.bicep index d522f1857f..0b042bc9d9 100644 --- a/modules/network/application-gateway/main.bicep +++ b/modules/network/application-gateway/main.bicep @@ -371,7 +371,7 @@ module applicationGateway_privateEndpoints '../../network/private-endpoint/main. subnetResourceId: privateEndpoint.subnetResourceId enableDefaultTelemetry: enableReferencedModulesTelemetry location: contains(privateEndpoint, 'location') ? privateEndpoint.location : reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location - lock: contains(privateEndpoint, 'lock') ? privateEndpoint.lock : null + lock: privateEndpoint.?lock ?? lock privateDnsZoneGroupName: contains(privateEndpoint, 'privateDnsZoneGroupName') ? privateEndpoint.privateDnsZoneGroupName : 'default' privateDnsZoneResourceIds: contains(privateEndpoint, 'privateDnsZoneResourceIds') ? privateEndpoint.privateDnsZoneResourceIds : [] roleAssignments: contains(privateEndpoint, 'roleAssignments') ? privateEndpoint.roleAssignments : [] diff --git a/modules/network/application-security-group/README.md b/modules/network/application-security-group/README.md index ec025813eb..f86e110e60 100644 --- a/modules/network/application-security-group/README.md +++ b/modules/network/application-security-group/README.md @@ -88,7 +88,10 @@ module applicationSecurityGroup 'br:bicep/modules/network.application-security-g "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "roleAssignments": { "value": [ @@ -130,7 +133,7 @@ module applicationSecurityGroup 'br:bicep/modules/network.application-security-g | :-- | :-- | :-- | | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`tags`](#parameter-tags) | object | Tags of the resource. | @@ -150,11 +153,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/network/azure-firewall/README.md b/modules/network/azure-firewall/README.md index b758a08607..c437b47819 100644 --- a/modules/network/azure-firewall/README.md +++ b/modules/network/azure-firewall/README.md @@ -358,7 +358,10 @@ module azureFirewall 'br:bicep/modules/network.azure-firewall:1.0.0' = { "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "networkRuleCollections": { "value": [ @@ -765,7 +768,7 @@ module azureFirewall 'br:bicep/modules/network.azure-firewall:1.0.0' = { | [`firewallPolicyId`](#parameter-firewallpolicyid) | string | Resource ID of the Firewall Policy that should be attached. | | [`isCreateDefaultPublicIP`](#parameter-iscreatedefaultpublicip) | bool | Specifies if a Public IP should be created by default if one is not provided. | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`managementIPAddressObject`](#parameter-managementipaddressobject) | object | Specifies the properties of the Management Public IP to create and be used by Azure Firewall. If it's not provided and managementIPResourceID is empty, a '-mip' suffix will be appended to the Firewall's name. | | [`managementIPResourceID`](#parameter-managementipresourceid) | string | The Management Public IP resource ID to associate to the AzureFirewallManagementSubnet. If empty, then the Management Public IP that is created as part of this module will be applied to the AzureFirewallManagementSubnet. | | [`natRuleCollections`](#parameter-natrulecollections) | array | Collection of NAT rule collections used by Azure Firewall. | @@ -887,11 +890,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `managementIPAddressObject` diff --git a/modules/network/bastion-host/README.md b/modules/network/bastion-host/README.md index 954954a006..0a6a4c85fe 100644 --- a/modules/network/bastion-host/README.md +++ b/modules/network/bastion-host/README.md @@ -134,7 +134,10 @@ module bastionHost 'br:bicep/modules/network.bastion-host:1.0.0' = { "value": false }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "roleAssignments": { "value": [ @@ -369,7 +372,7 @@ module bastionHost 'br:bicep/modules/network.bastion-host:1.0.0' = { | [`enableShareableLink`](#parameter-enableshareablelink) | bool | Choose to disable or enable Shareable Link. | | [`isCreateDefaultPublicIP`](#parameter-iscreatedefaultpublicip) | bool | Specifies if a Public IP should be created by default if one is not provided. | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`publicIPAddressObject`](#parameter-publicipaddressobject) | object | Specifies the properties of the Public IP to create and be used by Azure Bastion. If it's not provided and publicIPAddressResourceId is empty, a '-pip' suffix will be appended to the Bastion's name. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`scaleUnits`](#parameter-scaleunits) | int | The scale units for the Bastion Host resource. | @@ -484,11 +487,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/network/connection/README.md b/modules/network/connection/README.md index 59df1f4289..f43ea0a938 100644 --- a/modules/network/connection/README.md +++ b/modules/network/connection/README.md @@ -96,7 +96,10 @@ module connection 'br:bicep/modules/network.connection:1.0.0' = { "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "tags": { "value": { @@ -146,7 +149,7 @@ module connection 'br:bicep/modules/network.connection:1.0.0' = { | [`expressRouteGatewayBypass`](#parameter-expressroutegatewaybypass) | bool | Bypass ExpressRoute Gateway for data forwarding. Only available when connection connectionType is Express Route. | | [`localNetworkGateway2`](#parameter-localnetworkgateway2) | object | The local network gateway. Used for connection type [IPsec]. | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the connectionType of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`peer`](#parameter-peer) | object | The remote peer. Used for connection connectionType [ExpressRoute]. | | [`routingWeight`](#parameter-routingweight) | int | The weight added to routes learned from this BGP speaker. | | [`tags`](#parameter-tags) | object | Tags of the resource. | @@ -244,11 +247,30 @@ Location for all resources. ### Parameter: `lock` -Specify the connectionType of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/network/ddos-protection-plan/README.md b/modules/network/ddos-protection-plan/README.md index d233dd56ff..55b6ee35f8 100644 --- a/modules/network/ddos-protection-plan/README.md +++ b/modules/network/ddos-protection-plan/README.md @@ -89,7 +89,10 @@ module ddosProtectionPlan 'br:bicep/modules/network.ddos-protection-plan:1.0.0' "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "roleAssignments": { "value": [ @@ -179,7 +182,7 @@ module ddosProtectionPlan 'br:bicep/modules/network.ddos-protection-plan:1.0.0' | :-- | :-- | :-- | | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`tags`](#parameter-tags) | object | Tags of the resource. | @@ -199,11 +202,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/network/dns-forwarding-ruleset/README.md b/modules/network/dns-forwarding-ruleset/README.md index 786f79447d..c6774af681 100644 --- a/modules/network/dns-forwarding-ruleset/README.md +++ b/modules/network/dns-forwarding-ruleset/README.md @@ -130,7 +130,10 @@ module dnsForwardingRuleset 'br:bicep/modules/network.dns-forwarding-ruleset:1.0 ] }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "roleAssignments": { "value": [ @@ -235,7 +238,7 @@ module dnsForwardingRuleset 'br:bicep/modules/network.dns-forwarding-ruleset:1.0 | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`forwardingRules`](#parameter-forwardingrules) | array | Array of forwarding rules. | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`tags`](#parameter-tags) | object | Tags of the resource. | | [`vNetLinks`](#parameter-vnetlinks) | array | Array of virtual network links. | @@ -269,11 +272,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/network/dns-resolver/README.md b/modules/network/dns-resolver/README.md index 682f0e5b10..0b3ae78e7f 100644 --- a/modules/network/dns-resolver/README.md +++ b/modules/network/dns-resolver/README.md @@ -139,7 +139,7 @@ module dnsResolver 'br:bicep/modules/network.dns-resolver:1.0.0' = { | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`inboundEndpoints`](#parameter-inboundendpoints) | array | Inbound Endpoints for Private DNS Resolver. | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`outboundEndpoints`](#parameter-outboundendpoints) | array | Outbound Endpoints for Private DNS Resolver. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`tags`](#parameter-tags) | object | Tags of the resource. | @@ -167,11 +167,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/network/dns-zone/README.md b/modules/network/dns-zone/README.md index ab69184217..3d4407d678 100644 --- a/modules/network/dns-zone/README.md +++ b/modules/network/dns-zone/README.md @@ -321,7 +321,10 @@ module dnsZone 'br:bicep/modules/network.dns-zone:1.0.0' = { "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "mx": { "value": [ @@ -535,7 +538,7 @@ module dnsZone 'br:bicep/modules/network.dns-zone:1.0.0' = { | [`cname`](#parameter-cname) | array | Array of CNAME records. | | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`location`](#parameter-location) | string | The location of the dnsZone. Should be global. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`mx`](#parameter-mx) | array | Array of MX records. | | [`ns`](#parameter-ns) | array | Array of NS records. | | [`ptr`](#parameter-ptr) | array | Array of PTR records. | @@ -589,11 +592,30 @@ The location of the dnsZone. Should be global. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `mx` diff --git a/modules/network/express-route-circuit/README.md b/modules/network/express-route-circuit/README.md index b8f4687a47..95c6548f62 100644 --- a/modules/network/express-route-circuit/README.md +++ b/modules/network/express-route-circuit/README.md @@ -124,7 +124,10 @@ module expressRouteCircuit 'br:bicep/modules/network.express-route-circuit:1.0.0 "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "roleAssignments": { "value": [ @@ -246,7 +249,7 @@ module expressRouteCircuit 'br:bicep/modules/network.express-route-circuit:1.0.0 | [`expressRoutePortResourceId`](#parameter-expressrouteportresourceid) | string | The reference to the ExpressRoutePort resource when the circuit is provisioned on an ExpressRoutePort resource. Available when configuring Express Route Direct. | | [`globalReachEnabled`](#parameter-globalreachenabled) | bool | Flag denoting global reach status. To enable ExpressRoute Global Reach between different geopolitical regions, your circuits must be Premium SKU. | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`peerASN`](#parameter-peerasn) | int | The autonomous system number of the customer/connectivity provider. | | [`peering`](#parameter-peering) | bool | Enabled BGP peering type for the Circuit. | | [`peeringType`](#parameter-peeringtype) | string | BGP peering type for the Circuit. Choose from AzurePrivatePeering, AzurePublicPeering or MicrosoftPeering. | @@ -360,11 +363,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/network/express-route-gateway/README.md b/modules/network/express-route-gateway/README.md index 668611a8ca..9042aa9cd3 100644 --- a/modules/network/express-route-gateway/README.md +++ b/modules/network/express-route-gateway/README.md @@ -100,7 +100,10 @@ module expressRouteGateway 'br:bicep/modules/network.express-route-gateway:1.0.0 "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "roleAssignments": { "value": [ @@ -198,7 +201,7 @@ module expressRouteGateway 'br:bicep/modules/network.express-route-gateway:1.0.0 | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`expressRouteConnections`](#parameter-expressrouteconnections) | array | List of ExpressRoute connections to the ExpressRoute gateway. | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`tags`](#parameter-tags) | object | Tags of the Firewall policy resource. | @@ -246,11 +249,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/network/front-door-web-application-firewall-policy/README.md b/modules/network/front-door-web-application-firewall-policy/README.md index 2a9bd01464..1503783dc9 100644 --- a/modules/network/front-door-web-application-firewall-policy/README.md +++ b/modules/network/front-door-web-application-firewall-policy/README.md @@ -202,7 +202,10 @@ module frontDoorWebApplicationFirewallPolicy 'br:bicep/modules/network.front-doo "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "managedRules": { "value": { @@ -314,7 +317,7 @@ module frontDoorWebApplicationFirewallPolicy 'br:bicep/modules/network.front-doo | [`customRules`](#parameter-customrules) | object | The custom rules inside the policy. | | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`managedRules`](#parameter-managedrules) | object | Describes the managedRules structure. | | [`policySettings`](#parameter-policysettings) | object | The PolicySettings for policy. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | @@ -344,11 +347,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `managedRules` diff --git a/modules/network/front-door/README.md b/modules/network/front-door/README.md index f2f83732a0..e0106bd90b 100644 --- a/modules/network/front-door/README.md +++ b/modules/network/front-door/README.md @@ -279,7 +279,10 @@ module frontDoor 'br:bicep/modules/network.front-door:1.0.0' = { "value": "Disabled" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "roleAssignments": { "value": [ @@ -553,7 +556,7 @@ module frontDoor 'br:bicep/modules/network.front-door:1.0.0' = { | [`enforceCertificateNameCheck`](#parameter-enforcecertificatenamecheck) | string | Enforce certificate name check of the frontdoor resource. | | [`friendlyName`](#parameter-friendlyname) | string | Friendly name of the frontdoor resource. | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`metricsToEnable`](#parameter-metricstoenable) | array | The name of metrics that will be streamed. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`sendRecvTimeoutSeconds`](#parameter-sendrecvtimeoutseconds) | int | Certificate name check time of the frontdoor resource. | @@ -656,11 +659,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `metricsToEnable` diff --git a/modules/network/ip-group/README.md b/modules/network/ip-group/README.md index 890b0bfd2a..d4e54a7b7e 100644 --- a/modules/network/ip-group/README.md +++ b/modules/network/ip-group/README.md @@ -99,7 +99,10 @@ module ipGroup 'br:bicep/modules/network.ip-group:1.0.0' = { ] }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "roleAssignments": { "value": [ @@ -190,7 +193,7 @@ module ipGroup 'br:bicep/modules/network.ip-group:1.0.0' = { | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`ipAddresses`](#parameter-ipaddresses) | array | IpAddresses/IpAddressPrefixes in the IpGroups resource. | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`tags`](#parameter-tags) | object | Resource tags. | @@ -217,11 +220,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/network/load-balancer/README.md b/modules/network/load-balancer/README.md index e4d7ff7751..046fd30771 100644 --- a/modules/network/load-balancer/README.md +++ b/modules/network/load-balancer/README.md @@ -255,7 +255,10 @@ module loadBalancer 'br:bicep/modules/network.load-balancer:1.0.0' = { ] }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "outboundRules": { "value": [ @@ -611,7 +614,7 @@ module loadBalancer 'br:bicep/modules/network.load-balancer:1.0.0' = { | [`inboundNatRules`](#parameter-inboundnatrules) | array | Collection of inbound NAT Rules used by a load balancer. Defining inbound NAT rules on your load balancer is mutually exclusive with defining an inbound NAT pool. Inbound NAT pools are referenced from virtual machine scale sets. NICs that are associated with individual virtual machines cannot reference an Inbound NAT pool. They have to reference individual inbound NAT rules. | | [`loadBalancingRules`](#parameter-loadbalancingrules) | array | Array of objects containing all load balancing rules. | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`outboundRules`](#parameter-outboundrules) | array | The outbound rules. | | [`probes`](#parameter-probes) | array | Array of objects containing all probes, these are references in the load balancing rules. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | @@ -704,11 +707,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/network/local-network-gateway/README.md b/modules/network/local-network-gateway/README.md index a0348467c4..463aeea4d3 100644 --- a/modules/network/local-network-gateway/README.md +++ b/modules/network/local-network-gateway/README.md @@ -109,7 +109,10 @@ module localNetworkGateway 'br:bicep/modules/network.local-network-gateway:1.0.0 "value": "192.168.1.5" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "roleAssignments": { "value": [ @@ -217,7 +220,7 @@ module localNetworkGateway 'br:bicep/modules/network.local-network-gateway:1.0.0 | [`localBgpPeeringAddress`](#parameter-localbgppeeringaddress) | string | The BGP peering address and BGP identifier of this BGP speaker. Not providing this value will automatically disable BGP on this Local Network Gateway resource. | | [`localPeerWeight`](#parameter-localpeerweight) | string | The weight added to routes learned from this BGP speaker. This will only take effect if both the localAsn and the localBgpPeeringAddress values are provided. | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`tags`](#parameter-tags) | object | Tags of the resource. | @@ -277,11 +280,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/network/nat-gateway/README.md b/modules/network/nat-gateway/README.md index fc7783084d..2e759c3bfe 100644 --- a/modules/network/nat-gateway/README.md +++ b/modules/network/nat-gateway/README.md @@ -107,7 +107,10 @@ module natGateway 'br:bicep/modules/network.nat-gateway:1.0.0' = { "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "natGatewayPublicIpAddress": { "value": true @@ -161,7 +164,7 @@ module natGateway 'br:bicep/modules/network.nat-gateway:1.0.0' = { | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`idleTimeoutInMinutes`](#parameter-idletimeoutinminutes) | int | The idle timeout of the NAT gateway. | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`natGatewayPipName`](#parameter-natgatewaypipname) | string | Specifies the name of the Public IP used by the NAT Gateway. If it's not provided, a '-pip' suffix will be appended to the Bastion's name. | | [`natGatewayPublicIpAddress`](#parameter-natgatewaypublicipaddress) | bool | Use to have a new Public IP Address created for the NAT Gateway. | | [`publicIpAddresses`](#parameter-publicipaddresses) | array | Existing Public IP Address resource names to use for the NAT Gateway. | @@ -252,11 +255,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/network/network-interface/README.md b/modules/network/network-interface/README.md index 82c12c3ece..be06487b77 100644 --- a/modules/network/network-interface/README.md +++ b/modules/network/network-interface/README.md @@ -156,7 +156,10 @@ module networkInterface 'br:bicep/modules/network.network-interface:1.0.0' = { "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "roleAssignments": { "value": [ @@ -273,7 +276,7 @@ module networkInterface 'br:bicep/modules/network.network-interface:1.0.0' = { | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`enableIPForwarding`](#parameter-enableipforwarding) | bool | Indicates whether IP forwarding is enabled on this network interface. | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`networkSecurityGroupResourceId`](#parameter-networksecuritygroupresourceid) | string | The network security group (NSG) to attach to the network interface. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`tags`](#parameter-tags) | object | Tags of the resource. | @@ -387,11 +390,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/network/network-manager/README.md b/modules/network/network-manager/README.md index 3d9b5b3f77..07fd87d1d6 100644 --- a/modules/network/network-manager/README.md +++ b/modules/network/network-manager/README.md @@ -325,7 +325,10 @@ module networkManager 'br:bicep/modules/network.network-manager:1.0.0' = { "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "networkGroups": { "value": [ @@ -512,7 +515,7 @@ module networkManager 'br:bicep/modules/network.network-manager:1.0.0' = { | [`description`](#parameter-description) | string | A description of the network manager. | | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`scopeConnections`](#parameter-scopeconnections) | array | Scope Connections to create for the network manager. Allows network manager to manage resources from another tenant. Supports management groups or subscriptions from another tenant. | | [`securityAdminConfigurations`](#parameter-securityadminconfigurations) | array | Security Admin Configurations, Rule Collections and Rules to create for the network manager. Azure Virtual Network Manager provides two different types of configurations you can deploy across your virtual networks, one of them being a SecurityAdmin configuration. A security admin configuration contains a set of rule collections. Each rule collection contains one or more security admin rules. You then associate the rule collection with the network groups that you want to apply the security admin rules to. | @@ -548,11 +551,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/network/network-security-group/README.md b/modules/network/network-security-group/README.md index ffbec83ea4..0428a3fe08 100644 --- a/modules/network/network-security-group/README.md +++ b/modules/network/network-security-group/README.md @@ -171,7 +171,10 @@ module networkSecurityGroup 'br:bicep/modules/network.network-security-group:1.0 "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "roleAssignments": { "value": [ @@ -334,7 +337,7 @@ module networkSecurityGroup 'br:bicep/modules/network.network-security-group:1.0 | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`flushConnection`](#parameter-flushconnection) | bool | When enabled, flows created from Network Security Group connections will be re-evaluated when rules are updates. Initial enablement will trigger re-evaluation. Network Security Group connection flushing is not available in all regions. | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`securityRules`](#parameter-securityrules) | array | Array of Security Rules to deploy to the Network Security Group. When not provided, an NSG including only the built-in roles will be deployed. | | [`tags`](#parameter-tags) | object | Tags of the NSG resource. | @@ -405,11 +408,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/network/network-watcher/README.md b/modules/network/network-watcher/README.md index 9019a60077..d5c48189bd 100644 --- a/modules/network/network-watcher/README.md +++ b/modules/network/network-watcher/README.md @@ -308,7 +308,7 @@ module networkWatcher 'br:bicep/modules/network.network-watcher:1.0.0' = { | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`flowLogs`](#parameter-flowlogs) | array | Array that contains the Flow Logs. | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`name`](#parameter-name) | string | Name of the Network Watcher resource (hidden). | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`tags`](#parameter-tags) | object | Tags of the resource. | @@ -343,11 +343,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/network/private-dns-zone/README.md b/modules/network/private-dns-zone/README.md index f4d2715733..e9f195e023 100644 --- a/modules/network/private-dns-zone/README.md +++ b/modules/network/private-dns-zone/README.md @@ -318,7 +318,10 @@ module privateDnsZone 'br:bicep/modules/network.private-dns-zone:1.0.0' = { "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "mx": { "value": [ @@ -539,7 +542,7 @@ module privateDnsZone 'br:bicep/modules/network.private-dns-zone:1.0.0' = { | [`cname`](#parameter-cname) | array | Array of CNAME records. | | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`location`](#parameter-location) | string | The location of the PrivateDNSZone. Should be global. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`mx`](#parameter-mx) | array | Array of MX records. | | [`ptr`](#parameter-ptr) | array | Array of PTR records. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | @@ -586,11 +589,30 @@ The location of the PrivateDNSZone. Should be global. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `mx` diff --git a/modules/network/private-endpoint/README.md b/modules/network/private-endpoint/README.md index 42f1a91b03..f09fb62f47 100644 --- a/modules/network/private-endpoint/README.md +++ b/modules/network/private-endpoint/README.md @@ -142,7 +142,8 @@ module privateEndpoint 'br:bicep/modules/network.private-endpoint:1.0.0' = { }, "lock": { "value": { - "kind": "CanNotDelete" + "kind": "CanNotDelete", + "name": "myCustomLockName" } }, "privateDnsZoneResourceIds": { diff --git a/modules/network/private-link-service/README.md b/modules/network/private-link-service/README.md index 14623bf726..15bd8feb94 100644 --- a/modules/network/private-link-service/README.md +++ b/modules/network/private-link-service/README.md @@ -158,7 +158,10 @@ module privateLinkService 'br:bicep/modules/network.private-link-service:1.0.0' ] }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "roleAssignments": { "value": [ @@ -294,7 +297,7 @@ module privateLinkService 'br:bicep/modules/network.private-link-service:1.0.0' | [`ipConfigurations`](#parameter-ipconfigurations) | array | An array of private link service IP configurations. | | [`loadBalancerFrontendIpConfigurations`](#parameter-loadbalancerfrontendipconfigurations) | array | An array of references to the load balancer IP configurations. The Private Link service is tied to the frontend IP address of a Standard Load Balancer. All traffic destined for the service will reach the frontend of the SLB. You can configure SLB rules to direct this traffic to appropriate backend pools where your applications are running. Load balancer frontend IP configurations are different than NAT IP configurations. | | [`location`](#parameter-location) | string | Location for all Resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`tags`](#parameter-tags) | object | Tags to be applied on all resources/resource groups in this deployment. | | [`visibility`](#parameter-visibility) | object | Controls the exposure settings for your Private Link service. Service providers can choose to limit the exposure to their service to subscriptions with Azure role-based access control (Azure RBAC) permissions, a restricted set of subscriptions, or all Azure subscriptions. | @@ -357,11 +360,30 @@ Location for all Resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/network/public-ip-address/README.md b/modules/network/public-ip-address/README.md index a462079471..59af68c72d 100644 --- a/modules/network/public-ip-address/README.md +++ b/modules/network/public-ip-address/README.md @@ -113,7 +113,10 @@ module publicIpAddress 'br:bicep/modules/network.public-ip-address:1.0.0' = { "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "publicIPAllocationMethod": { "value": "Static" @@ -226,7 +229,7 @@ module publicIpAddress 'br:bicep/modules/network.public-ip-address:1.0.0' = { | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`fqdn`](#parameter-fqdn) | string | The Fully Qualified Domain Name of the A DNS record associated with the public IP. This is the concatenation of the domainNameLabel and the regionalized DNS zone. | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`publicIPAddressVersion`](#parameter-publicipaddressversion) | string | IP address version. | | [`publicIPAllocationMethod`](#parameter-publicipallocationmethod) | string | The public IP address allocation method. | | [`publicIPPrefixResourceId`](#parameter-publicipprefixresourceid) | string | Resource ID of the Public IP Prefix object. This is only needed if you want your Public IPs created in a PIP Prefix. | @@ -326,11 +329,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/network/public-ip-prefix/README.md b/modules/network/public-ip-prefix/README.md index 8f26231cc1..f19a2d2c8d 100644 --- a/modules/network/public-ip-prefix/README.md +++ b/modules/network/public-ip-prefix/README.md @@ -93,7 +93,10 @@ module publicIpPrefix 'br:bicep/modules/network.public-ip-prefix:1.0.0' = { "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "roleAssignments": { "value": [ @@ -189,7 +192,7 @@ module publicIpPrefix 'br:bicep/modules/network.public-ip-prefix:1.0.0' = { | [`customIPPrefix`](#parameter-customipprefix) | object | The customIpPrefix that this prefix is associated with. A custom IP address prefix is a contiguous range of IP addresses owned by an external customer and provisioned into a subscription. When a custom IP prefix is in Provisioned, Commissioning, or Commissioned state, a linked public IP prefix can be created. Either as a subset of the custom IP prefix range or the entire range. | | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`tags`](#parameter-tags) | object | Tags of the resource. | @@ -216,11 +219,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/network/route-table/README.md b/modules/network/route-table/README.md index d9c31186d8..385b178512 100644 --- a/modules/network/route-table/README.md +++ b/modules/network/route-table/README.md @@ -99,7 +99,10 @@ module routeTable 'br:bicep/modules/network.route-table:1.0.0' = { "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "roleAssignments": { "value": [ @@ -202,7 +205,7 @@ module routeTable 'br:bicep/modules/network.route-table:1.0.0' = { | [`disableBgpRoutePropagation`](#parameter-disablebgproutepropagation) | bool | Switch to disable BGP route propagation. | | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`routes`](#parameter-routes) | array | An Array of Routes to be established within the hub route table. | | [`tags`](#parameter-tags) | object | Tags of the resource. | @@ -230,11 +233,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/network/service-endpoint-policy/README.md b/modules/network/service-endpoint-policy/README.md index 75a8c5bd09..74b5e231a9 100644 --- a/modules/network/service-endpoint-policy/README.md +++ b/modules/network/service-endpoint-policy/README.md @@ -102,7 +102,10 @@ module serviceEndpointPolicy 'br:bicep/modules/network.service-endpoint-policy:1 "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "roleAssignments": { "value": [ @@ -208,7 +211,7 @@ module serviceEndpointPolicy 'br:bicep/modules/network.service-endpoint-policy:1 | [`contextualServiceEndpointPolicies`](#parameter-contextualserviceendpointpolicies) | array | An Array of contextual service endpoint policy. | | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`serviceAlias`](#parameter-servicealias) | string | The alias indicating if the policy belongs to a service. | | [`serviceEndpointPolicyDefinitions`](#parameter-serviceendpointpolicydefinitions) | array | An Array of service endpoint policy definitions. | @@ -237,11 +240,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/network/trafficmanagerprofile/README.md b/modules/network/trafficmanagerprofile/README.md index 7d94cadfb8..a483630586 100644 --- a/modules/network/trafficmanagerprofile/README.md +++ b/modules/network/trafficmanagerprofile/README.md @@ -111,7 +111,10 @@ module trafficmanagerprofile 'br:bicep/modules/network.trafficmanagerprofile:1.0 "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "roleAssignments": { "value": [ @@ -213,7 +216,7 @@ module trafficmanagerprofile 'br:bicep/modules/network.trafficmanagerprofile:1.0 | [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`endpoints`](#parameter-endpoints) | array | The list of endpoints in the Traffic Manager profile. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`maxReturn`](#parameter-maxreturn) | int | Maximum number of endpoints to be returned for MultiValue routing type. | | [`monitorConfig`](#parameter-monitorconfig) | object | The endpoint monitoring settings of the Traffic Manager profile. | | [`profileStatus`](#parameter-profilestatus) | string | The status of the Traffic Manager profile. | @@ -290,11 +293,30 @@ The list of endpoints in the Traffic Manager profile. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `maxReturn` diff --git a/modules/network/virtual-hub/README.md b/modules/network/virtual-hub/README.md index 1b5bee3540..8196fcc635 100644 --- a/modules/network/virtual-hub/README.md +++ b/modules/network/virtual-hub/README.md @@ -146,7 +146,10 @@ module virtualHub 'br:bicep/modules/network.virtual-hub:1.0.0' = { ] }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "tags": { "value": { @@ -239,7 +242,7 @@ module virtualHub 'br:bicep/modules/network.virtual-hub:1.0.0' = { | [`hubRouteTables`](#parameter-hubroutetables) | array | Route tables to create for the virtual hub. | | [`hubVirtualNetworkConnections`](#parameter-hubvirtualnetworkconnections) | array | Virtual network connections to create for the virtual hub. | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`p2SVpnGatewayId`](#parameter-p2svpngatewayid) | string | Resource ID of the Point-to-Site VPN Gateway to link to. | | [`preferredRoutingGateway`](#parameter-preferredroutinggateway) | string | The preferred routing gateway types. | | [`routeTableRoutes`](#parameter-routetableroutes) | array | VirtualHub route tables. | @@ -302,11 +305,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/network/virtual-network-gateway/README.md b/modules/network/virtual-network-gateway/README.md index 883307369a..d1424ab0b2 100644 --- a/modules/network/virtual-network-gateway/README.md +++ b/modules/network/virtual-network-gateway/README.md @@ -147,7 +147,10 @@ module virtualNetworkGateway 'br:bicep/modules/network.virtual-network-gateway:1 "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "publicIpZones": { "value": [ @@ -489,7 +492,10 @@ module virtualNetworkGateway 'br:bicep/modules/network.virtual-network-gateway:1 "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "natRules": { "value": [ @@ -603,7 +609,7 @@ module virtualNetworkGateway 'br:bicep/modules/network.virtual-network-gateway:1 | [`gatewayDefaultSiteLocalNetworkGatewayId`](#parameter-gatewaydefaultsitelocalnetworkgatewayid) | string | The reference to the LocalNetworkGateway resource which represents local network site having default routes. Assign Null value in case of removing existing default site setting. | | [`gatewayPipName`](#parameter-gatewaypipname) | string | Specifies the name of the Public IP used by the Virtual Network Gateway. If it's not provided, a '-pip' suffix will be appended to the gateway's name. | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`natRules`](#parameter-natrules) | array | NatRules for virtual network gateway. NAT is supported on the the following SKUs: VpnGw2~5, VpnGw2AZ~5AZ and is supported for IPsec/IKE cross-premises connections only. | | [`publicIpdiagnosticLogCategoriesToEnable`](#parameter-publicipdiagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | | [`publicIpDiagnosticSettingsName`](#parameter-publicipdiagnosticsettingsname) | string | The name of the public IP diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | @@ -788,11 +794,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/network/virtual-network/README.md b/modules/network/virtual-network/README.md index 9edcbbf2ea..0710f85a85 100644 --- a/modules/network/virtual-network/README.md +++ b/modules/network/virtual-network/README.md @@ -179,7 +179,10 @@ module virtualNetwork 'br:bicep/modules/network.virtual-network:1.0.0' = { "value": 20 }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "roleAssignments": { "value": [ @@ -444,7 +447,7 @@ module virtualNetwork 'br:bicep/modules/network.virtual-network:1.0.0' = { | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`flowTimeoutInMinutes`](#parameter-flowtimeoutinminutes) | int | The flow timeout in minutes for the Virtual Network, which is used to enable connection tracking for intra-VM flows. Possible values are between 4 and 30 minutes. Default value 0 will set the property to null. | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`peerings`](#parameter-peerings) | array | Virtual Network Peerings configurations. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`subnets`](#parameter-subnets) | array | An Array of subnets to deploy to the Virtual Network. | @@ -546,11 +549,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/network/virtual-wan/README.md b/modules/network/virtual-wan/README.md index 074b480409..208fd58305 100644 --- a/modules/network/virtual-wan/README.md +++ b/modules/network/virtual-wan/README.md @@ -102,7 +102,10 @@ module virtualWan 'br:bicep/modules/network.virtual-wan:1.0.0' = { "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "roleAssignments": { "value": [ @@ -198,7 +201,7 @@ module virtualWan 'br:bicep/modules/network.virtual-wan:1.0.0' = { | [`disableVpnEncryption`](#parameter-disablevpnencryption) | bool | VPN encryption to be disabled or not. | | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`location`](#parameter-location) | string | Location where all resources will be created. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`tags`](#parameter-tags) | object | Tags of the resource. | | [`type`](#parameter-type) | string | The type of the Virtual WAN. | @@ -240,11 +243,30 @@ Location where all resources will be created. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/network/vpn-gateway/README.md b/modules/network/vpn-gateway/README.md index 6627d5fe95..5328158034 100644 --- a/modules/network/vpn-gateway/README.md +++ b/modules/network/vpn-gateway/README.md @@ -127,7 +127,10 @@ module vpnGateway 'br:bicep/modules/network.vpn-gateway:1.0.0' = { "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "natRules": { "value": [ @@ -249,7 +252,7 @@ module vpnGateway 'br:bicep/modules/network.vpn-gateway:1.0.0' = { | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`isRoutingPreferenceInternet`](#parameter-isroutingpreferenceinternet) | bool | Enable routing preference property for the public IP interface of the VPN gateway. | | [`location`](#parameter-location) | string | Location where all resources will be created. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`natRules`](#parameter-natrules) | array | List of all the NAT Rules to associate with the gateway. | | [`tags`](#parameter-tags) | object | Tags of the resource. | | [`vpnConnections`](#parameter-vpnconnections) | array | The VPN connections to create in the VPN gateway. | @@ -292,11 +295,30 @@ Location where all resources will be created. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/network/vpn-site/README.md b/modules/network/vpn-site/README.md index fb1536ea28..c04dae993b 100644 --- a/modules/network/vpn-site/README.md +++ b/modules/network/vpn-site/README.md @@ -139,7 +139,10 @@ module vpnSite 'br:bicep/modules/network.vpn-site:1.0.0' = { "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "o365Policy": { "value": { @@ -297,7 +300,7 @@ module vpnSite 'br:bicep/modules/network.vpn-site:1.0.0' = { | [`ipAddress`](#parameter-ipaddress) | string | The IP-address for the VPN-site. Note: This is a deprecated property, please use the corresponding VpnSiteLinks property instead. | | [`isSecuritySite`](#parameter-issecuritysite) | bool | IsSecuritySite flag. | | [`location`](#parameter-location) | string | Location where all resources will be created. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`o365Policy`](#parameter-o365policy) | object | The Office365 breakout policy. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`tags`](#parameter-tags) | object | Tags of the resource. | @@ -354,11 +357,30 @@ Location where all resources will be created. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/operational-insights/workspace/README.md b/modules/operational-insights/workspace/README.md index 054fa4a406..e5ce2697aa 100644 --- a/modules/operational-insights/workspace/README.md +++ b/modules/operational-insights/workspace/README.md @@ -464,7 +464,10 @@ module workspace 'br:bicep/modules/operational-insights.workspace:1.0.0' = { ] }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "publicNetworkAccessForIngestion": { "value": "Disabled" @@ -900,7 +903,10 @@ module workspace 'br:bicep/modules/operational-insights.workspace:1.0.0' = { ] }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "publicNetworkAccessForIngestion": { "value": "Disabled" @@ -1045,7 +1051,7 @@ module workspace 'br:bicep/modules/operational-insights.workspace:1.0.0' = { | [`gallerySolutions`](#parameter-gallerysolutions) | array | List of gallerySolutions to be created in the log analytics workspace. | | [`linkedServices`](#parameter-linkedservices) | array | List of services to be linked. | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`publicNetworkAccessForIngestion`](#parameter-publicnetworkaccessforingestion) | string | The network access type for accessing Log Analytics ingestion. | | [`publicNetworkAccessForQuery`](#parameter-publicnetworkaccessforquery) | string | The network access type for accessing Log Analytics query. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | @@ -1182,11 +1188,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/power-bi-dedicated/capacity/README.md b/modules/power-bi-dedicated/capacity/README.md index 1b88bb161e..31bb96531e 100644 --- a/modules/power-bi-dedicated/capacity/README.md +++ b/modules/power-bi-dedicated/capacity/README.md @@ -26,13 +26,10 @@ The following section provides usage examples for the module, which were used to >**Note**: To reference the module, please use the following syntax `br:bicep/modules/power-bi-dedicated.capacity:1.0.0`. -- [Using large parameter set](#example-1-using-large-parameter-set) +- [Common](#example-1-common) - [Using only defaults](#example-2-using-only-defaults) -### Example 1: _Using large parameter set_ - -This instance deploys the module with most of its features enabled. - +### Example 1: _Common_
@@ -101,7 +98,10 @@ module capacity 'br:bicep/modules/power-bi-dedicated.capacity:1.0.0' = { "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "roleAssignments": { "value": [ diff --git a/modules/purview/account/README.md b/modules/purview/account/README.md index e056859426..9bf78ad43f 100644 --- a/modules/purview/account/README.md +++ b/modules/purview/account/README.md @@ -249,7 +249,10 @@ module account 'br:bicep/modules/purview.account:1.0.0' = { "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "managedResourceGroupName": { "value": "pvacom001-managed-rg" @@ -417,7 +420,7 @@ module account 'br:bicep/modules/purview.account:1.0.0' = { | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`eventHubPrivateEndpoints`](#parameter-eventhubprivateendpoints) | array | Configuration details for Purview Managed Event Hub namespace private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Make sure the service property is set to 'namespace'. | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`managedResourceGroupName`](#parameter-managedresourcegroupname) | string | The Managed Resource Group Name. A managed Storage Account, and an Event Hubs will be created in the selected subscription for catalog ingestion scenarios. Default is 'managed-rg-'. | | [`portalPrivateEndpoints`](#parameter-portalprivateendpoints) | array | Configuration details for Purview Portal private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Make sure the service property is set to 'portal'. | | [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | @@ -508,11 +511,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `managedResourceGroupName` diff --git a/modules/purview/account/main.bicep b/modules/purview/account/main.bicep index c479719a27..c954128917 100644 --- a/modules/purview/account/main.bicep +++ b/modules/purview/account/main.bicep @@ -174,7 +174,7 @@ module account_privateEndpoints '../../network/private-endpoint/main.bicep' = [f subnetResourceId: privateEndpoint.subnetResourceId enableDefaultTelemetry: enableReferencedModulesTelemetry location: contains(privateEndpoint, 'location') ? privateEndpoint.location : reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location - lock: contains(privateEndpoint, 'lock') ? privateEndpoint.lock : null + lock: privateEndpoint.?lock ?? lock privateDnsZoneGroupName: contains(privateEndpoint, 'privateDnsZoneGroupName') ? privateEndpoint.privateDnsZoneGroupName : 'default' privateDnsZoneResourceIds: contains(privateEndpoint, 'privateDnsZoneResourceIds') ? privateEndpoint.privateDnsZoneResourceIds : [] roleAssignments: contains(privateEndpoint, 'roleAssignments') ? privateEndpoint.roleAssignments : [] @@ -198,7 +198,7 @@ module portal_privateEndpoints '../../network/private-endpoint/main.bicep' = [fo subnetResourceId: privateEndpoint.subnetResourceId enableDefaultTelemetry: enableReferencedModulesTelemetry location: contains(privateEndpoint, 'location') ? privateEndpoint.location : reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location - lock: contains(privateEndpoint, 'lock') ? privateEndpoint.lock : null + lock: privateEndpoint.?lock ?? lock privateDnsZoneGroupName: contains(privateEndpoint, 'privateDnsZoneGroupName') ? privateEndpoint.privateDnsZoneGroupName : 'default' privateDnsZoneResourceIds: contains(privateEndpoint, 'privateDnsZoneResourceIds') ? privateEndpoint.privateDnsZoneResourceIds : [] roleAssignments: contains(privateEndpoint, 'roleAssignments') ? privateEndpoint.roleAssignments : [] @@ -222,7 +222,7 @@ module blob_privateEndpoints '../../network/private-endpoint/main.bicep' = [for subnetResourceId: privateEndpoint.subnetResourceId enableDefaultTelemetry: enableReferencedModulesTelemetry location: contains(privateEndpoint, 'location') ? privateEndpoint.location : reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location - lock: contains(privateEndpoint, 'lock') ? privateEndpoint.lock : null + lock: privateEndpoint.?lock ?? lock privateDnsZoneGroupName: contains(privateEndpoint, 'privateDnsZoneGroupName') ? privateEndpoint.privateDnsZoneGroupName : 'default' privateDnsZoneResourceIds: contains(privateEndpoint, 'privateDnsZoneResourceIds') ? privateEndpoint.privateDnsZoneResourceIds : [] roleAssignments: contains(privateEndpoint, 'roleAssignments') ? privateEndpoint.roleAssignments : [] @@ -246,7 +246,7 @@ module queue_privateEndpoints '../../network/private-endpoint/main.bicep' = [for subnetResourceId: privateEndpoint.subnetResourceId enableDefaultTelemetry: enableReferencedModulesTelemetry location: contains(privateEndpoint, 'location') ? privateEndpoint.location : reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location - lock: contains(privateEndpoint, 'lock') ? privateEndpoint.lock : null + lock: privateEndpoint.?lock ?? lock privateDnsZoneGroupName: contains(privateEndpoint, 'privateDnsZoneGroupName') ? privateEndpoint.privateDnsZoneGroupName : 'default' privateDnsZoneResourceIds: contains(privateEndpoint, 'privateDnsZoneResourceIds') ? privateEndpoint.privateDnsZoneResourceIds : [] roleAssignments: contains(privateEndpoint, 'roleAssignments') ? privateEndpoint.roleAssignments : [] @@ -270,7 +270,7 @@ module eventHub_privateEndpoints '../../network/private-endpoint/main.bicep' = [ subnetResourceId: privateEndpoint.subnetResourceId enableDefaultTelemetry: enableReferencedModulesTelemetry location: contains(privateEndpoint, 'location') ? privateEndpoint.location : reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location - lock: contains(privateEndpoint, 'lock') ? privateEndpoint.lock : null + lock: privateEndpoint.?lock ?? lock privateDnsZoneGroupName: contains(privateEndpoint, 'privateDnsZoneGroupName') ? privateEndpoint.privateDnsZoneGroupName : 'default' privateDnsZoneResourceIds: contains(privateEndpoint, 'privateDnsZoneResourceIds') ? privateEndpoint.privateDnsZoneResourceIds : [] roleAssignments: contains(privateEndpoint, 'roleAssignments') ? privateEndpoint.roleAssignments : [] diff --git a/modules/recovery-services/vault/README.md b/modules/recovery-services/vault/README.md index 85c6c0292c..d395d192bb 100644 --- a/modules/recovery-services/vault/README.md +++ b/modules/recovery-services/vault/README.md @@ -637,7 +637,10 @@ module vault 'br:bicep/modules/recovery-services.vault:1.0.0' = { "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "monitoringSettings": { "value": { @@ -952,7 +955,7 @@ module vault 'br:bicep/modules/recovery-services.vault:1.0.0' = { | [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`monitoringSettings`](#parameter-monitoringsettings) | object | Monitoring Settings of the vault. | | [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | | [`protectionContainers`](#parameter-protectioncontainers) | array | List of all protection containers. | @@ -1054,11 +1057,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `monitoringSettings` diff --git a/modules/recovery-services/vault/main.bicep b/modules/recovery-services/vault/main.bicep index 4a5d4733c8..9aba253cc8 100644 --- a/modules/recovery-services/vault/main.bicep +++ b/modules/recovery-services/vault/main.bicep @@ -290,7 +290,7 @@ module rsv_privateEndpoints '../../network/private-endpoint/main.bicep' = [for ( subnetResourceId: privateEndpoint.subnetResourceId enableDefaultTelemetry: enableReferencedModulesTelemetry location: contains(privateEndpoint, 'location') ? privateEndpoint.location : reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location - lock: contains(privateEndpoint, 'lock') ? privateEndpoint.lock : null + lock: privateEndpoint.?lock ?? lock privateDnsZoneGroupName: contains(privateEndpoint, 'privateDnsZoneGroupName') ? privateEndpoint.privateDnsZoneGroupName : 'default' privateDnsZoneResourceIds: contains(privateEndpoint, 'privateDnsZoneResourceIds') ? privateEndpoint.privateDnsZoneResourceIds : [] roleAssignments: contains(privateEndpoint, 'roleAssignments') ? privateEndpoint.roleAssignments : [] diff --git a/modules/relay/namespace/README.md b/modules/relay/namespace/README.md index 150b5bbe83..f6401b007e 100644 --- a/modules/relay/namespace/README.md +++ b/modules/relay/namespace/README.md @@ -235,7 +235,10 @@ module namespace 'br:bicep/modules/relay.namespace:1.0.0' = { ] }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "networkRuleSets": { "value": { @@ -485,7 +488,7 @@ module namespace 'br:bicep/modules/relay.namespace:1.0.0' = { | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`hybridConnections`](#parameter-hybridconnections) | array | The hybrid connections to create in the relay namespace. | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`networkRuleSets`](#parameter-networkrulesets) | object | Configure networking options for Relay. This object contains IPs/Subnets to allow or restrict access to private endpoints only. For security reasons, it is recommended to configure this object on the Namespace. | | [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | @@ -574,11 +577,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/relay/namespace/hybrid-connection/README.md b/modules/relay/namespace/hybrid-connection/README.md index c2b68a3256..456584f99d 100644 --- a/modules/relay/namespace/hybrid-connection/README.md +++ b/modules/relay/namespace/hybrid-connection/README.md @@ -39,7 +39,7 @@ This module deploys a Relay Namespace Hybrid Connection. | :-- | :-- | :-- | | [`authorizationRules`](#parameter-authorizationrules) | array | Authorization Rules for the Relay Hybrid Connection. | | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`requiresClientAuthorization`](#parameter-requiresclientauthorization) | bool | A value indicating if this hybrid connection requires client authorization. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | @@ -59,11 +59,30 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/relay/namespace/main.bicep b/modules/relay/namespace/main.bicep index f59024661b..f046b74a59 100644 --- a/modules/relay/namespace/main.bicep +++ b/modules/relay/namespace/main.bicep @@ -251,7 +251,7 @@ module namespace_privateEndpoints '../../network/private-endpoint/main.bicep' = subnetResourceId: privateEndpoint.subnetResourceId enableDefaultTelemetry: enableReferencedModulesTelemetry location: contains(privateEndpoint, 'location') ? privateEndpoint.location : reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location - lock: contains(privateEndpoint, 'lock') ? privateEndpoint.lock : null + lock: privateEndpoint.?lock ?? lock privateDnsZoneGroupName: contains(privateEndpoint, 'privateDnsZoneGroupName') ? privateEndpoint.privateDnsZoneGroupName : 'default' privateDnsZoneResourceIds: contains(privateEndpoint, 'privateDnsZoneResourceIds') ? privateEndpoint.privateDnsZoneResourceIds : [] roleAssignments: contains(privateEndpoint, 'roleAssignments') ? privateEndpoint.roleAssignments : [] diff --git a/modules/relay/namespace/wcf-relay/README.md b/modules/relay/namespace/wcf-relay/README.md index bb155573b1..84650d63d5 100644 --- a/modules/relay/namespace/wcf-relay/README.md +++ b/modules/relay/namespace/wcf-relay/README.md @@ -39,7 +39,7 @@ This module deploys a Relay Namespace WCF Relay. | :-- | :-- | :-- | | [`authorizationRules`](#parameter-authorizationrules) | array | Authorization Rules for the WCF Relay. | | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`requiresClientAuthorization`](#parameter-requiresclientauthorization) | bool | A value indicating if this relay requires client authorization. | | [`requiresTransportSecurity`](#parameter-requirestransportsecurity) | bool | A value indicating if this relay requires transport security. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | @@ -61,11 +61,30 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/resource-graph/query/README.md b/modules/resource-graph/query/README.md index e634f1e83b..3b88be6cc5 100644 --- a/modules/resource-graph/query/README.md +++ b/modules/resource-graph/query/README.md @@ -94,7 +94,10 @@ module query 'br:bicep/modules/resource-graph.query:1.0.0' = { "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "queryDescription": { "value": "An example query to list first 10 resources in the subscription." @@ -192,7 +195,7 @@ module query 'br:bicep/modules/resource-graph.query:1.0.0' = { | :-- | :-- | :-- | | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`queryDescription`](#parameter-querydescription) | string | The description of a graph query. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`tags`](#parameter-tags) | object | Tags of the resource. | @@ -213,11 +216,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/resources/deployment-script/README.md b/modules/resources/deployment-script/README.md index b05ab07d14..35e3486eb6 100644 --- a/modules/resources/deployment-script/README.md +++ b/modules/resources/deployment-script/README.md @@ -219,7 +219,10 @@ module deploymentScript 'br:bicep/modules/resources.deployment-script:1.0.0' = { "value": "AzurePowerShell" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "retentionInterval": { "value": "P1D" @@ -277,7 +280,7 @@ module deploymentScript 'br:bicep/modules/resources.deployment-script:1.0.0' = { | [`environmentVariables`](#parameter-environmentvariables) | secureObject | The environment variables to pass over to the script. The list is passed as an object with a key name "secureList" and the value is the list of environment variables (array). The list must have a 'name' and a 'value' or a 'secretValue' property for each object. | | [`kind`](#parameter-kind) | string | Type of the script. AzurePowerShell, AzureCLI. | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`primaryScriptUri`](#parameter-primaryscripturi) | string | Uri for the external script. This is the entry point for the external script. To run an internal script, use the scriptContent instead. | | [`retentionInterval`](#parameter-retentioninterval) | string | Interval for which the service retains the script resource after it reaches a terminal state. Resource will be deleted when this duration expires. Duration is based on ISO 8601 pattern (for example P7D means one week). | | [`runOnce`](#parameter-runonce) | bool | When set to false, script will run every time the template is deployed. When set to true, the script will only run once. | @@ -368,11 +371,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/resources/resource-group/README.md b/modules/resources/resource-group/README.md index 96082a1eb5..55dd524743 100644 --- a/modules/resources/resource-group/README.md +++ b/modules/resources/resource-group/README.md @@ -89,7 +89,10 @@ module resourceGroup 'br:bicep/modules/resources.resource-group:1.0.0' = { "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "roleAssignments": { "value": [ @@ -179,7 +182,7 @@ module resourceGroup 'br:bicep/modules/resources.resource-group:1.0.0' = { | :-- | :-- | :-- | | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`location`](#parameter-location) | string | Location of the Resource Group. It uses the deployment's location when not provided. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`managedBy`](#parameter-managedby) | string | The ID of the resource that manages this resource group. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`tags`](#parameter-tags) | object | Tags of the storage account resource. | @@ -200,11 +203,30 @@ Location of the Resource Group. It uses the deployment's location when not provi ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `managedBy` diff --git a/modules/search/search-service/README.md b/modules/search/search-service/README.md index f23ebae245..e9f3856044 100644 --- a/modules/search/search-service/README.md +++ b/modules/search/search-service/README.md @@ -155,7 +155,10 @@ module searchService 'br:bicep/modules/search.search-service:1.0.0' = { "value": "highDensity" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "networkRuleSet": { "value": { @@ -410,7 +413,7 @@ module searchService 'br:bicep/modules/search.search-service:1.0.0' = { | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via the Customer Usage Attribution ID (GUID). | | [`hostingMode`](#parameter-hostingmode) | string | Applicable only for the standard3 SKU. You can set this property to enable up to 3 high density partitions that allow up to 1000 indexes, which is much higher than the maximum indexes allowed for any other SKU. For the standard3 SKU, the value is either 'default' or 'highDensity'. For all other SKUs, this value must be 'default'. | | [`location`](#parameter-location) | string | Location for all Resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`networkRuleSet`](#parameter-networkruleset) | object | Network specific rules that determine how the Azure Cognitive Search service may be reached. | | [`partitionCount`](#parameter-partitioncount) | int | The number of partitions in the search service; if specified, it can be 1, 2, 3, 4, 6, or 12. Values greater than 1 are only valid for standard SKUs. For 'standard3' services with hostingMode set to 'highDensity', the allowed values are between 1 and 3. | | [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | @@ -519,11 +522,30 @@ Location for all Resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/search/search-service/main.bicep b/modules/search/search-service/main.bicep index 4be0ba1260..ec23b415e8 100644 --- a/modules/search/search-service/main.bicep +++ b/modules/search/search-service/main.bicep @@ -224,7 +224,7 @@ module searchService_privateEndpoints '../../network/private-endpoint/main.bicep subnetResourceId: privateEndpoint.subnetResourceId enableDefaultTelemetry: enableReferencedModulesTelemetry location: contains(privateEndpoint, 'location') ? privateEndpoint.location : reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location - lock: contains(privateEndpoint, 'lock') ? privateEndpoint.lock : null + lock: privateEndpoint.?lock ?? lock privateDnsZoneGroupName: contains(privateEndpoint, 'privateDnsZoneGroupName') ? privateEndpoint.privateDnsZoneGroupName : 'default' privateDnsZoneResourceIds: contains(privateEndpoint, 'privateDnsZoneResourceIds') ? privateEndpoint.privateDnsZoneResourceIds : [] roleAssignments: contains(privateEndpoint, 'roleAssignments') ? privateEndpoint.roleAssignments : [] diff --git a/modules/service-bus/namespace/README.md b/modules/service-bus/namespace/README.md index 7bce52fbd6..5570075f12 100644 --- a/modules/service-bus/namespace/README.md +++ b/modules/service-bus/namespace/README.md @@ -266,7 +266,10 @@ module namespace 'br:bicep/modules/service-bus.namespace:1.0.0' = { "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "minimumTlsVersion": { "value": "1.2" @@ -786,7 +789,7 @@ module namespace 'br:bicep/modules/service-bus.namespace:1.0.0' = { | [`disasterRecoveryConfigs`](#parameter-disasterrecoveryconfigs) | object | The disaster recovery configuration. | | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`migrationConfigurations`](#parameter-migrationconfigurations) | object | The migration configuration. | | [`minimumTlsVersion`](#parameter-minimumtlsversion) | string | The minimum TLS version for the cluster to support. | | [`networkRuleSets`](#parameter-networkrulesets) | object | Configure networking options for Premium SKU Service Bus. This object contains IPs/Subnets to allow or restrict access to private endpoints only. For security reasons, it is recommended to configure this object on the Namespace. | @@ -927,11 +930,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `migrationConfigurations` diff --git a/modules/service-bus/namespace/main.bicep b/modules/service-bus/namespace/main.bicep index 28b5bd7e73..c61e51efbd 100644 --- a/modules/service-bus/namespace/main.bicep +++ b/modules/service-bus/namespace/main.bicep @@ -381,7 +381,7 @@ module serviceBusNamespace_privateEndpoints '../../network/private-endpoint/main subnetResourceId: privateEndpoint.subnetResourceId enableDefaultTelemetry: enableReferencedModulesTelemetry location: contains(privateEndpoint, 'location') ? privateEndpoint.location : reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location - lock: contains(privateEndpoint, 'lock') ? privateEndpoint.lock : null + lock: privateEndpoint.?lock ?? lock privateDnsZoneGroupName: contains(privateEndpoint, 'privateDnsZoneGroupName') ? privateEndpoint.privateDnsZoneGroupName : 'default' privateDnsZoneResourceIds: contains(privateEndpoint, 'privateDnsZoneResourceIds') ? privateEndpoint.privateDnsZoneResourceIds : [] roleAssignments: contains(privateEndpoint, 'roleAssignments') ? privateEndpoint.roleAssignments : [] diff --git a/modules/service-bus/namespace/queue/README.md b/modules/service-bus/namespace/queue/README.md index e77f024a24..34e5ebc5f7 100644 --- a/modules/service-bus/namespace/queue/README.md +++ b/modules/service-bus/namespace/queue/README.md @@ -47,7 +47,7 @@ This module deploys a Service Bus Namespace Queue. | [`enablePartitioning`](#parameter-enablepartitioning) | bool | A value that indicates whether the queue is to be partitioned across multiple message brokers. | | [`forwardDeadLetteredMessagesTo`](#parameter-forwarddeadletteredmessagesto) | string | Queue/Topic name to forward the Dead Letter message. | | [`forwardTo`](#parameter-forwardto) | string | Queue/Topic name to forward the messages. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`lockDuration`](#parameter-lockduration) | string | ISO 8601 timespan duration of a peek-lock; that is, the amount of time that the message is locked for other receivers. The maximum value for LockDuration is 5 minutes; the default value is 1 minute. | | [`maxDeliveryCount`](#parameter-maxdeliverycount) | int | The maximum delivery count. A message is automatically deadlettered after this number of deliveries. default value is 10. | | [`maxMessageSizeInKilobytes`](#parameter-maxmessagesizeinkilobytes) | int | Maximum size (in KB) of the message payload that can be accepted by the queue. This property is only used in Premium today and default is 1024. | @@ -136,11 +136,30 @@ Queue/Topic name to forward the messages. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `lockDuration` diff --git a/modules/service-bus/namespace/topic/README.md b/modules/service-bus/namespace/topic/README.md index a554531ad1..00edc62f20 100644 --- a/modules/service-bus/namespace/topic/README.md +++ b/modules/service-bus/namespace/topic/README.md @@ -44,7 +44,7 @@ This module deploys a Service Bus Namespace Topic. | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`enableExpress`](#parameter-enableexpress) | bool | A value that indicates whether Express Entities are enabled. An express topic holds a message in memory temporarily before writing it to persistent storage. | | [`enablePartitioning`](#parameter-enablepartitioning) | bool | A value that indicates whether the topic is to be partitioned across multiple message brokers. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`maxMessageSizeInKilobytes`](#parameter-maxmessagesizeinkilobytes) | int | Maximum size (in KB) of the message payload that can be accepted by the topic. This property is only used in Premium today and default is 1024. | | [`maxSizeInMegabytes`](#parameter-maxsizeinmegabytes) | int | The maximum size of the topic in megabytes, which is the size of memory allocated for the topic. Default is 1024. | | [`requiresDuplicateDetection`](#parameter-requiresduplicatedetection) | bool | A value indicating if this topic requires duplicate detection. | @@ -110,11 +110,30 @@ A value that indicates whether the topic is to be partitioned across multiple me ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `maxMessageSizeInKilobytes` diff --git a/modules/service-fabric/cluster/README.md b/modules/service-fabric/cluster/README.md index 841790a974..9a23c79968 100644 --- a/modules/service-fabric/cluster/README.md +++ b/modules/service-fabric/cluster/README.md @@ -488,7 +488,10 @@ module cluster 'br:bicep/modules/service-fabric.cluster:1.0.0' = { ] }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "maxUnusedVersionsToKeep": { "value": 2 @@ -680,7 +683,7 @@ module cluster 'br:bicep/modules/service-fabric.cluster:1.0.0' = { | [`fabricSettings`](#parameter-fabricsettings) | array | The list of custom fabric settings to configure the cluster. | | [`infrastructureServiceManager`](#parameter-infrastructureservicemanager) | bool | Indicates if infrastructure service manager is enabled. | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`maxUnusedVersionsToKeep`](#parameter-maxunusedversionstokeep) | int | Number of unused versions per application type to keep. | | [`notifications`](#parameter-notifications) | array | Indicates a list of notification channels for cluster events. | | [`reverseProxyCertificate`](#parameter-reverseproxycertificate) | object | Describes the certificate details. | @@ -798,11 +801,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `managementEndpoint` diff --git a/modules/signal-r-service/signal-r/README.md b/modules/signal-r-service/signal-r/README.md index 5f77d02774..c20907e3a1 100644 --- a/modules/signal-r-service/signal-r/README.md +++ b/modules/signal-r-service/signal-r/README.md @@ -154,7 +154,10 @@ module signalR 'br:bicep/modules/signal-r-service.signal-r:1.0.0' = { "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "networkAcls": { "value": { @@ -299,7 +302,7 @@ module signalR 'br:bicep/modules/signal-r-service.signal-r:1.0.0' = { | [`kind`](#parameter-kind) | string | The kind of the service. | | [`liveTraceCatagoriesToEnable`](#parameter-livetracecatagoriestoenable) | array | Control permission for data plane traffic coming from public networks while private endpoint is enabled. | | [`location`](#parameter-location) | string | The location for the resource. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`networkAcls`](#parameter-networkacls) | object | Networks ACLs, this value contains IPs to allow and/or Subnet information. Can only be set if the 'SKU' is not 'Free_F1'. For security reasons, it is recommended to set the DefaultAction Deny. | | [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | | [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | @@ -383,11 +386,30 @@ The location for the resource. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/signal-r-service/signal-r/main.bicep b/modules/signal-r-service/signal-r/main.bicep index d9cfdc0d1e..ac72680f58 100644 --- a/modules/signal-r-service/signal-r/main.bicep +++ b/modules/signal-r-service/signal-r/main.bicep @@ -167,7 +167,7 @@ module signalR_privateEndpoints '../../network/private-endpoint/main.bicep' = [f serviceResourceId: signalR.id subnetResourceId: privateEndpoint.subnetResourceId location: contains(privateEndpoint, 'location') ? privateEndpoint.location : reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location - lock: contains(privateEndpoint, 'lock') ? privateEndpoint.lock : null + lock: privateEndpoint.?lock ?? lock privateDnsZoneGroupName: contains(privateEndpoint, 'privateDnsZoneGroupName') ? privateEndpoint.privateDnsZoneGroupName : 'default' privateDnsZoneResourceIds: contains(privateEndpoint, 'privateDnsZoneResourceIds') ? privateEndpoint.privateDnsZoneResourceIds : [] roleAssignments: contains(privateEndpoint, 'roleAssignments') ? privateEndpoint.roleAssignments : [] diff --git a/modules/signal-r-service/web-pub-sub/README.md b/modules/signal-r-service/web-pub-sub/README.md index 6700064c9d..64d344e31e 100644 --- a/modules/signal-r-service/web-pub-sub/README.md +++ b/modules/signal-r-service/web-pub-sub/README.md @@ -152,7 +152,10 @@ module webPubSub 'br:bicep/modules/signal-r-service.web-pub-sub:1.0.0' = { "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "networkAcls": { "value": { @@ -391,7 +394,7 @@ module webPubSub 'br:bicep/modules/signal-r-service.web-pub-sub:1.0.0' = { | [`disableLocalAuth`](#parameter-disablelocalauth) | bool | Disables all authentication methods other than AAD authentication. For security reasons, this value should be set to `true`. | | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`location`](#parameter-location) | string | The location for the resource. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`networkAcls`](#parameter-networkacls) | object | Networks ACLs, this value contains IPs to allow and/or Subnet information. Can only be set if the 'SKU' is not 'Free_F1'. For security reasons, it is recommended to set the DefaultAction Deny. | | [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | | [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | @@ -446,11 +449,30 @@ The location for the resource. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/signal-r-service/web-pub-sub/main.bicep b/modules/signal-r-service/web-pub-sub/main.bicep index 11bfa0bcc0..3e566959f7 100644 --- a/modules/signal-r-service/web-pub-sub/main.bicep +++ b/modules/signal-r-service/web-pub-sub/main.bicep @@ -127,7 +127,7 @@ module webPubSub_privateEndpoints '../../network/private-endpoint/main.bicep' = serviceResourceId: webPubSub.id subnetResourceId: privateEndpoint.subnetResourceId location: contains(privateEndpoint, 'location') ? privateEndpoint.location : reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location - lock: contains(privateEndpoint, 'lock') ? privateEndpoint.lock : null + lock: privateEndpoint.?lock ?? lock privateDnsZoneGroupName: contains(privateEndpoint, 'privateDnsZoneGroupName') ? privateEndpoint.privateDnsZoneGroupName : 'default' privateDnsZoneResourceIds: contains(privateEndpoint, 'privateDnsZoneResourceIds') ? privateEndpoint.privateDnsZoneResourceIds : [] roleAssignments: contains(privateEndpoint, 'roleAssignments') ? privateEndpoint.roleAssignments : [] diff --git a/modules/sql/managed-instance/README.md b/modules/sql/managed-instance/README.md index fa41121d2c..ac4a8865d5 100644 --- a/modules/sql/managed-instance/README.md +++ b/modules/sql/managed-instance/README.md @@ -219,7 +219,10 @@ module managedInstance 'br:bicep/modules/sql.managed-instance:1.0.0' = { "value": "LicenseIncluded" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "primaryUserAssignedIdentityId": { "value": "" @@ -506,7 +509,7 @@ module managedInstance 'br:bicep/modules/sql.managed-instance:1.0.0' = { | [`keys`](#parameter-keys) | array | The keys to configure. | | [`licenseType`](#parameter-licensetype) | string | The license type. Possible values are 'LicenseIncluded' (regular price inclusive of a new SQL license) and 'BasePrice' (discounted AHB price for bringing your own SQL licenses). | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`managedInstanceCreateMode`](#parameter-managedinstancecreatemode) | string | Specifies the mode of database creation. Default: Regular instance creation. Restore: Creates an instance by restoring a set of backups to specific point in time. RestorePointInTime and SourceManagedInstanceId must be specified. | | [`minimalTlsVersion`](#parameter-minimaltlsversion) | string | Minimal TLS version allowed. | | [`proxyOverride`](#parameter-proxyoverride) | string | Connection type used for connecting to the instance. | @@ -671,11 +674,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `managedInstanceCreateMode` diff --git a/modules/sql/managed-instance/database/README.md b/modules/sql/managed-instance/database/README.md index bb78204f3f..9644941f7e 100644 --- a/modules/sql/managed-instance/database/README.md +++ b/modules/sql/managed-instance/database/README.md @@ -14,7 +14,7 @@ This module deploys a SQL Managed Instance Database. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | -| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | +| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/diagnosticSettings) | | `Microsoft.Sql/managedInstances/databases` | [2022-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/2022-05-01-preview/managedInstances/databases) | | `Microsoft.Sql/managedInstances/databases/backupLongTermRetentionPolicies` | [2022-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/2022-05-01-preview/managedInstances/databases/backupLongTermRetentionPolicies) | | `Microsoft.Sql/managedInstances/databases/backupShortTermRetentionPolicies` | [2022-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/2022-05-01-preview/managedInstances/databases/backupShortTermRetentionPolicies) | @@ -56,7 +56,7 @@ This module deploys a SQL Managed Instance Database. | [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`restorableDroppedDatabaseId`](#parameter-restorabledroppeddatabaseid) | string | The restorable dropped database resource ID to restore when creating this database. | | [`tags`](#parameter-tags) | object | Tags of the resource. | @@ -155,11 +155,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `longTermRetentionBackupResourceId` diff --git a/modules/sql/server/README.md b/modules/sql/server/README.md index 18dd77d804..98bd2ab4d8 100644 --- a/modules/sql/server/README.md +++ b/modules/sql/server/README.md @@ -328,7 +328,10 @@ module server 'br:bicep/modules/sql.server:1.0.0' = { "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "primaryUserAssignedIdentityId": { "value": "" @@ -632,7 +635,7 @@ module server 'br:bicep/modules/sql.server:1.0.0' = { | [`firewallRules`](#parameter-firewallrules) | array | The firewall rules to create in the server. | | [`keys`](#parameter-keys) | array | The keys to configure. | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`minimalTlsVersion`](#parameter-minimaltlsversion) | string | Minimal TLS version allowed. | | [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | | [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and neither firewall rules nor virtual network rules are set. | @@ -717,11 +720,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `minimalTlsVersion` diff --git a/modules/sql/server/main.bicep b/modules/sql/server/main.bicep index 760fa1989e..bce8cddafd 100644 --- a/modules/sql/server/main.bicep +++ b/modules/sql/server/main.bicep @@ -236,7 +236,7 @@ module server_privateEndpoints '../../network/private-endpoint/main.bicep' = [fo subnetResourceId: privateEndpoint.subnetResourceId enableDefaultTelemetry: enableReferencedModulesTelemetry location: contains(privateEndpoint, 'location') ? privateEndpoint.location : reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location - lock: contains(privateEndpoint, 'lock') ? privateEndpoint.lock : null + lock: privateEndpoint.?lock ?? lock privateDnsZoneGroupName: contains(privateEndpoint, 'privateDnsZoneGroupName') ? privateEndpoint.privateDnsZoneGroupName : 'default' privateDnsZoneResourceIds: contains(privateEndpoint, 'privateDnsZoneResourceIds') ? privateEndpoint.privateDnsZoneResourceIds : [] roleAssignments: contains(privateEndpoint, 'roleAssignments') ? privateEndpoint.roleAssignments : [] diff --git a/modules/storage/storage-account/README.md b/modules/storage/storage-account/README.md index 924ec349dd..76ae6d27a8 100644 --- a/modules/storage/storage-account/README.md +++ b/modules/storage/storage-account/README.md @@ -422,7 +422,10 @@ module storageAccount 'br:bicep/modules/storage.storage-account:1.0.0' = { ] }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "managementPolicyRules": { "value": [ @@ -902,7 +905,10 @@ module storageAccount 'br:bicep/modules/storage.storage-account:1.0.0' = { "value": "FileStorage" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "roleAssignments": { "value": [ @@ -1057,7 +1063,7 @@ module storageAccount 'br:bicep/modules/storage.storage-account:1.0.0' = { | [`largeFileSharesState`](#parameter-largefilesharesstate) | string | Allow large file shares if sets to 'Enabled'. It cannot be disabled once it is enabled. Only supported on locally redundant and zone redundant file shares. It cannot be set on FileStorage storage accounts (storage accounts for premium file shares). | | [`localUsers`](#parameter-localusers) | array | Local users to deploy for SFTP authentication. | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`managementPolicyRules`](#parameter-managementpolicyrules) | array | The Storage Account ManagementPolicies Rules. | | [`minimumTlsVersion`](#parameter-minimumtlsversion) | string | Set the minimum TLS version on request to storage. | | [`networkAcls`](#parameter-networkacls) | object | Networks ACLs, this value contains IPs to whitelist and/or Subnet information. For security reasons, it is recommended to set the DefaultAction Deny. | @@ -1299,11 +1305,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `managementPolicyRules` diff --git a/modules/storage/storage-account/main.bicep b/modules/storage/storage-account/main.bicep index 6dcf3fd383..e53ed5fe12 100644 --- a/modules/storage/storage-account/main.bicep +++ b/modules/storage/storage-account/main.bicep @@ -346,7 +346,7 @@ module storageAccount_privateEndpoints '../../network/private-endpoint/main.bice subnetResourceId: privateEndpoint.subnetResourceId enableDefaultTelemetry: enableReferencedModulesTelemetry location: contains(privateEndpoint, 'location') ? privateEndpoint.location : reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location - lock: contains(privateEndpoint, 'lock') ? privateEndpoint.lock : null + lock: privateEndpoint.?lock ?? lock privateDnsZoneGroupName: contains(privateEndpoint, 'privateDnsZoneGroupName') ? privateEndpoint.privateDnsZoneGroupName : 'default' privateDnsZoneResourceIds: contains(privateEndpoint, 'privateDnsZoneResourceIds') ? privateEndpoint.privateDnsZoneResourceIds : [] roleAssignments: contains(privateEndpoint, 'roleAssignments') ? privateEndpoint.roleAssignments : [] diff --git a/modules/synapse/private-link-hub/README.md b/modules/synapse/private-link-hub/README.md index 457ae20372..b48aa3a61c 100644 --- a/modules/synapse/private-link-hub/README.md +++ b/modules/synapse/private-link-hub/README.md @@ -113,7 +113,10 @@ module privateLinkHub 'br:bicep/modules/synapse.private-link-hub:1.0.0' = { "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "privateEndpoints": { "value": [ @@ -227,7 +230,7 @@ module privateLinkHub 'br:bicep/modules/synapse.private-link-hub:1.0.0' = { | :-- | :-- | :-- | | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`location`](#parameter-location) | string | The geo-location where the resource lives. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`tags`](#parameter-tags) | object | Tags of the resource. | @@ -248,11 +251,30 @@ The geo-location where the resource lives. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/synapse/private-link-hub/main.bicep b/modules/synapse/private-link-hub/main.bicep index b898b450ee..cfb50ac903 100644 --- a/modules/synapse/private-link-hub/main.bicep +++ b/modules/synapse/private-link-hub/main.bicep @@ -79,7 +79,7 @@ module privateLinkHub_privateEndpoints '../../network/private-endpoint/main.bice subnetResourceId: privateEndpoint.subnetResourceId enableDefaultTelemetry: enableReferencedModulesTelemetry location: contains(privateEndpoint, 'location') ? privateEndpoint.location : reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location - lock: contains(privateEndpoint, 'lock') ? privateEndpoint.lock : null + lock: privateEndpoint.?lock ?? lock privateDnsZoneGroupName: contains(privateEndpoint, 'privateDnsZoneGroupName') ? privateEndpoint.privateDnsZoneGroupName : 'default' privateDnsZoneResourceIds: contains(privateEndpoint, 'privateDnsZoneResourceIds') ? privateEndpoint.privateDnsZoneResourceIds : [] roleAssignments: contains(privateEndpoint, 'roleAssignments') ? privateEndpoint.roleAssignments : [] diff --git a/modules/synapse/workspace/README.md b/modules/synapse/workspace/README.md index 7f228e9711..3c1a4f548b 100644 --- a/modules/synapse/workspace/README.md +++ b/modules/synapse/workspace/README.md @@ -566,7 +566,7 @@ module workspace 'br:bicep/modules/synapse.workspace:1.0.0' = { | [`integrationRuntimes`](#parameter-integrationruntimes) | array | The Integration Runtimes to create. | | [`linkedAccessCheckOnTargetResource`](#parameter-linkedaccesscheckontargetresource) | bool | Linked Access Check On Target Resource. | | [`location`](#parameter-location) | string | The geo-location where the resource lives. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`managedResourceGroupName`](#parameter-managedresourcegroupname) | string | Workspace managed resource group. The resource group name uniquely identifies the resource group within the user subscriptionId. The resource group name must be no longer than 90 characters long, and must be alphanumeric characters (Char.IsLetterOrDigit()) and '-', '_', '(', ')' and'.'. Note that the name cannot end with '.'. | | [`managedVirtualNetwork`](#parameter-managedvirtualnetwork) | bool | Enable this to ensure that connection from your workspace to your data sources use Azure Private Links. You can create managed private endpoints to your data sources. | | [`preventDataExfiltration`](#parameter-preventdataexfiltration) | bool | Prevent Data Exfiltration. | @@ -734,11 +734,30 @@ The geo-location where the resource lives. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `managedResourceGroupName` diff --git a/modules/synapse/workspace/main.bicep b/modules/synapse/workspace/main.bicep index 8e7e9dfb23..0d039d366d 100644 --- a/modules/synapse/workspace/main.bicep +++ b/modules/synapse/workspace/main.bicep @@ -295,7 +295,7 @@ module workspace_privateEndpoints '../../network/private-endpoint/main.bicep' = subnetResourceId: privateEndpoint.subnetResourceId enableDefaultTelemetry: enableReferencedModulesTelemetry location: contains(privateEndpoint, 'location') ? privateEndpoint.location : reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location - lock: contains(privateEndpoint, 'lock') ? privateEndpoint.lock : null + lock: privateEndpoint.?lock ?? lock privateDnsZoneGroupName: contains(privateEndpoint, 'privateDnsZoneGroupName') ? privateEndpoint.privateDnsZoneGroupName : 'default' privateDnsZoneResourceIds: contains(privateEndpoint, 'privateDnsZoneResourceIds') ? privateEndpoint.privateDnsZoneResourceIds : [] roleAssignments: contains(privateEndpoint, 'roleAssignments') ? privateEndpoint.roleAssignments : [] diff --git a/modules/virtual-machine-images/image-template/README.md b/modules/virtual-machine-images/image-template/README.md index e65476a0f8..9a2d0010eb 100644 --- a/modules/virtual-machine-images/image-template/README.md +++ b/modules/virtual-machine-images/image-template/README.md @@ -144,7 +144,10 @@ module imageTemplate 'br:bicep/modules/virtual-machine-images.image-template:1.0 "value": [] }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "managedImageName": { "value": "mi-vmiitcom-001" @@ -314,7 +317,7 @@ module imageTemplate 'br:bicep/modules/virtual-machine-images.image-template:1.0 | [`excludeFromLatest`](#parameter-excludefromlatest) | bool | Exclude the created Azure Compute Gallery image version from the latest. | | [`imageReplicationRegions`](#parameter-imagereplicationregions) | array | List of the regions the image produced by this solution should be stored in the Shared Image Gallery. When left empty, the deployment's location will be taken as a default value. | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`managedImageName`](#parameter-managedimagename) | string | Name of the managed image that will be created in the AIB resourcegroup. | | [`osDiskSizeGB`](#parameter-osdisksizegb) | int | Specifies the size of OS disk. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | @@ -391,11 +394,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `managedImageName` diff --git a/modules/web/connection/README.md b/modules/web/connection/README.md index a4bda0f809..9675791fd6 100644 --- a/modules/web/connection/README.md +++ b/modules/web/connection/README.md @@ -100,7 +100,10 @@ module connection 'br:bicep/modules/web.connection:1.0.0' = { "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "roleAssignments": { "value": [ @@ -145,7 +148,7 @@ module connection 'br:bicep/modules/web.connection:1.0.0' = { | [`customParameterValues`](#parameter-customparametervalues) | object | Customized parameter values for specific connections. | | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`location`](#parameter-location) | string | Location of the deployment. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`nonSecretParameterValues`](#parameter-nonsecretparametervalues) | object | Dictionary of nonsecret parameter values. | | [`parameterValues`](#parameter-parametervalues) | secureObject | Connection strings or access keys for connection. Example: 'accountName' and 'accessKey' when using blobs. It can change depending on the resource. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | @@ -189,11 +192,30 @@ Location of the deployment. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/web/hosting-environment/README.md b/modules/web/hosting-environment/README.md index e8c0ff336a..c599b24620 100644 --- a/modules/web/hosting-environment/README.md +++ b/modules/web/hosting-environment/README.md @@ -139,7 +139,10 @@ module hostingEnvironment 'br:bicep/modules/web.hosting-environment:1.0.0' = { "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "multiSize": { "value": "Standard_D1_V2" @@ -306,7 +309,10 @@ module hostingEnvironment 'br:bicep/modules/web.hosting-environment:1.0.0' = { "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "remoteDebugEnabled": { "value": true @@ -387,7 +393,7 @@ module hostingEnvironment 'br:bicep/modules/web.hosting-environment:1.0.0' = { | [`ipsslAddressCount`](#parameter-ipssladdresscount) | int | Number of IP SSL addresses reserved for the App Service Environment. Cannot be used when kind is set to ASEv3. | | [`kind`](#parameter-kind) | string | Kind of resource. | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`multiSize`](#parameter-multisize) | string | Frontend VM size. Cannot be used when kind is set to ASEv3. | | [`remoteDebugEnabled`](#parameter-remotedebugenabled) | bool | Property to enable and disable Remote Debug on ASEv3. Ignored when kind is set to ASEv2. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | @@ -550,11 +556,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `multiSize` diff --git a/modules/web/serverfarm/README.md b/modules/web/serverfarm/README.md index 86f5578e32..6210f6bb52 100644 --- a/modules/web/serverfarm/README.md +++ b/modules/web/serverfarm/README.md @@ -121,7 +121,10 @@ module serverfarm 'br:bicep/modules/web.serverfarm:1.0.0' = { "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "roleAssignments": { "value": [ @@ -171,7 +174,7 @@ module serverfarm 'br:bicep/modules/web.serverfarm:1.0.0' = { | [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`maximumElasticWorkerCount`](#parameter-maximumelasticworkercount) | int | Maximum number of total workers allowed for this ElasticScaleEnabled App Service Plan. | | [`perSiteScaling`](#parameter-persitescaling) | bool | If true, apps assigned to this App Service plan can be scaled independently. If false, apps assigned to this App Service plan will scale to all instances of the plan. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | @@ -248,11 +251,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `maximumElasticWorkerCount` diff --git a/modules/web/site/README.md b/modules/web/site/README.md index e1d4b75ec3..ef1ee636d9 100644 --- a/modules/web/site/README.md +++ b/modules/web/site/README.md @@ -305,7 +305,10 @@ module site 'br:bicep/modules/web.site:1.0.0' = { "value": "" }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "privateEndpoints": { "value": [ @@ -831,7 +834,7 @@ module site 'br:bicep/modules/web.site:1.0.0' = { | [`hyperV`](#parameter-hyperv) | bool | Hyper-V sandbox. | | [`keyVaultAccessIdentityResourceId`](#parameter-keyvaultaccessidentityresourceid) | string | The resource ID of the assigned identity to be used to access a key vault with. | | [`location`](#parameter-location) | string | Location for all Resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | | [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | | [`redundancyMode`](#parameter-redundancymode) | string | Site redundancy mode. | @@ -1058,11 +1061,30 @@ Location for all Resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/web/site/main.bicep b/modules/web/site/main.bicep index 426caca953..01ac6d6720 100644 --- a/modules/web/site/main.bicep +++ b/modules/web/site/main.bicep @@ -414,7 +414,7 @@ module app_privateEndpoints '../../network/private-endpoint/main.bicep' = [for ( subnetResourceId: privateEndpoint.subnetResourceId enableDefaultTelemetry: enableReferencedModulesTelemetry location: contains(privateEndpoint, 'location') ? privateEndpoint.location : reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location - lock: contains(privateEndpoint, 'lock') ? privateEndpoint.lock : null + lock: privateEndpoint.?lock ?? lock privateDnsZoneGroupName: contains(privateEndpoint, 'privateDnsZoneGroupName') ? privateEndpoint.privateDnsZoneGroupName : 'default' privateDnsZoneResourceIds: contains(privateEndpoint, 'privateDnsZoneResourceIds') ? privateEndpoint.privateDnsZoneResourceIds : [] roleAssignments: contains(privateEndpoint, 'roleAssignments') ? privateEndpoint.roleAssignments : [] diff --git a/modules/web/site/slot/README.md b/modules/web/site/slot/README.md index f5250fc317..4f390f4b1a 100644 --- a/modules/web/site/slot/README.md +++ b/modules/web/site/slot/README.md @@ -71,7 +71,7 @@ This module deploys a Web or Function App Deployment Slot. | [`hyperV`](#parameter-hyperv) | bool | Hyper-V sandbox. | | [`keyVaultAccessIdentityResourceId`](#parameter-keyvaultaccessidentityresourceid) | string | The resource ID of the assigned identity to be used to access a key vault with. | | [`location`](#parameter-location) | string | Location for all Resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. | | [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Allow or block all public traffic. | | [`redundancyMode`](#parameter-redundancymode) | string | Site redundancy mode. | @@ -296,11 +296,30 @@ Location for all Resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/web/site/slot/main.bicep b/modules/web/site/slot/main.bicep index 26ceaa5db8..8ae07a51b2 100644 --- a/modules/web/site/slot/main.bicep +++ b/modules/web/site/slot/main.bicep @@ -342,7 +342,7 @@ module slot_privateEndpoints '../../../network/private-endpoint/main.bicep' = [f subnetResourceId: privateEndpoint.subnetResourceId enableDefaultTelemetry: enableReferencedModulesTelemetry location: contains(privateEndpoint, 'location') ? privateEndpoint.location : reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location - lock: contains(privateEndpoint, 'lock') ? privateEndpoint.lock : null + lock: privateEndpoint.?lock ?? lock privateDnsZoneGroupName: contains(privateEndpoint, 'privateDnsZoneGroupName') ? privateEndpoint.privateDnsZoneGroupName : 'default' privateDnsZoneResourceIds: contains(privateEndpoint, 'privateDnsZoneResourceIds') ? privateEndpoint.privateDnsZoneResourceIds : [] roleAssignments: contains(privateEndpoint, 'roleAssignments') ? privateEndpoint.roleAssignments : [] diff --git a/modules/web/static-site/README.md b/modules/web/static-site/README.md index fc09b08db2..269e77d0d1 100644 --- a/modules/web/static-site/README.md +++ b/modules/web/static-site/README.md @@ -150,7 +150,10 @@ module staticSite 'br:bicep/modules/web.static-site:1.0.0' = { } }, "lock": { - "value": "CanNotDelete" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "privateEndpoints": { "value": [ @@ -278,7 +281,7 @@ module staticSite 'br:bicep/modules/web.static-site:1.0.0' = { | [`functionAppSettings`](#parameter-functionappsettings) | object | Function app settings. | | [`linkedBackend`](#parameter-linkedbackend) | object | Object with "resourceId" and "location" of the a user defined function app. | | [`location`](#parameter-location) | string | Location for all resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Note, requires the 'sku' to be 'Standard'. | | [`provider`](#parameter-provider) | string | The provider that submitted the last deployment to the primary environment of the static site. | | [`repositoryToken`](#parameter-repositorytoken) | securestring | The Personal Access Token for accessing the GitHub repository. | @@ -364,11 +367,30 @@ Location for all resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/web/static-site/main.bicep b/modules/web/static-site/main.bicep index b4bcc80f50..0097d465d6 100644 --- a/modules/web/static-site/main.bicep +++ b/modules/web/static-site/main.bicep @@ -200,7 +200,7 @@ module staticSite_privateEndpoints '../../network/private-endpoint/main.bicep' = subnetResourceId: privateEndpoint.subnetResourceId enableDefaultTelemetry: enableReferencedModulesTelemetry location: contains(privateEndpoint, 'location') ? privateEndpoint.location : reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location - lock: contains(privateEndpoint, 'lock') ? privateEndpoint.lock : null + lock: privateEndpoint.?lock ?? lock privateDnsZoneGroupName: contains(privateEndpoint, 'privateDnsZoneGroupName') ? privateEndpoint.privateDnsZoneGroupName : 'default' privateDnsZoneResourceIds: contains(privateEndpoint, 'privateDnsZoneResourceIds') ? privateEndpoint.privateDnsZoneResourceIds : [] roleAssignments: contains(privateEndpoint, 'roleAssignments') ? privateEndpoint.roleAssignments : [] From d1ba7107e7c8dacee700d73e1efb717bdfa4b440 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Thu, 19 Oct 2023 18:44:03 +0200 Subject: [PATCH 10/52] File regen --- .../configuration-store/main.json | 6 +- .../automation/automation-account/main.json | 6 +- modules/batch/batch-account/main.json | 6 +- modules/cache/redis-enterprise/main.json | 6 +- modules/cache/redis/main.json | 6 +- modules/cognitive-services/account/main.json | 6 +- modules/container-registry/registry/main.json | 6 +- modules/data-factory/factory/main.json | 6 +- modules/databricks/workspace/main.json | 6 +- .../digital-twins-instance/main.json | 6 +- .../document-db/database-account/main.json | 6 +- modules/event-grid/domain/main.json | 6 +- modules/event-grid/topic/main.json | 6 +- modules/event-hub/namespace/main.json | 6 +- modules/insights/private-link-scope/main.json | 6 +- modules/key-vault/vault/main.json | 6 +- .../workspace/main.json | 6 +- .../maintenance-configuration/README.md | 41 +++++++++--- .../maintenance-configuration/main.bicep | 21 ++++-- .../maintenance-configuration/main.json | 66 ++++++++++++------- modules/network/application-gateway/main.json | 6 +- modules/purview/account/main.json | 22 +++++-- modules/recovery-services/vault/main.json | 6 +- modules/relay/namespace/main.json | 6 +- modules/search/search-service/main.json | 6 +- modules/service-bus/namespace/main.json | 6 +- modules/signal-r-service/signal-r/main.json | 6 +- .../signal-r-service/web-pub-sub/main.json | 6 +- modules/sql/server/main.json | 6 +- modules/storage/storage-account/main.json | 6 +- modules/synapse/private-link-hub/main.json | 6 +- modules/synapse/workspace/main.json | 6 +- modules/web/site/main.json | 12 ++-- modules/web/site/slot/main.json | 6 +- modules/web/static-site/main.json | 6 +- 35 files changed, 235 insertions(+), 107 deletions(-) diff --git a/modules/app-configuration/configuration-store/main.json b/modules/app-configuration/configuration-store/main.json index 71f664a814..4e1c45795b 100644 --- a/modules/app-configuration/configuration-store/main.json +++ b/modules/app-configuration/configuration-store/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "17468791848583972607" + "templateHash": "3783400318412037439" }, "name": "App Configuration Stores", "description": "This module deploys an App Configuration Store.", @@ -704,7 +704,9 @@ "value": "[variables('enableReferencedModulesTelemetry')]" }, "location": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'location'), createObject('value', parameters('privateEndpoints')[copyIndex()].location), createObject('value', reference(split(parameters('privateEndpoints')[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location))]", - "lock": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'lock'), createObject('value', parameters('privateEndpoints')[copyIndex()].lock), createObject('value', null()))]", + "lock": { + "value": "[coalesce(tryGet(parameters('privateEndpoints')[copyIndex()], 'lock'), parameters('lock'))]" + }, "privateDnsZoneGroupName": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneGroupName'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneGroupName), createObject('value', 'default'))]", "privateDnsZoneResourceIds": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneResourceIds'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneResourceIds), createObject('value', createArray()))]", "roleAssignments": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'roleAssignments'), createObject('value', parameters('privateEndpoints')[copyIndex()].roleAssignments), createObject('value', createArray()))]", diff --git a/modules/automation/automation-account/main.json b/modules/automation/automation-account/main.json index 03e14534c8..5ffa04e30b 100644 --- a/modules/automation/automation-account/main.json +++ b/modules/automation/automation-account/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "7224631368259234684" + "templateHash": "1174270229343871055" }, "name": "Automation Accounts", "description": "This module deploys an Azure Automation Account.", @@ -2063,7 +2063,9 @@ "value": "[variables('enableReferencedModulesTelemetry')]" }, "location": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'location'), createObject('value', parameters('privateEndpoints')[copyIndex()].location), createObject('value', reference(split(parameters('privateEndpoints')[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location))]", - "lock": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'lock'), createObject('value', parameters('privateEndpoints')[copyIndex()].lock), createObject('value', null()))]", + "lock": { + "value": "[coalesce(tryGet(parameters('privateEndpoints')[copyIndex()], 'lock'), parameters('lock'))]" + }, "privateDnsZoneGroupName": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneGroupName'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneGroupName), createObject('value', 'default'))]", "privateDnsZoneResourceIds": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneResourceIds'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneResourceIds), createObject('value', createArray()))]", "roleAssignments": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'roleAssignments'), createObject('value', parameters('privateEndpoints')[copyIndex()].roleAssignments), createObject('value', createArray()))]", diff --git a/modules/batch/batch-account/main.json b/modules/batch/batch-account/main.json index ee2ca1e6a0..497941e430 100644 --- a/modules/batch/batch-account/main.json +++ b/modules/batch/batch-account/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "18412099798600531806" + "templateHash": "7307637121796009731" }, "name": "Batch Accounts", "description": "This module deploys a Batch Account.", @@ -419,7 +419,9 @@ "value": "[variables('enableReferencedModulesTelemetry')]" }, "location": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'location'), createObject('value', parameters('privateEndpoints')[copyIndex()].location), createObject('value', reference(split(parameters('privateEndpoints')[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location))]", - "lock": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'lock'), createObject('value', parameters('privateEndpoints')[copyIndex()].lock), createObject('value', null()))]", + "lock": { + "value": "[coalesce(tryGet(parameters('privateEndpoints')[copyIndex()], 'lock'), parameters('lock'))]" + }, "privateDnsZoneGroupName": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneGroupName'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneGroupName), createObject('value', 'default'))]", "privateDnsZoneResourceIds": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneResourceIds'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneResourceIds), createObject('value', createArray()))]", "roleAssignments": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'roleAssignments'), createObject('value', parameters('privateEndpoints')[copyIndex()].roleAssignments), createObject('value', createArray()))]", diff --git a/modules/cache/redis-enterprise/main.json b/modules/cache/redis-enterprise/main.json index c47f6c96c9..b574498959 100644 --- a/modules/cache/redis-enterprise/main.json +++ b/modules/cache/redis-enterprise/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "6166425534162277830" + "templateHash": "13843091580416749127" }, "name": "Redis Cache Enterprise", "description": "This module deploys a Redis Cache Enterprise.", @@ -695,7 +695,9 @@ "value": "[variables('enableReferencedModulesTelemetry')]" }, "location": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'location'), createObject('value', parameters('privateEndpoints')[copyIndex()].location), createObject('value', reference(split(parameters('privateEndpoints')[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location))]", - "lock": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'lock'), createObject('value', parameters('privateEndpoints')[copyIndex()].lock), createObject('value', null()))]", + "lock": { + "value": "[coalesce(tryGet(parameters('privateEndpoints')[copyIndex()], 'lock'), parameters('lock'))]" + }, "privateDnsZoneGroupName": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneGroupName'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneGroupName), createObject('value', 'default'))]", "privateDnsZoneResourceIds": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneResourceIds'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneResourceIds), createObject('value', createArray()))]", "roleAssignments": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'roleAssignments'), createObject('value', parameters('privateEndpoints')[copyIndex()].roleAssignments), createObject('value', createArray()))]", diff --git a/modules/cache/redis/main.json b/modules/cache/redis/main.json index 809cb561ef..5d189f577b 100644 --- a/modules/cache/redis/main.json +++ b/modules/cache/redis/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "14721248899308225880" + "templateHash": "4426369279242408346" }, "name": "Redis Cache", "description": "This module deploys a Redis Cache.", @@ -581,7 +581,9 @@ "value": "[variables('enableReferencedModulesTelemetry')]" }, "location": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'location'), createObject('value', parameters('privateEndpoints')[copyIndex()].location), createObject('value', reference(split(parameters('privateEndpoints')[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location))]", - "lock": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'lock'), createObject('value', parameters('privateEndpoints')[copyIndex()].lock), createObject('value', null()))]", + "lock": { + "value": "[coalesce(tryGet(parameters('privateEndpoints')[copyIndex()], 'lock'), parameters('lock'))]" + }, "privateDnsZoneGroupName": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneGroupName'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneGroupName), createObject('value', 'default'))]", "privateDnsZoneResourceIds": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneResourceIds'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneResourceIds), createObject('value', createArray()))]", "roleAssignments": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'roleAssignments'), createObject('value', parameters('privateEndpoints')[copyIndex()].roleAssignments), createObject('value', createArray()))]", diff --git a/modules/cognitive-services/account/main.json b/modules/cognitive-services/account/main.json index b275573c9c..71b31d3c72 100644 --- a/modules/cognitive-services/account/main.json +++ b/modules/cognitive-services/account/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "10773995091716643755" + "templateHash": "18296719440990844872" }, "name": "Cognitive Services", "description": "This module deploys a Cognitive Service.", @@ -490,7 +490,9 @@ "value": "[variables('enableReferencedModulesTelemetry')]" }, "location": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'location'), createObject('value', parameters('privateEndpoints')[copyIndex()].location), createObject('value', reference(split(parameters('privateEndpoints')[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location))]", - "lock": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'lock'), createObject('value', parameters('privateEndpoints')[copyIndex()].lock), createObject('value', null()))]", + "lock": { + "value": "[coalesce(tryGet(parameters('privateEndpoints')[copyIndex()], 'lock'), parameters('lock'))]" + }, "privateDnsZoneGroupName": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneGroupName'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneGroupName), createObject('value', 'default'))]", "privateDnsZoneResourceIds": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneResourceIds'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneResourceIds), createObject('value', createArray()))]", "roleAssignments": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'roleAssignments'), createObject('value', parameters('privateEndpoints')[copyIndex()].roleAssignments), createObject('value', createArray()))]", diff --git a/modules/container-registry/registry/main.json b/modules/container-registry/registry/main.json index 4916e20f97..de195acd6c 100644 --- a/modules/container-registry/registry/main.json +++ b/modules/container-registry/registry/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "5089509635868205582" + "templateHash": "15598884416180127975" }, "name": "Azure Container Registries (ACR)", "description": "This module deploys an Azure Container Registry (ACR).", @@ -1208,7 +1208,9 @@ "value": "[variables('enableReferencedModulesTelemetry')]" }, "location": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'location'), createObject('value', parameters('privateEndpoints')[copyIndex()].location), createObject('value', reference(split(parameters('privateEndpoints')[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location))]", - "lock": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'lock'), createObject('value', parameters('privateEndpoints')[copyIndex()].lock), createObject('value', null()))]", + "lock": { + "value": "[coalesce(tryGet(parameters('privateEndpoints')[copyIndex()], 'lock'), parameters('lock'))]" + }, "privateDnsZoneGroupName": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneGroupName'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneGroupName), createObject('value', 'default'))]", "privateDnsZoneResourceIds": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneResourceIds'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneResourceIds), createObject('value', createArray()))]", "roleAssignments": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'roleAssignments'), createObject('value', parameters('privateEndpoints')[copyIndex()].roleAssignments), createObject('value', createArray()))]", diff --git a/modules/data-factory/factory/main.json b/modules/data-factory/factory/main.json index 25f320fb42..78a9efea3d 100644 --- a/modules/data-factory/factory/main.json +++ b/modules/data-factory/factory/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "6655324827358519538" + "templateHash": "12584866101218671882" }, "name": "Data Factories", "description": "This module deploys a Data Factory.", @@ -989,7 +989,9 @@ "value": "[variables('enableReferencedModulesTelemetry')]" }, "location": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'location'), createObject('value', parameters('privateEndpoints')[copyIndex()].location), createObject('value', reference(split(parameters('privateEndpoints')[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location))]", - "lock": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'lock'), createObject('value', parameters('privateEndpoints')[copyIndex()].lock), createObject('value', null()))]", + "lock": { + "value": "[coalesce(tryGet(parameters('privateEndpoints')[copyIndex()], 'lock'), parameters('lock'))]" + }, "privateDnsZoneGroupName": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneGroupName'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneGroupName), createObject('value', 'default'))]", "privateDnsZoneResourceIds": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneResourceIds'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneResourceIds), createObject('value', createArray()))]", "roleAssignments": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'roleAssignments'), createObject('value', parameters('privateEndpoints')[copyIndex()].roleAssignments), createObject('value', createArray()))]", diff --git a/modules/databricks/workspace/main.json b/modules/databricks/workspace/main.json index a19a50a1df..b33050d59d 100644 --- a/modules/databricks/workspace/main.json +++ b/modules/databricks/workspace/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "4771414046331192124" + "templateHash": "12018870674080457266" }, "name": "Azure Databricks Workspaces", "description": "This module deploys an Azure Databricks Workspace.", @@ -631,7 +631,9 @@ "value": "[variables('enableReferencedModulesTelemetry')]" }, "location": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'location'), createObject('value', parameters('privateEndpoints')[copyIndex()].location), createObject('value', reference(split(parameters('privateEndpoints')[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location))]", - "lock": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'lock'), createObject('value', parameters('privateEndpoints')[copyIndex()].lock), createObject('value', null()))]", + "lock": { + "value": "[coalesce(tryGet(parameters('privateEndpoints')[copyIndex()], 'lock'), parameters('lock'))]" + }, "privateDnsZoneGroupName": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneGroupName'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneGroupName), createObject('value', 'default'))]", "privateDnsZoneResourceIds": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneResourceIds'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneResourceIds), createObject('value', createArray()))]", "roleAssignments": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'roleAssignments'), createObject('value', parameters('privateEndpoints')[copyIndex()].roleAssignments), createObject('value', createArray()))]", diff --git a/modules/digital-twins/digital-twins-instance/main.json b/modules/digital-twins/digital-twins-instance/main.json index 008dddb0b2..f4b34ccaea 100644 --- a/modules/digital-twins/digital-twins-instance/main.json +++ b/modules/digital-twins/digital-twins-instance/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "3204203823999755904" + "templateHash": "14910327860190049489" }, "name": "Digital Twins Instances", "description": "This module deploys an Azure Digital Twins Instance.", @@ -849,7 +849,9 @@ "value": "[variables('enableReferencedModulesTelemetry')]" }, "location": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'location'), createObject('value', parameters('privateEndpoints')[copyIndex()].location), createObject('value', reference(split(parameters('privateEndpoints')[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location))]", - "lock": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'lock'), createObject('value', parameters('privateEndpoints')[copyIndex()].lock), createObject('value', null()))]", + "lock": { + "value": "[coalesce(tryGet(parameters('privateEndpoints')[copyIndex()], 'lock'), parameters('lock'))]" + }, "privateDnsZoneGroupName": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneGroupName'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneGroupName), createObject('value', 'default'))]", "privateDnsZoneResourceIds": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneResourceIds'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneResourceIds), createObject('value', createArray()))]", "roleAssignments": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'roleAssignments'), createObject('value', parameters('privateEndpoints')[copyIndex()].roleAssignments), createObject('value', createArray()))]", diff --git a/modules/document-db/database-account/main.json b/modules/document-db/database-account/main.json index 9e1af312bc..79808d511c 100644 --- a/modules/document-db/database-account/main.json +++ b/modules/document-db/database-account/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "11058558663697646911" + "templateHash": "13886795261024794795" }, "name": "DocumentDB Database Accounts", "description": "This module deploys a DocumentDB Database Account.", @@ -1609,7 +1609,9 @@ "value": "[variables('enableReferencedModulesTelemetry')]" }, "location": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'location'), createObject('value', parameters('privateEndpoints')[copyIndex()].location), createObject('value', reference(split(parameters('privateEndpoints')[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location))]", - "lock": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'lock'), createObject('value', parameters('privateEndpoints')[copyIndex()].lock), createObject('value', null()))]", + "lock": { + "value": "[coalesce(tryGet(parameters('privateEndpoints')[copyIndex()], 'lock'), parameters('lock'))]" + }, "privateDnsZoneGroupName": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneGroupName'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneGroupName), createObject('value', 'default'))]", "privateDnsZoneResourceIds": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneResourceIds'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneResourceIds), createObject('value', createArray()))]", "roleAssignments": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'roleAssignments'), createObject('value', parameters('privateEndpoints')[copyIndex()].roleAssignments), createObject('value', createArray()))]", diff --git a/modules/event-grid/domain/main.json b/modules/event-grid/domain/main.json index 1667e5fb09..182826febc 100644 --- a/modules/event-grid/domain/main.json +++ b/modules/event-grid/domain/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "6985770419689597708" + "templateHash": "17128943362553592156" }, "name": "Event Grid Domains", "description": "This module deploys an Event Grid Domain.", @@ -421,7 +421,9 @@ "value": "[variables('enableReferencedModulesTelemetry')]" }, "location": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'location'), createObject('value', parameters('privateEndpoints')[copyIndex()].location), createObject('value', reference(split(parameters('privateEndpoints')[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location))]", - "lock": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'lock'), createObject('value', parameters('privateEndpoints')[copyIndex()].lock), createObject('value', null()))]", + "lock": { + "value": "[coalesce(tryGet(parameters('privateEndpoints')[copyIndex()], 'lock'), parameters('lock'))]" + }, "privateDnsZoneGroupName": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneGroupName'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneGroupName), createObject('value', 'default'))]", "privateDnsZoneResourceIds": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneResourceIds'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneResourceIds), createObject('value', createArray()))]", "roleAssignments": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'roleAssignments'), createObject('value', parameters('privateEndpoints')[copyIndex()].roleAssignments), createObject('value', createArray()))]", diff --git a/modules/event-grid/topic/main.json b/modules/event-grid/topic/main.json index 745e99b9f0..5852af83e4 100644 --- a/modules/event-grid/topic/main.json +++ b/modules/event-grid/topic/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "2449284667286804249" + "templateHash": "9509385509021367133" }, "name": "Event Grid Topics", "description": "This module deploys an Event Grid Topic.", @@ -498,7 +498,9 @@ "value": "[variables('enableReferencedModulesTelemetry')]" }, "location": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'location'), createObject('value', parameters('privateEndpoints')[copyIndex()].location), createObject('value', reference(split(parameters('privateEndpoints')[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location))]", - "lock": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'lock'), createObject('value', parameters('privateEndpoints')[copyIndex()].lock), createObject('value', null()))]", + "lock": { + "value": "[coalesce(tryGet(parameters('privateEndpoints')[copyIndex()], 'lock'), parameters('lock'))]" + }, "privateDnsZoneGroupName": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneGroupName'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneGroupName), createObject('value', 'default'))]", "privateDnsZoneResourceIds": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneResourceIds'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneResourceIds), createObject('value', createArray()))]", "roleAssignments": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'roleAssignments'), createObject('value', parameters('privateEndpoints')[copyIndex()].roleAssignments), createObject('value', createArray()))]", diff --git a/modules/event-hub/namespace/main.json b/modules/event-hub/namespace/main.json index 81f3cbcd4c..9ac0b5ba7c 100644 --- a/modules/event-hub/namespace/main.json +++ b/modules/event-hub/namespace/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "15684291913042967611" + "templateHash": "5400370874559204104" }, "name": "Event Hub Namespaces", "description": "This module deploys an Event Hub Namespace.", @@ -1686,7 +1686,9 @@ "value": "[variables('enableReferencedModulesTelemetry')]" }, "location": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'location'), createObject('value', parameters('privateEndpoints')[copyIndex()].location), createObject('value', reference(split(parameters('privateEndpoints')[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location))]", - "lock": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'lock'), createObject('value', parameters('privateEndpoints')[copyIndex()].lock), createObject('value', null()))]", + "lock": { + "value": "[coalesce(tryGet(parameters('privateEndpoints')[copyIndex()], 'lock'), parameters('lock'))]" + }, "privateDnsZoneGroupName": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneGroupName'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneGroupName), createObject('value', 'default'))]", "privateDnsZoneResourceIds": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneResourceIds'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneResourceIds), createObject('value', createArray()))]", "roleAssignments": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'roleAssignments'), createObject('value', parameters('privateEndpoints')[copyIndex()].roleAssignments), createObject('value', createArray()))]", diff --git a/modules/insights/private-link-scope/main.json b/modules/insights/private-link-scope/main.json index 0795a0fe10..fcc3551f3e 100644 --- a/modules/insights/private-link-scope/main.json +++ b/modules/insights/private-link-scope/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "6332277771556701068" + "templateHash": "8075984663327390200" }, "name": "Azure Monitor Private Link Scopes", "description": "This module deploys an Azure Monitor Private Link Scope.", @@ -288,7 +288,9 @@ "value": "[variables('enableReferencedModulesTelemetry')]" }, "location": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'location'), createObject('value', parameters('privateEndpoints')[copyIndex()].location), createObject('value', reference(split(parameters('privateEndpoints')[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location))]", - "lock": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'lock'), createObject('value', parameters('privateEndpoints')[copyIndex()].lock), createObject('value', null()))]", + "lock": { + "value": "[coalesce(tryGet(parameters('privateEndpoints')[copyIndex()], 'lock'), parameters('lock'))]" + }, "privateDnsZoneGroupName": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneGroupName'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneGroupName), createObject('value', 'default'))]", "privateDnsZoneResourceIds": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneResourceIds'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneResourceIds), createObject('value', createArray()))]", "roleAssignments": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'roleAssignments'), createObject('value', parameters('privateEndpoints')[copyIndex()].roleAssignments), createObject('value', createArray()))]", diff --git a/modules/key-vault/vault/main.json b/modules/key-vault/vault/main.json index 02d4d7b632..b005c249e1 100644 --- a/modules/key-vault/vault/main.json +++ b/modules/key-vault/vault/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "15136179719098735073" + "templateHash": "7889486567916946321" }, "name": "Key Vaults", "description": "This module deploys a Key Vault.", @@ -1232,7 +1232,9 @@ "value": "[variables('enableReferencedModulesTelemetry')]" }, "location": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'location'), createObject('value', parameters('privateEndpoints')[copyIndex()].location), createObject('value', reference(split(parameters('privateEndpoints')[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location))]", - "lock": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'lock'), createObject('value', parameters('privateEndpoints')[copyIndex()].lock), createObject('value', null()))]", + "lock": { + "value": "[coalesce(tryGet(parameters('privateEndpoints')[copyIndex()], 'lock'), parameters('lock'))]" + }, "privateDnsZoneGroupName": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneGroupName'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneGroupName), createObject('value', 'default'))]", "privateDnsZoneResourceIds": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneResourceIds'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneResourceIds), createObject('value', createArray()))]", "roleAssignments": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'roleAssignments'), createObject('value', parameters('privateEndpoints')[copyIndex()].roleAssignments), createObject('value', createArray()))]", diff --git a/modules/machine-learning-services/workspace/main.json b/modules/machine-learning-services/workspace/main.json index 3e9554dda3..6e07dd0f64 100644 --- a/modules/machine-learning-services/workspace/main.json +++ b/modules/machine-learning-services/workspace/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "1531955896967450540" + "templateHash": "13016639761646646515" }, "name": "Machine Learning Services Workspaces", "description": "This module deploys a Machine Learning Services Workspace.", @@ -702,7 +702,9 @@ "value": "[variables('enableReferencedModulesTelemetry')]" }, "location": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'location'), createObject('value', parameters('privateEndpoints')[copyIndex()].location), createObject('value', reference(split(parameters('privateEndpoints')[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location))]", - "lock": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'lock'), createObject('value', parameters('privateEndpoints')[copyIndex()].lock), createObject('value', null()))]", + "lock": { + "value": "[coalesce(tryGet(parameters('privateEndpoints')[copyIndex()], 'lock'), parameters('lock'))]" + }, "privateDnsZoneGroupName": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneGroupName'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneGroupName), createObject('value', 'default'))]", "privateDnsZoneResourceIds": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneResourceIds'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneResourceIds), createObject('value', createArray()))]", "roleAssignments": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'roleAssignments'), createObject('value', parameters('privateEndpoints')[copyIndex()].roleAssignments), createObject('value', createArray()))]", diff --git a/modules/maintenance/maintenance-configuration/README.md b/modules/maintenance/maintenance-configuration/README.md index 31f87cd13f..07317ba130 100644 --- a/modules/maintenance/maintenance-configuration/README.md +++ b/modules/maintenance/maintenance-configuration/README.md @@ -26,10 +26,13 @@ The following section provides usage examples for the module, which were used to >**Note**: To reference the module, please use the following syntax `br:bicep/modules/maintenance.maintenance-configuration:1.0.0`. -- [Common](#example-1-common) -- [Min](#example-2-min) +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) + +### Example 1: _Using large parameter set_ + +This instance deploys the module with most of its features enabled. -### Example 1: _Common_
@@ -182,7 +185,10 @@ module maintenanceConfiguration 'br:bicep/modules/maintenance.maintenance-config

-### Example 2: _Min_ +### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +

@@ -244,7 +250,7 @@ module maintenanceConfiguration 'br:bicep/modules/maintenance.maintenance-config | [`extensionProperties`](#parameter-extensionproperties) | object | Gets or sets extensionProperties of the maintenanceConfiguration. | | [`installPatches`](#parameter-installpatches) | object | Configuration settings for VM guest patching with Azure Update Manager. | | [`location`](#parameter-location) | string | Location for all Resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`maintenanceScope`](#parameter-maintenancescope) | string | Gets or sets maintenanceScope of the configuration. | | [`maintenanceWindow`](#parameter-maintenancewindow) | object | Definition of a MaintenanceWindow. | | [`namespace`](#parameter-namespace) | string | Gets or sets namespace of the resource. | @@ -282,11 +288,30 @@ Location for all Resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `maintenanceScope` diff --git a/modules/maintenance/maintenance-configuration/main.bicep b/modules/maintenance/maintenance-configuration/main.bicep index 88bd931a1f..7c1563e5cb 100644 --- a/modules/maintenance/maintenance-configuration/main.bicep +++ b/modules/maintenance/maintenance-configuration/main.bicep @@ -18,13 +18,8 @@ param extensionProperties object = {} @description('Optional. Location for all Resources.') param location string = resourceGroup().location -@description('Optional. Specify the type of lock.') -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Gets or sets maintenanceScope of the configuration.') @allowed([ @@ -127,3 +122,15 @@ output resourceGroupName string = resourceGroup().name @description('The location the Maintenance Configuration was created in.') output location string = maintenanceConfiguration.location + +// =============== // +// Definitions // +// =============== // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/maintenance/maintenance-configuration/main.json b/modules/maintenance/maintenance-configuration/main.json index 1215f56f14..06577a9c39 100644 --- a/modules/maintenance/maintenance-configuration/main.json +++ b/modules/maintenance/maintenance-configuration/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "2646666210857505384" + "templateHash": "4333184280413980220" }, "name": "Maintenance Configurations", "description": "This module deploys a Maintenance Configuration.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -40,15 +68,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "maintenanceScope": { @@ -114,8 +136,8 @@ } } }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -129,7 +151,7 @@ } } }, - { + "maintenanceConfiguration": { "type": "Microsoft.Maintenance/maintenanceConfigurations", "apiVersion": "2023-04-01", "name": "[parameters('name')]", @@ -144,21 +166,21 @@ "installPatches": "[if(equals(parameters('maintenanceScope'), 'InGuestPatch'), parameters('installPatches'), null())]" } }, - { - "condition": "[not(empty(parameters('lock')))]", + "maintenanceConfiguration_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Maintenance/maintenanceConfigurations/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Maintenance/maintenanceConfigurations', parameters('name'))]" + "maintenanceConfiguration" ] }, - { + "maintenanceConfiguration_roleAssignments": { "copy": { "name": "maintenanceConfiguration_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -304,10 +326,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Maintenance/maintenanceConfigurations', parameters('name'))]" + "maintenanceConfiguration" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -335,7 +357,7 @@ "metadata": { "description": "The location the Maintenance Configuration was created in." }, - "value": "[reference(resourceId('Microsoft.Maintenance/maintenanceConfigurations', parameters('name')), '2023-04-01', 'full').location]" + "value": "[reference('maintenanceConfiguration', '2023-04-01', 'full').location]" } } } \ No newline at end of file diff --git a/modules/network/application-gateway/main.json b/modules/network/application-gateway/main.json index bac9b3eab1..311fe73b19 100644 --- a/modules/network/application-gateway/main.json +++ b/modules/network/application-gateway/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "9567891703615152167" + "templateHash": "18329589916932941538" }, "name": "Network Application Gateways", "description": "This module deploys a Network Application Gateway.", @@ -593,7 +593,9 @@ "value": "[variables('enableReferencedModulesTelemetry')]" }, "location": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'location'), createObject('value', parameters('privateEndpoints')[copyIndex()].location), createObject('value', reference(split(parameters('privateEndpoints')[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location))]", - "lock": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'lock'), createObject('value', parameters('privateEndpoints')[copyIndex()].lock), createObject('value', null()))]", + "lock": { + "value": "[coalesce(tryGet(parameters('privateEndpoints')[copyIndex()], 'lock'), parameters('lock'))]" + }, "privateDnsZoneGroupName": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneGroupName'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneGroupName), createObject('value', 'default'))]", "privateDnsZoneResourceIds": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneResourceIds'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneResourceIds), createObject('value', createArray()))]", "roleAssignments": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'roleAssignments'), createObject('value', parameters('privateEndpoints')[copyIndex()].roleAssignments), createObject('value', createArray()))]", diff --git a/modules/purview/account/main.json b/modules/purview/account/main.json index e785fc3670..fb86ba2b52 100644 --- a/modules/purview/account/main.json +++ b/modules/purview/account/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "5461425938112973059" + "templateHash": "8110028747434281687" }, "name": "Purview Accounts", "description": "This module deploys a Purview Account.", @@ -322,7 +322,9 @@ "value": "[variables('enableReferencedModulesTelemetry')]" }, "location": "[if(contains(parameters('accountPrivateEndpoints')[copyIndex()], 'location'), createObject('value', parameters('accountPrivateEndpoints')[copyIndex()].location), createObject('value', reference(split(parameters('accountPrivateEndpoints')[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location))]", - "lock": "[if(contains(parameters('accountPrivateEndpoints')[copyIndex()], 'lock'), createObject('value', parameters('accountPrivateEndpoints')[copyIndex()].lock), createObject('value', null()))]", + "lock": { + "value": "[coalesce(tryGet(parameters('accountPrivateEndpoints')[copyIndex()], 'lock'), parameters('lock'))]" + }, "privateDnsZoneGroupName": "[if(contains(parameters('accountPrivateEndpoints')[copyIndex()], 'privateDnsZoneGroupName'), createObject('value', parameters('accountPrivateEndpoints')[copyIndex()].privateDnsZoneGroupName), createObject('value', 'default'))]", "privateDnsZoneResourceIds": "[if(contains(parameters('accountPrivateEndpoints')[copyIndex()], 'privateDnsZoneResourceIds'), createObject('value', parameters('accountPrivateEndpoints')[copyIndex()].privateDnsZoneResourceIds), createObject('value', createArray()))]", "roleAssignments": "[if(contains(parameters('accountPrivateEndpoints')[copyIndex()], 'roleAssignments'), createObject('value', parameters('accountPrivateEndpoints')[copyIndex()].roleAssignments), createObject('value', createArray()))]", @@ -849,7 +851,9 @@ "value": "[variables('enableReferencedModulesTelemetry')]" }, "location": "[if(contains(parameters('portalPrivateEndpoints')[copyIndex()], 'location'), createObject('value', parameters('portalPrivateEndpoints')[copyIndex()].location), createObject('value', reference(split(parameters('portalPrivateEndpoints')[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location))]", - "lock": "[if(contains(parameters('portalPrivateEndpoints')[copyIndex()], 'lock'), createObject('value', parameters('portalPrivateEndpoints')[copyIndex()].lock), createObject('value', null()))]", + "lock": { + "value": "[coalesce(tryGet(parameters('portalPrivateEndpoints')[copyIndex()], 'lock'), parameters('lock'))]" + }, "privateDnsZoneGroupName": "[if(contains(parameters('portalPrivateEndpoints')[copyIndex()], 'privateDnsZoneGroupName'), createObject('value', parameters('portalPrivateEndpoints')[copyIndex()].privateDnsZoneGroupName), createObject('value', 'default'))]", "privateDnsZoneResourceIds": "[if(contains(parameters('portalPrivateEndpoints')[copyIndex()], 'privateDnsZoneResourceIds'), createObject('value', parameters('portalPrivateEndpoints')[copyIndex()].privateDnsZoneResourceIds), createObject('value', createArray()))]", "roleAssignments": "[if(contains(parameters('portalPrivateEndpoints')[copyIndex()], 'roleAssignments'), createObject('value', parameters('portalPrivateEndpoints')[copyIndex()].roleAssignments), createObject('value', createArray()))]", @@ -1376,7 +1380,9 @@ "value": "[variables('enableReferencedModulesTelemetry')]" }, "location": "[if(contains(parameters('storageBlobPrivateEndpoints')[copyIndex()], 'location'), createObject('value', parameters('storageBlobPrivateEndpoints')[copyIndex()].location), createObject('value', reference(split(parameters('storageBlobPrivateEndpoints')[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location))]", - "lock": "[if(contains(parameters('storageBlobPrivateEndpoints')[copyIndex()], 'lock'), createObject('value', parameters('storageBlobPrivateEndpoints')[copyIndex()].lock), createObject('value', null()))]", + "lock": { + "value": "[coalesce(tryGet(parameters('storageBlobPrivateEndpoints')[copyIndex()], 'lock'), parameters('lock'))]" + }, "privateDnsZoneGroupName": "[if(contains(parameters('storageBlobPrivateEndpoints')[copyIndex()], 'privateDnsZoneGroupName'), createObject('value', parameters('storageBlobPrivateEndpoints')[copyIndex()].privateDnsZoneGroupName), createObject('value', 'default'))]", "privateDnsZoneResourceIds": "[if(contains(parameters('storageBlobPrivateEndpoints')[copyIndex()], 'privateDnsZoneResourceIds'), createObject('value', parameters('storageBlobPrivateEndpoints')[copyIndex()].privateDnsZoneResourceIds), createObject('value', createArray()))]", "roleAssignments": "[if(contains(parameters('storageBlobPrivateEndpoints')[copyIndex()], 'roleAssignments'), createObject('value', parameters('storageBlobPrivateEndpoints')[copyIndex()].roleAssignments), createObject('value', createArray()))]", @@ -1903,7 +1909,9 @@ "value": "[variables('enableReferencedModulesTelemetry')]" }, "location": "[if(contains(parameters('storageQueuePrivateEndpoints')[copyIndex()], 'location'), createObject('value', parameters('storageQueuePrivateEndpoints')[copyIndex()].location), createObject('value', reference(split(parameters('storageQueuePrivateEndpoints')[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location))]", - "lock": "[if(contains(parameters('storageQueuePrivateEndpoints')[copyIndex()], 'lock'), createObject('value', parameters('storageQueuePrivateEndpoints')[copyIndex()].lock), createObject('value', null()))]", + "lock": { + "value": "[coalesce(tryGet(parameters('storageQueuePrivateEndpoints')[copyIndex()], 'lock'), parameters('lock'))]" + }, "privateDnsZoneGroupName": "[if(contains(parameters('storageQueuePrivateEndpoints')[copyIndex()], 'privateDnsZoneGroupName'), createObject('value', parameters('storageQueuePrivateEndpoints')[copyIndex()].privateDnsZoneGroupName), createObject('value', 'default'))]", "privateDnsZoneResourceIds": "[if(contains(parameters('storageQueuePrivateEndpoints')[copyIndex()], 'privateDnsZoneResourceIds'), createObject('value', parameters('storageQueuePrivateEndpoints')[copyIndex()].privateDnsZoneResourceIds), createObject('value', createArray()))]", "roleAssignments": "[if(contains(parameters('storageQueuePrivateEndpoints')[copyIndex()], 'roleAssignments'), createObject('value', parameters('storageQueuePrivateEndpoints')[copyIndex()].roleAssignments), createObject('value', createArray()))]", @@ -2430,7 +2438,9 @@ "value": "[variables('enableReferencedModulesTelemetry')]" }, "location": "[if(contains(parameters('eventHubPrivateEndpoints')[copyIndex()], 'location'), createObject('value', parameters('eventHubPrivateEndpoints')[copyIndex()].location), createObject('value', reference(split(parameters('eventHubPrivateEndpoints')[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location))]", - "lock": "[if(contains(parameters('eventHubPrivateEndpoints')[copyIndex()], 'lock'), createObject('value', parameters('eventHubPrivateEndpoints')[copyIndex()].lock), createObject('value', null()))]", + "lock": { + "value": "[coalesce(tryGet(parameters('eventHubPrivateEndpoints')[copyIndex()], 'lock'), parameters('lock'))]" + }, "privateDnsZoneGroupName": "[if(contains(parameters('eventHubPrivateEndpoints')[copyIndex()], 'privateDnsZoneGroupName'), createObject('value', parameters('eventHubPrivateEndpoints')[copyIndex()].privateDnsZoneGroupName), createObject('value', 'default'))]", "privateDnsZoneResourceIds": "[if(contains(parameters('eventHubPrivateEndpoints')[copyIndex()], 'privateDnsZoneResourceIds'), createObject('value', parameters('eventHubPrivateEndpoints')[copyIndex()].privateDnsZoneResourceIds), createObject('value', createArray()))]", "roleAssignments": "[if(contains(parameters('eventHubPrivateEndpoints')[copyIndex()], 'roleAssignments'), createObject('value', parameters('eventHubPrivateEndpoints')[copyIndex()].roleAssignments), createObject('value', createArray()))]", diff --git a/modules/recovery-services/vault/main.json b/modules/recovery-services/vault/main.json index 0923b4d86e..7279f70adf 100644 --- a/modules/recovery-services/vault/main.json +++ b/modules/recovery-services/vault/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "10835536863288360568" + "templateHash": "7509304735116539135" }, "name": "Recovery Services Vaults", "description": "This module deploys a Recovery Services Vault.", @@ -1926,7 +1926,9 @@ "value": "[variables('enableReferencedModulesTelemetry')]" }, "location": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'location'), createObject('value', parameters('privateEndpoints')[copyIndex()].location), createObject('value', reference(split(parameters('privateEndpoints')[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location))]", - "lock": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'lock'), createObject('value', parameters('privateEndpoints')[copyIndex()].lock), createObject('value', null()))]", + "lock": { + "value": "[coalesce(tryGet(parameters('privateEndpoints')[copyIndex()], 'lock'), parameters('lock'))]" + }, "privateDnsZoneGroupName": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneGroupName'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneGroupName), createObject('value', 'default'))]", "privateDnsZoneResourceIds": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneResourceIds'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneResourceIds), createObject('value', createArray()))]", "roleAssignments": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'roleAssignments'), createObject('value', parameters('privateEndpoints')[copyIndex()].roleAssignments), createObject('value', createArray()))]", diff --git a/modules/relay/namespace/main.json b/modules/relay/namespace/main.json index 79d218037b..6ecc2df310 100644 --- a/modules/relay/namespace/main.json +++ b/modules/relay/namespace/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "7566101248506523817" + "templateHash": "9772930782726431930" }, "name": "Relay Namespaces", "description": "This module deploys a Relay Namespace", @@ -1622,7 +1622,9 @@ "value": "[variables('enableReferencedModulesTelemetry')]" }, "location": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'location'), createObject('value', parameters('privateEndpoints')[copyIndex()].location), createObject('value', reference(split(parameters('privateEndpoints')[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location))]", - "lock": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'lock'), createObject('value', parameters('privateEndpoints')[copyIndex()].lock), createObject('value', null()))]", + "lock": { + "value": "[coalesce(tryGet(parameters('privateEndpoints')[copyIndex()], 'lock'), parameters('lock'))]" + }, "privateDnsZoneGroupName": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneGroupName'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneGroupName), createObject('value', 'default'))]", "privateDnsZoneResourceIds": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneResourceIds'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneResourceIds), createObject('value', createArray()))]", "roleAssignments": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'roleAssignments'), createObject('value', parameters('privateEndpoints')[copyIndex()].roleAssignments), createObject('value', createArray()))]", diff --git a/modules/search/search-service/main.json b/modules/search/search-service/main.json index 668e348cf1..d9f5e34419 100644 --- a/modules/search/search-service/main.json +++ b/modules/search/search-service/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "3130433689552802225" + "templateHash": "13836936896028260597" }, "name": "Search Services", "description": "This module deploys a Search Service.", @@ -526,7 +526,9 @@ "value": "[variables('enableReferencedModulesTelemetry')]" }, "location": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'location'), createObject('value', parameters('privateEndpoints')[copyIndex()].location), createObject('value', reference(split(parameters('privateEndpoints')[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location))]", - "lock": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'lock'), createObject('value', parameters('privateEndpoints')[copyIndex()].lock), createObject('value', null()))]", + "lock": { + "value": "[coalesce(tryGet(parameters('privateEndpoints')[copyIndex()], 'lock'), parameters('lock'))]" + }, "privateDnsZoneGroupName": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneGroupName'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneGroupName), createObject('value', 'default'))]", "privateDnsZoneResourceIds": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneResourceIds'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneResourceIds), createObject('value', createArray()))]", "roleAssignments": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'roleAssignments'), createObject('value', parameters('privateEndpoints')[copyIndex()].roleAssignments), createObject('value', createArray()))]", diff --git a/modules/service-bus/namespace/main.json b/modules/service-bus/namespace/main.json index d8616f2f98..dbd1f16099 100644 --- a/modules/service-bus/namespace/main.json +++ b/modules/service-bus/namespace/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "15731951409926327801" + "templateHash": "2064440867839372163" }, "name": "Service Bus Namespaces", "description": "This module deploys a Service Bus Namespace.", @@ -2249,7 +2249,9 @@ "value": "[variables('enableReferencedModulesTelemetry')]" }, "location": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'location'), createObject('value', parameters('privateEndpoints')[copyIndex()].location), createObject('value', reference(split(parameters('privateEndpoints')[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location))]", - "lock": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'lock'), createObject('value', parameters('privateEndpoints')[copyIndex()].lock), createObject('value', null()))]", + "lock": { + "value": "[coalesce(tryGet(parameters('privateEndpoints')[copyIndex()], 'lock'), parameters('lock'))]" + }, "privateDnsZoneGroupName": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneGroupName'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneGroupName), createObject('value', 'default'))]", "privateDnsZoneResourceIds": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneResourceIds'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneResourceIds), createObject('value', createArray()))]", "roleAssignments": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'roleAssignments'), createObject('value', parameters('privateEndpoints')[copyIndex()].roleAssignments), createObject('value', createArray()))]", diff --git a/modules/signal-r-service/signal-r/main.json b/modules/signal-r-service/signal-r/main.json index 03a7ce05d8..2dd19e4b97 100644 --- a/modules/signal-r-service/signal-r/main.json +++ b/modules/signal-r-service/signal-r/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "7305808861075102392" + "templateHash": "855016656643960526" }, "name": "SignalR Service SignalR", "description": "This module deploys a SignalR Service SignalR.", @@ -325,7 +325,9 @@ "value": "[parameters('privateEndpoints')[copyIndex()].subnetResourceId]" }, "location": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'location'), createObject('value', parameters('privateEndpoints')[copyIndex()].location), createObject('value', reference(split(parameters('privateEndpoints')[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location))]", - "lock": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'lock'), createObject('value', parameters('privateEndpoints')[copyIndex()].lock), createObject('value', null()))]", + "lock": { + "value": "[coalesce(tryGet(parameters('privateEndpoints')[copyIndex()], 'lock'), parameters('lock'))]" + }, "privateDnsZoneGroupName": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneGroupName'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneGroupName), createObject('value', 'default'))]", "privateDnsZoneResourceIds": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneResourceIds'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneResourceIds), createObject('value', createArray()))]", "roleAssignments": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'roleAssignments'), createObject('value', parameters('privateEndpoints')[copyIndex()].roleAssignments), createObject('value', createArray()))]", diff --git a/modules/signal-r-service/web-pub-sub/main.json b/modules/signal-r-service/web-pub-sub/main.json index 12fb3b6219..a89045fd58 100644 --- a/modules/signal-r-service/web-pub-sub/main.json +++ b/modules/signal-r-service/web-pub-sub/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "6758590720754314081" + "templateHash": "13130629422708725988" }, "name": "SignalR Web PubSub Services", "description": "This module deploys a SignalR Web PubSub Service.", @@ -272,7 +272,9 @@ "value": "[parameters('privateEndpoints')[copyIndex()].subnetResourceId]" }, "location": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'location'), createObject('value', parameters('privateEndpoints')[copyIndex()].location), createObject('value', reference(split(parameters('privateEndpoints')[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location))]", - "lock": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'lock'), createObject('value', parameters('privateEndpoints')[copyIndex()].lock), createObject('value', null()))]", + "lock": { + "value": "[coalesce(tryGet(parameters('privateEndpoints')[copyIndex()], 'lock'), parameters('lock'))]" + }, "privateDnsZoneGroupName": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneGroupName'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneGroupName), createObject('value', 'default'))]", "privateDnsZoneResourceIds": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneResourceIds'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneResourceIds), createObject('value', createArray()))]", "roleAssignments": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'roleAssignments'), createObject('value', parameters('privateEndpoints')[copyIndex()].roleAssignments), createObject('value', createArray()))]", diff --git a/modules/sql/server/main.json b/modules/sql/server/main.json index 110e3c4ea3..6b01072bdf 100644 --- a/modules/sql/server/main.json +++ b/modules/sql/server/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "5215810648913031869" + "templateHash": "18434767573775023159" }, "name": "Azure SQL Servers", "description": "This module deploys an Azure SQL Server.", @@ -1476,7 +1476,9 @@ "value": "[variables('enableReferencedModulesTelemetry')]" }, "location": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'location'), createObject('value', parameters('privateEndpoints')[copyIndex()].location), createObject('value', reference(split(parameters('privateEndpoints')[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location))]", - "lock": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'lock'), createObject('value', parameters('privateEndpoints')[copyIndex()].lock), createObject('value', null()))]", + "lock": { + "value": "[coalesce(tryGet(parameters('privateEndpoints')[copyIndex()], 'lock'), parameters('lock'))]" + }, "privateDnsZoneGroupName": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneGroupName'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneGroupName), createObject('value', 'default'))]", "privateDnsZoneResourceIds": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneResourceIds'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneResourceIds), createObject('value', createArray()))]", "roleAssignments": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'roleAssignments'), createObject('value', parameters('privateEndpoints')[copyIndex()].roleAssignments), createObject('value', createArray()))]", diff --git a/modules/storage/storage-account/main.json b/modules/storage/storage-account/main.json index 67d020ccc9..01537a5506 100644 --- a/modules/storage/storage-account/main.json +++ b/modules/storage/storage-account/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "7623420689086339166" + "templateHash": "16183767474766935588" }, "name": "Storage Accounts", "description": "This module deploys a Storage Account.", @@ -766,7 +766,9 @@ "value": "[variables('enableReferencedModulesTelemetry')]" }, "location": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'location'), createObject('value', parameters('privateEndpoints')[copyIndex()].location), createObject('value', reference(split(parameters('privateEndpoints')[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location))]", - "lock": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'lock'), createObject('value', parameters('privateEndpoints')[copyIndex()].lock), createObject('value', null()))]", + "lock": { + "value": "[coalesce(tryGet(parameters('privateEndpoints')[copyIndex()], 'lock'), parameters('lock'))]" + }, "privateDnsZoneGroupName": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneGroupName'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneGroupName), createObject('value', 'default'))]", "privateDnsZoneResourceIds": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneResourceIds'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneResourceIds), createObject('value', createArray()))]", "roleAssignments": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'roleAssignments'), createObject('value', parameters('privateEndpoints')[copyIndex()].roleAssignments), createObject('value', createArray()))]", diff --git a/modules/synapse/private-link-hub/main.json b/modules/synapse/private-link-hub/main.json index 2d31fec701..f96d97ebc8 100644 --- a/modules/synapse/private-link-hub/main.json +++ b/modules/synapse/private-link-hub/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "15056932991564143086" + "templateHash": "11576206008807931590" }, "name": "Azure Synapse Analytics", "description": "This module deploys an Azure Synapse Analytics (Private Link Hub).", @@ -305,7 +305,9 @@ "value": "[variables('enableReferencedModulesTelemetry')]" }, "location": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'location'), createObject('value', parameters('privateEndpoints')[copyIndex()].location), createObject('value', reference(split(parameters('privateEndpoints')[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location))]", - "lock": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'lock'), createObject('value', parameters('privateEndpoints')[copyIndex()].lock), createObject('value', null()))]", + "lock": { + "value": "[coalesce(tryGet(parameters('privateEndpoints')[copyIndex()], 'lock'), parameters('lock'))]" + }, "privateDnsZoneGroupName": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneGroupName'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneGroupName), createObject('value', 'default'))]", "privateDnsZoneResourceIds": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneResourceIds'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneResourceIds), createObject('value', createArray()))]", "roleAssignments": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'roleAssignments'), createObject('value', parameters('privateEndpoints')[copyIndex()].roleAssignments), createObject('value', createArray()))]", diff --git a/modules/synapse/workspace/main.json b/modules/synapse/workspace/main.json index e942cacbd9..f4f45edcc9 100644 --- a/modules/synapse/workspace/main.json +++ b/modules/synapse/workspace/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "15611146682849530670" + "templateHash": "17488808869576693510" }, "name": "Synapse Workspaces", "description": "This module deploys a Synapse Workspace.", @@ -880,7 +880,9 @@ "value": "[variables('enableReferencedModulesTelemetry')]" }, "location": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'location'), createObject('value', parameters('privateEndpoints')[copyIndex()].location), createObject('value', reference(split(parameters('privateEndpoints')[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location))]", - "lock": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'lock'), createObject('value', parameters('privateEndpoints')[copyIndex()].lock), createObject('value', null()))]", + "lock": { + "value": "[coalesce(tryGet(parameters('privateEndpoints')[copyIndex()], 'lock'), parameters('lock'))]" + }, "privateDnsZoneGroupName": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneGroupName'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneGroupName), createObject('value', 'default'))]", "privateDnsZoneResourceIds": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneResourceIds'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneResourceIds), createObject('value', createArray()))]", "roleAssignments": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'roleAssignments'), createObject('value', parameters('privateEndpoints')[copyIndex()].roleAssignments), createObject('value', createArray()))]", diff --git a/modules/web/site/main.json b/modules/web/site/main.json index 9dfad5b232..5e16338289 100644 --- a/modules/web/site/main.json +++ b/modules/web/site/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "7460887566183851311" + "templateHash": "6021180257136349048" }, "name": "Web/Function Apps", "description": "This module deploys a Web or Function App.", @@ -889,7 +889,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "11970423164192274405" + "templateHash": "9880661409366046894" }, "name": "Web/Function App Deployment Slots", "description": "This module deploys a Web or Function App Deployment Slot.", @@ -1998,7 +1998,9 @@ "value": "[variables('enableReferencedModulesTelemetry')]" }, "location": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'location'), createObject('value', parameters('privateEndpoints')[copyIndex()].location), createObject('value', reference(split(parameters('privateEndpoints')[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location))]", - "lock": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'lock'), createObject('value', parameters('privateEndpoints')[copyIndex()].lock), createObject('value', null()))]", + "lock": { + "value": "[coalesce(tryGet(parameters('privateEndpoints')[copyIndex()], 'lock'), parameters('lock'))]" + }, "privateDnsZoneGroupName": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneGroupName'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneGroupName), createObject('value', 'default'))]", "privateDnsZoneResourceIds": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneResourceIds'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneResourceIds), createObject('value', createArray()))]", "roleAssignments": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'roleAssignments'), createObject('value', parameters('privateEndpoints')[copyIndex()].roleAssignments), createObject('value', createArray()))]", @@ -2985,7 +2987,9 @@ "value": "[variables('enableReferencedModulesTelemetry')]" }, "location": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'location'), createObject('value', parameters('privateEndpoints')[copyIndex()].location), createObject('value', reference(split(parameters('privateEndpoints')[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location))]", - "lock": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'lock'), createObject('value', parameters('privateEndpoints')[copyIndex()].lock), createObject('value', null()))]", + "lock": { + "value": "[coalesce(tryGet(parameters('privateEndpoints')[copyIndex()], 'lock'), parameters('lock'))]" + }, "privateDnsZoneGroupName": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneGroupName'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneGroupName), createObject('value', 'default'))]", "privateDnsZoneResourceIds": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneResourceIds'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneResourceIds), createObject('value', createArray()))]", "roleAssignments": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'roleAssignments'), createObject('value', parameters('privateEndpoints')[copyIndex()].roleAssignments), createObject('value', createArray()))]", diff --git a/modules/web/site/slot/main.json b/modules/web/site/slot/main.json index 23a30a5469..f316337fdd 100644 --- a/modules/web/site/slot/main.json +++ b/modules/web/site/slot/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "11970423164192274405" + "templateHash": "9880661409366046894" }, "name": "Web/Function App Deployment Slots", "description": "This module deploys a Web or Function App Deployment Slot.", @@ -1115,7 +1115,9 @@ "value": "[variables('enableReferencedModulesTelemetry')]" }, "location": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'location'), createObject('value', parameters('privateEndpoints')[copyIndex()].location), createObject('value', reference(split(parameters('privateEndpoints')[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location))]", - "lock": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'lock'), createObject('value', parameters('privateEndpoints')[copyIndex()].lock), createObject('value', null()))]", + "lock": { + "value": "[coalesce(tryGet(parameters('privateEndpoints')[copyIndex()], 'lock'), parameters('lock'))]" + }, "privateDnsZoneGroupName": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneGroupName'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneGroupName), createObject('value', 'default'))]", "privateDnsZoneResourceIds": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneResourceIds'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneResourceIds), createObject('value', createArray()))]", "roleAssignments": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'roleAssignments'), createObject('value', parameters('privateEndpoints')[copyIndex()].roleAssignments), createObject('value', createArray()))]", diff --git a/modules/web/static-site/main.json b/modules/web/static-site/main.json index a2816e64ab..342f27617e 100644 --- a/modules/web/static-site/main.json +++ b/modules/web/static-site/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "6573777061618915096" + "templateHash": "6968838794819347181" }, "name": "Static Web Apps", "description": "This module deploys a Static Web App.", @@ -907,7 +907,9 @@ "value": "[variables('enableReferencedModulesTelemetry')]" }, "location": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'location'), createObject('value', parameters('privateEndpoints')[copyIndex()].location), createObject('value', reference(split(parameters('privateEndpoints')[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location))]", - "lock": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'lock'), createObject('value', parameters('privateEndpoints')[copyIndex()].lock), createObject('value', null()))]", + "lock": { + "value": "[coalesce(tryGet(parameters('privateEndpoints')[copyIndex()], 'lock'), parameters('lock'))]" + }, "privateDnsZoneGroupName": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneGroupName'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneGroupName), createObject('value', 'default'))]", "privateDnsZoneResourceIds": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'privateDnsZoneResourceIds'), createObject('value', parameters('privateEndpoints')[copyIndex()].privateDnsZoneResourceIds), createObject('value', createArray()))]", "roleAssignments": "[if(contains(parameters('privateEndpoints')[copyIndex()], 'roleAssignments'), createObject('value', parameters('privateEndpoints')[copyIndex()].roleAssignments), createObject('value', createArray()))]", From e2f7e950753b119e3588c0df64bdb2027473dbef Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Thu, 19 Oct 2023 18:57:44 +0200 Subject: [PATCH 11/52] small api fixes --- modules/health-bot/health-bot/README.md | 2 +- modules/sql/managed-instance/database/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/health-bot/health-bot/README.md b/modules/health-bot/health-bot/README.md index 3b2c460319..db3645ccdd 100644 --- a/modules/health-bot/health-bot/README.md +++ b/modules/health-bot/health-bot/README.md @@ -16,7 +16,7 @@ This module deploys an Azure Health Bot. | :-- | :-- | | `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | -| `Microsoft.HealthBot/healthBots` | [2022-08-08](https://learn.microsoft.com/en-us/azure/templates/Microsoft.HealthBot/healthBots) | +| `Microsoft.HealthBot/healthBots` | [2022-08-08](https://learn.microsoft.com/en-us/azure/templates/Microsoft.HealthBot/2022-08-08/healthBots) | ## Usage examples diff --git a/modules/sql/managed-instance/database/README.md b/modules/sql/managed-instance/database/README.md index 9644941f7e..03ea3aeb62 100644 --- a/modules/sql/managed-instance/database/README.md +++ b/modules/sql/managed-instance/database/README.md @@ -14,7 +14,7 @@ This module deploys a SQL Managed Instance Database. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | -| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/diagnosticSettings) | +| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | | `Microsoft.Sql/managedInstances/databases` | [2022-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/2022-05-01-preview/managedInstances/databases) | | `Microsoft.Sql/managedInstances/databases/backupLongTermRetentionPolicies` | [2022-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/2022-05-01-preview/managedInstances/databases/backupLongTermRetentionPolicies) | | `Microsoft.Sql/managedInstances/databases/backupShortTermRetentionPolicies` | [2022-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/2022-05-01-preview/managedInstances/databases/backupShortTermRetentionPolicies) | From 28178e65e49afd3592e8fa1c17229fde70eeb106 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Thu, 19 Oct 2023 19:01:45 +0200 Subject: [PATCH 12/52] Fix for healthcare lock --- .../workspace/.test/common/main.test.bicep | 5 ++++- modules/healthcare-apis/workspace/README.md | 17 +++++++++++++---- 2 files changed, 17 insertions(+), 5 deletions(-) diff --git a/modules/healthcare-apis/workspace/.test/common/main.test.bicep b/modules/healthcare-apis/workspace/.test/common/main.test.bicep index e64ff1eea7..dbc8e30330 100644 --- a/modules/healthcare-apis/workspace/.test/common/main.test.bicep +++ b/modules/healthcare-apis/workspace/.test/common/main.test.bicep @@ -70,7 +70,10 @@ module testDeployment '../../main.bicep' = { name: '${namePrefix}${serviceShort}001' location: location publicNetworkAccess: 'Enabled' - lock: '' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } fhirservices: [ { name: '${namePrefix}-az-fhir-x-001' diff --git a/modules/healthcare-apis/workspace/README.md b/modules/healthcare-apis/workspace/README.md index 0bcdd3fd54..150ad94859 100644 --- a/modules/healthcare-apis/workspace/README.md +++ b/modules/healthcare-apis/workspace/README.md @@ -32,10 +32,13 @@ The following section provides usage examples for the module, which were used to >**Note**: To reference the module, please use the following syntax `br:bicep/modules/healthcare-apis.workspace:1.0.0`. -- [Common](#example-1-common) +- [Using large parameter set](#example-1-using-large-parameter-set) - [Using only defaults](#example-2-using-only-defaults) -### Example 1: _Common_ +### Example 1: _Using large parameter set_ + +This instance deploys the module with most of its features enabled. +
@@ -120,7 +123,10 @@ module workspace 'br:bicep/modules/healthcare-apis.workspace:1.0.0' = { } ] location: '' - lock: '' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } publicNetworkAccess: 'Enabled' tags: { Environment: 'Non-Prod' @@ -229,7 +235,10 @@ module workspace 'br:bicep/modules/healthcare-apis.workspace:1.0.0' = { "value": "" }, "lock": { - "value": "" + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } }, "publicNetworkAccess": { "value": "Enabled" From a206653f3bfa9fff51ff34c0e0a1377ee372ae64 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Thu, 19 Oct 2023 19:04:05 +0200 Subject: [PATCH 13/52] Fixed power BI lock --- modules/power-bi-dedicated/capacity/README.md | 36 ++++++++-- .../power-bi-dedicated/capacity/main.bicep | 30 ++++---- modules/power-bi-dedicated/capacity/main.json | 69 ++++++++++++------- 3 files changed, 92 insertions(+), 43 deletions(-) diff --git a/modules/power-bi-dedicated/capacity/README.md b/modules/power-bi-dedicated/capacity/README.md index 31bb96531e..3f4ceb5003 100644 --- a/modules/power-bi-dedicated/capacity/README.md +++ b/modules/power-bi-dedicated/capacity/README.md @@ -14,7 +14,7 @@ This module deploys a Power BI Dedicated Capacity. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | [2016-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/locks) | +| `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.PowerBIDedicated/capacities` | [2021-01-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.PowerBIDedicated/2021-01-01/capacities) | @@ -26,10 +26,13 @@ The following section provides usage examples for the module, which were used to >**Note**: To reference the module, please use the following syntax `br:bicep/modules/power-bi-dedicated.capacity:1.0.0`. -- [Common](#example-1-common) +- [Using large parameter set](#example-1-using-large-parameter-set) - [Using only defaults](#example-2-using-only-defaults) -### Example 1: _Common_ +### Example 1: _Using large parameter set_ + +This instance deploys the module with most of its features enabled. +
@@ -205,7 +208,7 @@ module capacity 'br:bicep/modules/power-bi-dedicated.capacity:1.0.0' = { | :-- | :-- | :-- | | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`location`](#parameter-location) | string | Location for all Resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`mode`](#parameter-mode) | string | Mode of the resource. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`skuName`](#parameter-skuname) | string | SkuCapacity of the resource. | @@ -228,11 +231,30 @@ Location for all Resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, NotSpecified, ReadOnly]` ### Parameter: `members` diff --git a/modules/power-bi-dedicated/capacity/main.bicep b/modules/power-bi-dedicated/capacity/main.bicep index e6918730b0..7da60eafd3 100644 --- a/modules/power-bi-dedicated/capacity/main.bicep +++ b/modules/power-bi-dedicated/capacity/main.bicep @@ -46,14 +46,8 @@ param members array @description('Optional. Mode of the resource.') param mode string = 'Gen2' -@allowed([ - '' - 'CanNotDelete' - 'NotSpecified' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] @@ -87,11 +81,11 @@ resource powerbi 'Microsoft.PowerBIDedicated/capacities@2021-01-01' = { } } -resource powerbi_lock 'Microsoft.Authorization/locks@2016-09-01' = if (!empty(lock)) { - name: '${powerbi.name}-${lock}-lock' +resource powerbi_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: lock - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: powerbi } @@ -115,3 +109,15 @@ output name string = powerbi.name @description('The location the resource was deployed into.') output location string = powerbi.location + +// =============== // +// Definitions // +// =============== // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/power-bi-dedicated/capacity/main.json b/modules/power-bi-dedicated/capacity/main.json index aafdb27cf3..374cd8802c 100644 --- a/modules/power-bi-dedicated/capacity/main.json +++ b/modules/power-bi-dedicated/capacity/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "9399428020393768552" + "templateHash": "14918936094313843131" }, "name": "Power BI Dedicated Capacities", "description": "This module deploys a Power BI Dedicated Capacity.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -90,16 +118,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "NotSpecified", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -110,8 +131,8 @@ } } }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -125,7 +146,7 @@ } } }, - { + "powerbi": { "type": "Microsoft.PowerBIDedicated/capacities", "apiVersion": "2021-01-01", "name": "[parameters('name')]", @@ -143,21 +164,21 @@ "mode": "[parameters('mode')]" } }, - { - "condition": "[not(empty(parameters('lock')))]", + "powerbi_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", - "apiVersion": "2016-09-01", + "apiVersion": "2020-05-01", "scope": "[format('Microsoft.PowerBIDedicated/capacities/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.PowerBIDedicated/capacities', parameters('name'))]" + "powerbi" ] }, - { + "powerbi_rbac": { "copy": { "name": "powerbi_rbac", "count": "[length(parameters('roleAssignments'))]" @@ -232,10 +253,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.PowerBIDedicated/capacities', parameters('name'))]" + "powerbi" ] } - ], + }, "outputs": { "resourceId": { "type": "string", @@ -263,7 +284,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.PowerBIDedicated/capacities', parameters('name')), '2021-01-01', 'full').location]" + "value": "[reference('powerbi', '2021-01-01', 'full').location]" } } } \ No newline at end of file From dcc0f84ece71e92d9092433158004811b2e5104f Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Thu, 19 Oct 2023 19:05:50 +0200 Subject: [PATCH 14/52] Fixed insights data collection --- .../data-collection-endpoint/README.md | 36 ++++++++-- .../data-collection-endpoint/main.bicep | 29 +++++--- .../data-collection-endpoint/main.json | 68 ++++++++++++------- 3 files changed, 92 insertions(+), 41 deletions(-) diff --git a/modules/insights/data-collection-endpoint/README.md b/modules/insights/data-collection-endpoint/README.md index 65a2f07130..77a855bbb2 100644 --- a/modules/insights/data-collection-endpoint/README.md +++ b/modules/insights/data-collection-endpoint/README.md @@ -14,7 +14,7 @@ This module deploys a Data Collection Endpoint. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | [2017-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | +| `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/dataCollectionEndpoints` | [2021-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-04-01/dataCollectionEndpoints) | @@ -26,10 +26,13 @@ The following section provides usage examples for the module, which were used to >**Note**: To reference the module, please use the following syntax `br:bicep/modules/insights.data-collection-endpoint:1.0.0`. -- [Common](#example-1-common) +- [Using large parameter set](#example-1-using-large-parameter-set) - [Using only defaults](#example-2-using-only-defaults) -### Example 1: _Common_ +### Example 1: _Using large parameter set_ + +This instance deploys the module with most of its features enabled. +
@@ -188,7 +191,7 @@ module dataCollectionEndpoint 'br:bicep/modules/insights.data-collection-endpoin | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via the Customer Usage Attribution ID (GUID). | | [`kind`](#parameter-kind) | string | The kind of the resource. | | [`location`](#parameter-location) | string | Location for all Resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | The configuration to set whether network access from public internet to the endpoints are allowed. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`tags`](#parameter-tags) | object | Resource tags. | @@ -217,11 +220,30 @@ Location for all Resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/insights/data-collection-endpoint/main.bicep b/modules/insights/data-collection-endpoint/main.bicep index 52427ec886..acff2f2fea 100644 --- a/modules/insights/data-collection-endpoint/main.bicep +++ b/modules/insights/data-collection-endpoint/main.bicep @@ -22,13 +22,8 @@ param kind string = 'Linux' @description('Optional. Location for all Resources.') param location string = resourceGroup().location -@description('Optional. Specify the type of lock.') -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -param lock string = '' +@description('Optional. The lock settings of the service.') +param lock lockType @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] @@ -71,11 +66,11 @@ resource dataCollectionEndpoint 'Microsoft.Insights/dataCollectionEndpoints@2021 } } -resource dataCollectionEndpoint_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { - name: '${dataCollectionEndpoint.name}-${lock}-lock' +resource dataCollectionEndpoint_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: dataCollectionEndpoint } @@ -108,3 +103,15 @@ output resourceGroupName string = resourceGroup().name @description('The location the resource was deployed into.') output location string = dataCollectionEndpoint.location + +// =============== // +// Definitions // +// =============== // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/insights/data-collection-endpoint/main.json b/modules/insights/data-collection-endpoint/main.json index f40ef19865..1ef931a6cf 100644 --- a/modules/insights/data-collection-endpoint/main.json +++ b/modules/insights/data-collection-endpoint/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "13275626141321439645" + "templateHash": "18059348054064453777" }, "name": "Data Collection Endpoints", "description": "This module deploys a Data Collection Endpoint.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -44,15 +72,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -81,8 +103,8 @@ } } }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -96,7 +118,7 @@ } } }, - { + "dataCollectionEndpoint": { "type": "Microsoft.Insights/dataCollectionEndpoints", "apiVersion": "2021-04-01", "name": "[parameters('name')]", @@ -109,21 +131,21 @@ } } }, - { - "condition": "[not(empty(parameters('lock')))]", + "dataCollectionEndpoint_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", - "apiVersion": "2017-04-01", + "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Insights/dataCollectionEndpoints/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Insights/dataCollectionEndpoints', parameters('name'))]" + "dataCollectionEndpoint" ] }, - { + "dataCollectionEndpoint_roleAssignments": { "copy": { "name": "dataCollectionEndpoint_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -398,10 +420,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Insights/dataCollectionEndpoints', parameters('name'))]" + "dataCollectionEndpoint" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -429,7 +451,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Insights/dataCollectionEndpoints', parameters('name')), '2021-04-01', 'full').location]" + "value": "[reference('dataCollectionEndpoint', '2021-04-01', 'full').location]" } } } \ No newline at end of file From 808e6933f83a9c9538eb09136160845255127aa6 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Thu, 19 Oct 2023 19:11:22 +0200 Subject: [PATCH 15/52] Updated RG --- .../resource-group/.bicep/nested_lock.bicep | 25 ++++ modules/resources/resource-group/README.md | 6 +- modules/resources/resource-group/main.bicep | 8 +- modules/resources/resource-group/main.json | 129 +++++++----------- 4 files changed, 76 insertions(+), 92 deletions(-) create mode 100644 modules/resources/resource-group/.bicep/nested_lock.bicep diff --git a/modules/resources/resource-group/.bicep/nested_lock.bicep b/modules/resources/resource-group/.bicep/nested_lock.bicep new file mode 100644 index 0000000000..40ae513015 --- /dev/null +++ b/modules/resources/resource-group/.bicep/nested_lock.bicep @@ -0,0 +1,25 @@ +@description('Optional. The lock settings of the service.') +param lock lockType + +@description('Required. The name of the Resource Group.') +param name string + +resource resourceGroup_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' + properties: { + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' + } +} + +// =============== // +// Definitions // +// =============== // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/resources/resource-group/README.md b/modules/resources/resource-group/README.md index 55dd524743..c104241da0 100644 --- a/modules/resources/resource-group/README.md +++ b/modules/resources/resource-group/README.md @@ -266,8 +266,4 @@ Tags of the storage account resource. ## Cross-referenced modules -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). - -| Reference | Type | -| :-- | :-- | -| `modules/authorization/lock/resource-group` | Local reference | +_None_ diff --git a/modules/resources/resource-group/main.bicep b/modules/resources/resource-group/main.bicep index 7a1500d609..d210a418df 100644 --- a/modules/resources/resource-group/main.bicep +++ b/modules/resources/resource-group/main.bicep @@ -46,11 +46,11 @@ resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { properties: {} } -module resourceGroup_lock '../../authorization/lock/resource-group/main.bicep' = if (!empty(lock)) { - name: '${uniqueString(deployment().name, location)}-${lock}-Lock' +module resourceGroup_lock '.bicep/nested_lock.bicep' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: '${uniqueString(deployment().name, location)}-RG-Lock' params: { - level: any(lock) - name: '${resourceGroup.name}-${lock}-lock' + lock: lock + name: resourceGroup.name } scope: resourceGroup } diff --git a/modules/resources/resource-group/main.json b/modules/resources/resource-group/main.json index 4744fa0a19..7c296e5557 100644 --- a/modules/resources/resource-group/main.json +++ b/modules/resources/resource-group/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "7603780541507519847" + "templateHash": "15355408892272442414" }, "name": "Resource Groups", "description": "This module deploys a Resource Group.", @@ -114,10 +114,10 @@ "properties": {} }, "resourceGroup_lock": { - "condition": "[not(empty(parameters('lock')))]", + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('{0}-{1}-Lock', uniqueString(deployment().name, parameters('location')), parameters('lock'))]", + "name": "[format('{0}-RG-Lock', uniqueString(deployment().name, parameters('location')))]", "resourceGroup": "[parameters('name')]", "properties": { "expressionEvaluationOptions": { @@ -125,113 +125,76 @@ }, "mode": "Incremental", "parameters": { - "level": { + "lock": { "value": "[parameters('lock')]" }, "name": { - "value": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]" + "value": "[parameters('name')]" } }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "8961143332409950444" - }, - "name": "Authorization Locks (Resource Group scope)", - "description": "This module deploys an Authorization Lock at a Resource Group scope.", - "owner": "Azure/module-maintainers" + "templateHash": "17703781580329850458" + } + }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } }, "parameters": { - "name": { - "type": "string", - "defaultValue": "[format('{0}-lock', parameters('level'))]", + "lock": { + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. The name of the lock." + "description": "Optional. The lock settings of the service." } }, - "level": { - "type": "string", - "allowedValues": [ - "CanNotDelete", - "ReadOnly" - ], - "metadata": { - "description": "Required. Set lock level." - } - }, - "notes": { + "name": { "type": "string", - "defaultValue": "[if(equals(parameters('level'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]", "metadata": { - "description": "Optional. The decription attached to the lock." - } - }, - "enableDefaultTelemetry": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + "description": "Required. The name of the Resource Group." } } }, - "resources": [ - { - "condition": "[parameters('enableDefaultTelemetry')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2021-04-01", - "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]", - "properties": { - "mode": "Incremental", - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [] - } - } - }, - { + "resources": { + "resourceGroup_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", - "name": "[parameters('name')]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('level')]", - "notes": "[parameters('notes')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" } } - ], - "outputs": { - "name": { - "type": "string", - "metadata": { - "description": "The name of the lock." - }, - "value": "[parameters('name')]" - }, - "resourceId": { - "type": "string", - "metadata": { - "description": "The resource ID of the lock." - }, - "value": "[resourceId('Microsoft.Authorization/locks', parameters('name'))]" - }, - "resourceGroupName": { - "type": "string", - "metadata": { - "description": "The name of the resource group name the lock was applied to." - }, - "value": "[resourceGroup().name]" - }, - "scope": { - "type": "string", - "metadata": { - "description": "The scope this lock applies to." - }, - "value": "[resourceGroup().id]" - } } } }, From ec757b0307f36b9453664b35c221998eefa9c0c1 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Thu, 19 Oct 2023 19:21:53 +0200 Subject: [PATCH 16/52] Fixed lock passthru on several instances --- docs/wiki/The library - Module design.md | 4 ++-- modules/event-hub/namespace/main.bicep | 2 +- modules/event-hub/namespace/main.json | 6 ++++-- modules/healthcare-apis/workspace/main.bicep | 6 +++--- modules/healthcare-apis/workspace/main.json | 14 ++++++++++---- modules/service-bus/namespace/main.bicep | 4 ++-- modules/sql/managed-instance/main.bicep | 2 +- modules/sql/managed-instance/main.json | 6 ++++-- 8 files changed, 27 insertions(+), 17 deletions(-) diff --git a/docs/wiki/The library - Module design.md b/docs/wiki/The library - Module design.md index 5204914d7a..b3c95193c2 100644 --- a/docs/wiki/The library - Module design.md +++ b/docs/wiki/The library - Module design.md @@ -160,12 +160,12 @@ resource _lock 'Microsoft.Authorization/locks@2020-05-01' = if (!e > > - Child and extension resources > - Locks are not automatically passed down, as they are inherited by default in Azure -> - The reference of the child/extension template should look similar to: `lock: contains(, 'lock') ? .lock : ''` +> - The reference of the child/extension template should look similar to: `lock: .?lock ?? lock` > - Using this implementation, a lock is only deployed to the child/extension resource if explicitly specified in the module's test file > - For example, the lock of a Storage Account module is not automatically passed to a Storage Container child-deployment. Instead, the Storage Container resource is automatically locked by Azure together with a locked Storage Account > - Cross-referenced resources > - All cross-referenced resources share the lock with the main resource to prevent depending resources to be changed or deleted -> - The reference of the cross-referenced resource template should look similar to: `lock: contains(, 'lock') ? .lock : lock` +> - The reference of the cross-referenced resource template should look similar to: `lock: .?lock ?? lock` > - Using this implementation, a lock of the main resource is implicitly passed to the referenced module template > - For example, the lock of a Key Vault module is automatically passed to an also deployed Private Endpoint module deployment diff --git a/modules/event-hub/namespace/main.bicep b/modules/event-hub/namespace/main.bicep index 0a7f3c6c3c..4ed0815749 100644 --- a/modules/event-hub/namespace/main.bicep +++ b/modules/event-hub/namespace/main.bicep @@ -284,7 +284,7 @@ module eventHubNamespace_eventhubs 'eventhub/main.bicep' = [for (eventHub, index captureDescriptionSizeLimitInBytes: contains(eventHub, 'captureDescriptionSizeLimitInBytes') ? eventHub.captureDescriptionSizeLimitInBytes : 314572800 captureDescriptionSkipEmptyArchives: contains(eventHub, 'captureDescriptionSkipEmptyArchives') ? eventHub.captureDescriptionSkipEmptyArchives : false consumergroups: contains(eventHub, 'consumergroups') ? eventHub.consumergroups : [] - lock: contains(eventHub, 'lock') ? eventHub.lock : '' + lock: eventHub.?lock ?? lock messageRetentionInDays: contains(eventHub, 'messageRetentionInDays') ? eventHub.messageRetentionInDays : 1 partitionCount: contains(eventHub, 'partitionCount') ? eventHub.partitionCount : 2 roleAssignments: contains(eventHub, 'roleAssignments') ? eventHub.roleAssignments : [] diff --git a/modules/event-hub/namespace/main.json b/modules/event-hub/namespace/main.json index 9ac0b5ba7c..4914e01eba 100644 --- a/modules/event-hub/namespace/main.json +++ b/modules/event-hub/namespace/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "5400370874559204104" + "templateHash": "2216108787200401845" }, "name": "Event Hub Namespaces", "description": "This module deploys an Event Hub Namespace.", @@ -718,7 +718,9 @@ "captureDescriptionSizeLimitInBytes": "[if(contains(parameters('eventhubs')[copyIndex()], 'captureDescriptionSizeLimitInBytes'), createObject('value', parameters('eventhubs')[copyIndex()].captureDescriptionSizeLimitInBytes), createObject('value', 314572800))]", "captureDescriptionSkipEmptyArchives": "[if(contains(parameters('eventhubs')[copyIndex()], 'captureDescriptionSkipEmptyArchives'), createObject('value', parameters('eventhubs')[copyIndex()].captureDescriptionSkipEmptyArchives), createObject('value', false()))]", "consumergroups": "[if(contains(parameters('eventhubs')[copyIndex()], 'consumergroups'), createObject('value', parameters('eventhubs')[copyIndex()].consumergroups), createObject('value', createArray()))]", - "lock": "[if(contains(parameters('eventhubs')[copyIndex()], 'lock'), createObject('value', parameters('eventhubs')[copyIndex()].lock), createObject('value', ''))]", + "lock": { + "value": "[coalesce(tryGet(parameters('eventhubs')[copyIndex()], 'lock'), parameters('lock'))]" + }, "messageRetentionInDays": "[if(contains(parameters('eventhubs')[copyIndex()], 'messageRetentionInDays'), createObject('value', parameters('eventhubs')[copyIndex()].messageRetentionInDays), createObject('value', 1))]", "partitionCount": "[if(contains(parameters('eventhubs')[copyIndex()], 'partitionCount'), createObject('value', parameters('eventhubs')[copyIndex()].partitionCount), createObject('value', 2))]", "roleAssignments": "[if(contains(parameters('eventhubs')[copyIndex()], 'roleAssignments'), createObject('value', parameters('eventhubs')[copyIndex()].roleAssignments), createObject('value', createArray()))]", diff --git a/modules/healthcare-apis/workspace/main.bicep b/modules/healthcare-apis/workspace/main.bicep index 5b6b4c098a..933c998407 100644 --- a/modules/healthcare-apis/workspace/main.bicep +++ b/modules/healthcare-apis/workspace/main.bicep @@ -114,7 +114,7 @@ module workspace_fhirservices 'fhirservice/main.bicep' = [for (fhir, index) in f importStorageAccountName: contains(fhir, 'importStorageAccountName') ? fhir.importStorageAccountName : '' importEnabled: contains(fhir, 'importEnabled') ? fhir.importEnabled : false initialImportMode: contains(fhir, 'initialImportMode') ? fhir.initialImportMode : false - lock: contains(fhir, 'lock') ? fhir.lock : '' + lock: fhir.?lock ?? lock resourceVersionPolicy: contains(fhir, 'resourceVersionPolicy') ? fhir.resourceVersionPolicy : 'versioned' resourceVersionOverrides: contains(fhir, 'resourceVersionOverrides') ? fhir.resourceVersionOverrides : {} smartProxyEnabled: contains(fhir, 'smartProxyEnabled') ? fhir.smartProxyEnabled : false @@ -143,7 +143,7 @@ module workspace_dicomservices 'dicomservice/main.bicep' = [for (dicom, index) i diagnosticWorkspaceId: contains(dicom, 'diagnosticWorkspaceId') ? dicom.diagnosticWorkspaceId : '' diagnosticEventHubAuthorizationRuleId: contains(dicom, 'diagnosticEventHubAuthorizationRuleId') ? dicom.diagnosticEventHubAuthorizationRuleId : '' diagnosticEventHubName: contains(dicom, 'diagnosticEventHubName') ? dicom.diagnosticEventHubName : '' - lock: contains(dicom, 'lock') ? dicom.lock : '' + lock: dicom.?lock ?? lock userAssignedIdentities: contains(dicom, 'userAssignedIdentities') ? dicom.userAssignedIdentities : {} diagnosticLogCategoriesToEnable: contains(dicom, 'diagnosticLogCategoriesToEnable') ? dicom.diagnosticLogCategoriesToEnable : [ 'AuditLogs' ] enableDefaultTelemetry: enableReferencedModulesTelemetry @@ -170,7 +170,7 @@ module workspace_iotconnector 'iotconnector/main.bicep' = [for (iotConnector, in diagnosticWorkspaceId: contains(iotConnector, 'diagnosticWorkspaceId') ? iotConnector.diagnosticWorkspaceId : '' diagnosticEventHubAuthorizationRuleId: contains(iotConnector, 'diagnosticEventHubAuthorizationRuleId') ? iotConnector.diagnosticEventHubAuthorizationRuleId : '' diagnosticEventHubName: contains(iotConnector, 'diagnosticEventHubName') ? iotConnector.diagnosticEventHubName : '' - lock: contains(iotConnector, 'lock') ? iotConnector.lock : '' + lock: iotConnector.?lock ?? lock userAssignedIdentities: contains(iotConnector, 'userAssignedIdentities') ? iotConnector.userAssignedIdentities : {} diagnosticLogCategoriesToEnable: contains(iotConnector, 'diagnosticLogCategoriesToEnable') ? iotConnector.diagnosticLogCategoriesToEnable : [ 'DiagnosticLogs' ] diagnosticMetricsToEnable: contains(iotConnector, 'diagnosticMetricsToEnable') ? iotConnector.diagnosticMetricsToEnable : [ 'AllMetrics' ] diff --git a/modules/healthcare-apis/workspace/main.json b/modules/healthcare-apis/workspace/main.json index 621b480cc4..41a468c521 100644 --- a/modules/healthcare-apis/workspace/main.json +++ b/modules/healthcare-apis/workspace/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "4597929736305145660" + "templateHash": "14046183075929419967" }, "name": "Healthcare API Workspaces", "description": "This module deploys a Healthcare API Workspace.", @@ -361,7 +361,9 @@ "importStorageAccountName": "[if(contains(parameters('fhirservices')[copyIndex()], 'importStorageAccountName'), createObject('value', parameters('fhirservices')[copyIndex()].importStorageAccountName), createObject('value', ''))]", "importEnabled": "[if(contains(parameters('fhirservices')[copyIndex()], 'importEnabled'), createObject('value', parameters('fhirservices')[copyIndex()].importEnabled), createObject('value', false()))]", "initialImportMode": "[if(contains(parameters('fhirservices')[copyIndex()], 'initialImportMode'), createObject('value', parameters('fhirservices')[copyIndex()].initialImportMode), createObject('value', false()))]", - "lock": "[if(contains(parameters('fhirservices')[copyIndex()], 'lock'), createObject('value', parameters('fhirservices')[copyIndex()].lock), createObject('value', ''))]", + "lock": { + "value": "[coalesce(tryGet(parameters('fhirservices')[copyIndex()], 'lock'), parameters('lock'))]" + }, "resourceVersionPolicy": "[if(contains(parameters('fhirservices')[copyIndex()], 'resourceVersionPolicy'), createObject('value', parameters('fhirservices')[copyIndex()].resourceVersionPolicy), createObject('value', 'versioned'))]", "resourceVersionOverrides": "[if(contains(parameters('fhirservices')[copyIndex()], 'resourceVersionOverrides'), createObject('value', parameters('fhirservices')[copyIndex()].resourceVersionOverrides), createObject('value', createObject()))]", "smartProxyEnabled": "[if(contains(parameters('fhirservices')[copyIndex()], 'smartProxyEnabled'), createObject('value', parameters('fhirservices')[copyIndex()].smartProxyEnabled), createObject('value', false()))]", @@ -1060,7 +1062,9 @@ "diagnosticWorkspaceId": "[if(contains(parameters('dicomservices')[copyIndex()], 'diagnosticWorkspaceId'), createObject('value', parameters('dicomservices')[copyIndex()].diagnosticWorkspaceId), createObject('value', ''))]", "diagnosticEventHubAuthorizationRuleId": "[if(contains(parameters('dicomservices')[copyIndex()], 'diagnosticEventHubAuthorizationRuleId'), createObject('value', parameters('dicomservices')[copyIndex()].diagnosticEventHubAuthorizationRuleId), createObject('value', ''))]", "diagnosticEventHubName": "[if(contains(parameters('dicomservices')[copyIndex()], 'diagnosticEventHubName'), createObject('value', parameters('dicomservices')[copyIndex()].diagnosticEventHubName), createObject('value', ''))]", - "lock": "[if(contains(parameters('dicomservices')[copyIndex()], 'lock'), createObject('value', parameters('dicomservices')[copyIndex()].lock), createObject('value', ''))]", + "lock": { + "value": "[coalesce(tryGet(parameters('dicomservices')[copyIndex()], 'lock'), parameters('lock'))]" + }, "userAssignedIdentities": "[if(contains(parameters('dicomservices')[copyIndex()], 'userAssignedIdentities'), createObject('value', parameters('dicomservices')[copyIndex()].userAssignedIdentities), createObject('value', createObject()))]", "diagnosticLogCategoriesToEnable": "[if(contains(parameters('dicomservices')[copyIndex()], 'diagnosticLogCategoriesToEnable'), createObject('value', parameters('dicomservices')[copyIndex()].diagnosticLogCategoriesToEnable), createObject('value', createArray('AuditLogs')))]", "enableDefaultTelemetry": { @@ -1435,7 +1439,9 @@ "diagnosticWorkspaceId": "[if(contains(parameters('iotconnectors')[copyIndex()], 'diagnosticWorkspaceId'), createObject('value', parameters('iotconnectors')[copyIndex()].diagnosticWorkspaceId), createObject('value', ''))]", "diagnosticEventHubAuthorizationRuleId": "[if(contains(parameters('iotconnectors')[copyIndex()], 'diagnosticEventHubAuthorizationRuleId'), createObject('value', parameters('iotconnectors')[copyIndex()].diagnosticEventHubAuthorizationRuleId), createObject('value', ''))]", "diagnosticEventHubName": "[if(contains(parameters('iotconnectors')[copyIndex()], 'diagnosticEventHubName'), createObject('value', parameters('iotconnectors')[copyIndex()].diagnosticEventHubName), createObject('value', ''))]", - "lock": "[if(contains(parameters('iotconnectors')[copyIndex()], 'lock'), createObject('value', parameters('iotconnectors')[copyIndex()].lock), createObject('value', ''))]", + "lock": { + "value": "[coalesce(tryGet(parameters('iotconnectors')[copyIndex()], 'lock'), parameters('lock'))]" + }, "userAssignedIdentities": "[if(contains(parameters('iotconnectors')[copyIndex()], 'userAssignedIdentities'), createObject('value', parameters('iotconnectors')[copyIndex()].userAssignedIdentities), createObject('value', createObject()))]", "diagnosticLogCategoriesToEnable": "[if(contains(parameters('iotconnectors')[copyIndex()], 'diagnosticLogCategoriesToEnable'), createObject('value', parameters('iotconnectors')[copyIndex()].diagnosticLogCategoriesToEnable), createObject('value', createArray('DiagnosticLogs')))]", "diagnosticMetricsToEnable": "[if(contains(parameters('iotconnectors')[copyIndex()], 'diagnosticMetricsToEnable'), createObject('value', parameters('iotconnectors')[copyIndex()].diagnosticMetricsToEnable), createObject('value', createArray('AllMetrics')))]", diff --git a/modules/service-bus/namespace/main.bicep b/modules/service-bus/namespace/main.bicep index c61e51efbd..8df4330148 100644 --- a/modules/service-bus/namespace/main.bicep +++ b/modules/service-bus/namespace/main.bicep @@ -304,7 +304,7 @@ module serviceBusNamespace_queues 'queue/main.bicep' = [for (queue, index) in qu enableBatchedOperations: contains(queue, 'enableBatchedOperations') ? queue.enableBatchedOperations : true enableExpress: contains(queue, 'enableExpress') ? queue.enableExpress : false enablePartitioning: contains(queue, 'enablePartitioning') ? queue.enablePartitioning : false - lock: contains(queue, 'lock') ? queue.lock : '' + lock: queue.?lock ?? lock lockDuration: contains(queue, 'lockDuration') ? queue.lockDuration : 'PT1M' maxDeliveryCount: contains(queue, 'maxDeliveryCount') ? queue.maxDeliveryCount : 10 maxSizeInMegabytes: contains(queue, 'maxSizeInMegabytes') ? queue.maxSizeInMegabytes : 1024 @@ -337,7 +337,7 @@ module serviceBusNamespace_topics 'topic/main.bicep' = [for (topic, index) in to enableBatchedOperations: contains(topic, 'enableBatchedOperations') ? topic.enableBatchedOperations : true enableExpress: contains(topic, 'enableExpress') ? topic.enableExpress : false enablePartitioning: contains(topic, 'enablePartitioning') ? topic.enablePartitioning : false - lock: contains(topic, 'lock') ? topic.lock : '' + lock: topic.?lock ?? lock maxMessageSizeInKilobytes: contains(topic, 'maxMessageSizeInKilobytes') ? topic.maxMessageSizeInKilobytes : 1024 maxSizeInMegabytes: contains(topic, 'maxSizeInMegabytes') ? topic.maxSizeInMegabytes : 1024 requiresDuplicateDetection: contains(topic, 'requiresDuplicateDetection') ? topic.requiresDuplicateDetection : false diff --git a/modules/sql/managed-instance/main.bicep b/modules/sql/managed-instance/main.bicep index 2f5f7528ae..1bf99be979 100644 --- a/modules/sql/managed-instance/main.bicep +++ b/modules/sql/managed-instance/main.bicep @@ -299,7 +299,7 @@ module managedInstance_databases 'database/main.bicep' = [for (database, index) diagnosticEventHubAuthorizationRuleId: contains(database, 'diagnosticEventHubAuthorizationRuleId') ? database.diagnosticEventHubAuthorizationRuleId : '' diagnosticEventHubName: contains(database, 'diagnosticEventHubName') ? database.diagnosticEventHubName : '' location: contains(database, 'location') ? database.location : managedInstance.location - lock: contains(database, 'lock') ? database.lock : '' + lock: database.?lock ?? lock longTermRetentionBackupResourceId: contains(database, 'longTermRetentionBackupResourceId') ? database.longTermRetentionBackupResourceId : '' recoverableDatabaseId: contains(database, 'recoverableDatabaseId') ? database.recoverableDatabaseId : '' restorableDroppedDatabaseId: contains(database, 'restorableDroppedDatabaseId') ? database.restorableDroppedDatabaseId : '' diff --git a/modules/sql/managed-instance/main.json b/modules/sql/managed-instance/main.json index 1a369b5e40..21ce21a1d0 100644 --- a/modules/sql/managed-instance/main.json +++ b/modules/sql/managed-instance/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "10725109912402429439" + "templateHash": "15164808450251247513" }, "name": "SQL Managed Instances", "description": "This module deploys a SQL Managed Instance.", @@ -679,7 +679,9 @@ "diagnosticEventHubAuthorizationRuleId": "[if(contains(parameters('databases')[copyIndex()], 'diagnosticEventHubAuthorizationRuleId'), createObject('value', parameters('databases')[copyIndex()].diagnosticEventHubAuthorizationRuleId), createObject('value', ''))]", "diagnosticEventHubName": "[if(contains(parameters('databases')[copyIndex()], 'diagnosticEventHubName'), createObject('value', parameters('databases')[copyIndex()].diagnosticEventHubName), createObject('value', ''))]", "location": "[if(contains(parameters('databases')[copyIndex()], 'location'), createObject('value', parameters('databases')[copyIndex()].location), createObject('value', reference('managedInstance', '2022-05-01-preview', 'full').location))]", - "lock": "[if(contains(parameters('databases')[copyIndex()], 'lock'), createObject('value', parameters('databases')[copyIndex()].lock), createObject('value', ''))]", + "lock": { + "value": "[coalesce(tryGet(parameters('databases')[copyIndex()], 'lock'), parameters('lock'))]" + }, "longTermRetentionBackupResourceId": "[if(contains(parameters('databases')[copyIndex()], 'longTermRetentionBackupResourceId'), createObject('value', parameters('databases')[copyIndex()].longTermRetentionBackupResourceId), createObject('value', ''))]", "recoverableDatabaseId": "[if(contains(parameters('databases')[copyIndex()], 'recoverableDatabaseId'), createObject('value', parameters('databases')[copyIndex()].recoverableDatabaseId), createObject('value', ''))]", "restorableDroppedDatabaseId": "[if(contains(parameters('databases')[copyIndex()], 'restorableDroppedDatabaseId'), createObject('value', parameters('databases')[copyIndex()].restorableDroppedDatabaseId), createObject('value', ''))]", From fd329ec84268cd736d9f46cdff3862d17e045d2f Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Thu, 19 Oct 2023 20:59:36 +0200 Subject: [PATCH 17/52] Adjusted scope --- modules/service-bus/namespace/main.bicep | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/service-bus/namespace/main.bicep b/modules/service-bus/namespace/main.bicep index 8df4330148..19b7e54880 100644 --- a/modules/service-bus/namespace/main.bicep +++ b/modules/service-bus/namespace/main.bicep @@ -194,12 +194,12 @@ resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (ena resource cMKKeyVault 'Microsoft.KeyVault/vaults@2021-10-01' existing = if (!empty(cMKKeyVaultResourceId)) { name: last(split(cMKKeyVaultResourceId, '/'))! - scope: resourceGroup(split(cMKKeyVaultResourceId, '/')[2], split(cMKKeyVaultResourceId, '/')[4]) + scope: resourceGroup(split((cMKKeyVaultResourceId ?? '//'), '/')[2], split((cMKKeyVaultResourceId ?? '////'), '/')[4]) } resource cMKKeyVaultKey 'Microsoft.KeyVault/vaults/keys@2021-10-01' existing = if (!empty(cMKKeyVaultResourceId) && !empty(cMKKeyName)) { name: '${last(split(cMKKeyVaultResourceId, '/'))}/${cMKKeyName}'! - scope: resourceGroup(split(cMKKeyVaultResourceId, '/')[2], split(cMKKeyVaultResourceId, '/')[4]) + scope: resourceGroup(split((cMKKeyVaultResourceId ?? '//'), '/')[2], split((cMKKeyVaultResourceId ?? '////'), '/')[4]) } resource serviceBusNamespace 'Microsoft.ServiceBus/namespaces@2022-10-01-preview' = { From fce512ce8577c214c54060f4850aa717545b7d7c Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Thu, 19 Oct 2023 21:27:42 +0200 Subject: [PATCH 18/52] Adjusted cmk for service bus ns --- modules/service-bus/namespace/main.bicep | 4 ++-- modules/service-bus/namespace/main.json | 22 +++++++++++++--------- 2 files changed, 15 insertions(+), 11 deletions(-) diff --git a/modules/service-bus/namespace/main.bicep b/modules/service-bus/namespace/main.bicep index 19b7e54880..d806effe5b 100644 --- a/modules/service-bus/namespace/main.bicep +++ b/modules/service-bus/namespace/main.bicep @@ -193,12 +193,12 @@ resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (ena } resource cMKKeyVault 'Microsoft.KeyVault/vaults@2021-10-01' existing = if (!empty(cMKKeyVaultResourceId)) { - name: last(split(cMKKeyVaultResourceId, '/'))! + name: last(split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : 'dummyVault'), '/'))! scope: resourceGroup(split((cMKKeyVaultResourceId ?? '//'), '/')[2], split((cMKKeyVaultResourceId ?? '////'), '/')[4]) } resource cMKKeyVaultKey 'Microsoft.KeyVault/vaults/keys@2021-10-01' existing = if (!empty(cMKKeyVaultResourceId) && !empty(cMKKeyName)) { - name: '${last(split(cMKKeyVaultResourceId, '/'))}/${cMKKeyName}'! + name: '${last(split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : 'dummyVault'), '/'))}/${cMKKeyName}'! scope: resourceGroup(split((cMKKeyVaultResourceId ?? '//'), '/')[2], split((cMKKeyVaultResourceId ?? '////'), '/')[4]) } diff --git a/modules/service-bus/namespace/main.json b/modules/service-bus/namespace/main.json index dbd1f16099..db985c2fde 100644 --- a/modules/service-bus/namespace/main.json +++ b/modules/service-bus/namespace/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "2064440867839372163" + "templateHash": "6124315257677108113" }, "name": "Service Bus Namespaces", "description": "This module deploys a Service Bus Namespace.", @@ -375,18 +375,18 @@ "existing": true, "type": "Microsoft.KeyVault/vaults", "apiVersion": "2021-10-01", - "subscriptionId": "[split(parameters('cMKKeyVaultResourceId'), '/')[2]]", - "resourceGroup": "[split(parameters('cMKKeyVaultResourceId'), '/')[4]]", - "name": "[last(split(parameters('cMKKeyVaultResourceId'), '/'))]" + "subscriptionId": "[split(coalesce(parameters('cMKKeyVaultResourceId'), '//'), '/')[2]]", + "resourceGroup": "[split(coalesce(parameters('cMKKeyVaultResourceId'), '////'), '/')[4]]", + "name": "[last(split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), 'dummyVault'), '/'))]" }, "cMKKeyVaultKey": { "condition": "[and(not(empty(parameters('cMKKeyVaultResourceId'))), not(empty(parameters('cMKKeyName'))))]", "existing": true, "type": "Microsoft.KeyVault/vaults/keys", "apiVersion": "2021-10-01", - "subscriptionId": "[split(parameters('cMKKeyVaultResourceId'), '/')[2]]", - "resourceGroup": "[split(parameters('cMKKeyVaultResourceId'), '/')[4]]", - "name": "[format('{0}/{1}', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName'))]" + "subscriptionId": "[split(coalesce(parameters('cMKKeyVaultResourceId'), '//'), '/')[2]]", + "resourceGroup": "[split(coalesce(parameters('cMKKeyVaultResourceId'), '////'), '/')[4]]", + "name": "[format('{0}/{1}', last(split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), 'dummyVault'), '/')), parameters('cMKKeyName'))]" }, "serviceBusNamespace": { "type": "Microsoft.ServiceBus/namespaces", @@ -1013,7 +1013,9 @@ "enableBatchedOperations": "[if(contains(parameters('queues')[copyIndex()], 'enableBatchedOperations'), createObject('value', parameters('queues')[copyIndex()].enableBatchedOperations), createObject('value', true()))]", "enableExpress": "[if(contains(parameters('queues')[copyIndex()], 'enableExpress'), createObject('value', parameters('queues')[copyIndex()].enableExpress), createObject('value', false()))]", "enablePartitioning": "[if(contains(parameters('queues')[copyIndex()], 'enablePartitioning'), createObject('value', parameters('queues')[copyIndex()].enablePartitioning), createObject('value', false()))]", - "lock": "[if(contains(parameters('queues')[copyIndex()], 'lock'), createObject('value', parameters('queues')[copyIndex()].lock), createObject('value', ''))]", + "lock": { + "value": "[coalesce(tryGet(parameters('queues')[copyIndex()], 'lock'), parameters('lock'))]" + }, "lockDuration": "[if(contains(parameters('queues')[copyIndex()], 'lockDuration'), createObject('value', parameters('queues')[copyIndex()].lockDuration), createObject('value', 'PT1M'))]", "maxDeliveryCount": "[if(contains(parameters('queues')[copyIndex()], 'maxDeliveryCount'), createObject('value', parameters('queues')[copyIndex()].maxDeliveryCount), createObject('value', 10))]", "maxSizeInMegabytes": "[if(contains(parameters('queues')[copyIndex()], 'maxSizeInMegabytes'), createObject('value', parameters('queues')[copyIndex()].maxSizeInMegabytes), createObject('value', 1024))]", @@ -1650,7 +1652,9 @@ "enableBatchedOperations": "[if(contains(parameters('topics')[copyIndex()], 'enableBatchedOperations'), createObject('value', parameters('topics')[copyIndex()].enableBatchedOperations), createObject('value', true()))]", "enableExpress": "[if(contains(parameters('topics')[copyIndex()], 'enableExpress'), createObject('value', parameters('topics')[copyIndex()].enableExpress), createObject('value', false()))]", "enablePartitioning": "[if(contains(parameters('topics')[copyIndex()], 'enablePartitioning'), createObject('value', parameters('topics')[copyIndex()].enablePartitioning), createObject('value', false()))]", - "lock": "[if(contains(parameters('topics')[copyIndex()], 'lock'), createObject('value', parameters('topics')[copyIndex()].lock), createObject('value', ''))]", + "lock": { + "value": "[coalesce(tryGet(parameters('topics')[copyIndex()], 'lock'), parameters('lock'))]" + }, "maxMessageSizeInKilobytes": "[if(contains(parameters('topics')[copyIndex()], 'maxMessageSizeInKilobytes'), createObject('value', parameters('topics')[copyIndex()].maxMessageSizeInKilobytes), createObject('value', 1024))]", "maxSizeInMegabytes": "[if(contains(parameters('topics')[copyIndex()], 'maxSizeInMegabytes'), createObject('value', parameters('topics')[copyIndex()].maxSizeInMegabytes), createObject('value', 1024))]", "requiresDuplicateDetection": "[if(contains(parameters('topics')[copyIndex()], 'requiresDuplicateDetection'), createObject('value', parameters('topics')[copyIndex()].requiresDuplicateDetection), createObject('value', false()))]", From aa3b3ea2ace3facacfe3e9ec76a9bebcdbbf31c6 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Thu, 19 Oct 2023 22:32:09 +0200 Subject: [PATCH 19/52] Updated ref --- modules/service-bus/namespace/main.bicep | 4 ++-- modules/service-bus/namespace/main.json | 10 +++++----- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/modules/service-bus/namespace/main.bicep b/modules/service-bus/namespace/main.bicep index d806effe5b..250503f876 100644 --- a/modules/service-bus/namespace/main.bicep +++ b/modules/service-bus/namespace/main.bicep @@ -194,12 +194,12 @@ resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (ena resource cMKKeyVault 'Microsoft.KeyVault/vaults@2021-10-01' existing = if (!empty(cMKKeyVaultResourceId)) { name: last(split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : 'dummyVault'), '/'))! - scope: resourceGroup(split((cMKKeyVaultResourceId ?? '//'), '/')[2], split((cMKKeyVaultResourceId ?? '////'), '/')[4]) + scope: resourceGroup(split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : '//'), '/')[2], split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : '////'), '/')[4]) } resource cMKKeyVaultKey 'Microsoft.KeyVault/vaults/keys@2021-10-01' existing = if (!empty(cMKKeyVaultResourceId) && !empty(cMKKeyName)) { name: '${last(split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : 'dummyVault'), '/'))}/${cMKKeyName}'! - scope: resourceGroup(split((cMKKeyVaultResourceId ?? '//'), '/')[2], split((cMKKeyVaultResourceId ?? '////'), '/')[4]) + scope: resourceGroup(split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : '//'), '/')[2], split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : '////'), '/')[4]) } resource serviceBusNamespace 'Microsoft.ServiceBus/namespaces@2022-10-01-preview' = { diff --git a/modules/service-bus/namespace/main.json b/modules/service-bus/namespace/main.json index db985c2fde..75edf8fa03 100644 --- a/modules/service-bus/namespace/main.json +++ b/modules/service-bus/namespace/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "6124315257677108113" + "templateHash": "2504248366941947569" }, "name": "Service Bus Namespaces", "description": "This module deploys a Service Bus Namespace.", @@ -375,8 +375,8 @@ "existing": true, "type": "Microsoft.KeyVault/vaults", "apiVersion": "2021-10-01", - "subscriptionId": "[split(coalesce(parameters('cMKKeyVaultResourceId'), '//'), '/')[2]]", - "resourceGroup": "[split(coalesce(parameters('cMKKeyVaultResourceId'), '////'), '/')[4]]", + "subscriptionId": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '//'), '/')[2]]", + "resourceGroup": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '////'), '/')[4]]", "name": "[last(split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), 'dummyVault'), '/'))]" }, "cMKKeyVaultKey": { @@ -384,8 +384,8 @@ "existing": true, "type": "Microsoft.KeyVault/vaults/keys", "apiVersion": "2021-10-01", - "subscriptionId": "[split(coalesce(parameters('cMKKeyVaultResourceId'), '//'), '/')[2]]", - "resourceGroup": "[split(coalesce(parameters('cMKKeyVaultResourceId'), '////'), '/')[4]]", + "subscriptionId": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '//'), '/')[2]]", + "resourceGroup": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '////'), '/')[4]]", "name": "[format('{0}/{1}', last(split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), 'dummyVault'), '/')), parameters('cMKKeyName'))]" }, "serviceBusNamespace": { From 65452b3228fea6622b3b6808d1f82ee5b4799c34 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Thu, 19 Oct 2023 22:45:21 +0200 Subject: [PATCH 20/52] Updated cmk with udt workaround --- modules/event-hub/namespace/main.bicep | 8 ++++---- modules/event-hub/namespace/main.json | 16 ++++++++-------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/modules/event-hub/namespace/main.bicep b/modules/event-hub/namespace/main.bicep index 4ed0815749..3bfd039efa 100644 --- a/modules/event-hub/namespace/main.bicep +++ b/modules/event-hub/namespace/main.bicep @@ -183,12 +183,12 @@ var identity = identityType != 'None' ? { var enableReferencedModulesTelemetry = false -resource cMKKeyVault 'Microsoft.KeyVault/vaults@2023-02-01' existing = if (!empty(cMKKeyVaultResourceId)) { - name: last(split(cMKKeyVaultResourceId, '/'))! - scope: resourceGroup(split(cMKKeyVaultResourceId, '/')[2], split(cMKKeyVaultResourceId, '/')[4]) +resource cMKKeyVault 'Microsoft.KeyVault/vaults@2021-10-01' existing = if (!empty(cMKKeyVaultResourceId)) { + name: last(split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : 'dummyVault'), '/'))! + scope: resourceGroup(split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : '//'), '/')[2], split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : '////'), '/')[4]) resource cMKKey 'keys@2023-02-01' existing = if (!empty(cMKKeyName)) { - name: cMKKeyName + name: !empty(cMKKeyName) ? cMKKeyName : 'dummyKey' } } diff --git a/modules/event-hub/namespace/main.json b/modules/event-hub/namespace/main.json index 4914e01eba..1c0cc32b12 100644 --- a/modules/event-hub/namespace/main.json +++ b/modules/event-hub/namespace/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "2216108787200401845" + "templateHash": "11328063440515261641" }, "name": "Event Hub Namespaces", "description": "This module deploys an Event Hub Namespace.", @@ -359,9 +359,9 @@ "existing": true, "type": "Microsoft.KeyVault/vaults/keys", "apiVersion": "2023-02-01", - "subscriptionId": "[split(parameters('cMKKeyVaultResourceId'), '/')[2]]", - "resourceGroup": "[split(parameters('cMKKeyVaultResourceId'), '/')[4]]", - "name": "[format('{0}/{1}', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName'))]", + "subscriptionId": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '//'), '/')[2]]", + "resourceGroup": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '////'), '/')[4]]", + "name": "[format('{0}/{1}', last(split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), 'dummyVault'), '/')), if(not(empty(parameters('cMKKeyName'))), parameters('cMKKeyName'), 'dummyKey'))]", "dependsOn": [ "cMKKeyVault" ] @@ -370,10 +370,10 @@ "condition": "[not(empty(parameters('cMKKeyVaultResourceId')))]", "existing": true, "type": "Microsoft.KeyVault/vaults", - "apiVersion": "2023-02-01", - "subscriptionId": "[split(parameters('cMKKeyVaultResourceId'), '/')[2]]", - "resourceGroup": "[split(parameters('cMKKeyVaultResourceId'), '/')[4]]", - "name": "[last(split(parameters('cMKKeyVaultResourceId'), '/'))]" + "apiVersion": "2021-10-01", + "subscriptionId": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '//'), '/')[2]]", + "resourceGroup": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '////'), '/')[4]]", + "name": "[last(split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), 'dummyVault'), '/'))]" }, "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", From f8b4c08578af497334c1b9856467cc8fcc4c81c9 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Thu, 19 Oct 2023 22:54:03 +0200 Subject: [PATCH 21/52] Updated storage --- modules/storage/storage-account/main.bicep | 6 +++--- modules/storage/storage-account/main.json | 10 +++++----- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/modules/storage/storage-account/main.bicep b/modules/storage/storage-account/main.bicep index e53ed5fe12..cfbb81990d 100644 --- a/modules/storage/storage-account/main.bicep +++ b/modules/storage/storage-account/main.bicep @@ -227,9 +227,9 @@ resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (ena } } -resource keyVault 'Microsoft.KeyVault/vaults@2021-06-01-preview' existing = if (!empty(cMKKeyVaultResourceId)) { - name: last(split(cMKKeyVaultResourceId, '/'))! - scope: resourceGroup(split(cMKKeyVaultResourceId, '/')[2], split(cMKKeyVaultResourceId, '/')[4]) +resource keyVault 'Microsoft.KeyVault/vaults@2021-10-01' existing = if (!empty(cMKKeyVaultResourceId)) { + name: last(split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : 'dummyVault'), '/'))! + scope: resourceGroup(split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : '//'), '/')[2], split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : '////'), '/')[4]) } resource storageAccount 'Microsoft.Storage/storageAccounts@2022-09-01' = { diff --git a/modules/storage/storage-account/main.json b/modules/storage/storage-account/main.json index 01537a5506..38d1cc9dd2 100644 --- a/modules/storage/storage-account/main.json +++ b/modules/storage/storage-account/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "16183767474766935588" + "templateHash": "2987578024127826531" }, "name": "Storage Accounts", "description": "This module deploys a Storage Account.", @@ -464,10 +464,10 @@ "condition": "[not(empty(parameters('cMKKeyVaultResourceId')))]", "existing": true, "type": "Microsoft.KeyVault/vaults", - "apiVersion": "2021-06-01-preview", - "subscriptionId": "[split(parameters('cMKKeyVaultResourceId'), '/')[2]]", - "resourceGroup": "[split(parameters('cMKKeyVaultResourceId'), '/')[4]]", - "name": "[last(split(parameters('cMKKeyVaultResourceId'), '/'))]" + "apiVersion": "2021-10-01", + "subscriptionId": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '//'), '/')[2]]", + "resourceGroup": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '////'), '/')[4]]", + "name": "[last(split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), 'dummyVault'), '/'))]" }, "storageAccount": { "type": "Microsoft.Storage/storageAccounts", From d4f90e9d1e5f5245fb7e10bf7e839ab7cbce0b0e Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Thu, 19 Oct 2023 23:17:22 +0200 Subject: [PATCH 22/52] Updated cmk --- modules/service-bus/namespace/main.bicep | 9 +++--- modules/service-bus/namespace/main.json | 28 ++++++++++--------- modules/service-bus/namespace/topic/README.md | 2 +- 3 files changed, 20 insertions(+), 19 deletions(-) diff --git a/modules/service-bus/namespace/main.bicep b/modules/service-bus/namespace/main.bicep index 250503f876..a3d10b116d 100644 --- a/modules/service-bus/namespace/main.bicep +++ b/modules/service-bus/namespace/main.bicep @@ -195,11 +195,10 @@ resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (ena resource cMKKeyVault 'Microsoft.KeyVault/vaults@2021-10-01' existing = if (!empty(cMKKeyVaultResourceId)) { name: last(split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : 'dummyVault'), '/'))! scope: resourceGroup(split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : '//'), '/')[2], split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : '////'), '/')[4]) -} -resource cMKKeyVaultKey 'Microsoft.KeyVault/vaults/keys@2021-10-01' existing = if (!empty(cMKKeyVaultResourceId) && !empty(cMKKeyName)) { - name: '${last(split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : 'dummyVault'), '/'))}/${cMKKeyName}'! - scope: resourceGroup(split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : '//'), '/')[2], split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : '////'), '/')[4]) + resource cMKKey 'keys@2023-02-01' existing = if (!empty(cMKKeyName)) { + name: !empty(cMKKeyName) ? cMKKeyName : 'dummyKey' + } } resource serviceBusNamespace 'Microsoft.ServiceBus/namespaces@2022-10-01-preview' = { @@ -227,7 +226,7 @@ resource serviceBusNamespace 'Microsoft.ServiceBus/namespaces@2022-10-01-preview } : null keyName: cMKKeyName keyVaultUri: cMKKeyVault.properties.vaultUri - keyVersion: !empty(cMKKeyVersion) ? cMKKeyVersion : last(split(cMKKeyVaultKey.properties.keyUriWithVersion, '/')) + keyVersion: !empty(cMKKeyVersion) ? cMKKeyVersion : last(split(cMKKeyVault::cMKKey.properties.keyUriWithVersion, '/')) } ] requireInfrastructureEncryption: requireInfrastructureEncryption diff --git a/modules/service-bus/namespace/main.json b/modules/service-bus/namespace/main.json index 75edf8fa03..dbe9a914ec 100644 --- a/modules/service-bus/namespace/main.json +++ b/modules/service-bus/namespace/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "2504248366941947569" + "templateHash": "16649033312069788826" }, "name": "Service Bus Namespaces", "description": "This module deploys a Service Bus Namespace.", @@ -356,6 +356,18 @@ "enableReferencedModulesTelemetry": false }, "resources": { + "cMKKeyVault::cMKKey": { + "condition": "[and(not(empty(parameters('cMKKeyVaultResourceId'))), not(empty(parameters('cMKKeyName'))))]", + "existing": true, + "type": "Microsoft.KeyVault/vaults/keys", + "apiVersion": "2023-02-01", + "subscriptionId": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '//'), '/')[2]]", + "resourceGroup": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '////'), '/')[4]]", + "name": "[format('{0}/{1}', last(split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), 'dummyVault'), '/')), if(not(empty(parameters('cMKKeyName'))), parameters('cMKKeyName'), 'dummyKey'))]", + "dependsOn": [ + "cMKKeyVault" + ] + }, "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", @@ -379,15 +391,6 @@ "resourceGroup": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '////'), '/')[4]]", "name": "[last(split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), 'dummyVault'), '/'))]" }, - "cMKKeyVaultKey": { - "condition": "[and(not(empty(parameters('cMKKeyVaultResourceId'))), not(empty(parameters('cMKKeyName'))))]", - "existing": true, - "type": "Microsoft.KeyVault/vaults/keys", - "apiVersion": "2021-10-01", - "subscriptionId": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '//'), '/')[2]]", - "resourceGroup": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '////'), '/')[4]]", - "name": "[format('{0}/{1}', last(split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), 'dummyVault'), '/')), parameters('cMKKeyName'))]" - }, "serviceBusNamespace": { "type": "Microsoft.ServiceBus/namespaces", "apiVersion": "2022-10-01-preview", @@ -406,11 +409,10 @@ "zoneRedundant": "[parameters('zoneRedundant')]", "disableLocalAuth": "[parameters('disableLocalAuth')]", "premiumMessagingPartitions": "[if(equals(parameters('skuName'), 'Premium'), parameters('premiumMessagingPartitions'), 0)]", - "encryption": "[if(not(empty(parameters('cMKKeyName'))), createObject('keySource', 'Microsoft.KeyVault', 'keyVaultProperties', createArray(createObject('identity', if(not(empty(parameters('cMKUserAssignedIdentityResourceId'))), createObject('userAssignedIdentity', parameters('cMKUserAssignedIdentityResourceId')), null()), 'keyName', parameters('cMKKeyName'), 'keyVaultUri', reference('cMKKeyVault').vaultUri, 'keyVersion', if(not(empty(parameters('cMKKeyVersion'))), parameters('cMKKeyVersion'), last(split(reference('cMKKeyVaultKey').keyUriWithVersion, '/'))))), 'requireInfrastructureEncryption', parameters('requireInfrastructureEncryption')), null())]" + "encryption": "[if(not(empty(parameters('cMKKeyName'))), createObject('keySource', 'Microsoft.KeyVault', 'keyVaultProperties', createArray(createObject('identity', if(not(empty(parameters('cMKUserAssignedIdentityResourceId'))), createObject('userAssignedIdentity', parameters('cMKUserAssignedIdentityResourceId')), null()), 'keyName', parameters('cMKKeyName'), 'keyVaultUri', reference('cMKKeyVault').vaultUri, 'keyVersion', if(not(empty(parameters('cMKKeyVersion'))), parameters('cMKKeyVersion'), last(split(reference('cMKKeyVault::cMKKey').keyUriWithVersion, '/'))))), 'requireInfrastructureEncryption', parameters('requireInfrastructureEncryption')), null())]" }, "dependsOn": [ - "cMKKeyVault", - "cMKKeyVaultKey" + "cMKKeyVault" ] }, "serviceBusNamespace_lock": { diff --git a/modules/service-bus/namespace/topic/README.md b/modules/service-bus/namespace/topic/README.md index 00edc62f20..de9d36f335 100644 --- a/modules/service-bus/namespace/topic/README.md +++ b/modules/service-bus/namespace/topic/README.md @@ -15,7 +15,7 @@ This module deploys a Service Bus Namespace Topic. | :-- | :-- | | `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | -| `Microsoft.ServiceBus/namespaces/topics` | [2022-10-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2022-10-01-preview/namespaces/topics) | +| `Microsoft.ServiceBus/namespaces/topics` | [2022-10-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/namespaces/topics) | | `Microsoft.ServiceBus/namespaces/topics/authorizationRules` | [2022-10-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2022-10-01-preview/namespaces/topics/authorizationRules) | ## Parameters From b07c7a001a346a764539cba8792dd514c569be2e Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Thu, 19 Oct 2023 23:19:29 +0200 Subject: [PATCH 23/52] Fixed readme --- modules/service-bus/namespace/topic/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/service-bus/namespace/topic/README.md b/modules/service-bus/namespace/topic/README.md index de9d36f335..00edc62f20 100644 --- a/modules/service-bus/namespace/topic/README.md +++ b/modules/service-bus/namespace/topic/README.md @@ -15,7 +15,7 @@ This module deploys a Service Bus Namespace Topic. | :-- | :-- | | `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | -| `Microsoft.ServiceBus/namespaces/topics` | [2022-10-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/namespaces/topics) | +| `Microsoft.ServiceBus/namespaces/topics` | [2022-10-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2022-10-01-preview/namespaces/topics) | | `Microsoft.ServiceBus/namespaces/topics/authorizationRules` | [2022-10-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2022-10-01-preview/namespaces/topics/authorizationRules) | ## Parameters From 350aa372687459d759166506a9ac93524815fbf1 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Thu, 19 Oct 2023 23:28:38 +0200 Subject: [PATCH 24/52] Updated cmk for app-config --- .../configuration-store/main.bicep | 14 +++++------ .../configuration-store/main.json | 24 +++++++++---------- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/modules/app-configuration/configuration-store/main.bicep b/modules/app-configuration/configuration-store/main.bicep index 136fd6ec40..9a4d2e75dd 100644 --- a/modules/app-configuration/configuration-store/main.bicep +++ b/modules/app-configuration/configuration-store/main.bicep @@ -150,18 +150,18 @@ resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (ena } } -resource cMKKeyVault 'Microsoft.KeyVault/vaults@2023-02-01' existing = if (!empty(cMKKeyVaultResourceId)) { - name: last(split(cMKKeyVaultResourceId, '/'))! - scope: resourceGroup(split(cMKKeyVaultResourceId, '/')[2], split(cMKKeyVaultResourceId, '/')[4]) +resource cMKKeyVault 'Microsoft.KeyVault/vaults@2021-10-01' existing = if (!empty(cMKKeyVaultResourceId)) { + name: last(split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : 'dummyVault'), '/'))! + scope: resourceGroup(split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : '//'), '/')[2], split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : '////'), '/')[4]) - resource cMKKey 'keys@2022-07-01' existing = if (!empty(cMKKeyName)) { - name: cMKKeyName + resource cMKKey 'keys@2023-02-01' existing = if (!empty(cMKKeyName)) { + name: !empty(cMKKeyName) ? cMKKeyName : 'dummyKey' } } resource cMKUserAssignedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' existing = if (!empty(cMKUserAssignedIdentityResourceId)) { - name: last(split(cMKUserAssignedIdentityResourceId, '/'))! - scope: resourceGroup(split(cMKUserAssignedIdentityResourceId, '/')[2], split(cMKUserAssignedIdentityResourceId, '/')[4]) + name: last(split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : 'dummyMsi'), '/'))! + scope: resourceGroup(split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : '//'), '/')[2], split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : '////'), '/')[4]) } resource configurationStore 'Microsoft.AppConfiguration/configurationStores@2023-03-01' = { diff --git a/modules/app-configuration/configuration-store/main.json b/modules/app-configuration/configuration-store/main.json index 4e1c45795b..cf6f84dcb5 100644 --- a/modules/app-configuration/configuration-store/main.json +++ b/modules/app-configuration/configuration-store/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "3783400318412037439" + "templateHash": "11343967706179576865" }, "name": "App Configuration Stores", "description": "This module deploys an App Configuration Store.", @@ -289,10 +289,10 @@ "condition": "[and(not(empty(parameters('cMKKeyVaultResourceId'))), not(empty(parameters('cMKKeyName'))))]", "existing": true, "type": "Microsoft.KeyVault/vaults/keys", - "apiVersion": "2022-07-01", - "subscriptionId": "[split(parameters('cMKKeyVaultResourceId'), '/')[2]]", - "resourceGroup": "[split(parameters('cMKKeyVaultResourceId'), '/')[4]]", - "name": "[format('{0}/{1}', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName'))]", + "apiVersion": "2023-02-01", + "subscriptionId": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '//'), '/')[2]]", + "resourceGroup": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '////'), '/')[4]]", + "name": "[format('{0}/{1}', last(split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), 'dummyVault'), '/')), if(not(empty(parameters('cMKKeyName'))), parameters('cMKKeyName'), 'dummyKey'))]", "dependsOn": [ "cMKKeyVault" ] @@ -315,19 +315,19 @@ "condition": "[not(empty(parameters('cMKKeyVaultResourceId')))]", "existing": true, "type": "Microsoft.KeyVault/vaults", - "apiVersion": "2023-02-01", - "subscriptionId": "[split(parameters('cMKKeyVaultResourceId'), '/')[2]]", - "resourceGroup": "[split(parameters('cMKKeyVaultResourceId'), '/')[4]]", - "name": "[last(split(parameters('cMKKeyVaultResourceId'), '/'))]" + "apiVersion": "2021-10-01", + "subscriptionId": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '//'), '/')[2]]", + "resourceGroup": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '////'), '/')[4]]", + "name": "[last(split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), 'dummyVault'), '/'))]" }, "cMKUserAssignedIdentity": { "condition": "[not(empty(parameters('cMKUserAssignedIdentityResourceId')))]", "existing": true, "type": "Microsoft.ManagedIdentity/userAssignedIdentities", "apiVersion": "2023-01-31", - "subscriptionId": "[split(parameters('cMKUserAssignedIdentityResourceId'), '/')[2]]", - "resourceGroup": "[split(parameters('cMKUserAssignedIdentityResourceId'), '/')[4]]", - "name": "[last(split(parameters('cMKUserAssignedIdentityResourceId'), '/'))]" + "subscriptionId": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '//'), '/')[2]]", + "resourceGroup": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '////'), '/')[4]]", + "name": "[last(split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), 'dummyMsi'), '/'))]" }, "configurationStore": { "type": "Microsoft.AppConfiguration/configurationStores", From c6128ab2f48ea99f8e589d21da2a40c99fb4cdda Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Thu, 19 Oct 2023 23:31:21 +0200 Subject: [PATCH 25/52] Updated cmk for batch --- modules/batch/batch-account/main.bicep | 17 ++++++----- modules/batch/batch-account/main.json | 40 ++++++++++++++------------ 2 files changed, 29 insertions(+), 28 deletions(-) diff --git a/modules/batch/batch-account/main.bicep b/modules/batch/batch-account/main.bicep index 25ac3e4f4b..e0f720a1d2 100644 --- a/modules/batch/batch-account/main.bicep +++ b/modules/batch/batch-account/main.bicep @@ -171,14 +171,13 @@ resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (ena } } -resource keyVaultReferenceKeyVault 'Microsoft.KeyVault/vaults@2021-10-01' existing = if (!empty(keyVaultReferenceResourceId)) { - name: last(split(keyVaultReferenceResourceId, '/'))! - scope: resourceGroup(split(keyVaultReferenceResourceId, '/')[2], split(keyVaultReferenceResourceId, '/')[4]) -} +resource cMKKeyVault 'Microsoft.KeyVault/vaults@2021-10-01' existing = if (!empty(cMKKeyVaultResourceId)) { + name: last(split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : 'dummyVault'), '/'))! + scope: resourceGroup(split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : '//'), '/')[2], split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : '////'), '/')[4]) -resource cMKKeyVaultKey 'Microsoft.KeyVault/vaults/keys@2021-10-01' existing = if (!empty(cMKKeyVaultResourceId) && !empty(cMKKeyName)) { - name: '${last(split(cMKKeyVaultResourceId, '/'))}/${cMKKeyName}' - scope: resourceGroup(split(cMKKeyVaultResourceId, '/')[2], split(cMKKeyVaultResourceId, '/')[4]) + resource cMKKey 'keys@2023-02-01' existing = if (!empty(cMKKeyName)) { + name: !empty(cMKKeyName) ? cMKKeyName : 'dummyKey' + } } resource batchAccount 'Microsoft.Batch/batchAccounts@2022-06-01' = { @@ -192,12 +191,12 @@ resource batchAccount 'Microsoft.Batch/batchAccounts@2022-06-01' = { encryption: !empty(cMKKeyName) ? { keySource: 'Microsoft.KeyVault' keyVaultProperties: { - keyIdentifier: !empty(cMKKeyVersion) ? '${cMKKeyVaultKey.properties.keyUri}/${cMKKeyVersion}' : cMKKeyVaultKey.properties.keyUriWithVersion + keyIdentifier: !empty(cMKKeyVersion) ? '${cMKKeyVault::cMKKey.properties.keyUri}/${cMKKeyVersion}' : cMKKeyVault::cMKKey.properties.keyUriWithVersion } } : null keyVaultReference: poolAllocationMode == 'UserSubscription' ? { id: keyVaultReferenceResourceId - url: keyVaultReferenceKeyVault.properties.vaultUri + url: cMKKeyVault.properties.vaultUri } : null networkProfile: (publicNetworkAccess == 'Disabled') || empty(networkProfileAllowedIpRanges) ? null : { accountAccess: { diff --git a/modules/batch/batch-account/main.json b/modules/batch/batch-account/main.json index 497941e430..3c256755bd 100644 --- a/modules/batch/batch-account/main.json +++ b/modules/batch/batch-account/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "7307637121796009731" + "templateHash": "2439163015108038599" }, "name": "Batch Accounts", "description": "This module deploys a Batch Account.", @@ -304,6 +304,18 @@ "enableReferencedModulesTelemetry": false }, "resources": { + "cMKKeyVault::cMKKey": { + "condition": "[and(not(empty(parameters('cMKKeyVaultResourceId'))), not(empty(parameters('cMKKeyName'))))]", + "existing": true, + "type": "Microsoft.KeyVault/vaults/keys", + "apiVersion": "2023-02-01", + "subscriptionId": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '//'), '/')[2]]", + "resourceGroup": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '////'), '/')[4]]", + "name": "[format('{0}/{1}', last(split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), 'dummyVault'), '/')), if(not(empty(parameters('cMKKeyName'))), parameters('cMKKeyName'), 'dummyKey'))]", + "dependsOn": [ + "cMKKeyVault" + ] + }, "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", @@ -318,23 +330,14 @@ } } }, - "keyVaultReferenceKeyVault": { - "condition": "[not(empty(parameters('keyVaultReferenceResourceId')))]", + "cMKKeyVault": { + "condition": "[not(empty(parameters('cMKKeyVaultResourceId')))]", "existing": true, "type": "Microsoft.KeyVault/vaults", "apiVersion": "2021-10-01", - "subscriptionId": "[split(parameters('keyVaultReferenceResourceId'), '/')[2]]", - "resourceGroup": "[split(parameters('keyVaultReferenceResourceId'), '/')[4]]", - "name": "[last(split(parameters('keyVaultReferenceResourceId'), '/'))]" - }, - "cMKKeyVaultKey": { - "condition": "[and(not(empty(parameters('cMKKeyVaultResourceId'))), not(empty(parameters('cMKKeyName'))))]", - "existing": true, - "type": "Microsoft.KeyVault/vaults/keys", - "apiVersion": "2021-10-01", - "subscriptionId": "[split(parameters('cMKKeyVaultResourceId'), '/')[2]]", - "resourceGroup": "[split(parameters('cMKKeyVaultResourceId'), '/')[4]]", - "name": "[format('{0}/{1}', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName'))]" + "subscriptionId": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '//'), '/')[2]]", + "resourceGroup": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '////'), '/')[4]]", + "name": "[last(split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), 'dummyVault'), '/'))]" }, "batchAccount": { "type": "Microsoft.Batch/batchAccounts", @@ -346,15 +349,14 @@ "properties": { "allowedAuthenticationModes": "[parameters('allowedAuthenticationModes')]", "autoStorage": "[variables('autoStorageConfig')]", - "encryption": "[if(not(empty(parameters('cMKKeyName'))), createObject('keySource', 'Microsoft.KeyVault', 'keyVaultProperties', createObject('keyIdentifier', if(not(empty(parameters('cMKKeyVersion'))), format('{0}/{1}', reference('cMKKeyVaultKey').keyUri, parameters('cMKKeyVersion')), reference('cMKKeyVaultKey').keyUriWithVersion))), null())]", - "keyVaultReference": "[if(equals(parameters('poolAllocationMode'), 'UserSubscription'), createObject('id', parameters('keyVaultReferenceResourceId'), 'url', reference('keyVaultReferenceKeyVault').vaultUri), null())]", + "encryption": "[if(not(empty(parameters('cMKKeyName'))), createObject('keySource', 'Microsoft.KeyVault', 'keyVaultProperties', createObject('keyIdentifier', if(not(empty(parameters('cMKKeyVersion'))), format('{0}/{1}', reference('cMKKeyVault::cMKKey').keyUri, parameters('cMKKeyVersion')), reference('cMKKeyVault::cMKKey').keyUriWithVersion))), null())]", + "keyVaultReference": "[if(equals(parameters('poolAllocationMode'), 'UserSubscription'), createObject('id', parameters('keyVaultReferenceResourceId'), 'url', reference('cMKKeyVault').vaultUri), null())]", "networkProfile": "[if(or(equals(parameters('publicNetworkAccess'), 'Disabled'), empty(parameters('networkProfileAllowedIpRanges'))), null(), createObject('accountAccess', createObject('defaultAction', parameters('networkProfileDefaultAction'), 'ipRules', variables('networkProfileIpRules'))))]", "poolAllocationMode": "[parameters('poolAllocationMode')]", "publicNetworkAccess": "[if(not(empty(parameters('publicNetworkAccess'))), parameters('publicNetworkAccess'), if(and(not(empty(parameters('privateEndpoints'))), empty(parameters('networkProfileAllowedIpRanges'))), 'Disabled', null()))]" }, "dependsOn": [ - "cMKKeyVaultKey", - "keyVaultReferenceKeyVault" + "cMKKeyVault" ] }, "batchAccount_lock": { From 89135ebdc6ababda2c6134eb5ec4aa48398edbf2 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Thu, 19 Oct 2023 23:32:29 +0200 Subject: [PATCH 26/52] Updated cmk for cognitive --- modules/cognitive-services/account/main.bicep | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/modules/cognitive-services/account/main.bicep b/modules/cognitive-services/account/main.bicep index 06494998b2..5fbb6da6e4 100644 --- a/modules/cognitive-services/account/main.bicep +++ b/modules/cognitive-services/account/main.bicep @@ -201,19 +201,18 @@ resource defaultTelemetry 'Microsoft.Resources/deployments@2022-09-01' = if (ena } } -resource cMKKeyVault 'Microsoft.KeyVault/vaults@2023-02-01' existing = if (!empty(cMKKeyVaultResourceId)) { - name: last(split(cMKKeyVaultResourceId, '/'))! - scope: resourceGroup(split(cMKKeyVaultResourceId, '/')[2], split(cMKKeyVaultResourceId, '/')[4]) -} +resource cMKKeyVault 'Microsoft.KeyVault/vaults@2021-10-01' existing = if (!empty(cMKKeyVaultResourceId)) { + name: last(split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : 'dummyVault'), '/'))! + scope: resourceGroup(split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : '//'), '/')[2], split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : '////'), '/')[4]) -resource cMKKeyVaultKey 'Microsoft.KeyVault/vaults/keys@2023-02-01' existing = if (!empty(cMKKeyVaultResourceId) && !empty(cMKKeyName)) { - name: '${last(split(cMKKeyVaultResourceId, '/'))}/${cMKKeyName}'! - scope: resourceGroup(split(cMKKeyVaultResourceId, '/')[2], split(cMKKeyVaultResourceId, '/')[4]) + resource cMKKey 'keys@2023-02-01' existing = if (!empty(cMKKeyName)) { + name: !empty(cMKKeyName) ? cMKKeyName : 'dummyKey' + } } resource cMKUserAssignedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' existing = if (!empty(cMKUserAssignedIdentityResourceId)) { - name: last(split(cMKUserAssignedIdentityResourceId, '/'))! - scope: resourceGroup(split(cMKUserAssignedIdentityResourceId, '/')[2], split(cMKUserAssignedIdentityResourceId, '/')[4]) + name: last(split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : 'dummyMsi'), '/'))! + scope: resourceGroup(split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : '//'), '/')[2], split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : '////'), '/')[4]) } resource cognitiveServices 'Microsoft.CognitiveServices/accounts@2022-12-01' = { @@ -242,7 +241,7 @@ resource cognitiveServices 'Microsoft.CognitiveServices/accounts@2022-12-01' = { identityClientId: cMKUserAssignedIdentity.properties.clientId keyVaultUri: cMKKeyVault.properties.vaultUri keyName: cMKKeyName - keyVersion: !empty(cMKKeyVersion) ? cMKKeyVersion : last(split(cMKKeyVaultKey.properties.keyUriWithVersion, '/')) + keyVersion: !empty(cMKKeyVersion) ? cMKKeyVersion : last(split(cMKKeyVault::cMKKey.properties.keyUriWithVersion, '/')) } } : null migrationToken: !empty(migrationToken) ? migrationToken : null From 1fea92eb14a5f5664fafce156bbb6d39b11e0346 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Thu, 19 Oct 2023 23:33:46 +0200 Subject: [PATCH 27/52] Updated cmk for container instance --- .../container-group/main.bicep | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/modules/container-instance/container-group/main.bicep b/modules/container-instance/container-group/main.bicep index 7479f3b30b..c6ae9e6363 100644 --- a/modules/container-instance/container-group/main.bicep +++ b/modules/container-instance/container-group/main.bicep @@ -116,14 +116,13 @@ resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (ena } } -resource cmkKeyVault 'Microsoft.KeyVault/vaults@2021-06-01-preview' existing = if (!empty(cMKKeyVaultResourceId)) { - name: last(split(cMKKeyVaultResourceId, '/'))! - scope: resourceGroup(split(cMKKeyVaultResourceId, '/')[2], split(cMKKeyVaultResourceId, '/')[4]) -} +resource cMKKeyVault 'Microsoft.KeyVault/vaults@2021-10-01' existing = if (!empty(cMKKeyVaultResourceId)) { + name: last(split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : 'dummyVault'), '/'))! + scope: resourceGroup(split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : '//'), '/')[2], split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : '////'), '/')[4]) -resource cMKKeyVaultKey 'Microsoft.KeyVault/vaults/keys@2021-10-01' existing = if (!empty(cMKKeyVaultResourceId) && !empty(cMKKeyName)) { - name: '${last(split(cMKKeyVaultResourceId, '/'))}/${cMKKeyName}'! - scope: resourceGroup(split(cMKKeyVaultResourceId, '/')[2], split(cMKKeyVaultResourceId, '/')[4]) + resource cMKKey 'keys@2023-02-01' existing = if (!empty(cMKKeyName)) { + name: !empty(cMKKeyName) ? cMKKeyName : 'dummyKey' + } } resource containergroup 'Microsoft.ContainerInstance/containerGroups@2022-09-01' = { @@ -136,8 +135,8 @@ resource containergroup 'Microsoft.ContainerInstance/containerGroups@2022-09-01' encryptionProperties: !empty(cMKKeyName) ? { identity: cMKUserAssignedIdentityResourceId keyName: cMKKeyName - keyVersion: !empty(cMKKeyVersion) ? cMKKeyVersion : last(split(cMKKeyVaultKey.properties.keyUriWithVersion, '/')) - vaultBaseUrl: cmkKeyVault.properties.vaultUri + keyVersion: !empty(cMKKeyVersion) ? cMKKeyVersion : last(split(cMKKeyVault::cMKKey.properties.keyUriWithVersion, '/')) + vaultBaseUrl: cMKKeyVault.properties.vaultUri } : null imageRegistryCredentials: imageRegistryCredentials initContainers: initContainers From 223706a0a7d29251a9974d9f818f157aac074efc Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Thu, 19 Oct 2023 23:38:31 +0200 Subject: [PATCH 28/52] Updated logs for data collection --- .../insights/data-collection-rule/README.md | 29 ++++++-- .../insights/data-collection-rule/main.bicep | 29 +++++--- .../insights/data-collection-rule/main.json | 68 ++++++++++++------- 3 files changed, 87 insertions(+), 39 deletions(-) diff --git a/modules/insights/data-collection-rule/README.md b/modules/insights/data-collection-rule/README.md index 495a3a8734..a2632e8b5f 100644 --- a/modules/insights/data-collection-rule/README.md +++ b/modules/insights/data-collection-rule/README.md @@ -14,7 +14,7 @@ This module deploys a Data Collection Rule. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | [2017-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | +| `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/dataCollectionRules` | [2021-09-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-09-01-preview/dataCollectionRules) | @@ -1519,7 +1519,7 @@ module dataCollectionRule 'br:bicep/modules/insights.data-collection-rule:1.0.0' | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via the Customer Usage Attribution ID (GUID). | | [`kind`](#parameter-kind) | string | The kind of the resource. | | [`location`](#parameter-location) | string | Location for all Resources. | -| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`streamDeclarations`](#parameter-streamdeclarations) | object | Declaration of custom streams used in this rule. | | [`tags`](#parameter-tags) | object | Resource tags. | @@ -1580,11 +1580,30 @@ Location for all Resources. ### Parameter: `lock` -Specify the type of lock. +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + - Required: No - Type: string -- Default: `''` -- Allowed: `['', CanNotDelete, ReadOnly]` ### Parameter: `name` diff --git a/modules/insights/data-collection-rule/main.bicep b/modules/insights/data-collection-rule/main.bicep index 139fe62a5a..1c17c12f6a 100644 --- a/modules/insights/data-collection-rule/main.bicep +++ b/modules/insights/data-collection-rule/main.bicep @@ -37,13 +37,8 @@ param kind string = 'Linux' @sys.description('Optional. Location for all Resources.') param location string = resourceGroup().location -@sys.description('Optional. Specify the type of lock.') -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -param lock string = '' +@sys.description('Optional. The lock settings of the service.') +param lock lockType @sys.description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = [] @@ -85,11 +80,11 @@ resource dataCollectionRule 'Microsoft.Insights/dataCollectionRules@2021-09-01-p } } -resource dataCollectionRule_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { - name: '${dataCollectionRule.name}-${lock}-lock' +resource dataCollectionRule_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: dataCollectionRule } @@ -122,3 +117,15 @@ output resourceGroupName string = resourceGroup().name @sys.description('The location the resource was deployed into.') output location string = dataCollectionRule.location + +// =============== // +// Definitions // +// =============== // + +type lockType = { + @sys.description('Optional. Specify the name of lock.') + name: string? + + @sys.description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? diff --git a/modules/insights/data-collection-rule/main.json b/modules/insights/data-collection-rule/main.json index 9fd6a4d083..81c24ae888 100644 --- a/modules/insights/data-collection-rule/main.json +++ b/modules/insights/data-collection-rule/main.json @@ -1,16 +1,44 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "12233779363216703767" + "templateHash": "3483587059200697547" }, "name": "Data Collection Rules", "description": "This module deploys a Data Collection Rule.", "owner": "Azure/module-maintainers" }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + } + }, "parameters": { "name": { "type": "string", @@ -76,15 +104,9 @@ } }, "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], + "$ref": "#/definitions/lockType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Optional. The lock settings of the service." } }, "roleAssignments": { @@ -109,8 +131,8 @@ } } }, - "resources": [ - { + "resources": { + "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", @@ -124,7 +146,7 @@ } } }, - { + "dataCollectionRule": { "type": "Microsoft.Insights/dataCollectionRules", "apiVersion": "2021-09-01-preview", "name": "[parameters('name')]", @@ -140,21 +162,21 @@ "description": "[if(not(empty(parameters('description'))), parameters('description'), null())]" } }, - { - "condition": "[not(empty(parameters('lock')))]", + "dataCollectionRule_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", - "apiVersion": "2017-04-01", + "apiVersion": "2020-05-01", "scope": "[format('Microsoft.Insights/dataCollectionRules/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Insights/dataCollectionRules', parameters('name'))]" + "dataCollectionRule" ] }, - { + "dataCollectionRule_roleAssignments": { "copy": { "name": "dataCollectionRule_roleAssignments", "count": "[length(parameters('roleAssignments'))]" @@ -429,10 +451,10 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Insights/dataCollectionRules', parameters('name'))]" + "dataCollectionRule" ] } - ], + }, "outputs": { "name": { "type": "string", @@ -460,7 +482,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Insights/dataCollectionRules', parameters('name')), '2021-09-01-preview', 'full').location]" + "value": "[reference('dataCollectionRule', '2021-09-01-preview', 'full').location]" } } } \ No newline at end of file From 5433b513d3c35acd3c7564c4374d0df8ce133087 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Fri, 20 Oct 2023 07:50:10 +0200 Subject: [PATCH 29/52] Updated cmk for auto --- .../automation/automation-account/main.bicep | 13 ++++--- .../automation/automation-account/main.json | 34 ++++++++++--------- 2 files changed, 24 insertions(+), 23 deletions(-) diff --git a/modules/automation/automation-account/main.bicep b/modules/automation/automation-account/main.bicep index ce12ca57a5..cf1f10bfe0 100644 --- a/modules/automation/automation-account/main.bicep +++ b/modules/automation/automation-account/main.bicep @@ -158,13 +158,12 @@ resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (ena } resource cMKKeyVault 'Microsoft.KeyVault/vaults@2021-10-01' existing = if (!empty(cMKKeyVaultResourceId)) { - name: last(split(cMKKeyVaultResourceId, '/'))! - scope: resourceGroup(split(cMKKeyVaultResourceId, '/')[2], split(cMKKeyVaultResourceId, '/')[4]) -} + name: last(split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : 'dummyVault'), '/'))! + scope: resourceGroup(split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : '//'), '/')[2], split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : '////'), '/')[4]) -resource cMKKeyVaultKey 'Microsoft.KeyVault/vaults/keys@2021-10-01' existing = if (!empty(cMKKeyVaultResourceId) && !empty(cMKKeyName)) { - name: '${last(split(cMKKeyVaultResourceId, '/'))}/${cMKKeyName}'! - scope: resourceGroup(split(cMKKeyVaultResourceId, '/')[2], split(cMKKeyVaultResourceId, '/')[4]) + resource cMKKey 'keys@2023-02-01' existing = if (!empty(cMKKeyName)) { + name: !empty(cMKKeyName) ? cMKKeyName : 'dummyKey' + } } resource automationAccount 'Microsoft.Automation/automationAccounts@2022-08-08' = { @@ -184,7 +183,7 @@ resource automationAccount 'Microsoft.Automation/automationAccounts@2022-08-08' keyVaultProperties: { keyName: cMKKeyName keyVaultUri: cMKKeyVault.properties.vaultUri - keyVersion: !empty(cMKKeyVersion) ? cMKKeyVersion : last(split(cMKKeyVaultKey.properties.keyUriWithVersion, '/')) + keyVersion: !empty(cMKKeyVersion) ? cMKKeyVersion : last(split(cMKKeyVault::cMKKey.properties.keyUriWithVersion, '/')) } } : null publicNetworkAccess: !empty(publicNetworkAccess) ? (publicNetworkAccess == 'Disabled' ? false : true) : (!empty(privateEndpoints) ? false : null) diff --git a/modules/automation/automation-account/main.json b/modules/automation/automation-account/main.json index 5ffa04e30b..78fbfa0b65 100644 --- a/modules/automation/automation-account/main.json +++ b/modules/automation/automation-account/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "1174270229343871055" + "templateHash": "7950772312586811014" }, "name": "Automation Accounts", "description": "This module deploys an Azure Automation Account.", @@ -305,6 +305,18 @@ "identity": "[if(not(equals(variables('identityType'), 'None')), createObject('type', variables('identityType'), 'userAssignedIdentities', if(not(empty(parameters('userAssignedIdentities'))), parameters('userAssignedIdentities'), null())), null())]" }, "resources": { + "cMKKeyVault::cMKKey": { + "condition": "[and(not(empty(parameters('cMKKeyVaultResourceId'))), not(empty(parameters('cMKKeyName'))))]", + "existing": true, + "type": "Microsoft.KeyVault/vaults/keys", + "apiVersion": "2023-02-01", + "subscriptionId": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '//'), '/')[2]]", + "resourceGroup": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '////'), '/')[4]]", + "name": "[format('{0}/{1}', last(split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), 'dummyVault'), '/')), if(not(empty(parameters('cMKKeyName'))), parameters('cMKKeyName'), 'dummyKey'))]", + "dependsOn": [ + "cMKKeyVault" + ] + }, "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", @@ -324,18 +336,9 @@ "existing": true, "type": "Microsoft.KeyVault/vaults", "apiVersion": "2021-10-01", - "subscriptionId": "[split(parameters('cMKKeyVaultResourceId'), '/')[2]]", - "resourceGroup": "[split(parameters('cMKKeyVaultResourceId'), '/')[4]]", - "name": "[last(split(parameters('cMKKeyVaultResourceId'), '/'))]" - }, - "cMKKeyVaultKey": { - "condition": "[and(not(empty(parameters('cMKKeyVaultResourceId'))), not(empty(parameters('cMKKeyName'))))]", - "existing": true, - "type": "Microsoft.KeyVault/vaults/keys", - "apiVersion": "2021-10-01", - "subscriptionId": "[split(parameters('cMKKeyVaultResourceId'), '/')[2]]", - "resourceGroup": "[split(parameters('cMKKeyVaultResourceId'), '/')[4]]", - "name": "[format('{0}/{1}', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName'))]" + "subscriptionId": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '//'), '/')[2]]", + "resourceGroup": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '////'), '/')[4]]", + "name": "[last(split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), 'dummyVault'), '/'))]" }, "automationAccount": { "type": "Microsoft.Automation/automationAccounts", @@ -348,13 +351,12 @@ "sku": { "name": "[parameters('skuName')]" }, - "encryption": "[if(not(empty(parameters('cMKKeyName'))), createObject('keySource', 'Microsoft.KeyVault', 'identity', createObject('userAssignedIdentity', parameters('cMKUserAssignedIdentityResourceId')), 'keyVaultProperties', createObject('keyName', parameters('cMKKeyName'), 'keyVaultUri', reference('cMKKeyVault').vaultUri, 'keyVersion', if(not(empty(parameters('cMKKeyVersion'))), parameters('cMKKeyVersion'), last(split(reference('cMKKeyVaultKey').keyUriWithVersion, '/'))))), null())]", + "encryption": "[if(not(empty(parameters('cMKKeyName'))), createObject('keySource', 'Microsoft.KeyVault', 'identity', createObject('userAssignedIdentity', parameters('cMKUserAssignedIdentityResourceId')), 'keyVaultProperties', createObject('keyName', parameters('cMKKeyName'), 'keyVaultUri', reference('cMKKeyVault').vaultUri, 'keyVersion', if(not(empty(parameters('cMKKeyVersion'))), parameters('cMKKeyVersion'), last(split(reference('cMKKeyVault::cMKKey').keyUriWithVersion, '/'))))), null())]", "publicNetworkAccess": "[if(not(empty(parameters('publicNetworkAccess'))), if(equals(parameters('publicNetworkAccess'), 'Disabled'), false(), true()), if(not(empty(parameters('privateEndpoints'))), false(), null()))]", "disableLocalAuth": "[parameters('disableLocalAuth')]" }, "dependsOn": [ - "cMKKeyVault", - "cMKKeyVaultKey" + "cMKKeyVault" ] }, "automationAccount_lock": { From 05e42e8d43d5547897eb4d18f64def666550554e Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Fri, 20 Oct 2023 07:58:24 +0200 Subject: [PATCH 30/52] Updated batch pe test --- modules/batch/batch-account/.test/common/main.test.bicep | 4 +--- modules/batch/batch-account/README.md | 8 ++------ 2 files changed, 3 insertions(+), 9 deletions(-) diff --git a/modules/batch/batch-account/.test/common/main.test.bicep b/modules/batch/batch-account/.test/common/main.test.bicep index 6cdefd3b6a..0c9dc0bec0 100644 --- a/modules/batch/batch-account/.test/common/main.test.bicep +++ b/modules/batch/batch-account/.test/common/main.test.bicep @@ -88,9 +88,7 @@ module testDeployment '../../main.bicep' = { roleAssignments: [ { roleDefinitionIdOrName: 'Reader' - principalIds: [ - nestedDependencies.outputs.managedIdentityPrincipalId - ] + principalId: nestedDependencies.outputs.managedIdentityPrincipalId principalType: 'ServicePrincipal' } ] diff --git a/modules/batch/batch-account/README.md b/modules/batch/batch-account/README.md index 538f346570..74a18e3afd 100644 --- a/modules/batch/batch-account/README.md +++ b/modules/batch/batch-account/README.md @@ -67,9 +67,7 @@ module batchAccount 'br:bicep/modules/batch.batch-account:1.0.0' = { ] roleAssignments: [ { - principalIds: [ - '' - ] + principalId: '' principalType: 'ServicePrincipal' roleDefinitionIdOrName: 'Reader' } @@ -147,9 +145,7 @@ module batchAccount 'br:bicep/modules/batch.batch-account:1.0.0' = { ], "roleAssignments": [ { - "principalIds": [ - "" - ], + "principalId": "", "principalType": "ServicePrincipal", "roleDefinitionIdOrName": "Reader" } From 3cf91612f79feb42e3a691ab4ea6e625e2cb3f0e Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Fri, 20 Oct 2023 08:05:45 +0200 Subject: [PATCH 31/52] Updated cog ser json --- modules/cognitive-services/account/main.json | 40 ++++++++++---------- 1 file changed, 21 insertions(+), 19 deletions(-) diff --git a/modules/cognitive-services/account/main.json b/modules/cognitive-services/account/main.json index 71b31d3c72..3053512263 100644 --- a/modules/cognitive-services/account/main.json +++ b/modules/cognitive-services/account/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "18296719440990844872" + "templateHash": "9331368408921308569" }, "name": "Cognitive Services", "description": "This module deploys a Cognitive Service.", @@ -356,6 +356,18 @@ "identity": "[if(not(equals(variables('identityType'), 'None')), createObject('type', variables('identityType'), 'userAssignedIdentities', if(not(empty(parameters('userAssignedIdentities'))), parameters('userAssignedIdentities'), null())), null())]" }, "resources": { + "cMKKeyVault::cMKKey": { + "condition": "[and(not(empty(parameters('cMKKeyVaultResourceId'))), not(empty(parameters('cMKKeyName'))))]", + "existing": true, + "type": "Microsoft.KeyVault/vaults/keys", + "apiVersion": "2023-02-01", + "subscriptionId": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '//'), '/')[2]]", + "resourceGroup": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '////'), '/')[4]]", + "name": "[format('{0}/{1}', last(split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), 'dummyVault'), '/')), if(not(empty(parameters('cMKKeyName'))), parameters('cMKKeyName'), 'dummyKey'))]", + "dependsOn": [ + "cMKKeyVault" + ] + }, "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", @@ -374,28 +386,19 @@ "condition": "[not(empty(parameters('cMKKeyVaultResourceId')))]", "existing": true, "type": "Microsoft.KeyVault/vaults", - "apiVersion": "2023-02-01", - "subscriptionId": "[split(parameters('cMKKeyVaultResourceId'), '/')[2]]", - "resourceGroup": "[split(parameters('cMKKeyVaultResourceId'), '/')[4]]", - "name": "[last(split(parameters('cMKKeyVaultResourceId'), '/'))]" - }, - "cMKKeyVaultKey": { - "condition": "[and(not(empty(parameters('cMKKeyVaultResourceId'))), not(empty(parameters('cMKKeyName'))))]", - "existing": true, - "type": "Microsoft.KeyVault/vaults/keys", - "apiVersion": "2023-02-01", - "subscriptionId": "[split(parameters('cMKKeyVaultResourceId'), '/')[2]]", - "resourceGroup": "[split(parameters('cMKKeyVaultResourceId'), '/')[4]]", - "name": "[format('{0}/{1}', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName'))]" + "apiVersion": "2021-10-01", + "subscriptionId": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '//'), '/')[2]]", + "resourceGroup": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '////'), '/')[4]]", + "name": "[last(split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), 'dummyVault'), '/'))]" }, "cMKUserAssignedIdentity": { "condition": "[not(empty(parameters('cMKUserAssignedIdentityResourceId')))]", "existing": true, "type": "Microsoft.ManagedIdentity/userAssignedIdentities", "apiVersion": "2023-01-31", - "subscriptionId": "[split(parameters('cMKUserAssignedIdentityResourceId'), '/')[2]]", - "resourceGroup": "[split(parameters('cMKUserAssignedIdentityResourceId'), '/')[4]]", - "name": "[last(split(parameters('cMKUserAssignedIdentityResourceId'), '/'))]" + "subscriptionId": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '//'), '/')[2]]", + "resourceGroup": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '////'), '/')[4]]", + "name": "[last(split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), 'dummyMsi'), '/'))]" }, "cognitiveServices": { "type": "Microsoft.CognitiveServices/accounts", @@ -415,7 +418,7 @@ "allowedFqdnList": "[parameters('allowedFqdnList')]", "apiProperties": "[parameters('apiProperties')]", "disableLocalAuth": "[parameters('disableLocalAuth')]", - "encryption": "[if(not(empty(parameters('cMKKeyName'))), createObject('keySource', 'Microsoft.KeyVault', 'keyVaultProperties', createObject('identityClientId', reference('cMKUserAssignedIdentity').clientId, 'keyVaultUri', reference('cMKKeyVault').vaultUri, 'keyName', parameters('cMKKeyName'), 'keyVersion', if(not(empty(parameters('cMKKeyVersion'))), parameters('cMKKeyVersion'), last(split(reference('cMKKeyVaultKey').keyUriWithVersion, '/'))))), null())]", + "encryption": "[if(not(empty(parameters('cMKKeyName'))), createObject('keySource', 'Microsoft.KeyVault', 'keyVaultProperties', createObject('identityClientId', reference('cMKUserAssignedIdentity').clientId, 'keyVaultUri', reference('cMKKeyVault').vaultUri, 'keyName', parameters('cMKKeyName'), 'keyVersion', if(not(empty(parameters('cMKKeyVersion'))), parameters('cMKKeyVersion'), last(split(reference('cMKKeyVault::cMKKey').keyUriWithVersion, '/'))))), null())]", "migrationToken": "[if(not(empty(parameters('migrationToken'))), parameters('migrationToken'), null())]", "restore": "[parameters('restore')]", "restrictOutboundNetworkAccess": "[parameters('restrictOutboundNetworkAccess')]", @@ -424,7 +427,6 @@ }, "dependsOn": [ "cMKKeyVault", - "cMKKeyVaultKey", "cMKUserAssignedIdentity" ] }, From 66957847ac3755e6a4d47753a78163dbb24f5086 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Fri, 20 Oct 2023 08:12:05 +0200 Subject: [PATCH 32/52] Updated VM --- modules/compute/virtual-machine-scale-set/main.bicep | 4 ++-- modules/compute/virtual-machine-scale-set/main.json | 12 ++++++------ modules/compute/virtual-machine/main.bicep | 4 ++-- modules/compute/virtual-machine/main.json | 10 +++++----- 4 files changed, 15 insertions(+), 15 deletions(-) diff --git a/modules/compute/virtual-machine-scale-set/main.bicep b/modules/compute/virtual-machine-scale-set/main.bicep index 4c376c7380..d7da341351 100644 --- a/modules/compute/virtual-machine-scale-set/main.bicep +++ b/modules/compute/virtual-machine-scale-set/main.bicep @@ -494,8 +494,8 @@ module vmss_microsoftAntiMalwareExtension 'extension/main.bicep' = if (extension } resource vmss_logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2021-06-01' existing = if (!empty(monitoringWorkspaceId)) { - name: last(split(monitoringWorkspaceId, '/'))! - scope: resourceGroup(split(monitoringWorkspaceId, '/')[2], split(monitoringWorkspaceId, '/')[4]) + name: last(split((!empty(monitoringWorkspaceId) ? monitoringWorkspaceId : 'law'), '/'))! + scope: az.resourceGroup(split((!empty(monitoringWorkspaceId) ? monitoringWorkspaceId : '//'), '/')[2], split((!empty(monitoringWorkspaceId) ? monitoringWorkspaceId : '////'), '/')[4]) } module vmss_microsoftMonitoringAgentExtension 'extension/main.bicep' = if (extensionMonitoringAgentConfig.enabled) { diff --git a/modules/compute/virtual-machine-scale-set/main.json b/modules/compute/virtual-machine-scale-set/main.json index 03061a4918..9274a59e54 100644 --- a/modules/compute/virtual-machine-scale-set/main.json +++ b/modules/compute/virtual-machine-scale-set/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "11691873166192750677" + "templateHash": "6686356746172129467" }, "name": "Virtual Machine Scale Sets", "description": "This module deploys a Virtual Machine Scale Set.", @@ -794,9 +794,9 @@ "existing": true, "type": "Microsoft.OperationalInsights/workspaces", "apiVersion": "2021-06-01", - "subscriptionId": "[split(parameters('monitoringWorkspaceId'), '/')[2]]", - "resourceGroup": "[split(parameters('monitoringWorkspaceId'), '/')[4]]", - "name": "[last(split(parameters('monitoringWorkspaceId'), '/'))]" + "subscriptionId": "[split(if(not(empty(parameters('monitoringWorkspaceId'))), parameters('monitoringWorkspaceId'), '//'), '/')[2]]", + "resourceGroup": "[split(if(not(empty(parameters('monitoringWorkspaceId'))), parameters('monitoringWorkspaceId'), '////'), '/')[4]]", + "name": "[last(split(if(not(empty(parameters('monitoringWorkspaceId'))), parameters('monitoringWorkspaceId'), 'law'), '/'))]" }, "vmss_lock": { "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", @@ -1232,12 +1232,12 @@ "enableAutomaticUpgrade": "[if(contains(parameters('extensionMonitoringAgentConfig'), 'enableAutomaticUpgrade'), createObject('value', parameters('extensionMonitoringAgentConfig').enableAutomaticUpgrade), createObject('value', false()))]", "settings": { "value": { - "workspaceId": "[if(not(empty(parameters('monitoringWorkspaceId'))), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('monitoringWorkspaceId'), '/')[2], split(parameters('monitoringWorkspaceId'), '/')[4]), 'Microsoft.OperationalInsights/workspaces', last(split(parameters('monitoringWorkspaceId'), '/'))), '2021-06-01').customerId, '')]" + "workspaceId": "[if(not(empty(parameters('monitoringWorkspaceId'))), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(if(not(empty(parameters('monitoringWorkspaceId'))), parameters('monitoringWorkspaceId'), '//'), '/')[2], split(if(not(empty(parameters('monitoringWorkspaceId'))), parameters('monitoringWorkspaceId'), '////'), '/')[4]), 'Microsoft.OperationalInsights/workspaces', last(split(if(not(empty(parameters('monitoringWorkspaceId'))), parameters('monitoringWorkspaceId'), 'law'), '/'))), '2021-06-01').customerId, '')]" } }, "protectedSettings": { "value": { - "workspaceKey": "[if(not(empty(parameters('monitoringWorkspaceId'))), listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('monitoringWorkspaceId'), '/')[2], split(parameters('monitoringWorkspaceId'), '/')[4]), 'Microsoft.OperationalInsights/workspaces', last(split(parameters('monitoringWorkspaceId'), '/'))), '2021-06-01').primarySharedKey, '')]" + "workspaceKey": "[if(not(empty(parameters('monitoringWorkspaceId'))), listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(if(not(empty(parameters('monitoringWorkspaceId'))), parameters('monitoringWorkspaceId'), '//'), '/')[2], split(if(not(empty(parameters('monitoringWorkspaceId'))), parameters('monitoringWorkspaceId'), '////'), '/')[4]), 'Microsoft.OperationalInsights/workspaces', last(split(if(not(empty(parameters('monitoringWorkspaceId'))), parameters('monitoringWorkspaceId'), 'law'), '/'))), '2021-06-01').primarySharedKey, '')]" } }, "enableDefaultTelemetry": { diff --git a/modules/compute/virtual-machine/main.bicep b/modules/compute/virtual-machine/main.bicep index 2e1204be57..b3c15c8c7f 100644 --- a/modules/compute/virtual-machine/main.bicep +++ b/modules/compute/virtual-machine/main.bicep @@ -558,8 +558,8 @@ module vm_microsoftAntiMalwareExtension 'extension/main.bicep' = if (extensionAn } resource vm_logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2021-06-01' existing = if (!empty(monitoringWorkspaceId)) { - name: last(split(monitoringWorkspaceId, '/'))! - scope: az.resourceGroup(split(monitoringWorkspaceId, '/')[2], split(monitoringWorkspaceId, '/')[4]) + name: last(split((!empty(monitoringWorkspaceId) ? monitoringWorkspaceId : 'law'), '/'))! + scope: az.resourceGroup(split((!empty(monitoringWorkspaceId) ? monitoringWorkspaceId : '//'), '/')[2], split((!empty(monitoringWorkspaceId) ? monitoringWorkspaceId : '////'), '/')[4]) } module vm_microsoftMonitoringAgentExtension 'extension/main.bicep' = if (extensionMonitoringAgentConfig.enabled) { diff --git a/modules/compute/virtual-machine/main.json b/modules/compute/virtual-machine/main.json index 09e5bbc131..c2ef35d1a5 100644 --- a/modules/compute/virtual-machine/main.json +++ b/modules/compute/virtual-machine/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "6666222898286420921" + "templateHash": "6984217347675709865" }, "name": "Virtual Machines", "description": "This module deploys a Virtual Machine with one or multiple NICs and optionally one or multiple public IPs.", @@ -786,9 +786,9 @@ "existing": true, "type": "Microsoft.OperationalInsights/workspaces", "apiVersion": "2021-06-01", - "subscriptionId": "[split(parameters('monitoringWorkspaceId'), '/')[2]]", - "resourceGroup": "[split(parameters('monitoringWorkspaceId'), '/')[4]]", - "name": "[last(split(parameters('monitoringWorkspaceId'), '/'))]" + "subscriptionId": "[split(if(not(empty(parameters('monitoringWorkspaceId'))), parameters('monitoringWorkspaceId'), '//'), '/')[2]]", + "resourceGroup": "[split(if(not(empty(parameters('monitoringWorkspaceId'))), parameters('monitoringWorkspaceId'), '////'), '/')[4]]", + "name": "[last(split(if(not(empty(parameters('monitoringWorkspaceId'))), parameters('monitoringWorkspaceId'), 'law'), '/'))]" }, "vm_lock": { "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", @@ -2834,7 +2834,7 @@ "tags": "[if(contains(parameters('extensionMonitoringAgentConfig'), 'tags'), createObject('value', parameters('extensionMonitoringAgentConfig').tags), createObject('value', createObject()))]", "protectedSettings": { "value": { - "workspaceKey": "[if(not(empty(parameters('monitoringWorkspaceId'))), listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('monitoringWorkspaceId'), '/')[2], split(parameters('monitoringWorkspaceId'), '/')[4]), 'Microsoft.OperationalInsights/workspaces', last(split(parameters('monitoringWorkspaceId'), '/'))), '2021-06-01').primarySharedKey, '')]" + "workspaceKey": "[if(not(empty(parameters('monitoringWorkspaceId'))), listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(if(not(empty(parameters('monitoringWorkspaceId'))), parameters('monitoringWorkspaceId'), '//'), '/')[2], split(if(not(empty(parameters('monitoringWorkspaceId'))), parameters('monitoringWorkspaceId'), '////'), '/')[4]), 'Microsoft.OperationalInsights/workspaces', last(split(if(not(empty(parameters('monitoringWorkspaceId'))), parameters('monitoringWorkspaceId'), 'law'), '/'))), '2021-06-01').primarySharedKey, '')]" } }, "enableDefaultTelemetry": { From 4cf5872114570d1d4d570145fb03620dd34af245 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Fri, 20 Oct 2023 08:14:24 +0200 Subject: [PATCH 33/52] Container group refresh --- .../container-group/main.json | 36 ++++++++++--------- 1 file changed, 19 insertions(+), 17 deletions(-) diff --git a/modules/container-instance/container-group/main.json b/modules/container-instance/container-group/main.json index 07e6df7729..6d60f75d9f 100644 --- a/modules/container-instance/container-group/main.json +++ b/modules/container-instance/container-group/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "7574542077751658739" + "templateHash": "745176097189380240" }, "name": "Container Instances Container Groups", "description": "This module deploys a Container Instance Container Group.", @@ -238,6 +238,18 @@ "identity": "[if(not(equals(variables('identityType'), 'None')), createObject('type', variables('identityType'), 'userAssignedIdentities', if(not(empty(parameters('userAssignedIdentities'))), parameters('userAssignedIdentities'), null())), null())]" }, "resources": { + "cMKKeyVault::cMKKey": { + "condition": "[and(not(empty(parameters('cMKKeyVaultResourceId'))), not(empty(parameters('cMKKeyName'))))]", + "existing": true, + "type": "Microsoft.KeyVault/vaults/keys", + "apiVersion": "2023-02-01", + "subscriptionId": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '//'), '/')[2]]", + "resourceGroup": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '////'), '/')[4]]", + "name": "[format('{0}/{1}', last(split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), 'dummyVault'), '/')), if(not(empty(parameters('cMKKeyName'))), parameters('cMKKeyName'), 'dummyKey'))]", + "dependsOn": [ + "cMKKeyVault" + ] + }, "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", @@ -252,23 +264,14 @@ } } }, - "cmkKeyVault": { + "cMKKeyVault": { "condition": "[not(empty(parameters('cMKKeyVaultResourceId')))]", "existing": true, "type": "Microsoft.KeyVault/vaults", - "apiVersion": "2021-06-01-preview", - "subscriptionId": "[split(parameters('cMKKeyVaultResourceId'), '/')[2]]", - "resourceGroup": "[split(parameters('cMKKeyVaultResourceId'), '/')[4]]", - "name": "[last(split(parameters('cMKKeyVaultResourceId'), '/'))]" - }, - "cMKKeyVaultKey": { - "condition": "[and(not(empty(parameters('cMKKeyVaultResourceId'))), not(empty(parameters('cMKKeyName'))))]", - "existing": true, - "type": "Microsoft.KeyVault/vaults/keys", "apiVersion": "2021-10-01", - "subscriptionId": "[split(parameters('cMKKeyVaultResourceId'), '/')[2]]", - "resourceGroup": "[split(parameters('cMKKeyVaultResourceId'), '/')[4]]", - "name": "[format('{0}/{1}', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName'))]" + "subscriptionId": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '//'), '/')[2]]", + "resourceGroup": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '////'), '/')[4]]", + "name": "[last(split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), 'dummyVault'), '/'))]" }, "containergroup": { "type": "Microsoft.ContainerInstance/containerGroups", @@ -277,10 +280,9 @@ "location": "[parameters('location')]", "identity": "[variables('identity')]", "tags": "[parameters('tags')]", - "properties": "[union(createObject('containers', parameters('containers'), 'encryptionProperties', if(not(empty(parameters('cMKKeyName'))), createObject('identity', parameters('cMKUserAssignedIdentityResourceId'), 'keyName', parameters('cMKKeyName'), 'keyVersion', if(not(empty(parameters('cMKKeyVersion'))), parameters('cMKKeyVersion'), last(split(reference('cMKKeyVaultKey').keyUriWithVersion, '/'))), 'vaultBaseUrl', reference('cmkKeyVault').vaultUri), null()), 'imageRegistryCredentials', parameters('imageRegistryCredentials'), 'initContainers', parameters('initContainers'), 'restartPolicy', parameters('restartPolicy'), 'osType', parameters('osType'), 'ipAddress', createObject('type', parameters('ipAddressType'), 'autoGeneratedDomainNameLabelScope', if(not(empty(parameters('dnsNameServers'))), parameters('autoGeneratedDomainNameLabelScope'), null()), 'dnsNameLabel', parameters('dnsNameLabel'), 'ports', parameters('ipAddressPorts')), 'sku', parameters('sku'), 'subnetIds', if(not(empty(parameters('subnetId'))), createArray(createObject('id', parameters('subnetId'))), null()), 'volumes', parameters('volumes')), if(not(empty(parameters('dnsNameServers'))), createObject('dnsConfig', createObject('nameServers', parameters('dnsNameServers'), 'searchDomains', parameters('dnsSearchDomains'))), createObject()))]", + "properties": "[union(createObject('containers', parameters('containers'), 'encryptionProperties', if(not(empty(parameters('cMKKeyName'))), createObject('identity', parameters('cMKUserAssignedIdentityResourceId'), 'keyName', parameters('cMKKeyName'), 'keyVersion', if(not(empty(parameters('cMKKeyVersion'))), parameters('cMKKeyVersion'), last(split(reference('cMKKeyVault::cMKKey').keyUriWithVersion, '/'))), 'vaultBaseUrl', reference('cMKKeyVault').vaultUri), null()), 'imageRegistryCredentials', parameters('imageRegistryCredentials'), 'initContainers', parameters('initContainers'), 'restartPolicy', parameters('restartPolicy'), 'osType', parameters('osType'), 'ipAddress', createObject('type', parameters('ipAddressType'), 'autoGeneratedDomainNameLabelScope', if(not(empty(parameters('dnsNameServers'))), parameters('autoGeneratedDomainNameLabelScope'), null()), 'dnsNameLabel', parameters('dnsNameLabel'), 'ports', parameters('ipAddressPorts')), 'sku', parameters('sku'), 'subnetIds', if(not(empty(parameters('subnetId'))), createArray(createObject('id', parameters('subnetId'))), null()), 'volumes', parameters('volumes')), if(not(empty(parameters('dnsNameServers'))), createObject('dnsConfig', createObject('nameServers', parameters('dnsNameServers'), 'searchDomains', parameters('dnsSearchDomains'))), createObject()))]", "dependsOn": [ - "cmkKeyVault", - "cMKKeyVaultKey" + "cMKKeyVault" ] }, "containergroup_lock": { From 5fcd5ec9cf2845c09a282390de924696a73c121b Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Fri, 20 Oct 2023 08:17:59 +0200 Subject: [PATCH 34/52] Updated reg --- .../container-registry/registry/main.bicep | 18 +++++--- modules/container-registry/registry/main.json | 44 ++++++++++++------- 2 files changed, 39 insertions(+), 23 deletions(-) diff --git a/modules/container-registry/registry/main.bicep b/modules/container-registry/registry/main.bicep index 1f4ac8544c..75927d64ec 100644 --- a/modules/container-registry/registry/main.bicep +++ b/modules/container-registry/registry/main.bicep @@ -222,14 +222,18 @@ resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (ena } } -resource cMKUserAssignedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' existing = if (!empty(cMKUserAssignedIdentityResourceId)) { - name: last(split(cMKUserAssignedIdentityResourceId, '/'))! - scope: resourceGroup(split(cMKUserAssignedIdentityResourceId, '/')[2], split(cMKUserAssignedIdentityResourceId, '/')[4]) +resource cMKKeyVault 'Microsoft.KeyVault/vaults@2021-10-01' existing = if (!empty(cMKKeyVaultResourceId)) { + name: last(split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : 'dummyVault'), '/'))! + scope: resourceGroup(split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : '//'), '/')[2], split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : '////'), '/')[4]) + + resource cMKKey 'keys@2023-02-01' existing = if (!empty(cMKKeyName)) { + name: !empty(cMKKeyName) ? cMKKeyName : 'dummyKey' + } } -resource cMKKeyVaultKey 'Microsoft.KeyVault/vaults/keys@2021-10-01' existing = if (!empty(cMKKeyVaultResourceId) && !empty(cMKKeyName)) { - name: '${last(split(cMKKeyVaultResourceId, '/'))}/${cMKKeyName}' - scope: resourceGroup(split(cMKKeyVaultResourceId, '/')[2], split(cMKKeyVaultResourceId, '/')[4]) +resource cMKUserAssignedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' existing = if (!empty(cMKUserAssignedIdentityResourceId)) { + name: last(split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : 'dummyMsi'), '/'))! + scope: resourceGroup(split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : '//'), '/')[2], split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : '////'), '/')[4]) } resource registry 'Microsoft.ContainerRegistry/registries@2023-06-01-preview' = { @@ -247,7 +251,7 @@ resource registry 'Microsoft.ContainerRegistry/registries@2023-06-01-preview' = status: 'enabled' keyVaultProperties: { identity: cMKUserAssignedIdentity.properties.clientId - keyIdentifier: !empty(cMKKeyVersion) ? '${cMKKeyVaultKey.properties.keyUri}/${cMKKeyVersion}' : cMKKeyVaultKey.properties.keyUriWithVersion + keyIdentifier: !empty(cMKKeyVersion) ? '${cMKKeyVault::cMKKey.properties.keyUri}/${cMKKeyVersion}' : cMKKeyVault::cMKKey.properties.keyUriWithVersion } } : null policies: { diff --git a/modules/container-registry/registry/main.json b/modules/container-registry/registry/main.json index de195acd6c..8baa9eeff7 100644 --- a/modules/container-registry/registry/main.json +++ b/modules/container-registry/registry/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "15598884416180127975" + "templateHash": "12613913283174213145" }, "name": "Azure Container Registries (ACR)", "description": "This module deploys an Azure Container Registry (ACR).", @@ -406,6 +406,18 @@ "enableReferencedModulesTelemetry": false }, "resources": { + "cMKKeyVault::cMKKey": { + "condition": "[and(not(empty(parameters('cMKKeyVaultResourceId'))), not(empty(parameters('cMKKeyName'))))]", + "existing": true, + "type": "Microsoft.KeyVault/vaults/keys", + "apiVersion": "2023-02-01", + "subscriptionId": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '//'), '/')[2]]", + "resourceGroup": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '////'), '/')[4]]", + "name": "[format('{0}/{1}', last(split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), 'dummyVault'), '/')), if(not(empty(parameters('cMKKeyName'))), parameters('cMKKeyName'), 'dummyKey'))]", + "dependsOn": [ + "cMKKeyVault" + ] + }, "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", @@ -420,23 +432,23 @@ } } }, + "cMKKeyVault": { + "condition": "[not(empty(parameters('cMKKeyVaultResourceId')))]", + "existing": true, + "type": "Microsoft.KeyVault/vaults", + "apiVersion": "2021-10-01", + "subscriptionId": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '//'), '/')[2]]", + "resourceGroup": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '////'), '/')[4]]", + "name": "[last(split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), 'dummyVault'), '/'))]" + }, "cMKUserAssignedIdentity": { "condition": "[not(empty(parameters('cMKUserAssignedIdentityResourceId')))]", "existing": true, "type": "Microsoft.ManagedIdentity/userAssignedIdentities", - "apiVersion": "2018-11-30", - "subscriptionId": "[split(parameters('cMKUserAssignedIdentityResourceId'), '/')[2]]", - "resourceGroup": "[split(parameters('cMKUserAssignedIdentityResourceId'), '/')[4]]", - "name": "[last(split(parameters('cMKUserAssignedIdentityResourceId'), '/'))]" - }, - "cMKKeyVaultKey": { - "condition": "[and(not(empty(parameters('cMKKeyVaultResourceId'))), not(empty(parameters('cMKKeyName'))))]", - "existing": true, - "type": "Microsoft.KeyVault/vaults/keys", - "apiVersion": "2021-10-01", - "subscriptionId": "[split(parameters('cMKKeyVaultResourceId'), '/')[2]]", - "resourceGroup": "[split(parameters('cMKKeyVaultResourceId'), '/')[4]]", - "name": "[format('{0}/{1}', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName'))]" + "apiVersion": "2023-01-31", + "subscriptionId": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '//'), '/')[2]]", + "resourceGroup": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '////'), '/')[4]]", + "name": "[last(split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), 'dummyMsi'), '/'))]" }, "registry": { "type": "Microsoft.ContainerRegistry/registries", @@ -451,7 +463,7 @@ "properties": { "anonymousPullEnabled": "[parameters('anonymousPullEnabled')]", "adminUserEnabled": "[parameters('acrAdminUserEnabled')]", - "encryption": "[if(not(empty(parameters('cMKKeyName'))), createObject('status', 'enabled', 'keyVaultProperties', createObject('identity', reference('cMKUserAssignedIdentity').clientId, 'keyIdentifier', if(not(empty(parameters('cMKKeyVersion'))), format('{0}/{1}', reference('cMKKeyVaultKey').keyUri, parameters('cMKKeyVersion')), reference('cMKKeyVaultKey').keyUriWithVersion))), null())]", + "encryption": "[if(not(empty(parameters('cMKKeyName'))), createObject('status', 'enabled', 'keyVaultProperties', createObject('identity', reference('cMKUserAssignedIdentity').clientId, 'keyIdentifier', if(not(empty(parameters('cMKKeyVersion'))), format('{0}/{1}', reference('cMKKeyVault::cMKKey').keyUri, parameters('cMKKeyVersion')), reference('cMKKeyVault::cMKKey').keyUriWithVersion))), null())]", "policies": { "azureADAuthenticationAsArmPolicy": { "status": "[parameters('azureADAuthenticationAsArmPolicyStatus')]" @@ -477,7 +489,7 @@ "zoneRedundancy": "[if(equals(parameters('acrSku'), 'Premium'), parameters('zoneRedundancy'), null())]" }, "dependsOn": [ - "cMKKeyVaultKey", + "cMKKeyVault", "cMKUserAssignedIdentity" ] }, From 6a6fa909980c37c54e999f5c19d2ff0bbac365ea Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Fri, 20 Oct 2023 08:23:48 +0200 Subject: [PATCH 35/52] Updated managed service --- modules/container-service/managed-cluster/main.bicep | 6 ++++-- modules/container-service/managed-cluster/main.json | 10 ++++++---- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/modules/container-service/managed-cluster/main.bicep b/modules/container-service/managed-cluster/main.bicep index 27201c8fb2..d4f3a4192b 100644 --- a/modules/container-service/managed-cluster/main.bicep +++ b/modules/container-service/managed-cluster/main.bicep @@ -465,7 +465,9 @@ resource managedCluster 'Microsoft.ContainerService/managedClusters@2023-07-02-p ingressProfile: { webAppRouting: { enabled: webApplicationRoutingEnabled - dnsZoneResourceId: !empty(dnsZoneResourceId) ? any(dnsZoneResourceId) : null + dnsZoneResourceIds: [ + !empty(dnsZoneResourceId) ? any(dnsZoneResourceId) : null + ] } } addonProfiles: { @@ -696,7 +698,7 @@ module managedCluster_roleAssignments '.bicep/nested_roleAssignments.bicep' = [f }] resource dnsZone 'Microsoft.Network/dnsZones@2018-05-01' existing = if (dnsZoneResourceId != null && webApplicationRoutingEnabled) { - name: last(split(dnsZoneResourceId, '/'))! + name: last(split((!empty(dnsZoneResourceId) ? dnsZoneResourceId : 'dummmyZone'), '/'))! } resource dnsZone_roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = if (enableDnsZoneContributorRoleAssignment == true && dnsZoneResourceId != null && webApplicationRoutingEnabled) { diff --git a/modules/container-service/managed-cluster/main.json b/modules/container-service/managed-cluster/main.json index 10118514e6..77d03fb85f 100644 --- a/modules/container-service/managed-cluster/main.json +++ b/modules/container-service/managed-cluster/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "10441788183325724370" + "templateHash": "13409538219229947959" }, "name": "Azure Kubernetes Service (AKS) Managed Clusters", "description": "This module deploys an Azure Kubernetes Service (AKS) Managed Cluster.", @@ -897,7 +897,9 @@ "ingressProfile": { "webAppRouting": { "enabled": "[parameters('webApplicationRoutingEnabled')]", - "dnsZoneResourceId": "[if(not(empty(parameters('dnsZoneResourceId'))), parameters('dnsZoneResourceId'), null())]" + "dnsZoneResourceIds": [ + "[if(not(empty(parameters('dnsZoneResourceId'))), parameters('dnsZoneResourceId'), null())]" + ] } }, "addonProfiles": { @@ -1050,13 +1052,13 @@ "existing": true, "type": "Microsoft.Network/dnsZones", "apiVersion": "2018-05-01", - "name": "[last(split(parameters('dnsZoneResourceId'), '/'))]" + "name": "[last(split(if(not(empty(parameters('dnsZoneResourceId'))), parameters('dnsZoneResourceId'), 'dummmyZone'), '/'))]" }, "dnsZone_roleAssignment": { "condition": "[and(and(equals(parameters('enableDnsZoneContributorRoleAssignment'), true()), not(equals(parameters('dnsZoneResourceId'), null()))), parameters('webApplicationRoutingEnabled'))]", "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Network/dnsZones/{0}', last(split(parameters('dnsZoneResourceId'), '/')))]", + "scope": "[format('Microsoft.Network/dnsZones/{0}', last(split(if(not(empty(parameters('dnsZoneResourceId'))), parameters('dnsZoneResourceId'), 'dummmyZone'), '/')))]", "name": "[guid(parameters('dnsZoneResourceId'), subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'befefa01-2a29-4197-83a8-272ff33ce314'), 'DNS Zone Contributor')]", "properties": { "roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'befefa01-2a29-4197-83a8-272ff33ce314')]", From 06cce417814202a861500aef717bc521a52374bf Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Fri, 20 Oct 2023 08:29:32 +0200 Subject: [PATCH 36/52] Updated databricks --- modules/databricks/workspace/main.bicep | 30 ++++++----- modules/databricks/workspace/main.json | 66 +++++++++++++------------ 2 files changed, 49 insertions(+), 47 deletions(-) diff --git a/modules/databricks/workspace/main.bicep b/modules/databricks/workspace/main.bicep index adcc98225c..cdf70662ed 100644 --- a/modules/databricks/workspace/main.bicep +++ b/modules/databricks/workspace/main.bicep @@ -171,24 +171,22 @@ resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (ena } } -resource cMKManagedDisksKeyVault 'Microsoft.KeyVault/vaults@2023-02-01' existing = if (!empty(cMKManagedDisksKeyVaultResourceId)) { - name: last(split(cMKManagedDisksKeyVaultResourceId, '/'))! - scope: resourceGroup(split(cMKManagedDisksKeyVaultResourceId, '/')[2], split(cMKManagedDisksKeyVaultResourceId, '/')[4]) -} +resource cMKManagedDisksKeyVault 'Microsoft.KeyVault/vaults@2021-10-01' existing = if (!empty(cMKManagedDisksKeyVaultResourceId)) { + name: last(split((!empty(cMKManagedDisksKeyVaultResourceId) ? cMKManagedDisksKeyVaultResourceId : 'dummyVault'), '/'))! + scope: resourceGroup(split((!empty(cMKManagedDisksKeyVaultResourceId) ? cMKManagedDisksKeyVaultResourceId : '//'), '/')[2], split((!empty(cMKManagedDisksKeyVaultResourceId) ? cMKManagedDisksKeyVaultResourceId : '////'), '/')[4]) -resource cMKManagedDisksKeyVaultKey 'Microsoft.KeyVault/vaults/keys@2023-02-01' existing = if (!empty(cMKManagedDisksKeyVaultResourceId) && !empty(cMKManagedDisksKeyName)) { - name: '${last(split(cMKManagedDisksKeyVaultResourceId, '/'))}/${cMKManagedDisksKeyName}'! - scope: resourceGroup(split(cMKManagedDisksKeyVaultResourceId, '/')[2], split(cMKManagedDisksKeyVaultResourceId, '/')[4]) + resource cMKKeyDisk 'keys@2023-02-01' existing = if (!empty(cMKManagedDisksKeyName)) { + name: !empty(cMKManagedDisksKeyName) ? cMKManagedDisksKeyName : 'dummyKey' + } } -resource cMKManagedServicesKeyVault 'Microsoft.KeyVault/vaults@2023-02-01' existing = if (!empty(cMKManagedServicesKeyVaultResourceId)) { - name: last(split(cMKManagedServicesKeyVaultResourceId, '/'))! - scope: resourceGroup(split(cMKManagedServicesKeyVaultResourceId, '/')[2], split(cMKManagedServicesKeyVaultResourceId, '/')[4]) -} +resource cMKManagedServicesKeyVault 'Microsoft.KeyVault/vaults@2021-10-01' existing = if (!empty(cMKManagedServicesKeyVaultResourceId)) { + name: last(split((!empty(cMKManagedServicesKeyVaultResourceId) ? cMKManagedServicesKeyVaultResourceId : 'dummyVault'), '/'))! + scope: resourceGroup(split((!empty(cMKManagedServicesKeyVaultResourceId) ? cMKManagedServicesKeyVaultResourceId : '//'), '/')[2], split((!empty(cMKManagedServicesKeyVaultResourceId) ? cMKManagedServicesKeyVaultResourceId : '////'), '/')[4]) -resource cMKManagedServicesKeyVaultKey 'Microsoft.KeyVault/vaults/keys@2023-02-01' existing = if (!empty(cMKManagedServicesKeyVaultResourceId) && !empty(cMKManagedServicesKeyName)) { - name: '${last(split(cMKManagedServicesKeyVaultResourceId, '/'))}/${cMKManagedServicesKeyName}'! - scope: resourceGroup(split(cMKManagedServicesKeyVaultResourceId, '/')[2], split(cMKManagedServicesKeyVaultResourceId, '/')[4]) + resource cMKKey 'keys@2023-02-01' existing = if (!empty(cMKManagedServicesKeyName)) { + name: !empty(cMKManagedServicesKeyName) ? cMKManagedServicesKeyName : 'dummyKey' + } } resource workspace 'Microsoft.Databricks/workspaces@2023-02-01' = { @@ -276,7 +274,7 @@ resource workspace 'Microsoft.Databricks/workspaces@2023-02-01' = { keyVaultProperties: { keyVaultUri: cMKManagedServicesKeyVault.properties.vaultUri keyName: cMKManagedServicesKeyName - keyVersion: !empty(cMKManagedServicesKeyVersion) ? cMKManagedServicesKeyVersion : last(split(cMKManagedServicesKeyVaultKey.properties.keyUriWithVersion, '/')) + keyVersion: !empty(cMKManagedServicesKeyVersion) ? cMKManagedServicesKeyVersion : last(split(cMKManagedServicesKeyVault::cMKKey.properties.keyUriWithVersion, '/')) } } : null managedDisk: !empty(cMKManagedDisksKeyName) ? { @@ -284,7 +282,7 @@ resource workspace 'Microsoft.Databricks/workspaces@2023-02-01' = { keyVaultProperties: { keyVaultUri: cMKManagedDisksKeyVault.properties.vaultUri keyName: cMKManagedDisksKeyName - keyVersion: !empty(cMKManagedDisksKeyVersion) ? cMKManagedDisksKeyVersion : last(split(cMKManagedDisksKeyVaultKey.properties.keyUriWithVersion, '/')) + keyVersion: !empty(cMKManagedDisksKeyVersion) ? cMKManagedDisksKeyVersion : last(split(cMKManagedDisksKeyVault::cMKKeyDisk.properties.keyUriWithVersion, '/')) } rotationToLatestKeyVersionEnabled: cMKManagedDisksKeyRotationToLatestKeyVersionEnabled } : null diff --git a/modules/databricks/workspace/main.json b/modules/databricks/workspace/main.json index b33050d59d..a176ae81d9 100644 --- a/modules/databricks/workspace/main.json +++ b/modules/databricks/workspace/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "12018870674080457266" + "templateHash": "16205616448170164073" }, "name": "Azure Databricks Workspaces", "description": "This module deploys an Azure Databricks Workspace.", @@ -349,6 +349,30 @@ "enableReferencedModulesTelemetry": false }, "resources": { + "cMKManagedDisksKeyVault::cMKKeyDisk": { + "condition": "[and(not(empty(parameters('cMKManagedDisksKeyVaultResourceId'))), not(empty(parameters('cMKManagedDisksKeyName'))))]", + "existing": true, + "type": "Microsoft.KeyVault/vaults/keys", + "apiVersion": "2023-02-01", + "subscriptionId": "[split(if(not(empty(parameters('cMKManagedDisksKeyVaultResourceId'))), parameters('cMKManagedDisksKeyVaultResourceId'), '//'), '/')[2]]", + "resourceGroup": "[split(if(not(empty(parameters('cMKManagedDisksKeyVaultResourceId'))), parameters('cMKManagedDisksKeyVaultResourceId'), '////'), '/')[4]]", + "name": "[format('{0}/{1}', last(split(if(not(empty(parameters('cMKManagedDisksKeyVaultResourceId'))), parameters('cMKManagedDisksKeyVaultResourceId'), 'dummyVault'), '/')), if(not(empty(parameters('cMKManagedDisksKeyName'))), parameters('cMKManagedDisksKeyName'), 'dummyKey'))]", + "dependsOn": [ + "cMKManagedDisksKeyVault" + ] + }, + "cMKManagedServicesKeyVault::cMKKey": { + "condition": "[and(not(empty(parameters('cMKManagedServicesKeyVaultResourceId'))), not(empty(parameters('cMKManagedServicesKeyName'))))]", + "existing": true, + "type": "Microsoft.KeyVault/vaults/keys", + "apiVersion": "2023-02-01", + "subscriptionId": "[split(if(not(empty(parameters('cMKManagedServicesKeyVaultResourceId'))), parameters('cMKManagedServicesKeyVaultResourceId'), '//'), '/')[2]]", + "resourceGroup": "[split(if(not(empty(parameters('cMKManagedServicesKeyVaultResourceId'))), parameters('cMKManagedServicesKeyVaultResourceId'), '////'), '/')[4]]", + "name": "[format('{0}/{1}', last(split(if(not(empty(parameters('cMKManagedServicesKeyVaultResourceId'))), parameters('cMKManagedServicesKeyVaultResourceId'), 'dummyVault'), '/')), if(not(empty(parameters('cMKManagedServicesKeyName'))), parameters('cMKManagedServicesKeyName'), 'dummyKey'))]", + "dependsOn": [ + "cMKManagedServicesKeyVault" + ] + }, "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", @@ -367,37 +391,19 @@ "condition": "[not(empty(parameters('cMKManagedDisksKeyVaultResourceId')))]", "existing": true, "type": "Microsoft.KeyVault/vaults", - "apiVersion": "2023-02-01", - "subscriptionId": "[split(parameters('cMKManagedDisksKeyVaultResourceId'), '/')[2]]", - "resourceGroup": "[split(parameters('cMKManagedDisksKeyVaultResourceId'), '/')[4]]", - "name": "[last(split(parameters('cMKManagedDisksKeyVaultResourceId'), '/'))]" - }, - "cMKManagedDisksKeyVaultKey": { - "condition": "[and(not(empty(parameters('cMKManagedDisksKeyVaultResourceId'))), not(empty(parameters('cMKManagedDisksKeyName'))))]", - "existing": true, - "type": "Microsoft.KeyVault/vaults/keys", - "apiVersion": "2023-02-01", - "subscriptionId": "[split(parameters('cMKManagedDisksKeyVaultResourceId'), '/')[2]]", - "resourceGroup": "[split(parameters('cMKManagedDisksKeyVaultResourceId'), '/')[4]]", - "name": "[format('{0}/{1}', last(split(parameters('cMKManagedDisksKeyVaultResourceId'), '/')), parameters('cMKManagedDisksKeyName'))]" + "apiVersion": "2021-10-01", + "subscriptionId": "[split(if(not(empty(parameters('cMKManagedDisksKeyVaultResourceId'))), parameters('cMKManagedDisksKeyVaultResourceId'), '//'), '/')[2]]", + "resourceGroup": "[split(if(not(empty(parameters('cMKManagedDisksKeyVaultResourceId'))), parameters('cMKManagedDisksKeyVaultResourceId'), '////'), '/')[4]]", + "name": "[last(split(if(not(empty(parameters('cMKManagedDisksKeyVaultResourceId'))), parameters('cMKManagedDisksKeyVaultResourceId'), 'dummyVault'), '/'))]" }, "cMKManagedServicesKeyVault": { "condition": "[not(empty(parameters('cMKManagedServicesKeyVaultResourceId')))]", "existing": true, "type": "Microsoft.KeyVault/vaults", - "apiVersion": "2023-02-01", - "subscriptionId": "[split(parameters('cMKManagedServicesKeyVaultResourceId'), '/')[2]]", - "resourceGroup": "[split(parameters('cMKManagedServicesKeyVaultResourceId'), '/')[4]]", - "name": "[last(split(parameters('cMKManagedServicesKeyVaultResourceId'), '/'))]" - }, - "cMKManagedServicesKeyVaultKey": { - "condition": "[and(not(empty(parameters('cMKManagedServicesKeyVaultResourceId'))), not(empty(parameters('cMKManagedServicesKeyName'))))]", - "existing": true, - "type": "Microsoft.KeyVault/vaults/keys", - "apiVersion": "2023-02-01", - "subscriptionId": "[split(parameters('cMKManagedServicesKeyVaultResourceId'), '/')[2]]", - "resourceGroup": "[split(parameters('cMKManagedServicesKeyVaultResourceId'), '/')[4]]", - "name": "[format('{0}/{1}', last(split(parameters('cMKManagedServicesKeyVaultResourceId'), '/')), parameters('cMKManagedServicesKeyName'))]" + "apiVersion": "2021-10-01", + "subscriptionId": "[split(if(not(empty(parameters('cMKManagedServicesKeyVaultResourceId'))), parameters('cMKManagedServicesKeyVaultResourceId'), '//'), '/')[2]]", + "resourceGroup": "[split(if(not(empty(parameters('cMKManagedServicesKeyVaultResourceId'))), parameters('cMKManagedServicesKeyVaultResourceId'), '////'), '/')[4]]", + "name": "[last(split(if(not(empty(parameters('cMKManagedServicesKeyVaultResourceId'))), parameters('cMKManagedServicesKeyVaultResourceId'), 'dummyVault'), '/'))]" }, "workspace": { "type": "Microsoft.Databricks/workspaces", @@ -413,13 +419,11 @@ "parameters": "[union(createObject('enableNoPublicIp', createObject('value', parameters('disablePublicIp')), 'prepareEncryption', createObject('value', parameters('prepareEncryption')), 'vnetAddressPrefix', createObject('value', parameters('vnetAddressPrefix')), 'requireInfrastructureEncryption', createObject('value', parameters('requireInfrastructureEncryption'))), if(not(empty(parameters('customVirtualNetworkResourceId'))), createObject('customVirtualNetworkId', createObject('value', parameters('customVirtualNetworkResourceId'))), createObject()), if(not(empty(parameters('amlWorkspaceResourceId'))), createObject('amlWorkspaceId', createObject('value', parameters('amlWorkspaceResourceId'))), createObject()), if(not(empty(parameters('customPrivateSubnetName'))), createObject('customPrivateSubnetName', createObject('value', parameters('customPrivateSubnetName'))), createObject()), if(not(empty(parameters('customPublicSubnetName'))), createObject('customPublicSubnetName', createObject('value', parameters('customPublicSubnetName'))), createObject()), if(not(empty(parameters('loadBalancerBackendPoolName'))), createObject('loadBalancerBackendPoolName', createObject('value', parameters('loadBalancerBackendPoolName'))), createObject()), if(not(empty(parameters('loadBalancerResourceId'))), createObject('loadBalancerId', createObject('value', parameters('loadBalancerResourceId'))), createObject()), if(not(empty(parameters('natGatewayName'))), createObject('natGatewayName', createObject('value', parameters('natGatewayName'))), createObject()), if(not(empty(parameters('publicIpName'))), createObject('publicIpName', createObject('value', parameters('publicIpName'))), createObject()), if(not(empty(parameters('storageAccountName'))), createObject('storageAccountName', createObject('value', parameters('storageAccountName'))), createObject()), if(not(empty(parameters('storageAccountSkuName'))), createObject('storageAccountSkuName', createObject('value', parameters('storageAccountSkuName'))), createObject()))]", "publicNetworkAccess": "[parameters('publicNetworkAccess')]", "requiredNsgRules": "[parameters('requiredNsgRules')]", - "encryption": "[if(or(not(empty(parameters('cMKManagedServicesKeyName'))), not(empty(parameters('cMKManagedServicesKeyName')))), createObject('entities', createObject('managedServices', if(not(empty(parameters('cMKManagedServicesKeyName'))), createObject('keySource', 'Microsoft.Keyvault', 'keyVaultProperties', createObject('keyVaultUri', reference('cMKManagedServicesKeyVault').vaultUri, 'keyName', parameters('cMKManagedServicesKeyName'), 'keyVersion', if(not(empty(parameters('cMKManagedServicesKeyVersion'))), parameters('cMKManagedServicesKeyVersion'), last(split(reference('cMKManagedServicesKeyVaultKey').keyUriWithVersion, '/'))))), null()), 'managedDisk', if(not(empty(parameters('cMKManagedDisksKeyName'))), createObject('keySource', 'Microsoft.Keyvault', 'keyVaultProperties', createObject('keyVaultUri', reference('cMKManagedDisksKeyVault').vaultUri, 'keyName', parameters('cMKManagedDisksKeyName'), 'keyVersion', if(not(empty(parameters('cMKManagedDisksKeyVersion'))), parameters('cMKManagedDisksKeyVersion'), last(split(reference('cMKManagedDisksKeyVaultKey').keyUriWithVersion, '/')))), 'rotationToLatestKeyVersionEnabled', parameters('cMKManagedDisksKeyRotationToLatestKeyVersionEnabled')), null()))), null())]" + "encryption": "[if(or(not(empty(parameters('cMKManagedServicesKeyName'))), not(empty(parameters('cMKManagedServicesKeyName')))), createObject('entities', createObject('managedServices', if(not(empty(parameters('cMKManagedServicesKeyName'))), createObject('keySource', 'Microsoft.Keyvault', 'keyVaultProperties', createObject('keyVaultUri', reference('cMKManagedServicesKeyVault').vaultUri, 'keyName', parameters('cMKManagedServicesKeyName'), 'keyVersion', if(not(empty(parameters('cMKManagedServicesKeyVersion'))), parameters('cMKManagedServicesKeyVersion'), last(split(reference('cMKManagedServicesKeyVault::cMKKey').keyUriWithVersion, '/'))))), null()), 'managedDisk', if(not(empty(parameters('cMKManagedDisksKeyName'))), createObject('keySource', 'Microsoft.Keyvault', 'keyVaultProperties', createObject('keyVaultUri', reference('cMKManagedDisksKeyVault').vaultUri, 'keyName', parameters('cMKManagedDisksKeyName'), 'keyVersion', if(not(empty(parameters('cMKManagedDisksKeyVersion'))), parameters('cMKManagedDisksKeyVersion'), last(split(reference('cMKManagedDisksKeyVault::cMKKeyDisk').keyUriWithVersion, '/')))), 'rotationToLatestKeyVersionEnabled', parameters('cMKManagedDisksKeyRotationToLatestKeyVersionEnabled')), null()))), null())]" }, "dependsOn": [ "cMKManagedDisksKeyVault", - "cMKManagedDisksKeyVaultKey", - "cMKManagedServicesKeyVault", - "cMKManagedServicesKeyVaultKey" + "cMKManagedServicesKeyVault" ] }, "workspace_lock": { From d111569c27583e8740224156763552666eb8d1f1 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Fri, 20 Oct 2023 08:31:53 +0200 Subject: [PATCH 37/52] Udated data factory --- modules/data-factory/factory/main.bicep | 4 ++-- modules/data-factory/factory/main.json | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/modules/data-factory/factory/main.bicep b/modules/data-factory/factory/main.bicep index 8a0685e3ae..973f187561 100644 --- a/modules/data-factory/factory/main.bicep +++ b/modules/data-factory/factory/main.bicep @@ -157,8 +157,8 @@ var identity = identityType != 'None' ? { var enableReferencedModulesTelemetry = false resource cMKKeyVault 'Microsoft.KeyVault/vaults@2021-10-01' existing = if (!empty(cMKKeyVaultResourceId)) { - name: last(split(cMKKeyVaultResourceId, '/'))! - scope: resourceGroup(split(cMKKeyVaultResourceId, '/')[2], split(cMKKeyVaultResourceId, '/')[4]) + name: last(split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : 'dummyVault'), '/'))! + scope: resourceGroup(split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : '//'), '/')[2], split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : '////'), '/')[4]) } resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { diff --git a/modules/data-factory/factory/main.json b/modules/data-factory/factory/main.json index 78a9efea3d..c52194153a 100644 --- a/modules/data-factory/factory/main.json +++ b/modules/data-factory/factory/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "12584866101218671882" + "templateHash": "7844406569986738481" }, "name": "Data Factories", "description": "This module deploys a Data Factory.", @@ -333,9 +333,9 @@ "existing": true, "type": "Microsoft.KeyVault/vaults", "apiVersion": "2021-10-01", - "subscriptionId": "[split(parameters('cMKKeyVaultResourceId'), '/')[2]]", - "resourceGroup": "[split(parameters('cMKKeyVaultResourceId'), '/')[4]]", - "name": "[last(split(parameters('cMKKeyVaultResourceId'), '/'))]" + "subscriptionId": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '//'), '/')[2]]", + "resourceGroup": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '////'), '/')[4]]", + "name": "[last(split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), 'dummyVault'), '/'))]" }, "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", From 9e2534db2c4d5b262de880aa29265498c8c020c3 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Fri, 20 Oct 2023 09:05:26 +0200 Subject: [PATCH 38/52] Fixed msi ref --- modules/app-configuration/configuration-store/main.bicep | 4 ++-- modules/app-configuration/configuration-store/main.json | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/modules/app-configuration/configuration-store/main.bicep b/modules/app-configuration/configuration-store/main.bicep index 9a4d2e75dd..84d4bf947f 100644 --- a/modules/app-configuration/configuration-store/main.bicep +++ b/modules/app-configuration/configuration-store/main.bicep @@ -160,8 +160,8 @@ resource cMKKeyVault 'Microsoft.KeyVault/vaults@2021-10-01' existing = if (!empt } resource cMKUserAssignedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' existing = if (!empty(cMKUserAssignedIdentityResourceId)) { - name: last(split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : 'dummyMsi'), '/'))! - scope: resourceGroup(split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : '//'), '/')[2], split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : '////'), '/')[4]) + name: last(split((!empty(cMKUserAssignedIdentityResourceId) ? cMKUserAssignedIdentityResourceId : 'dummyMsi'), '/'))! + scope: resourceGroup(split((!empty(cMKUserAssignedIdentityResourceId) ? cMKUserAssignedIdentityResourceId : '//'), '/')[2], split((!empty(cMKUserAssignedIdentityResourceId) ? cMKUserAssignedIdentityResourceId : '////'), '/')[4]) } resource configurationStore 'Microsoft.AppConfiguration/configurationStores@2023-03-01' = { diff --git a/modules/app-configuration/configuration-store/main.json b/modules/app-configuration/configuration-store/main.json index cf6f84dcb5..b39777fc07 100644 --- a/modules/app-configuration/configuration-store/main.json +++ b/modules/app-configuration/configuration-store/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "11343967706179576865" + "templateHash": "14429413611786326402" }, "name": "App Configuration Stores", "description": "This module deploys an App Configuration Store.", @@ -325,9 +325,9 @@ "existing": true, "type": "Microsoft.ManagedIdentity/userAssignedIdentities", "apiVersion": "2023-01-31", - "subscriptionId": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '//'), '/')[2]]", - "resourceGroup": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '////'), '/')[4]]", - "name": "[last(split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), 'dummyMsi'), '/'))]" + "subscriptionId": "[split(if(not(empty(parameters('cMKUserAssignedIdentityResourceId'))), parameters('cMKUserAssignedIdentityResourceId'), '//'), '/')[2]]", + "resourceGroup": "[split(if(not(empty(parameters('cMKUserAssignedIdentityResourceId'))), parameters('cMKUserAssignedIdentityResourceId'), '////'), '/')[4]]", + "name": "[last(split(if(not(empty(parameters('cMKUserAssignedIdentityResourceId'))), parameters('cMKUserAssignedIdentityResourceId'), 'dummyMsi'), '/'))]" }, "configurationStore": { "type": "Microsoft.AppConfiguration/configurationStores", From 6fcbe246bca66a2fe8bc852d05b0341ef481956f Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Fri, 20 Oct 2023 09:10:53 +0200 Subject: [PATCH 39/52] Fixed script ref & cog --- modules/cognitive-services/account/main.bicep | 4 ++-- modules/cognitive-services/account/main.json | 8 ++++---- utilities/tools/Set-Module.ps1 | 3 +-- 3 files changed, 7 insertions(+), 8 deletions(-) diff --git a/modules/cognitive-services/account/main.bicep b/modules/cognitive-services/account/main.bicep index 5fbb6da6e4..9bee40a178 100644 --- a/modules/cognitive-services/account/main.bicep +++ b/modules/cognitive-services/account/main.bicep @@ -211,8 +211,8 @@ resource cMKKeyVault 'Microsoft.KeyVault/vaults@2021-10-01' existing = if (!empt } resource cMKUserAssignedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' existing = if (!empty(cMKUserAssignedIdentityResourceId)) { - name: last(split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : 'dummyMsi'), '/'))! - scope: resourceGroup(split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : '//'), '/')[2], split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : '////'), '/')[4]) + name: last(split((!empty(cMKUserAssignedIdentityResourceId) ? cMKUserAssignedIdentityResourceId : 'dummyMsi'), '/'))! + scope: resourceGroup(split((!empty(cMKUserAssignedIdentityResourceId) ? cMKUserAssignedIdentityResourceId : '//'), '/')[2], split((!empty(cMKUserAssignedIdentityResourceId) ? cMKUserAssignedIdentityResourceId : '////'), '/')[4]) } resource cognitiveServices 'Microsoft.CognitiveServices/accounts@2022-12-01' = { diff --git a/modules/cognitive-services/account/main.json b/modules/cognitive-services/account/main.json index 3053512263..c4e3c4d5a8 100644 --- a/modules/cognitive-services/account/main.json +++ b/modules/cognitive-services/account/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "9331368408921308569" + "templateHash": "333012564949665738" }, "name": "Cognitive Services", "description": "This module deploys a Cognitive Service.", @@ -396,9 +396,9 @@ "existing": true, "type": "Microsoft.ManagedIdentity/userAssignedIdentities", "apiVersion": "2023-01-31", - "subscriptionId": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '//'), '/')[2]]", - "resourceGroup": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '////'), '/')[4]]", - "name": "[last(split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), 'dummyMsi'), '/'))]" + "subscriptionId": "[split(if(not(empty(parameters('cMKUserAssignedIdentityResourceId'))), parameters('cMKUserAssignedIdentityResourceId'), '//'), '/')[2]]", + "resourceGroup": "[split(if(not(empty(parameters('cMKUserAssignedIdentityResourceId'))), parameters('cMKUserAssignedIdentityResourceId'), '////'), '/')[4]]", + "name": "[last(split(if(not(empty(parameters('cMKUserAssignedIdentityResourceId'))), parameters('cMKUserAssignedIdentityResourceId'), 'dummyMsi'), '/'))]" }, "cognitiveServices": { "type": "Microsoft.CognitiveServices/accounts", diff --git a/utilities/tools/Set-Module.ps1 b/utilities/tools/Set-Module.ps1 index 4d322caa90..874cf09ddc 100644 --- a/utilities/tools/Set-Module.ps1 +++ b/utilities/tools/Set-Module.ps1 @@ -119,8 +119,6 @@ function Set-Module { $job = $relevantTemplatePaths | ForEach-Object -ThrottleLimit $ThrottleLimit -AsJob -Parallel { $resourceTypeIdentifier = ((Split-Path $_) -split '[\/|\\]{1}modules[\/|\\]{1}')[1] # avm/res// - . $using:ReadMeScriptFilePath - ############### ## Build ## ############### @@ -134,6 +132,7 @@ function Set-Module { ################ if (-not $using:SkipReadMe) { Write-Output "Generating readme for [$resourceTypeIdentifier]" + . $using:ReadMeScriptFilePath # If the template was just build, we can pass the JSON into the readme script to be more efficient $readmeTemplateFilePath = (-not $using:SkipBuild) ? (Join-Path (Split-Path $_ -Parent) 'main.json') : $_ From 357f693e1ff07369bf85cb9e2cebd16103a16de2 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Fri, 20 Oct 2023 09:13:07 +0200 Subject: [PATCH 40/52] Fixed cotainer reg --- modules/container-registry/registry/main.bicep | 4 ++-- modules/container-registry/registry/main.json | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/modules/container-registry/registry/main.bicep b/modules/container-registry/registry/main.bicep index 75927d64ec..b4a3c04050 100644 --- a/modules/container-registry/registry/main.bicep +++ b/modules/container-registry/registry/main.bicep @@ -232,8 +232,8 @@ resource cMKKeyVault 'Microsoft.KeyVault/vaults@2021-10-01' existing = if (!empt } resource cMKUserAssignedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' existing = if (!empty(cMKUserAssignedIdentityResourceId)) { - name: last(split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : 'dummyMsi'), '/'))! - scope: resourceGroup(split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : '//'), '/')[2], split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : '////'), '/')[4]) + name: last(split((!empty(cMKUserAssignedIdentityResourceId) ? cMKUserAssignedIdentityResourceId : 'dummyMsi'), '/'))! + scope: resourceGroup(split((!empty(cMKUserAssignedIdentityResourceId) ? cMKUserAssignedIdentityResourceId : '//'), '/')[2], split((!empty(cMKUserAssignedIdentityResourceId) ? cMKUserAssignedIdentityResourceId : '////'), '/')[4]) } resource registry 'Microsoft.ContainerRegistry/registries@2023-06-01-preview' = { diff --git a/modules/container-registry/registry/main.json b/modules/container-registry/registry/main.json index 8baa9eeff7..a12b37dde0 100644 --- a/modules/container-registry/registry/main.json +++ b/modules/container-registry/registry/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "12613913283174213145" + "templateHash": "13715645846097523943" }, "name": "Azure Container Registries (ACR)", "description": "This module deploys an Azure Container Registry (ACR).", @@ -446,9 +446,9 @@ "existing": true, "type": "Microsoft.ManagedIdentity/userAssignedIdentities", "apiVersion": "2023-01-31", - "subscriptionId": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '//'), '/')[2]]", - "resourceGroup": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '////'), '/')[4]]", - "name": "[last(split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), 'dummyMsi'), '/'))]" + "subscriptionId": "[split(if(not(empty(parameters('cMKUserAssignedIdentityResourceId'))), parameters('cMKUserAssignedIdentityResourceId'), '//'), '/')[2]]", + "resourceGroup": "[split(if(not(empty(parameters('cMKUserAssignedIdentityResourceId'))), parameters('cMKUserAssignedIdentityResourceId'), '////'), '/')[4]]", + "name": "[last(split(if(not(empty(parameters('cMKUserAssignedIdentityResourceId'))), parameters('cMKUserAssignedIdentityResourceId'), 'dummyMsi'), '/'))]" }, "registry": { "type": "Microsoft.ContainerRegistry/registries", From a1cdf6490e5272edc5d1c5786e90856ca4cc6ae2 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Fri, 20 Oct 2023 09:18:54 +0200 Subject: [PATCH 41/52] Atempted to fix managed-cluster --- modules/container-service/managed-cluster/main.bicep | 8 ++++---- modules/container-service/managed-cluster/main.json | 10 ++++------ 2 files changed, 8 insertions(+), 10 deletions(-) diff --git a/modules/container-service/managed-cluster/main.bicep b/modules/container-service/managed-cluster/main.bicep index d4f3a4192b..3e3648a527 100644 --- a/modules/container-service/managed-cluster/main.bicep +++ b/modules/container-service/managed-cluster/main.bicep @@ -465,9 +465,9 @@ resource managedCluster 'Microsoft.ContainerService/managedClusters@2023-07-02-p ingressProfile: { webAppRouting: { enabled: webApplicationRoutingEnabled - dnsZoneResourceIds: [ - !empty(dnsZoneResourceId) ? any(dnsZoneResourceId) : null - ] + dnsZoneResourceIds: !empty(dnsZoneResourceId) ? [ + dnsZoneResourceId + ] : null } } addonProfiles: { @@ -698,7 +698,7 @@ module managedCluster_roleAssignments '.bicep/nested_roleAssignments.bicep' = [f }] resource dnsZone 'Microsoft.Network/dnsZones@2018-05-01' existing = if (dnsZoneResourceId != null && webApplicationRoutingEnabled) { - name: last(split((!empty(dnsZoneResourceId) ? dnsZoneResourceId : 'dummmyZone'), '/'))! + name: last(split((!empty(dnsZoneResourceId) ? dnsZoneResourceId : '/dummmyZone'), '/'))! } resource dnsZone_roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = if (enableDnsZoneContributorRoleAssignment == true && dnsZoneResourceId != null && webApplicationRoutingEnabled) { diff --git a/modules/container-service/managed-cluster/main.json b/modules/container-service/managed-cluster/main.json index 77d03fb85f..a2363b3784 100644 --- a/modules/container-service/managed-cluster/main.json +++ b/modules/container-service/managed-cluster/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "13409538219229947959" + "templateHash": "9142221246471978199" }, "name": "Azure Kubernetes Service (AKS) Managed Clusters", "description": "This module deploys an Azure Kubernetes Service (AKS) Managed Cluster.", @@ -897,9 +897,7 @@ "ingressProfile": { "webAppRouting": { "enabled": "[parameters('webApplicationRoutingEnabled')]", - "dnsZoneResourceIds": [ - "[if(not(empty(parameters('dnsZoneResourceId'))), parameters('dnsZoneResourceId'), null())]" - ] + "dnsZoneResourceIds": "[if(not(empty(parameters('dnsZoneResourceId'))), createArray(parameters('dnsZoneResourceId')), null())]" } }, "addonProfiles": { @@ -1052,13 +1050,13 @@ "existing": true, "type": "Microsoft.Network/dnsZones", "apiVersion": "2018-05-01", - "name": "[last(split(if(not(empty(parameters('dnsZoneResourceId'))), parameters('dnsZoneResourceId'), 'dummmyZone'), '/'))]" + "name": "[last(split(if(not(empty(parameters('dnsZoneResourceId'))), parameters('dnsZoneResourceId'), '/dummmyZone'), '/'))]" }, "dnsZone_roleAssignment": { "condition": "[and(and(equals(parameters('enableDnsZoneContributorRoleAssignment'), true()), not(equals(parameters('dnsZoneResourceId'), null()))), parameters('webApplicationRoutingEnabled'))]", "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Network/dnsZones/{0}', last(split(if(not(empty(parameters('dnsZoneResourceId'))), parameters('dnsZoneResourceId'), 'dummmyZone'), '/')))]", + "scope": "[format('Microsoft.Network/dnsZones/{0}', last(split(if(not(empty(parameters('dnsZoneResourceId'))), parameters('dnsZoneResourceId'), '/dummmyZone'), '/')))]", "name": "[guid(parameters('dnsZoneResourceId'), subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'befefa01-2a29-4197-83a8-272ff33ce314'), 'DNS Zone Contributor')]", "properties": { "roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'befefa01-2a29-4197-83a8-272ff33ce314')]", From cfc937d20dd7b318d3f4e9303033052dccab4433 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Fri, 20 Oct 2023 09:23:45 +0200 Subject: [PATCH 42/52] Try & fix new key treating in databricks --- .../workspace/.test/common/dependencies.bicep | 10 ++++++++++ .../databricks/workspace/.test/common/main.test.bicep | 2 +- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/modules/databricks/workspace/.test/common/dependencies.bicep b/modules/databricks/workspace/.test/common/dependencies.bicep index 31203d82a3..ebef077726 100644 --- a/modules/databricks/workspace/.test/common/dependencies.bicep +++ b/modules/databricks/workspace/.test/common/dependencies.bicep @@ -56,6 +56,13 @@ resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' = { kty: 'RSA' } } + + resource keyDisk 'keys@2022-07-01' = { + name: 'keyEncryptionKeyDisk' + properties: { + kty: 'RSA' + } + } } resource keyPermissions 'Microsoft.Authorization/roleAssignments@2022-04-01' = { @@ -329,5 +336,8 @@ output loadBalancerBackendPoolName string = loadBalancer.properties.backendAddre @description('The name of the created Key Vault encryption key.') output keyVaultKeyName string = keyVault::key.name +@description('The name of the created Key Vault Disk encryption key.') +output keyVaultDiskKeyName string = keyVault::keyDisk.name + @description('The principal ID of the created Managed Identity.') output managedIdentityPrincipalId string = managedIdentity.properties.principalId diff --git a/modules/databricks/workspace/.test/common/main.test.bicep b/modules/databricks/workspace/.test/common/main.test.bicep index ae584f845e..e39481d4ac 100644 --- a/modules/databricks/workspace/.test/common/main.test.bicep +++ b/modules/databricks/workspace/.test/common/main.test.bicep @@ -101,7 +101,7 @@ module testDeployment '../../main.bicep' = { } cMKManagedServicesKeyName: nestedDependencies.outputs.keyVaultKeyName cMKManagedServicesKeyVaultResourceId: nestedDependencies.outputs.keyVaultResourceId - cMKManagedDisksKeyName: nestedDependencies.outputs.keyVaultKeyName + cMKManagedDisksKeyName: nestedDependencies.outputs.keyVaultDiskKeyName cMKManagedDisksKeyVaultResourceId: nestedDependencies.outputs.keyVaultResourceId cMKManagedDisksKeyRotationToLatestKeyVersionEnabled: true storageAccountName: 'sa${namePrefix}${serviceShort}001' From 948459586c68a58448c42e28462e637ca529175d Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Fri, 20 Oct 2023 09:28:00 +0200 Subject: [PATCH 43/52] Updated db-for --- .../db-for-my-sql/flexible-server/main.bicep | 18 +++++------ .../db-for-my-sql/flexible-server/main.json | 32 +++++++++---------- .../flexible-server/main.bicep | 12 ++++--- .../flexible-server/main.json | 32 +++++++++++++------ 4 files changed, 55 insertions(+), 39 deletions(-) diff --git a/modules/db-for-my-sql/flexible-server/main.bicep b/modules/db-for-my-sql/flexible-server/main.bicep index 4042bdabab..419cf6b925 100644 --- a/modules/db-for-my-sql/flexible-server/main.bicep +++ b/modules/db-for-my-sql/flexible-server/main.bicep @@ -250,21 +250,21 @@ resource defaultTelemetry 'Microsoft.Resources/deployments@2022-09-01' = if (ena } } -resource cMKKeyVault 'Microsoft.KeyVault/vaults@2023-02-01' existing = if (!empty(cMKKeyVaultResourceId)) { - name: last(split(cMKKeyVaultResourceId, '/'))! - scope: resourceGroup(split(cMKKeyVaultResourceId, '/')[2], split(cMKKeyVaultResourceId, '/')[4]) +resource cMKKeyVault 'Microsoft.KeyVault/vaults@2021-10-01' existing = if (!empty(cMKKeyVaultResourceId)) { + name: last(split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : 'dummyVault'), '/'))! + scope: resourceGroup(split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : '//'), '/')[2], split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : '////'), '/')[4]) - resource cMKKey 'keys@2022-07-01' existing = if (!empty(cMKKeyName)) { - name: cMKKeyName + resource cMKKey 'keys@2023-02-01' existing = if (!empty(cMKKeyName)) { + name: !empty(cMKKeyName) ? cMKKeyName : 'dummyKey' } } -resource geoBackupCMKKeyVault 'Microsoft.KeyVault/vaults@2023-02-01' existing = if (!empty(geoBackupCMKKeyVaultResourceId)) { - name: last(split(geoBackupCMKKeyVaultResourceId, '/'))! - scope: resourceGroup(split(geoBackupCMKKeyVaultResourceId, '/')[2], split(geoBackupCMKKeyVaultResourceId, '/')[4]) +resource geoBackupCMKKeyVault 'Microsoft.KeyVault/vaults@2021-10-01' existing = if (!empty(geoBackupCMKKeyVaultResourceId)) { + name: last(split((!empty(geoBackupCMKKeyVaultResourceId) ? geoBackupCMKKeyVaultResourceId : 'dummyVault'), '/'))! + scope: resourceGroup(split((!empty(geoBackupCMKKeyVaultResourceId) ? geoBackupCMKKeyVaultResourceId : '//'), '/')[2], split((!empty(geoBackupCMKKeyVaultResourceId) ? geoBackupCMKKeyVaultResourceId : '////'), '/')[4]) resource geoBackupCMKKey 'keys@2023-02-01' existing = if (!empty(geoBackupCMKKeyName)) { - name: geoBackupCMKKeyName + name: !empty(geoBackupCMKKeyName) ? geoBackupCMKKeyName : 'dummyKey' } } diff --git a/modules/db-for-my-sql/flexible-server/main.json b/modules/db-for-my-sql/flexible-server/main.json index 14934d696f..803d30c7b5 100644 --- a/modules/db-for-my-sql/flexible-server/main.json +++ b/modules/db-for-my-sql/flexible-server/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "9516546029876865175" + "templateHash": "4402521755740806457" }, "name": "DBforMySQL Flexible Servers", "description": "This module deploys a DBforMySQL Flexible Server.", @@ -455,10 +455,10 @@ "condition": "[and(not(empty(parameters('cMKKeyVaultResourceId'))), not(empty(parameters('cMKKeyName'))))]", "existing": true, "type": "Microsoft.KeyVault/vaults/keys", - "apiVersion": "2022-07-01", - "subscriptionId": "[split(parameters('cMKKeyVaultResourceId'), '/')[2]]", - "resourceGroup": "[split(parameters('cMKKeyVaultResourceId'), '/')[4]]", - "name": "[format('{0}/{1}', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName'))]", + "apiVersion": "2023-02-01", + "subscriptionId": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '//'), '/')[2]]", + "resourceGroup": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '////'), '/')[4]]", + "name": "[format('{0}/{1}', last(split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), 'dummyVault'), '/')), if(not(empty(parameters('cMKKeyName'))), parameters('cMKKeyName'), 'dummyKey'))]", "dependsOn": [ "cMKKeyVault" ] @@ -468,9 +468,9 @@ "existing": true, "type": "Microsoft.KeyVault/vaults/keys", "apiVersion": "2023-02-01", - "subscriptionId": "[split(parameters('geoBackupCMKKeyVaultResourceId'), '/')[2]]", - "resourceGroup": "[split(parameters('geoBackupCMKKeyVaultResourceId'), '/')[4]]", - "name": "[format('{0}/{1}', last(split(parameters('geoBackupCMKKeyVaultResourceId'), '/')), parameters('geoBackupCMKKeyName'))]", + "subscriptionId": "[split(if(not(empty(parameters('geoBackupCMKKeyVaultResourceId'))), parameters('geoBackupCMKKeyVaultResourceId'), '//'), '/')[2]]", + "resourceGroup": "[split(if(not(empty(parameters('geoBackupCMKKeyVaultResourceId'))), parameters('geoBackupCMKKeyVaultResourceId'), '////'), '/')[4]]", + "name": "[format('{0}/{1}', last(split(if(not(empty(parameters('geoBackupCMKKeyVaultResourceId'))), parameters('geoBackupCMKKeyVaultResourceId'), 'dummyVault'), '/')), if(not(empty(parameters('geoBackupCMKKeyName'))), parameters('geoBackupCMKKeyName'), 'dummyKey'))]", "dependsOn": [ "geoBackupCMKKeyVault" ] @@ -493,19 +493,19 @@ "condition": "[not(empty(parameters('cMKKeyVaultResourceId')))]", "existing": true, "type": "Microsoft.KeyVault/vaults", - "apiVersion": "2023-02-01", - "subscriptionId": "[split(parameters('cMKKeyVaultResourceId'), '/')[2]]", - "resourceGroup": "[split(parameters('cMKKeyVaultResourceId'), '/')[4]]", - "name": "[last(split(parameters('cMKKeyVaultResourceId'), '/'))]" + "apiVersion": "2021-10-01", + "subscriptionId": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '//'), '/')[2]]", + "resourceGroup": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '////'), '/')[4]]", + "name": "[last(split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), 'dummyVault'), '/'))]" }, "geoBackupCMKKeyVault": { "condition": "[not(empty(parameters('geoBackupCMKKeyVaultResourceId')))]", "existing": true, "type": "Microsoft.KeyVault/vaults", - "apiVersion": "2023-02-01", - "subscriptionId": "[split(parameters('geoBackupCMKKeyVaultResourceId'), '/')[2]]", - "resourceGroup": "[split(parameters('geoBackupCMKKeyVaultResourceId'), '/')[4]]", - "name": "[last(split(parameters('geoBackupCMKKeyVaultResourceId'), '/'))]" + "apiVersion": "2021-10-01", + "subscriptionId": "[split(if(not(empty(parameters('geoBackupCMKKeyVaultResourceId'))), parameters('geoBackupCMKKeyVaultResourceId'), '//'), '/')[2]]", + "resourceGroup": "[split(if(not(empty(parameters('geoBackupCMKKeyVaultResourceId'))), parameters('geoBackupCMKKeyVaultResourceId'), '////'), '/')[4]]", + "name": "[last(split(if(not(empty(parameters('geoBackupCMKKeyVaultResourceId'))), parameters('geoBackupCMKKeyVaultResourceId'), 'dummyVault'), '/'))]" }, "flexibleServer": { "type": "Microsoft.DBforMySQL/flexibleServers", diff --git a/modules/db-for-postgre-sql/flexible-server/main.bicep b/modules/db-for-postgre-sql/flexible-server/main.bicep index f89cfe56c3..16b25a4744 100644 --- a/modules/db-for-postgre-sql/flexible-server/main.bicep +++ b/modules/db-for-postgre-sql/flexible-server/main.bicep @@ -231,9 +231,13 @@ resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (ena } } -resource cMKKeyVaultKey 'Microsoft.KeyVault/vaults/keys@2022-07-01' existing = if (!empty(cMKKeyVaultResourceId) && !empty(cMKKeyName)) { - name: '${last(split(cMKKeyVaultResourceId, '/'))}/${cMKKeyName}' - scope: resourceGroup(split(cMKKeyVaultResourceId, '/')[2], split(cMKKeyVaultResourceId, '/')[4]) +resource cMKKeyVault 'Microsoft.KeyVault/vaults@2021-10-01' existing = if (!empty(cMKKeyVaultResourceId)) { + name: last(split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : 'dummyVault'), '/'))! + scope: resourceGroup(split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : '//'), '/')[2], split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : '////'), '/')[4]) + + resource cMKKey 'keys@2023-02-01' existing = if (!empty(cMKKeyName)) { + name: !empty(cMKKeyName) ? cMKKeyName : 'dummyKey' + } } resource flexibleServer 'Microsoft.DBforPostgreSQL/flexibleServers@2022-12-01' = { @@ -263,7 +267,7 @@ resource flexibleServer 'Microsoft.DBforPostgreSQL/flexibleServers@2022-12-01' = } createMode: createMode dataEncryption: !empty(cMKKeyName) ? { - primaryKeyURI: !empty(cMKKeyVersion) ? '${cMKKeyVaultKey.properties.keyUri}/${cMKKeyVersion}' : cMKKeyVaultKey.properties.keyUriWithVersion + primaryKeyURI: !empty(cMKKeyVersion) ? '${cMKKeyVault::cMKKey.properties.keyUri}/${cMKKeyVersion}' : cMKKeyVault::cMKKey.properties.keyUriWithVersion primaryUserAssignedIdentityId: cMKUserAssignedIdentityResourceId type: 'AzureKeyVault' } : null diff --git a/modules/db-for-postgre-sql/flexible-server/main.json b/modules/db-for-postgre-sql/flexible-server/main.json index a777f2cfde..d432f9e923 100644 --- a/modules/db-for-postgre-sql/flexible-server/main.json +++ b/modules/db-for-postgre-sql/flexible-server/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "14367037120774129856" + "templateHash": "12105259818259511725" }, "name": "DBforPostgreSQL Flexible Servers", "description": "This module deploys a DBforPostgreSQL Flexible Server.", @@ -420,6 +420,18 @@ "enableReferencedModulesTelemetry": false }, "resources": { + "cMKKeyVault::cMKKey": { + "condition": "[and(not(empty(parameters('cMKKeyVaultResourceId'))), not(empty(parameters('cMKKeyName'))))]", + "existing": true, + "type": "Microsoft.KeyVault/vaults/keys", + "apiVersion": "2023-02-01", + "subscriptionId": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '//'), '/')[2]]", + "resourceGroup": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '////'), '/')[4]]", + "name": "[format('{0}/{1}', last(split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), 'dummyVault'), '/')), if(not(empty(parameters('cMKKeyName'))), parameters('cMKKeyName'), 'dummyKey'))]", + "dependsOn": [ + "cMKKeyVault" + ] + }, "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", @@ -434,14 +446,14 @@ } } }, - "cMKKeyVaultKey": { - "condition": "[and(not(empty(parameters('cMKKeyVaultResourceId'))), not(empty(parameters('cMKKeyName'))))]", + "cMKKeyVault": { + "condition": "[not(empty(parameters('cMKKeyVaultResourceId')))]", "existing": true, - "type": "Microsoft.KeyVault/vaults/keys", - "apiVersion": "2022-07-01", - "subscriptionId": "[split(parameters('cMKKeyVaultResourceId'), '/')[2]]", - "resourceGroup": "[split(parameters('cMKKeyVaultResourceId'), '/')[4]]", - "name": "[format('{0}/{1}', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName'))]" + "type": "Microsoft.KeyVault/vaults", + "apiVersion": "2021-10-01", + "subscriptionId": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '//'), '/')[2]]", + "resourceGroup": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '////'), '/')[4]]", + "name": "[last(split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), 'dummyVault'), '/'))]" }, "flexibleServer": { "type": "Microsoft.DBforPostgreSQL/flexibleServers", @@ -471,7 +483,7 @@ "geoRedundantBackup": "[parameters('geoRedundantBackup')]" }, "createMode": "[parameters('createMode')]", - "dataEncryption": "[if(not(empty(parameters('cMKKeyName'))), createObject('primaryKeyURI', if(not(empty(parameters('cMKKeyVersion'))), format('{0}/{1}', reference('cMKKeyVaultKey').keyUri, parameters('cMKKeyVersion')), reference('cMKKeyVaultKey').keyUriWithVersion), 'primaryUserAssignedIdentityId', parameters('cMKUserAssignedIdentityResourceId'), 'type', 'AzureKeyVault'), null())]", + "dataEncryption": "[if(not(empty(parameters('cMKKeyName'))), createObject('primaryKeyURI', if(not(empty(parameters('cMKKeyVersion'))), format('{0}/{1}', reference('cMKKeyVault::cMKKey').keyUri, parameters('cMKKeyVersion')), reference('cMKKeyVault::cMKKey').keyUriWithVersion), 'primaryUserAssignedIdentityId', parameters('cMKUserAssignedIdentityResourceId'), 'type', 'AzureKeyVault'), null())]", "highAvailability": { "mode": "[parameters('highAvailability')]", "standbyAvailabilityZone": "[if(equals(parameters('highAvailability'), 'SameZone'), parameters('availabilityZone'), null())]" @@ -486,7 +498,7 @@ "version": "[parameters('version')]" }, "dependsOn": [ - "cMKKeyVaultKey" + "cMKKeyVault" ] }, "flexibleServer_lock": { From 2523f734edb536ba7726b7384d9e94916188cc4e Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Fri, 20 Oct 2023 09:33:01 +0200 Subject: [PATCH 44/52] Updated log for digital twin --- .../digital-twins/digital-twins-instance/README.md | 1 - .../digital-twins/digital-twins-instance/main.bicep | 8 ++++---- .../digital-twins/digital-twins-instance/main.json | 12 ++++++------ 3 files changed, 10 insertions(+), 11 deletions(-) diff --git a/modules/digital-twins/digital-twins-instance/README.md b/modules/digital-twins/digital-twins-instance/README.md index 1075d78369..f7fa5d9476 100644 --- a/modules/digital-twins/digital-twins-instance/README.md +++ b/modules/digital-twins/digital-twins-instance/README.md @@ -14,7 +14,6 @@ This module deploys an Azure Digital Twins Instance. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | [2017-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | | `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.DigitalTwins/digitalTwinsInstances` | [2023-01-31](https://learn.microsoft.com/en-us/azure/templates/Microsoft.DigitalTwins/2023-01-31/digitalTwinsInstances) | diff --git a/modules/digital-twins/digital-twins-instance/main.bicep b/modules/digital-twins/digital-twins-instance/main.bicep index 7b803a5b93..1b66f5077c 100644 --- a/modules/digital-twins/digital-twins-instance/main.bicep +++ b/modules/digital-twins/digital-twins-instance/main.bicep @@ -205,11 +205,11 @@ module digitalTwinsInstance_privateEndpoints '../../network/private-endpoint/mai } }] -resource digitalTwinsInstance_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { - name: '${digitalTwinsInstance.name}-${lock}-lock' +resource digitalTwinsInstance_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' } scope: digitalTwinsInstance } diff --git a/modules/digital-twins/digital-twins-instance/main.json b/modules/digital-twins/digital-twins-instance/main.json index f4b34ccaea..f156f61380 100644 --- a/modules/digital-twins/digital-twins-instance/main.json +++ b/modules/digital-twins/digital-twins-instance/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "14910327860190049489" + "templateHash": "18430271797869106154" }, "name": "Digital Twins Instances", "description": "This module deploys an Azure Digital Twins Instance.", @@ -255,14 +255,14 @@ } }, "digitalTwinsInstance_lock": { - "condition": "[not(empty(parameters('lock')))]", + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", - "apiVersion": "2017-04-01", + "apiVersion": "2020-05-01", "scope": "[format('Microsoft.DigitalTwins/digitalTwinsInstances/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" }, "dependsOn": [ "digitalTwinsInstance" From e99050cee38670ccc3297859355ccec1b289d1e5 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Fri, 20 Oct 2023 09:54:02 +0200 Subject: [PATCH 45/52] Updated ML --- .../workspace/main.bicep | 12 +++++--- .../workspace/main.json | 30 +++++++++++++------ 2 files changed, 29 insertions(+), 13 deletions(-) diff --git a/modules/machine-learning-services/workspace/main.bicep b/modules/machine-learning-services/workspace/main.bicep index ad3c021a6a..38af26ff9f 100644 --- a/modules/machine-learning-services/workspace/main.bicep +++ b/modules/machine-learning-services/workspace/main.bicep @@ -184,9 +184,13 @@ resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (ena } } -resource cMKKeyVaultKey 'Microsoft.KeyVault/vaults/keys@2021-10-01' existing = if (!empty(cMKKeyVaultResourceId) && !empty(cMKKeyName)) { - name: '${last(split(cMKKeyVaultResourceId, '/'))}/${cMKKeyName}' - scope: resourceGroup(split(cMKKeyVaultResourceId, '/')[2], split(cMKKeyVaultResourceId, '/')[4]) +resource cMKKeyVault 'Microsoft.KeyVault/vaults@2021-10-01' existing = if (!empty(cMKKeyVaultResourceId)) { + name: last(split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : 'dummyVault'), '/'))! + scope: resourceGroup(split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : '//'), '/')[2], split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : '////'), '/')[4]) + + resource cMKKey 'keys@2023-02-01' existing = if (!empty(cMKKeyName)) { + name: !empty(cMKKeyName) ? cMKKeyName : 'dummyKey' + } } resource workspace 'Microsoft.MachineLearningServices/workspaces@2022-10-01' = { @@ -215,7 +219,7 @@ resource workspace 'Microsoft.MachineLearningServices/workspaces@2022-10-01' = { } : null keyVaultProperties: { keyVaultArmId: cMKKeyVaultResourceId - keyIdentifier: !empty(cMKKeyVersion) ? '${cMKKeyVaultKey.properties.keyUri}/${cMKKeyVersion}' : cMKKeyVaultKey.properties.keyUriWithVersion + keyIdentifier: !empty(cMKKeyVersion) ? '${cMKKeyVault::cMKKey.properties.keyUri}/${cMKKeyVersion}' : cMKKeyVault::cMKKey.properties.keyUriWithVersion } } : null imageBuildCompute: imageBuildCompute diff --git a/modules/machine-learning-services/workspace/main.json b/modules/machine-learning-services/workspace/main.json index 6e07dd0f64..5f059e2b37 100644 --- a/modules/machine-learning-services/workspace/main.json +++ b/modules/machine-learning-services/workspace/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "13016639761646646515" + "templateHash": "7851635446929911077" }, "name": "Machine Learning Services Workspaces", "description": "This module deploys a Machine Learning Services Workspace.", @@ -333,6 +333,18 @@ "diagnosticsLogs": "[if(contains(parameters('diagnosticLogCategoriesToEnable'), 'allLogs'), createArray(createObject('categoryGroup', 'allLogs', 'enabled', true())), if(contains(parameters('diagnosticLogCategoriesToEnable'), ''), createArray(), variables('diagnosticsLogsSpecified')))]" }, "resources": { + "cMKKeyVault::cMKKey": { + "condition": "[and(not(empty(parameters('cMKKeyVaultResourceId'))), not(empty(parameters('cMKKeyName'))))]", + "existing": true, + "type": "Microsoft.KeyVault/vaults/keys", + "apiVersion": "2023-02-01", + "subscriptionId": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '//'), '/')[2]]", + "resourceGroup": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '////'), '/')[4]]", + "name": "[format('{0}/{1}', last(split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), 'dummyVault'), '/')), if(not(empty(parameters('cMKKeyName'))), parameters('cMKKeyName'), 'dummyKey'))]", + "dependsOn": [ + "cMKKeyVault" + ] + }, "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", "type": "Microsoft.Resources/deployments", @@ -347,14 +359,14 @@ } } }, - "cMKKeyVaultKey": { - "condition": "[and(not(empty(parameters('cMKKeyVaultResourceId'))), not(empty(parameters('cMKKeyName'))))]", + "cMKKeyVault": { + "condition": "[not(empty(parameters('cMKKeyVaultResourceId')))]", "existing": true, - "type": "Microsoft.KeyVault/vaults/keys", + "type": "Microsoft.KeyVault/vaults", "apiVersion": "2021-10-01", - "subscriptionId": "[split(parameters('cMKKeyVaultResourceId'), '/')[2]]", - "resourceGroup": "[split(parameters('cMKKeyVaultResourceId'), '/')[4]]", - "name": "[format('{0}/{1}', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName'))]" + "subscriptionId": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '//'), '/')[2]]", + "resourceGroup": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '////'), '/')[4]]", + "name": "[last(split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), 'dummyVault'), '/'))]" }, "workspace": { "type": "Microsoft.MachineLearningServices/workspaces", @@ -377,7 +389,7 @@ "allowPublicAccessWhenBehindVnet": "[parameters('allowPublicAccessWhenBehindVnet')]", "description": "[parameters('description')]", "discoveryUrl": "[parameters('discoveryUrl')]", - "encryption": "[if(not(empty(parameters('cMKKeyName'))), createObject('status', 'Enabled', 'identity', if(not(empty(parameters('cMKUserAssignedIdentityResourceId'))), createObject('userAssignedIdentity', parameters('cMKUserAssignedIdentityResourceId')), null()), 'keyVaultProperties', createObject('keyVaultArmId', parameters('cMKKeyVaultResourceId'), 'keyIdentifier', if(not(empty(parameters('cMKKeyVersion'))), format('{0}/{1}', reference('cMKKeyVaultKey').keyUri, parameters('cMKKeyVersion')), reference('cMKKeyVaultKey').keyUriWithVersion))), null())]", + "encryption": "[if(not(empty(parameters('cMKKeyName'))), createObject('status', 'Enabled', 'identity', if(not(empty(parameters('cMKUserAssignedIdentityResourceId'))), createObject('userAssignedIdentity', parameters('cMKUserAssignedIdentityResourceId')), null()), 'keyVaultProperties', createObject('keyVaultArmId', parameters('cMKKeyVaultResourceId'), 'keyIdentifier', if(not(empty(parameters('cMKKeyVersion'))), format('{0}/{1}', reference('cMKKeyVault::cMKKey').keyUri, parameters('cMKKeyVersion')), reference('cMKKeyVault::cMKKey').keyUriWithVersion))), null())]", "imageBuildCompute": "[parameters('imageBuildCompute')]", "primaryUserAssignedIdentity": "[parameters('primaryUserAssignedIdentity')]", "publicNetworkAccess": "[if(not(empty(parameters('publicNetworkAccess'))), parameters('publicNetworkAccess'), if(not(empty(parameters('privateEndpoints'))), 'Disabled', 'Enabled'))]", @@ -385,7 +397,7 @@ "sharedPrivateLinkResources": "[parameters('sharedPrivateLinkResources')]" }, "dependsOn": [ - "cMKKeyVaultKey" + "cMKKeyVault" ] }, "workspace_lock": { From b0bd43e22abe903cfd40c84dbb1d72e93bd07304 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Fri, 20 Oct 2023 10:37:16 +0200 Subject: [PATCH 46/52] Update synapse --- modules/synapse/workspace/main.bicep | 13 +++++------ modules/synapse/workspace/main.json | 35 +++++++++++++++------------- 2 files changed, 25 insertions(+), 23 deletions(-) diff --git a/modules/synapse/workspace/main.bicep b/modules/synapse/workspace/main.bicep index 0d039d366d..9f1bac808f 100644 --- a/modules/synapse/workspace/main.bicep +++ b/modules/synapse/workspace/main.bicep @@ -159,13 +159,12 @@ var diagnosticsLogs = contains(diagnosticLogCategoriesToEnable, 'allLogs') ? [ var enableReferencedModulesTelemetry = false resource cMKKeyVault 'Microsoft.KeyVault/vaults@2021-10-01' existing = if (!empty(cMKKeyVaultResourceId)) { - name: last(split(cMKKeyVaultResourceId, '/'))! - scope: resourceGroup(split(cMKKeyVaultResourceId, '/')[2], split(cMKKeyVaultResourceId, '/')[4]) -} + name: last(split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : 'dummyVault'), '/'))! + scope: resourceGroup(split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : '//'), '/')[2], split((!empty(cMKKeyVaultResourceId) ? cMKKeyVaultResourceId : '////'), '/')[4]) -resource cMKKeyVaultKey 'Microsoft.KeyVault/vaults/keys@2021-10-01' existing = if (!empty(cMKKeyVaultResourceId) && !empty(cMKKeyName)) { - name: '${last(split(cMKKeyVaultResourceId, '/'))}/${cMKKeyName}'! - scope: resourceGroup(split(cMKKeyVaultResourceId, '/')[2], split(cMKKeyVaultResourceId, '/')[4]) + resource cMKKey 'keys@2023-02-01' existing = if (!empty(cMKKeyName)) { + name: !empty(cMKKeyName) ? cMKKeyName : 'dummyKey' + } } resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { @@ -203,7 +202,7 @@ resource workspace 'Microsoft.Synapse/workspaces@2021-06-01' = { useSystemAssignedIdentity: cMKUseSystemAssignedIdentity } key: { - keyVaultUrl: cMKKeyVaultKey.properties.keyUri + keyVaultUrl: cMKKeyVault::cMKKey.properties.keyUri name: cMKKeyName } } diff --git a/modules/synapse/workspace/main.json b/modules/synapse/workspace/main.json index f4f45edcc9..8c6486e6ea 100644 --- a/modules/synapse/workspace/main.json +++ b/modules/synapse/workspace/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "17488808869576693510" + "templateHash": "2812430715889836837" }, "name": "Synapse Workspaces", "description": "This module deploys a Synapse Workspace.", @@ -329,23 +329,26 @@ "enableReferencedModulesTelemetry": false }, "resources": { + "cMKKeyVault::cMKKey": { + "condition": "[and(not(empty(parameters('cMKKeyVaultResourceId'))), not(empty(parameters('cMKKeyName'))))]", + "existing": true, + "type": "Microsoft.KeyVault/vaults/keys", + "apiVersion": "2023-02-01", + "subscriptionId": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '//'), '/')[2]]", + "resourceGroup": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '////'), '/')[4]]", + "name": "[format('{0}/{1}', last(split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), 'dummyVault'), '/')), if(not(empty(parameters('cMKKeyName'))), parameters('cMKKeyName'), 'dummyKey'))]", + "dependsOn": [ + "cMKKeyVault" + ] + }, "cMKKeyVault": { "condition": "[not(empty(parameters('cMKKeyVaultResourceId')))]", "existing": true, "type": "Microsoft.KeyVault/vaults", "apiVersion": "2021-10-01", - "subscriptionId": "[split(parameters('cMKKeyVaultResourceId'), '/')[2]]", - "resourceGroup": "[split(parameters('cMKKeyVaultResourceId'), '/')[4]]", - "name": "[last(split(parameters('cMKKeyVaultResourceId'), '/'))]" - }, - "cMKKeyVaultKey": { - "condition": "[and(not(empty(parameters('cMKKeyVaultResourceId'))), not(empty(parameters('cMKKeyName'))))]", - "existing": true, - "type": "Microsoft.KeyVault/vaults/keys", - "apiVersion": "2021-10-01", - "subscriptionId": "[split(parameters('cMKKeyVaultResourceId'), '/')[2]]", - "resourceGroup": "[split(parameters('cMKKeyVaultResourceId'), '/')[4]]", - "name": "[format('{0}/{1}', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName'))]" + "subscriptionId": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '//'), '/')[2]]", + "resourceGroup": "[split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), '////'), '/')[4]]", + "name": "[last(split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), 'dummyVault'), '/'))]" }, "defaultTelemetry": { "condition": "[parameters('enableDefaultTelemetry')]", @@ -377,7 +380,7 @@ "filesystem": "[parameters('defaultDataLakeStorageFilesystem')]", "createManagedPrivateEndpoint": "[if(parameters('managedVirtualNetwork'), parameters('defaultDataLakeStorageCreateManagedPrivateEndpoint'), null())]" }, - "encryption": "[if(parameters('encryption'), createObject('cmk', createObject('kekIdentity', createObject('userAssignedIdentity', if(not(empty(parameters('cMKUserAssignedIdentityResourceId'))), parameters('cMKUserAssignedIdentityResourceId'), null()), 'useSystemAssignedIdentity', parameters('cMKUseSystemAssignedIdentity')), 'key', createObject('keyVaultUrl', reference('cMKKeyVaultKey').keyUri, 'name', parameters('cMKKeyName')))), null())]", + "encryption": "[if(parameters('encryption'), createObject('cmk', createObject('kekIdentity', createObject('userAssignedIdentity', if(not(empty(parameters('cMKUserAssignedIdentityResourceId'))), parameters('cMKUserAssignedIdentityResourceId'), null()), 'useSystemAssignedIdentity', parameters('cMKUseSystemAssignedIdentity')), 'key', createObject('keyVaultUrl', reference('cMKKeyVault::cMKKey').keyUri, 'name', parameters('cMKKeyName')))), null())]", "managedResourceGroupName": "[if(not(empty(parameters('managedResourceGroupName'))), parameters('managedResourceGroupName'), null())]", "managedVirtualNetwork": "[if(parameters('managedVirtualNetwork'), 'default', null())]", "managedVirtualNetworkSettings": "[if(parameters('managedVirtualNetwork'), createObject('allowedAadTenantIdsForLinking', parameters('allowedAadTenantIdsForLinking'), 'linkedAccessCheckOnTargetResource', parameters('linkedAccessCheckOnTargetResource'), 'preventDataExfiltration', parameters('preventDataExfiltration')), null())]", @@ -388,7 +391,7 @@ "workspaceRepositoryConfiguration": "[parameters('workspaceRepositoryConfiguration')]" }, "dependsOn": [ - "cMKKeyVaultKey" + "cMKKeyVault" ] }, "workspace_lock": { @@ -566,7 +569,7 @@ "workspaceIndentityPrincipalId": { "value": "[reference('workspace', '2021-06-01', 'full').identity.principalId]" }, - "keyvaultName": "[if(not(empty(parameters('cMKKeyVaultResourceId'))), createObject('value', last(split(parameters('cMKKeyVaultResourceId'), '/'))), createObject('value', ''))]", + "keyvaultName": "[if(not(empty(parameters('cMKKeyVaultResourceId'))), createObject('value', last(split(if(not(empty(parameters('cMKKeyVaultResourceId'))), parameters('cMKKeyVaultResourceId'), 'dummyVault'), '/'))), createObject('value', ''))]", "usesRbacAuthorization": "[if(not(empty(parameters('cMKKeyVaultResourceId'))), createObject('value', reference('cMKKeyVault').enableRbacAuthorization), createObject('value', true()))]" }, "template": { From 6f50b61d64bc8edb1e6e51ea594842d8e25ca767 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Fri, 20 Oct 2023 10:57:12 +0200 Subject: [PATCH 47/52] Updated databricks to work around new bicep limitation --- .../workspace/.test/common/dependencies.bicep | 29 +++++++++++++++++-- .../workspace/.test/common/main.test.bicep | 3 +- 2 files changed, 29 insertions(+), 3 deletions(-) diff --git a/modules/databricks/workspace/.test/common/dependencies.bicep b/modules/databricks/workspace/.test/common/dependencies.bicep index ebef077726..4c074d6ae8 100644 --- a/modules/databricks/workspace/.test/common/dependencies.bicep +++ b/modules/databricks/workspace/.test/common/dependencies.bicep @@ -7,6 +7,9 @@ param managedIdentityName string @description('Required. The name of the Key Vault to create.') param keyVaultName string +@description('Required. The name of the Key Vault for Disk Encryption to create.') +param keyVaultDiskName string + @description('Required. The name of the Azure Machine Learning Workspace to create.') param amlWorkspaceName string @@ -56,8 +59,27 @@ resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' = { kty: 'RSA' } } +} + +resource keyVaultDisk 'Microsoft.KeyVault/vaults@2022-07-01' = { + name: keyVaultDiskName + location: location + properties: { + sku: { + family: 'A' + name: 'standard' + } + tenantId: tenant().tenantId + enablePurgeProtection: true // Required by batch account + softDeleteRetentionInDays: 7 + enabledForTemplateDeployment: true + enabledForDiskEncryption: true + enabledForDeployment: true + enableRbacAuthorization: true + accessPolicies: [] + } - resource keyDisk 'keys@2022-07-01' = { + resource key 'keys@2022-07-01' = { name: 'keyEncryptionKeyDisk' properties: { kty: 'RSA' @@ -327,6 +349,9 @@ output machineLearningWorkspaceResourceId string = machineLearningWorkspace.id @description('The resource ID of the created Key Vault.') output keyVaultResourceId string = keyVault.id +@description('The resource ID of the created Disk Key Vault.') +output keyVaultDiskResourceId string = keyVaultDisk.id + @description('The resource ID of the created Load Balancer.') output loadBalancerResourceId string = loadBalancer.id @@ -337,7 +362,7 @@ output loadBalancerBackendPoolName string = loadBalancer.properties.backendAddre output keyVaultKeyName string = keyVault::key.name @description('The name of the created Key Vault Disk encryption key.') -output keyVaultDiskKeyName string = keyVault::keyDisk.name +output keyVaultDiskKeyName string = keyVaultDisk::key.name @description('The principal ID of the created Managed Identity.') output managedIdentityPrincipalId string = managedIdentity.properties.principalId diff --git a/modules/databricks/workspace/.test/common/main.test.bicep b/modules/databricks/workspace/.test/common/main.test.bicep index e39481d4ac..52f646fd67 100644 --- a/modules/databricks/workspace/.test/common/main.test.bicep +++ b/modules/databricks/workspace/.test/common/main.test.bicep @@ -50,6 +50,7 @@ module nestedDependencies 'dependencies.bicep' = { networkSecurityGroupName: 'dep-${namePrefix}-nsg-${serviceShort}' // Adding base time to make the name unique as purge protection must be enabled (but may not be longer than 24 characters total) keyVaultName: 'dep-${namePrefix}-kv-${serviceShort}-${substring(uniqueString(baseTime), 0, 3)}' + keyVaultDiskName: 'dep-${namePrefix}-kve-${serviceShort}-${substring(uniqueString(baseTime), 0, 3)}' } } @@ -102,7 +103,7 @@ module testDeployment '../../main.bicep' = { cMKManagedServicesKeyName: nestedDependencies.outputs.keyVaultKeyName cMKManagedServicesKeyVaultResourceId: nestedDependencies.outputs.keyVaultResourceId cMKManagedDisksKeyName: nestedDependencies.outputs.keyVaultDiskKeyName - cMKManagedDisksKeyVaultResourceId: nestedDependencies.outputs.keyVaultResourceId + cMKManagedDisksKeyVaultResourceId: nestedDependencies.outputs.keyVaultDiskResourceId cMKManagedDisksKeyRotationToLatestKeyVersionEnabled: true storageAccountName: 'sa${namePrefix}${serviceShort}001' storageAccountSkuName: 'Standard_ZRS' From 70360b6d89fd1d72a9a5154bbf919e764bd601f8 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Fri, 20 Oct 2023 18:46:42 +0200 Subject: [PATCH 48/52] Updated KVLT + Purview --- .../vault/.test/common/main.test.bicep | 2 - .../key-vault/vault/.test/pe/main.test.bicep | 10 +-- modules/key-vault/vault/README.md | 20 ++--- .../account/.test/common/main.test.bicep | 40 ++++------ modules/purview/account/README.md | 80 +++++++------------ 5 files changed, 57 insertions(+), 95 deletions(-) diff --git a/modules/key-vault/vault/.test/common/main.test.bicep b/modules/key-vault/vault/.test/common/main.test.bicep index cc4c00df50..54db495112 100644 --- a/modules/key-vault/vault/.test/common/main.test.bicep +++ b/modules/key-vault/vault/.test/common/main.test.bicep @@ -136,9 +136,7 @@ module testDeployment '../../main.bicep' = { privateEndpoints: [ { privateDnsZoneResourceIds: [ - nestedDependencies.outputs.privateDNSZoneResourceId - ] service: 'vault' subnetResourceId: nestedDependencies.outputs.subnetResourceId diff --git a/modules/key-vault/vault/.test/pe/main.test.bicep b/modules/key-vault/vault/.test/pe/main.test.bicep index 2a99bb5bf2..32078f69a2 100644 --- a/modules/key-vault/vault/.test/pe/main.test.bicep +++ b/modules/key-vault/vault/.test/pe/main.test.bicep @@ -87,12 +87,10 @@ module testDeployment '../../main.bicep' = { } privateEndpoints: [ { - privateDnsZoneGroup: { - privateDNSResourceIds: [ - nestedDependencies.outputs.privateDNSZoneResourceId - ] - privateEndpointName: 'dep-${namePrefix}-pe-${serviceShort}' - } + privateDnsZoneResourceIds: [ + nestedDependencies.outputs.privateDNSZoneResourceId + ] + name: 'dep-${namePrefix}-pe-${serviceShort}' service: 'vault' subnetResourceId: nestedDependencies.outputs.subnetResourceId tags: { diff --git a/modules/key-vault/vault/README.md b/modules/key-vault/vault/README.md index 53a2294e41..ef1ac097eb 100644 --- a/modules/key-vault/vault/README.md +++ b/modules/key-vault/vault/README.md @@ -599,12 +599,10 @@ module vault 'br:bicep/modules/key-vault.vault:1.0.0' = { } privateEndpoints: [ { - privateDnsZoneGroup: { - privateDNSResourceIds: [ - '' - ] - privateEndpointName: 'dep-pe-kvvpe' - } + name: 'dep-pe-kvvpe' + privateDnsZoneResourceIds: [ + '' + ] service: 'vault' subnetResourceId: '' tags: { @@ -681,12 +679,10 @@ module vault 'br:bicep/modules/key-vault.vault:1.0.0' = { "privateEndpoints": { "value": [ { - "privateDnsZoneGroup": { - "privateDNSResourceIds": [ - "" - ], - "privateEndpointName": "dep-pe-kvvpe" - }, + "name": "dep-pe-kvvpe", + "privateDnsZoneResourceIds": [ + "" + ], "service": "vault", "subnetResourceId": "", "tags": { diff --git a/modules/purview/account/.test/common/main.test.bicep b/modules/purview/account/.test/common/main.test.bicep index 994f498e69..1db2c2caf0 100644 --- a/modules/purview/account/.test/common/main.test.bicep +++ b/modules/purview/account/.test/common/main.test.bicep @@ -92,11 +92,9 @@ module testDeployment '../../main.bicep' = { ] accountPrivateEndpoints: [ { - privateDnsZoneGroup: { - privateDNSResourceIds: [ - nestedDependencies.outputs.purviewAccountPrivateDNSResourceId - ] - } + privateDnsZoneResourceIds: [ + nestedDependencies.outputs.purviewAccountPrivateDNSResourceId + ] service: 'account' subnetResourceId: nestedDependencies.outputs.subnetResourceId tags: { @@ -108,11 +106,9 @@ module testDeployment '../../main.bicep' = { ] portalPrivateEndpoints: [ { - privateDnsZoneGroup: { - privateDNSResourceIds: [ - nestedDependencies.outputs.purviewPortalPrivateDNSResourceId - ] - } + privateDnsZoneResourceIds: [ + nestedDependencies.outputs.purviewPortalPrivateDNSResourceId + ] service: 'portal' subnetResourceId: nestedDependencies.outputs.subnetResourceId tags: { @@ -124,11 +120,9 @@ module testDeployment '../../main.bicep' = { ] storageBlobPrivateEndpoints: [ { - privateDnsZoneGroup: { - privateDNSResourceIds: [ - nestedDependencies.outputs.storageBlobPrivateDNSResourceId - ] - } + privateDnsZoneResourceIds: [ + nestedDependencies.outputs.storageBlobPrivateDNSResourceId + ] service: 'blob' subnetResourceId: nestedDependencies.outputs.subnetResourceId tags: { @@ -140,11 +134,9 @@ module testDeployment '../../main.bicep' = { ] storageQueuePrivateEndpoints: [ { - privateDnsZoneGroup: { - privateDNSResourceIds: [ - nestedDependencies.outputs.storageQueuePrivateDNSResourceId - ] - } + privateDnsZoneResourceIds: [ + nestedDependencies.outputs.storageQueuePrivateDNSResourceId + ] service: 'queue' subnetResourceId: nestedDependencies.outputs.subnetResourceId tags: { @@ -156,11 +148,9 @@ module testDeployment '../../main.bicep' = { ] eventHubPrivateEndpoints: [ { - privateDnsZoneGroup: { - privateDNSResourceIds: [ - nestedDependencies.outputs.eventHubPrivateDNSResourceId - ] - } + privateDnsZoneResourceIds: [ + nestedDependencies.outputs.eventHubPrivateDNSResourceId + ] service: 'namespace' subnetResourceId: nestedDependencies.outputs.subnetResourceId tags: { diff --git a/modules/purview/account/README.md b/modules/purview/account/README.md index 9bf78ad43f..c41e02d5c5 100644 --- a/modules/purview/account/README.md +++ b/modules/purview/account/README.md @@ -50,11 +50,9 @@ module account 'br:bicep/modules/purview.account:1.0.0' = { // Non-required parameters accountPrivateEndpoints: [ { - privateDnsZoneGroup: { - privateDNSResourceIds: [ - '' - ] - } + privateDnsZoneResourceIds: [ + '' + ] service: 'account' subnetResourceId: '' tags: { @@ -77,11 +75,9 @@ module account 'br:bicep/modules/purview.account:1.0.0' = { enableDefaultTelemetry: '' eventHubPrivateEndpoints: [ { - privateDnsZoneGroup: { - privateDNSResourceIds: [ - '' - ] - } + privateDnsZoneResourceIds: [ + '' + ] service: 'namespace' subnetResourceId: '' tags: { @@ -99,11 +95,9 @@ module account 'br:bicep/modules/purview.account:1.0.0' = { managedResourceGroupName: 'pvacom001-managed-rg' portalPrivateEndpoints: [ { - privateDnsZoneGroup: { - privateDNSResourceIds: [ - '' - ] - } + privateDnsZoneResourceIds: [ + '' + ] service: 'portal' subnetResourceId: '' tags: { @@ -125,11 +119,9 @@ module account 'br:bicep/modules/purview.account:1.0.0' = { ] storageBlobPrivateEndpoints: [ { - privateDnsZoneGroup: { - privateDNSResourceIds: [ - '' - ] - } + privateDnsZoneResourceIds: [ + '' + ] service: 'blob' subnetResourceId: '' tags: { @@ -141,11 +133,9 @@ module account 'br:bicep/modules/purview.account:1.0.0' = { ] storageQueuePrivateEndpoints: [ { - privateDnsZoneGroup: { - privateDNSResourceIds: [ - '' - ] - } + privateDnsZoneResourceIds: [ + '' + ] service: 'queue' subnetResourceId: '' tags: { @@ -187,11 +177,9 @@ module account 'br:bicep/modules/purview.account:1.0.0' = { "accountPrivateEndpoints": { "value": [ { - "privateDnsZoneGroup": { - "privateDNSResourceIds": [ - "" - ] - }, + "privateDnsZoneResourceIds": [ + "" + ], "service": "account", "subnetResourceId": "", "tags": { @@ -230,11 +218,9 @@ module account 'br:bicep/modules/purview.account:1.0.0' = { "eventHubPrivateEndpoints": { "value": [ { - "privateDnsZoneGroup": { - "privateDNSResourceIds": [ - "" - ] - }, + "privateDnsZoneResourceIds": [ + "" + ], "service": "namespace", "subnetResourceId": "", "tags": { @@ -260,11 +246,9 @@ module account 'br:bicep/modules/purview.account:1.0.0' = { "portalPrivateEndpoints": { "value": [ { - "privateDnsZoneGroup": { - "privateDNSResourceIds": [ - "" - ] - }, + "privateDnsZoneResourceIds": [ + "" + ], "service": "portal", "subnetResourceId": "", "tags": { @@ -292,11 +276,9 @@ module account 'br:bicep/modules/purview.account:1.0.0' = { "storageBlobPrivateEndpoints": { "value": [ { - "privateDnsZoneGroup": { - "privateDNSResourceIds": [ - "" - ] - }, + "privateDnsZoneResourceIds": [ + "" + ], "service": "blob", "subnetResourceId": "", "tags": { @@ -310,11 +292,9 @@ module account 'br:bicep/modules/purview.account:1.0.0' = { "storageQueuePrivateEndpoints": { "value": [ { - "privateDnsZoneGroup": { - "privateDNSResourceIds": [ - "" - ] - }, + "privateDnsZoneResourceIds": [ + "" + ], "service": "queue", "subnetResourceId": "", "tags": { From 4530ccb4d003447cf4d61c8339e51369f5aba6b4 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Fri, 20 Oct 2023 20:47:10 +0200 Subject: [PATCH 49/52] Added batch to security center to how to fix update bug --- modules/security/azure-security-center/main.bicep | 1 + modules/security/azure-security-center/main.json | 6 ++++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/modules/security/azure-security-center/main.bicep b/modules/security/azure-security-center/main.bicep index e1f9fbcab4..d0adb8211a 100644 --- a/modules/security/azure-security-center/main.bicep +++ b/modules/security/azure-security-center/main.bicep @@ -191,6 +191,7 @@ resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (ena } } +@batchSize(1) resource pricingTiers 'Microsoft.Security/pricings@2018-06-01' = [for (pricing, index) in pricings: { name: pricing.name properties: { diff --git a/modules/security/azure-security-center/main.json b/modules/security/azure-security-center/main.json index cf4fce1f0b..757ee94252 100644 --- a/modules/security/azure-security-center/main.json +++ b/modules/security/azure-security-center/main.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.22.6.54827", - "templateHash": "5337788890835022528" + "templateHash": "6628258573559470770" }, "name": "Azure Security Center (Defender for Cloud)", "description": "This module deploys an Azure Security Center (Defender for Cloud) Configuration.", @@ -289,7 +289,9 @@ { "copy": { "name": "pricingTiers", - "count": "[length(variables('pricings'))]" + "count": "[length(variables('pricings'))]", + "mode": "serial", + "batchSize": 1 }, "type": "Microsoft.Security/pricings", "apiVersion": "2018-06-01", From 7cc838f3cbccc08f07516797a80c818850dc8989 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Fri, 20 Oct 2023 21:04:02 +0200 Subject: [PATCH 50/52] Added write host for readme in case of diff for troubleshooting --- utilities/pipelines/staticValidation/module.tests.ps1 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/utilities/pipelines/staticValidation/module.tests.ps1 b/utilities/pipelines/staticValidation/module.tests.ps1 index 59805a7a6d..09fb88a75a 100644 --- a/utilities/pipelines/staticValidation/module.tests.ps1 +++ b/utilities/pipelines/staticValidation/module.tests.ps1 @@ -391,6 +391,8 @@ Describe 'Module tests' -Tag 'Module' { $diffReponse = git diff $readMeFilePath Write-Warning ($diffReponse | Out-String) -Verbose + Write-Host (Get-Content -Path $readMeFilePath | Out-String) -Verbose + # Reset readme file to original state git checkout HEAD -- $readMeFilePath } From 848cd90df4b86506c08364af80d6a9d3a32991c3 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Fri, 20 Oct 2023 21:11:07 +0200 Subject: [PATCH 51/52] Rollback --- utilities/pipelines/staticValidation/module.tests.ps1 | 2 -- 1 file changed, 2 deletions(-) diff --git a/utilities/pipelines/staticValidation/module.tests.ps1 b/utilities/pipelines/staticValidation/module.tests.ps1 index 09fb88a75a..59805a7a6d 100644 --- a/utilities/pipelines/staticValidation/module.tests.ps1 +++ b/utilities/pipelines/staticValidation/module.tests.ps1 @@ -391,8 +391,6 @@ Describe 'Module tests' -Tag 'Module' { $diffReponse = git diff $readMeFilePath Write-Warning ($diffReponse | Out-String) -Verbose - Write-Host (Get-Content -Path $readMeFilePath | Out-String) -Verbose - # Reset readme file to original state git checkout HEAD -- $readMeFilePath } From e2171604d286a0dbf1b7ee6563008a11480c92a8 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sat, 21 Oct 2023 14:27:40 +0200 Subject: [PATCH 52/52] Rollback of constructs --- constructs/Compute/virtualMachinesMultiple/main.bicep | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/constructs/Compute/virtualMachinesMultiple/main.bicep b/constructs/Compute/virtualMachinesMultiple/main.bicep index 88257d6a32..9fc00d6f9e 100644 --- a/constructs/Compute/virtualMachinesMultiple/main.bicep +++ b/constructs/Compute/virtualMachinesMultiple/main.bicep @@ -242,8 +242,13 @@ param diagnosticEventHubAuthorizationRuleId string = '' @description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') param diagnosticEventHubName string = '' -@description('Optional. The lock settings of the service.') -param lock lockType +@allowed([ + '' + 'CanNotDelete' + 'ReadOnly' +]) +@description('Optional. Specify the type of lock.') +param lock string = '' @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') param roleAssignments array = []