From e5eda98275586c03a96b0fbe7aa24a74f5fa1bd1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robin=20M=C3=BCller?= <robin.mueller@microsoft.com>
Date: Thu, 26 Oct 2023 14:15:52 +0200
Subject: [PATCH 01/21] Module App Container Job

---
 .../app/job/.test/common/dependencies.bicep   |  28 +
 modules/app/job/.test/common/main.test.bicep  | 112 ++++
 modules/app/job/.test/min/dependencies.bicep  |  17 +
 modules/app/job/.test/min/main.test.bicep     |  79 +++
 modules/app/job/README.md                     | 586 ++++++++++++++++++
 modules/app/job/main.bicep                    | 198 ++++++
 modules/app/job/main.json                     | 378 +++++++++++
 modules/app/job/version.json                  |   7 +
 8 files changed, 1405 insertions(+)
 create mode 100644 modules/app/job/.test/common/dependencies.bicep
 create mode 100644 modules/app/job/.test/common/main.test.bicep
 create mode 100644 modules/app/job/.test/min/dependencies.bicep
 create mode 100644 modules/app/job/.test/min/main.test.bicep
 create mode 100644 modules/app/job/README.md
 create mode 100644 modules/app/job/main.bicep
 create mode 100644 modules/app/job/main.json
 create mode 100644 modules/app/job/version.json

diff --git a/modules/app/job/.test/common/dependencies.bicep b/modules/app/job/.test/common/dependencies.bicep
new file mode 100644
index 0000000000..a6700c9d60
--- /dev/null
+++ b/modules/app/job/.test/common/dependencies.bicep
@@ -0,0 +1,28 @@
+@description('Required. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+@description('Required. The name of the Managed Environment for Container Apps to create.')
+param managedEnvironmentName string
+
+@description('Required. The name of the managed identity to create.')
+param managedIdentityName string
+
+resource managedEnvironment 'Microsoft.App/managedEnvironments@2022-10-01' = {
+  name: managedEnvironmentName
+  location: location
+  sku: {
+    name: 'Consumption'
+  }
+  properties: {}
+}
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2022-01-31-preview' = {
+  name: managedIdentityName
+  location: location
+}
+
+@description('The resource ID of the created Managed Identity.')
+output managedIdentityResourceId string = managedIdentity.id
+
+@description('The resource ID of the created Managed Environment.')
+output managedEnvironmentResourceId string = managedEnvironment.id
diff --git a/modules/app/job/.test/common/main.test.bicep b/modules/app/job/.test/common/main.test.bicep
new file mode 100644
index 0000000000..7ae6c974a3
--- /dev/null
+++ b/modules/app/job/.test/common/main.test.bicep
@@ -0,0 +1,112 @@
+targetScope = 'subscription'
+
+metadata name = 'Using large parameter set'
+metadata description = 'This instance deploys the module with most of its features enabled.'
+
+// ========== //
+// Parameters //
+// ========== //
+
+@description('Optional. The name of the resource group to deploy for testing purposes.')
+@maxLength(90)
+param resourceGroupName string = 'dep-${namePrefix}-app.containerApps-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to.')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.')
+param serviceShort string = 'mcappcom'
+
+@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
+param enableDefaultTelemetry bool = true
+
+@description('Optional. A token to inject into the name of each resource.')
+param namePrefix string = '[[namePrefix]]'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module nestedDependencies 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    location: location
+    managedEnvironmentName: 'dep-${namePrefix}-menv-${serviceShort}'
+    managedIdentityName: 'dep-${namePrefix}-msi-${serviceShort}'
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../main.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-test-${serviceShort}'
+  params: {
+    name: '${namePrefix}${serviceShort}001'
+    tags: {
+      'hidden-title': 'This is visible in the resource name'
+      Env: 'test'
+    }
+    enableDefaultTelemetry: enableDefaultTelemetry
+    environmentId: nestedDependencies.outputs.managedEnvironmentResourceId
+    location: location
+    lock: {
+      kind: 'CanNotDelete'
+      name: 'myCustomLockName'
+    }
+    userAssignedIdentities: {
+      '${nestedDependencies.outputs.managedIdentityResourceId}': {}
+    }
+    secrets: {
+      secureList: [
+        {
+          name: 'customtest'
+          value: guid(deployment().name)
+        }
+      ]
+    }
+    triggerType: 'Manual'
+    manualTriggerConfig: {
+      replicaCompletionCount: 1
+      parallelism: 1
+    }
+    containers: [
+      {
+        name: 'simple-hello-world-container'
+        image: 'mcr.microsoft.com/azuredocs/containerapps-helloworld:latest'
+        resources: {
+          // workaround as 'float' values are not supported in Bicep, yet the resource providers expects them. Related issue: https://github.com/Azure/bicep/issues/1386
+          cpu: json('0.25')
+          memory: '0.5Gi'
+        }
+        probes: [
+          {
+            type: 'Liveness'
+            httpGet: {
+              path: '/health'
+              port: 8080
+              httpHeaders: [
+                {
+                  name: 'Custom-Header'
+                  value: 'Awesome'
+                }
+              ]
+            }
+            initialDelaySeconds: 3
+            periodSeconds: 3
+          }
+        ]
+      }
+    ]
+  }
+}
diff --git a/modules/app/job/.test/min/dependencies.bicep b/modules/app/job/.test/min/dependencies.bicep
new file mode 100644
index 0000000000..edf4adee4b
--- /dev/null
+++ b/modules/app/job/.test/min/dependencies.bicep
@@ -0,0 +1,17 @@
+@description('Required. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+@description('Required. The name of the Managed Environment to create.')
+param managedEnvironmentName string
+
+resource managedEnvironment 'Microsoft.App/managedEnvironments@2022-10-01' = {
+  name: managedEnvironmentName
+  location: location
+  sku: {
+    name: 'Consumption'
+  }
+  properties: {}
+}
+
+@description('The resource ID of the created Managed Environment.')
+output managedEnvironmentResourceId string = managedEnvironment.id
diff --git a/modules/app/job/.test/min/main.test.bicep b/modules/app/job/.test/min/main.test.bicep
new file mode 100644
index 0000000000..295f2aa9b7
--- /dev/null
+++ b/modules/app/job/.test/min/main.test.bicep
@@ -0,0 +1,79 @@
+targetScope = 'subscription'
+
+metadata name = 'Using only defaults'
+metadata description = 'This instance deploys the module with the minimum set of required parameters.'
+
+// ========== //
+// Parameters //
+// ========== //
+
+@description('Optional. The name of the resource group to deploy for testing purposes.')
+@maxLength(90)
+param resourceGroupName string = 'dep-${namePrefix}-app.containerApps-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to.')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.')
+param serviceShort string = 'mcappmin'
+
+@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
+param enableDefaultTelemetry bool = true
+
+@description('Optional. A token to inject into the name of each resource.')
+param namePrefix string = '[[namePrefix]]'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module nestedDependencies 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    location: location
+    managedEnvironmentName: 'dep-${namePrefix}-menv-${serviceShort}'
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../main.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-test-${serviceShort}'
+  params: {
+    name: '${namePrefix}${serviceShort}001'
+    tags: {
+      'hidden-title': 'This is visible in the resource name'
+      Env: 'test'
+    }
+    enableDefaultTelemetry: enableDefaultTelemetry
+    environmentId: nestedDependencies.outputs.managedEnvironmentResourceId
+    location: location
+    triggerType: 'Manual'
+    manualTriggerConfig: {
+      replicaCompletionCount: 1
+      parallelism: 1
+    }
+    containers: [
+      {
+        name: 'simple-hello-world-container'
+        image: 'mcr.microsoft.com/azuredocs/containerapps-helloworld:latest'
+        resources: {
+          // workaround as 'float' values are not supported in Bicep, yet the resource providers expects them. Related issue: https://github.com/Azure/bicep/issues/1386
+          cpu: json('0.25')
+          memory: '0.5Gi'
+        }
+      }
+    ]
+  }
+}
diff --git a/modules/app/job/README.md b/modules/app/job/README.md
new file mode 100644
index 0000000000..87c0ee4b80
--- /dev/null
+++ b/modules/app/job/README.md
@@ -0,0 +1,586 @@
+# Container App Jobs `[Microsoft.App/jobs]`
+
+This module deploys a Container App Job.
+
+## Navigation
+
+- [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
+- [Parameters](#Parameters)
+- [Outputs](#Outputs)
+- [Cross-referenced modules](#Cross-referenced-modules)
+
+## Resource Types
+
+| Resource Type | API Version |
+| :-- | :-- |
+| `Microsoft.App/jobs` | [2023-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.App/2023-05-01/jobs) |
+| `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) |
+| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) |
+
+## Usage examples
+
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
+
+>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
+
+>**Note**: To reference the module, please use the following syntax `br:bicep/modules/app.job:1.0.0`.
+
+- [Using large parameter set](#example-1-using-large-parameter-set)
+- [Using only defaults](#example-2-using-only-defaults)
+
+### Example 1: _Using large parameter set_
+
+This instance deploys the module with most of its features enabled.
+
+
+<details>
+
+<summary>via Bicep module</summary>
+
+```bicep
+module job 'br:bicep/modules/app.job:1.0.0' = {
+  name: '${uniqueString(deployment().name, location)}-test-mcappcom'
+  params: {
+    // Required parameters
+    containers: [
+      {
+        image: 'mcr.microsoft.com/azuredocs/containerapps-helloworld:latest'
+        name: 'simple-hello-world-container'
+        probes: [
+          {
+            httpGet: {
+              httpHeaders: [
+                {
+                  name: 'Custom-Header'
+                  value: 'Awesome'
+                }
+              ]
+              path: '/health'
+              port: 8080
+            }
+            initialDelaySeconds: 3
+            periodSeconds: 3
+            type: 'Liveness'
+          }
+        ]
+        resources: {
+          cpu: '<cpu>'
+          memory: '0.5Gi'
+        }
+      }
+    ]
+    environmentId: '<environmentId>'
+    name: 'mcappcom001'
+    triggerType: 'Manual'
+    // Non-required parameters
+    enableDefaultTelemetry: '<enableDefaultTelemetry>'
+    location: '<location>'
+    lock: {
+      kind: 'CanNotDelete'
+      name: 'myCustomLockName'
+    }
+    manualTriggerConfig: {
+      parallelism: 1
+      replicaCompletionCount: 1
+    }
+    secrets: {
+      secureList: [
+        {
+          name: 'customtest'
+          value: '<value>'
+        }
+      ]
+    }
+    tags: {
+      Env: 'test'
+      'hidden-title': 'This is visible in the resource name'
+    }
+    userAssignedIdentities: {
+      '<managedIdentityResourceId>': {}
+    }
+  }
+}
+```
+
+</details>
+<p>
+
+<details>
+
+<summary>via JSON Parameter file</summary>
+
+```json
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    // Required parameters
+    "containers": {
+      "value": [
+        {
+          "image": "mcr.microsoft.com/azuredocs/containerapps-helloworld:latest",
+          "name": "simple-hello-world-container",
+          "probes": [
+            {
+              "httpGet": {
+                "httpHeaders": [
+                  {
+                    "name": "Custom-Header",
+                    "value": "Awesome"
+                  }
+                ],
+                "path": "/health",
+                "port": 8080
+              },
+              "initialDelaySeconds": 3,
+              "periodSeconds": 3,
+              "type": "Liveness"
+            }
+          ],
+          "resources": {
+            "cpu": "<cpu>",
+            "memory": "0.5Gi"
+          }
+        }
+      ]
+    },
+    "environmentId": {
+      "value": "<environmentId>"
+    },
+    "name": {
+      "value": "mcappcom001"
+    },
+    "triggerType": {
+      "value": "Manual"
+    },
+    // Non-required parameters
+    "enableDefaultTelemetry": {
+      "value": "<enableDefaultTelemetry>"
+    },
+    "location": {
+      "value": "<location>"
+    },
+    "lock": {
+      "value": {
+        "kind": "CanNotDelete",
+        "name": "myCustomLockName"
+      }
+    },
+    "manualTriggerConfig": {
+      "value": {
+        "parallelism": 1,
+        "replicaCompletionCount": 1
+      }
+    },
+    "secrets": {
+      "value": {
+        "secureList": [
+          {
+            "name": "customtest",
+            "value": "<value>"
+          }
+        ]
+      }
+    },
+    "tags": {
+      "value": {
+        "Env": "test",
+        "hidden-title": "This is visible in the resource name"
+      }
+    },
+    "userAssignedIdentities": {
+      "value": {
+        "<managedIdentityResourceId>": {}
+      }
+    }
+  }
+}
+```
+
+</details>
+<p>
+
+### Example 2: _Using only defaults_
+
+This instance deploys the module with the minimum set of required parameters.
+
+
+<details>
+
+<summary>via Bicep module</summary>
+
+```bicep
+module job 'br:bicep/modules/app.job:1.0.0' = {
+  name: '${uniqueString(deployment().name, location)}-test-mcappmin'
+  params: {
+    // Required parameters
+    containers: [
+      {
+        image: 'mcr.microsoft.com/azuredocs/containerapps-helloworld:latest'
+        name: 'simple-hello-world-container'
+        resources: {
+          cpu: '<cpu>'
+          memory: '0.5Gi'
+        }
+      }
+    ]
+    environmentId: '<environmentId>'
+    name: 'mcappmin001'
+    triggerType: 'Manual'
+    // Non-required parameters
+    enableDefaultTelemetry: '<enableDefaultTelemetry>'
+    location: '<location>'
+    manualTriggerConfig: {
+      parallelism: 1
+      replicaCompletionCount: 1
+    }
+    tags: {
+      Env: 'test'
+      'hidden-title': 'This is visible in the resource name'
+    }
+  }
+}
+```
+
+</details>
+<p>
+
+<details>
+
+<summary>via JSON Parameter file</summary>
+
+```json
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    // Required parameters
+    "containers": {
+      "value": [
+        {
+          "image": "mcr.microsoft.com/azuredocs/containerapps-helloworld:latest",
+          "name": "simple-hello-world-container",
+          "resources": {
+            "cpu": "<cpu>",
+            "memory": "0.5Gi"
+          }
+        }
+      ]
+    },
+    "environmentId": {
+      "value": "<environmentId>"
+    },
+    "name": {
+      "value": "mcappmin001"
+    },
+    "triggerType": {
+      "value": "Manual"
+    },
+    // Non-required parameters
+    "enableDefaultTelemetry": {
+      "value": "<enableDefaultTelemetry>"
+    },
+    "location": {
+      "value": "<location>"
+    },
+    "manualTriggerConfig": {
+      "value": {
+        "parallelism": 1,
+        "replicaCompletionCount": 1
+      }
+    },
+    "tags": {
+      "value": {
+        "Env": "test",
+        "hidden-title": "This is visible in the resource name"
+      }
+    }
+  }
+}
+```
+
+</details>
+<p>
+
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`containers`](#parameter-containers) | array | List of container definitions for the Container App. |
+| [`environmentId`](#parameter-environmentid) | string | Resource ID of environment. |
+| [`name`](#parameter-name) | string | Name of the Container App. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`initContainersTemplate`](#parameter-initcontainerstemplate) | array | List of specialized containers that run before app containers. |
+| [`location`](#parameter-location) | string | Location for all Resources. |
+| [`lock`](#parameter-lock) | object | The lock settings of the service. |
+| [`registries`](#parameter-registries) | array | Collection of private container registry credentials for containers used by the Container app. |
+| [`replicaRetryLimit`](#parameter-replicaretrylimit) | int | The maximum number of times a replica can be retried. |
+| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute. |
+| [`secrets`](#parameter-secrets) | secureObject | The secrets of the Container App. |
+| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. |
+| [`tags`](#parameter-tags) | object | Tags of the resource. |
+| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The set of user assigned identities associated with the resource, the userAssignedIdentities dictionary keys will be ARM resource IDs and The dictionary values can be empty objects ({}) in requests. |
+| [`volumes`](#parameter-volumes) | array | List of volume definitions for the Container App. |
+| [`workloadProfileName`](#parameter-workloadprofilename) | string | The name of the workload profile to use. |
+
+**Required if TriggerType is Event parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`eventTriggerConfig`](#parameter-eventtriggerconfig) | object | Configuration of an event driven job. |
+
+**Required if TriggerType is Schedule parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`scheduleTriggerConfig`](#parameter-scheduletriggerconfig) | object | Configuration of a schedule based job. |
+
+**Required if TriggerType is Manual parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`manualTriggerConfig`](#parameter-manualtriggerconfig) | object | Configuration of a manual job. |
+
+**Maximum number of seconds a replica is allowed to run parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+
+**Trigger type of the job parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+
+### Parameter: `containers`
+
+List of container definitions for the Container App.
+- Required: Yes
+- Type: array
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `environmentId`
+
+Resource ID of environment.
+- Required: Yes
+- Type: string
+
+### Parameter: `eventTriggerConfig`
+
+Configuration of an event driven job.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `initContainersTemplate`
+
+List of specialized containers that run before app containers.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `location`
+
+Location for all Resources.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `lock`
+
+The lock settings of the service.
+- Required: No
+- Type: object
+
+
+| Name | Required | Type | Description |
+| :-- | :-- | :--| :-- |
+| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. |
+| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. |
+
+### Parameter: `lock.kind`
+
+Optional. Specify the type of lock.
+
+- Required: No
+- Type: string
+- Allowed: `[CanNotDelete, None, ReadOnly]`
+
+### Parameter: `lock.name`
+
+Optional. Specify the name of lock.
+
+- Required: No
+- Type: string
+
+### Parameter: `manualTriggerConfig`
+
+Configuration of a manual job.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `name`
+
+Name of the Container App.
+- Required: Yes
+- Type: string
+
+### Parameter: `registries`
+
+Collection of private container registry credentials for containers used by the Container app.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `replicaRetryLimit`
+
+The maximum number of times a replica can be retried.
+- Required: No
+- Type: int
+- Default: `0`
+
+### Parameter: `roleAssignments`
+
+Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute.
+- Required: No
+- Type: array
+
+
+| Name | Required | Type | Description |
+| :-- | :-- | :--| :-- |
+| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" |
+| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. |
+| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. |
+| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. |
+| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. |
+| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. |
+| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. |
+
+### Parameter: `roleAssignments.condition`
+
+Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"
+
+- Required: No
+- Type: string
+
+### Parameter: `roleAssignments.conditionVersion`
+
+Optional. Version of the condition.
+
+- Required: No
+- Type: string
+- Allowed: `[2.0]`
+
+### Parameter: `roleAssignments.delegatedManagedIdentityResourceId`
+
+Optional. The Resource Id of the delegated managed identity resource.
+
+- Required: No
+- Type: string
+
+### Parameter: `roleAssignments.description`
+
+Optional. The description of the role assignment.
+
+- Required: No
+- Type: string
+
+### Parameter: `roleAssignments.principalId`
+
+Required. The principal ID of the principal (user/group/identity) to assign the role to.
+
+- Required: Yes
+- Type: string
+
+### Parameter: `roleAssignments.principalType`
+
+Optional. The principal type of the assigned principal ID.
+
+- Required: No
+- Type: string
+- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]`
+
+### Parameter: `roleAssignments.roleDefinitionIdOrName`
+
+Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.
+
+- Required: Yes
+- Type: string
+
+### Parameter: `scheduleTriggerConfig`
+
+Configuration of a schedule based job.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `secrets`
+
+The secrets of the Container App.
+- Required: No
+- Type: secureObject
+- Default: `{object}`
+
+### Parameter: `systemAssignedIdentity`
+
+Enables system assigned managed identity on the resource.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `tags`
+
+Tags of the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `userAssignedIdentities`
+
+The set of user assigned identities associated with the resource, the userAssignedIdentities dictionary keys will be ARM resource IDs and The dictionary values can be empty objects ({}) in requests.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `volumes`
+
+List of volume definitions for the Container App.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `workloadProfileName`
+
+The name of the workload profile to use.
+- Required: No
+- Type: string
+- Default: `'Default'`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The name of the Container App Job. |
+| `resourceGroupName` | string | The name of the resource group the Container App Job was deployed into. |
+| `resourceId` | string | The resource ID of the Container App Job. |
+
+## Cross-referenced modules
+
+_None_
diff --git a/modules/app/job/main.bicep b/modules/app/job/main.bicep
new file mode 100644
index 0000000000..2329cec7cb
--- /dev/null
+++ b/modules/app/job/main.bicep
@@ -0,0 +1,198 @@
+metadata name = 'Container App Jobs'
+metadata description = 'This module deploys a Container App Job.'
+metadata owner = 'Azure/module-maintainers'
+
+@description('Required. Name of the Container App.')
+param name string
+
+@description('Optional. Location for all Resources.')
+param location string = resourceGroup().location
+
+@description('Required. Resource ID of environment.')
+param environmentId string
+
+@description('Optional. The lock settings of the service.')
+param lock lockType
+
+@description('Optional. Tags of the resource.')
+param tags object = {}
+
+@description('Optional. Collection of private container registry credentials for containers used by the Container app.')
+param registries array = []
+
+@description('Optional. Enables system assigned managed identity on the resource.')
+param systemAssignedIdentity bool = false
+
+@description('Optional. The set of user assigned identities associated with the resource, the userAssignedIdentities dictionary keys will be ARM resource IDs and The dictionary values can be empty objects ({}) in requests.')
+param userAssignedIdentities object = {}
+
+@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute.')
+param roleAssignments roleAssignmentType
+
+@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
+param enableDefaultTelemetry bool = true
+
+@description('Required. List of container definitions for the Container App.')
+param containers array
+
+@description('Optional. List of specialized containers that run before app containers.')
+param initContainersTemplate array = []
+
+@description('Required if TriggerType is Event. Configuration of an event driven job.')
+param eventTriggerConfig object = {}
+
+@description('Required if TriggerType is Schedule. Configuration of a schedule based job.')
+param scheduleTriggerConfig object = {}
+
+@description('Required if TriggerType is Manual. Configuration of a manual job.')
+param manualTriggerConfig object = {}
+
+@description('Optional. The maximum number of times a replica can be retried.')
+param replicaRetryLimit int = 0
+
+@description('Optional. The name of the workload profile to use.')
+param workloadProfileName string = 'Default'
+
+@description('Optional. The secrets of the Container App.')
+@secure()
+param secrets object = {}
+
+@description('Optional. List of volume definitions for the Container App.')
+param volumes array = []
+
+@description('Maximum number of seconds a replica is allowed to run.')
+param replicaTimeout int = 1800
+
+@allowed([
+  'Event'
+  'Manual'
+  'Schedule'
+])
+@description('Trigger type of the job.')
+param triggerType string
+
+var secretList = !empty(secrets) ? secrets.secureList : []
+
+var identityType = systemAssignedIdentity ? (!empty(userAssignedIdentities) ? 'SystemAssigned,UserAssigned' : 'SystemAssigned') : (!empty(userAssignedIdentities) ? 'UserAssigned' : 'None')
+
+var identity = identityType != 'None' ? {
+  type: identityType
+  userAssignedIdentities: !empty(userAssignedIdentities) ? userAssignedIdentities : null
+} : null
+
+var builtInRoleNames = {
+  'ContainerApp Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ad2dd5fb-cd4b-4fd4-a9b6-4fed3630980b')
+  Contributor: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')
+  Owner: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')
+  Reader: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')
+  'Role Based Access Control Administrator (Preview)': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')
+  'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')
+}
+
+resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) {
+  name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}'
+  properties: {
+    mode: 'Incremental'
+    template: {
+      '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#'
+      contentVersion: '1.0.0.0'
+      resources: []
+    }
+  }
+}
+
+resource containerAppJob 'Microsoft.App/jobs@2023-05-01' = {
+  name: name
+  tags: tags
+  location: location
+  identity: identity
+  properties: {
+    environmentId: environmentId
+    configuration: {
+      eventTriggerConfig: triggerType == 'Event' ? eventTriggerConfig : null
+      manualTriggerConfig: triggerType == 'Manual' ? manualTriggerConfig : null
+      scheduleTriggerConfig: triggerType == 'Schedule' ? scheduleTriggerConfig : null
+      replicaRetryLimit: replicaRetryLimit
+      replicaTimeout: replicaTimeout
+      registries: !empty(registries) ? registries : null
+      secrets: secretList
+      triggerType: triggerType
+    }
+    template: {
+      containers: containers
+      initContainers: !empty(initContainersTemplate) ? initContainersTemplate : null
+      volumes: !empty(volumes) ? volumes : null
+    }
+    workloadProfileName: workloadProfileName
+  }
+}
+
+resource containerAppJob_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') {
+  name: lock.?name ?? 'lock-${name}'
+  properties: {
+    level: lock.?kind ?? ''
+    notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.'
+  }
+  scope: containerAppJob
+}
+
+resource containerAppJob_roleAssignments 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for (roleAssignment, index) in (roleAssignments ?? []): {
+  name: guid(containerAppJob.id, roleAssignment.principalId, roleAssignment.roleDefinitionIdOrName)
+  properties: {
+    roleDefinitionId: contains(builtInRoleNames, roleAssignment.roleDefinitionIdOrName) ? builtInRoleNames[roleAssignment.roleDefinitionIdOrName] : roleAssignment.roleDefinitionIdOrName
+    principalId: roleAssignment.principalId
+    description: roleAssignment.?description
+    principalType: roleAssignment.?principalType
+    condition: roleAssignment.?condition
+    conditionVersion: !empty(roleAssignment.?condition) ? (roleAssignment.?conditionVersion ?? '2.0') : null // Must only be set if condtion is set
+    delegatedManagedIdentityResourceId: roleAssignment.?delegatedManagedIdentityResourceId
+  }
+  scope: containerAppJob
+}]
+
+@description('The resource ID of the Container App Job.')
+output resourceId string = containerAppJob.id
+
+@description('The name of the resource group the Container App Job was deployed into.')
+output resourceGroupName string = resourceGroup().name
+
+@description('The name of the Container App Job.')
+output name string = containerAppJob.name
+
+@description('The location the resource was deployed into.')
+output location string = containerAppJob.location
+
+// =============== //
+//   Definitions   //
+// =============== //
+
+type lockType = {
+  @description('Optional. Specify the name of lock.')
+  name: string?
+
+  @description('Optional. Specify the type of lock.')
+  kind: ('CanNotDelete' | 'ReadOnly' | 'None')?
+}?
+
+type roleAssignmentType = {
+  @description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.')
+  roleDefinitionIdOrName: string
+
+  @description('Required. The principal ID of the principal (user/group/identity) to assign the role to.')
+  principalId: string
+
+  @description('Optional. The principal type of the assigned principal ID.')
+  principalType: ('ServicePrincipal' | 'Group' | 'User' | 'ForeignGroup' | 'Device' | null)?
+
+  @description('Optional. The description of the role assignment.')
+  description: string?
+
+  @description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"')
+  condition: string?
+
+  @description('Optional. Version of the condition.')
+  conditionVersion: '2.0'?
+
+  @description('Optional. The Resource Id of the delegated managed identity resource.')
+  delegatedManagedIdentityResourceId: string?
+}[]?
diff --git a/modules/app/job/main.json b/modules/app/job/main.json
new file mode 100644
index 0000000000..682fad38f9
--- /dev/null
+++ b/modules/app/job/main.json
@@ -0,0 +1,378 @@
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+  "languageVersion": "2.0",
+  "contentVersion": "1.0.0.0",
+  "metadata": {
+    "_generator": {
+      "name": "bicep",
+      "version": "0.22.6.54827",
+      "templateHash": "16298065054374494160"
+    },
+    "name": "Container App Jobs",
+    "description": "This module deploys a Container App Job.",
+    "owner": "Azure/module-maintainers"
+  },
+  "definitions": {
+    "lockType": {
+      "type": "object",
+      "properties": {
+        "name": {
+          "type": "string",
+          "nullable": true,
+          "metadata": {
+            "description": "Optional. Specify the name of lock."
+          }
+        },
+        "kind": {
+          "type": "string",
+          "allowedValues": [
+            "CanNotDelete",
+            "None",
+            "ReadOnly"
+          ],
+          "nullable": true,
+          "metadata": {
+            "description": "Optional. Specify the type of lock."
+          }
+        }
+      },
+      "nullable": true
+    },
+    "roleAssignmentType": {
+      "type": "array",
+      "items": {
+        "type": "object",
+        "properties": {
+          "roleDefinitionIdOrName": {
+            "type": "string",
+            "metadata": {
+              "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead."
+            }
+          },
+          "principalId": {
+            "type": "string",
+            "metadata": {
+              "description": "Required. The principal ID of the principal (user/group/identity) to assign the role to."
+            }
+          },
+          "principalType": {
+            "type": "string",
+            "allowedValues": [
+              "Device",
+              "ForeignGroup",
+              "Group",
+              "ServicePrincipal",
+              "User"
+            ],
+            "nullable": true,
+            "metadata": {
+              "description": "Optional. The principal type of the assigned principal ID."
+            }
+          },
+          "description": {
+            "type": "string",
+            "nullable": true,
+            "metadata": {
+              "description": "Optional. The description of the role assignment."
+            }
+          },
+          "condition": {
+            "type": "string",
+            "nullable": true,
+            "metadata": {
+              "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\""
+            }
+          },
+          "conditionVersion": {
+            "type": "string",
+            "allowedValues": [
+              "2.0"
+            ],
+            "nullable": true,
+            "metadata": {
+              "description": "Optional. Version of the condition."
+            }
+          },
+          "delegatedManagedIdentityResourceId": {
+            "type": "string",
+            "nullable": true,
+            "metadata": {
+              "description": "Optional. The Resource Id of the delegated managed identity resource."
+            }
+          }
+        }
+      },
+      "nullable": true
+    }
+  },
+  "parameters": {
+    "name": {
+      "type": "string",
+      "metadata": {
+        "description": "Required. Name of the Container App."
+      }
+    },
+    "location": {
+      "type": "string",
+      "defaultValue": "[resourceGroup().location]",
+      "metadata": {
+        "description": "Optional. Location for all Resources."
+      }
+    },
+    "environmentId": {
+      "type": "string",
+      "metadata": {
+        "description": "Required. Resource ID of environment."
+      }
+    },
+    "lock": {
+      "$ref": "#/definitions/lockType",
+      "metadata": {
+        "description": "Optional. The lock settings of the service."
+      }
+    },
+    "tags": {
+      "type": "object",
+      "defaultValue": {},
+      "metadata": {
+        "description": "Optional. Tags of the resource."
+      }
+    },
+    "registries": {
+      "type": "array",
+      "defaultValue": [],
+      "metadata": {
+        "description": "Optional. Collection of private container registry credentials for containers used by the Container app."
+      }
+    },
+    "systemAssignedIdentity": {
+      "type": "bool",
+      "defaultValue": false,
+      "metadata": {
+        "description": "Optional. Enables system assigned managed identity on the resource."
+      }
+    },
+    "userAssignedIdentities": {
+      "type": "object",
+      "defaultValue": {},
+      "metadata": {
+        "description": "Optional. The set of user assigned identities associated with the resource, the userAssignedIdentities dictionary keys will be ARM resource IDs and The dictionary values can be empty objects ({}) in requests."
+      }
+    },
+    "roleAssignments": {
+      "$ref": "#/definitions/roleAssignmentType",
+      "metadata": {
+        "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute."
+      }
+    },
+    "enableDefaultTelemetry": {
+      "type": "bool",
+      "defaultValue": true,
+      "metadata": {
+        "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
+      }
+    },
+    "containers": {
+      "type": "array",
+      "metadata": {
+        "description": "Required. List of container definitions for the Container App."
+      }
+    },
+    "initContainersTemplate": {
+      "type": "array",
+      "defaultValue": [],
+      "metadata": {
+        "description": "Optional. List of specialized containers that run before app containers."
+      }
+    },
+    "eventTriggerConfig": {
+      "type": "object",
+      "defaultValue": {},
+      "metadata": {
+        "description": "Required if TriggerType is Event. Configuration of an event driven job."
+      }
+    },
+    "scheduleTriggerConfig": {
+      "type": "object",
+      "defaultValue": {},
+      "metadata": {
+        "description": "Required if TriggerType is Schedule. Configuration of a schedule based job."
+      }
+    },
+    "manualTriggerConfig": {
+      "type": "object",
+      "defaultValue": {},
+      "metadata": {
+        "description": "Required if TriggerType is Manual. Configuration of a manual job."
+      }
+    },
+    "replicaRetryLimit": {
+      "type": "int",
+      "defaultValue": 0,
+      "metadata": {
+        "description": "Optional. The maximum number of times a replica can be retried."
+      }
+    },
+    "workloadProfileName": {
+      "type": "string",
+      "defaultValue": "Default",
+      "metadata": {
+        "description": "Optional. The name of the workload profile to use."
+      }
+    },
+    "secrets": {
+      "type": "secureObject",
+      "defaultValue": {},
+      "metadata": {
+        "description": "Optional. The secrets of the Container App."
+      }
+    },
+    "volumes": {
+      "type": "array",
+      "defaultValue": [],
+      "metadata": {
+        "description": "Optional. List of volume definitions for the Container App."
+      }
+    },
+    "replicaTimeout": {
+      "type": "int",
+      "defaultValue": 1800,
+      "metadata": {
+        "description": "Maximum number of seconds a replica is allowed to run."
+      }
+    },
+    "triggerType": {
+      "type": "string",
+      "allowedValues": [
+        "Event",
+        "Manual",
+        "Schedule"
+      ],
+      "metadata": {
+        "description": "Trigger type of the job."
+      }
+    }
+  },
+  "variables": {
+    "secretList": "[if(not(empty(parameters('secrets'))), parameters('secrets').secureList, createArray())]",
+    "identityType": "[if(parameters('systemAssignedIdentity'), if(not(empty(parameters('userAssignedIdentities'))), 'SystemAssigned,UserAssigned', 'SystemAssigned'), if(not(empty(parameters('userAssignedIdentities'))), 'UserAssigned', 'None'))]",
+    "identity": "[if(not(equals(variables('identityType'), 'None')), createObject('type', variables('identityType'), 'userAssignedIdentities', if(not(empty(parameters('userAssignedIdentities'))), parameters('userAssignedIdentities'), null())), null())]",
+    "builtInRoleNames": {
+      "ContainerApp Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ad2dd5fb-cd4b-4fd4-a9b6-4fed3630980b')]",
+      "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]",
+      "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]",
+      "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]",
+      "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]",
+      "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]"
+    }
+  },
+  "resources": {
+    "defaultTelemetry": {
+      "condition": "[parameters('enableDefaultTelemetry')]",
+      "type": "Microsoft.Resources/deployments",
+      "apiVersion": "2021-04-01",
+      "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]",
+      "properties": {
+        "mode": "Incremental",
+        "template": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "1.0.0.0",
+          "resources": []
+        }
+      }
+    },
+    "containerAppJob": {
+      "type": "Microsoft.App/jobs",
+      "apiVersion": "2023-05-01",
+      "name": "[parameters('name')]",
+      "tags": "[parameters('tags')]",
+      "location": "[parameters('location')]",
+      "identity": "[variables('identity')]",
+      "properties": {
+        "environmentId": "[parameters('environmentId')]",
+        "configuration": {
+          "eventTriggerConfig": "[if(equals(parameters('triggerType'), 'Event'), parameters('eventTriggerConfig'), null())]",
+          "manualTriggerConfig": "[if(equals(parameters('triggerType'), 'Manual'), parameters('manualTriggerConfig'), null())]",
+          "scheduleTriggerConfig": "[if(equals(parameters('triggerType'), 'Schedule'), parameters('scheduleTriggerConfig'), null())]",
+          "replicaRetryLimit": "[parameters('replicaRetryLimit')]",
+          "replicaTimeout": "[parameters('replicaTimeout')]",
+          "registries": "[if(not(empty(parameters('registries'))), parameters('registries'), null())]",
+          "secrets": "[variables('secretList')]",
+          "triggerType": "[parameters('triggerType')]"
+        },
+        "template": {
+          "containers": "[parameters('containers')]",
+          "initContainers": "[if(not(empty(parameters('initContainersTemplate'))), parameters('initContainersTemplate'), null())]",
+          "volumes": "[if(not(empty(parameters('volumes'))), parameters('volumes'), null())]"
+        },
+        "workloadProfileName": "[parameters('workloadProfileName')]"
+      }
+    },
+    "containerAppJob_lock": {
+      "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]",
+      "type": "Microsoft.Authorization/locks",
+      "apiVersion": "2020-05-01",
+      "scope": "[format('Microsoft.App/jobs/{0}', parameters('name'))]",
+      "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]",
+      "properties": {
+        "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]",
+        "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]"
+      },
+      "dependsOn": [
+        "containerAppJob"
+      ]
+    },
+    "containerAppJob_roleAssignments": {
+      "copy": {
+        "name": "containerAppJob_roleAssignments",
+        "count": "[length(coalesce(parameters('roleAssignments'), createArray()))]"
+      },
+      "type": "Microsoft.Authorization/roleAssignments",
+      "apiVersion": "2022-04-01",
+      "scope": "[format('Microsoft.App/jobs/{0}', parameters('name'))]",
+      "name": "[guid(resourceId('Microsoft.App/jobs', parameters('name')), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId, coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]",
+      "properties": {
+        "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName), variables('builtInRoleNames')[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName], coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]",
+        "principalId": "[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId]",
+        "description": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'description')]",
+        "principalType": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'principalType')]",
+        "condition": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition')]",
+        "conditionVersion": "[if(not(empty(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition'))), coalesce(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'conditionVersion'), '2.0'), null())]",
+        "delegatedManagedIdentityResourceId": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'delegatedManagedIdentityResourceId')]"
+      },
+      "dependsOn": [
+        "containerAppJob"
+      ]
+    }
+  },
+  "outputs": {
+    "resourceId": {
+      "type": "string",
+      "metadata": {
+        "description": "The resource ID of the Container App Job."
+      },
+      "value": "[resourceId('Microsoft.App/jobs', parameters('name'))]"
+    },
+    "resourceGroupName": {
+      "type": "string",
+      "metadata": {
+        "description": "The name of the resource group the Container App Job was deployed into."
+      },
+      "value": "[resourceGroup().name]"
+    },
+    "name": {
+      "type": "string",
+      "metadata": {
+        "description": "The name of the Container App Job."
+      },
+      "value": "[parameters('name')]"
+    },
+    "location": {
+      "type": "string",
+      "metadata": {
+        "description": "The location the resource was deployed into."
+      },
+      "value": "[reference('containerAppJob', '2023-05-01', 'full').location]"
+    }
+  }
+}
\ No newline at end of file
diff --git a/modules/app/job/version.json b/modules/app/job/version.json
new file mode 100644
index 0000000000..7fa401bdf7
--- /dev/null
+++ b/modules/app/job/version.json
@@ -0,0 +1,7 @@
+{
+    "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#",
+    "version": "0.1",
+    "pathFilters": [
+        "./main.json"
+    ]
+}

From d80a232ff00648ac8814c911d28caf55307002be Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robin=20M=C3=BCller?= <robin.mueller@microsoft.com>
Date: Thu, 26 Oct 2023 14:41:34 +0200
Subject: [PATCH 02/21] add pipelines

---
 .azuredevops/modulePipelines/ms.app.jobs.yml | 50 ++++++++++++
 .github/workflows/ms.app.jobs.yml            | 84 ++++++++++++++++++++
 2 files changed, 134 insertions(+)
 create mode 100644 .azuredevops/modulePipelines/ms.app.jobs.yml
 create mode 100644 .github/workflows/ms.app.jobs.yml

diff --git a/.azuredevops/modulePipelines/ms.app.jobs.yml b/.azuredevops/modulePipelines/ms.app.jobs.yml
new file mode 100644
index 0000000000..beedc2bee1
--- /dev/null
+++ b/.azuredevops/modulePipelines/ms.app.jobs.yml
@@ -0,0 +1,50 @@
+name: 'App - Jobs'
+
+parameters:
+  - name: staticValidation
+    displayName: Execute static validation
+    type: boolean
+    default: true
+  - name: deploymentValidation
+    displayName: Execute deployment validation
+    type: boolean
+    default: true
+  - name: removeDeployment
+    displayName: Remove deployed module
+    type: boolean
+    default: true
+  - name: prerelease
+    displayName: Publish prerelease module
+    type: boolean
+    default: false
+
+pr: none
+
+trigger:
+  batch: true
+  branches:
+    include:
+      - main
+  paths:
+    include:
+      - '/.azuredevops/modulePipelines/ms.app.jobs.yml'
+      - '/.azuredevops/pipelineTemplates/*.yml'
+      - '/modules/app/job/*'
+      - '/utilities/pipelines/*'
+    exclude:
+      - '/utilities/pipelines/deploymentRemoval/*'
+      - '/**/*.md'
+
+variables:
+  - template: '../../settings.yml'
+  - group: 'PLATFORM_VARIABLES'
+  - name: modulePath
+    value: '/modules/app/job'
+
+stages:
+  - template: /.azuredevops/pipelineTemplates/stages.module.yml
+    parameters:
+      staticValidation: '${{ parameters.staticValidation }}'
+      deploymentValidation: '${{ parameters.deploymentValidation }}'
+      removeDeployment: '${{ parameters.removeDeployment }}'
+      prerelease: '${{ parameters.prerelease }}'
diff --git a/.github/workflows/ms.app.jobs.yml b/.github/workflows/ms.app.jobs.yml
new file mode 100644
index 0000000000..bde1eff318
--- /dev/null
+++ b/.github/workflows/ms.app.jobs.yml
@@ -0,0 +1,84 @@
+name: 'App - Jobs'
+
+on:
+  workflow_dispatch:
+    inputs:
+      staticValidation:
+        type: boolean
+        description: 'Execute static validation'
+        required: false
+        default: true
+      deploymentValidation:
+        type: boolean
+        description: 'Execute deployment validation'
+        required: false
+        default: true
+      removeDeployment:
+        type: boolean
+        description: 'Remove deployed module'
+        required: false
+        default: true
+      prerelease:
+        type: boolean
+        description: 'Publish prerelease module'
+        required: false
+        default: false
+  push:
+    branches:
+      - main
+    paths:
+      - '.github/actions/templates/**'
+      - '.github/workflows/template.module.yml'
+      - '.github/workflows/ms.app.jobs.yml'
+      - 'modules/app/job/**'
+      - 'utilities/pipelines/**'
+      - '!utilities/pipelines/deploymentRemoval/**'
+      - '!*/**/README.md'
+
+env:
+  modulePath: 'modules/app/job'
+  workflowPath: '.github/workflows/ms.app.jobs.yml'
+
+concurrency:
+  group: ${{ github.workflow }}
+
+jobs:
+  ###########################
+  #   Initialize pipeline   #
+  ###########################
+  job_initialize_pipeline:
+    runs-on: ubuntu-20.04
+    name: 'Initialize pipeline'
+    steps:
+      - name: 'Checkout'
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: 'Set input parameters to output variables'
+        id: get-workflow-param
+        uses: ./.github/actions/templates/getWorkflowInput
+        with:
+          workflowPath: '${{ env.workflowPath}}'
+      - name: 'Get parameter file paths'
+        id: get-module-test-file-paths
+        uses: ./.github/actions/templates/getModuleTestFiles
+        with:
+          modulePath: '${{ env.modulePath }}'
+    outputs:
+      workflowInput: ${{ steps.get-workflow-param.outputs.workflowInput }}
+      moduleTestFilePaths: ${{ steps.get-module-test-file-paths.outputs.moduleTestFilePaths }}
+      modulePath: '${{ env.modulePath }}'
+
+  ##############################
+  #   Call reusable workflow   #
+  ##############################
+  call-workflow-passing-data:
+    name: 'Module'
+    needs:
+      - job_initialize_pipeline
+    uses: ./.github/workflows/template.module.yml
+    with:
+      workflowInput: '${{ needs.job_initialize_pipeline.outputs.workflowInput }}'
+      moduleTestFilePaths: '${{ needs.job_initialize_pipeline.outputs.moduleTestFilePaths }}'
+      modulePath: '${{ needs.job_initialize_pipeline.outputs.modulePath}}'
+    secrets: inherit

From 21b8d7caa72b7d0301201559bcba267f661afeaa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robin=20M=C3=BCller?= <robin.mueller@microsoft.com>
Date: Thu, 26 Oct 2023 16:12:57 +0200
Subject: [PATCH 03/21] temp trigger for new module validation

---
 .github/workflows/ms.app.jobs.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/ms.app.jobs.yml b/.github/workflows/ms.app.jobs.yml
index bde1eff318..cc08740813 100644
--- a/.github/workflows/ms.app.jobs.yml
+++ b/.github/workflows/ms.app.jobs.yml
@@ -26,6 +26,7 @@ on:
   push:
     branches:
       - main
+      - feature/new-module-container-app-jobs
     paths:
       - '.github/actions/templates/**'
       - '.github/workflows/template.module.yml'

From ca0eb157c447faf2bd0f1ad469f104b670a7e35f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robin=20M=C3=BCller?= <robin.mueller@microsoft.com>
Date: Thu, 26 Oct 2023 16:21:49 +0200
Subject: [PATCH 04/21] fix file endings

---
 modules/app/job/README.md | 1172 ++++++++++++++++++-------------------
 1 file changed, 586 insertions(+), 586 deletions(-)

diff --git a/modules/app/job/README.md b/modules/app/job/README.md
index 87c0ee4b80..a1a0c07932 100644
--- a/modules/app/job/README.md
+++ b/modules/app/job/README.md
@@ -1,586 +1,586 @@
-# Container App Jobs `[Microsoft.App/jobs]`
-
-This module deploys a Container App Job.
-
-## Navigation
-
-- [Resource Types](#Resource-Types)
-- [Usage examples](#Usage-examples)
-- [Parameters](#Parameters)
-- [Outputs](#Outputs)
-- [Cross-referenced modules](#Cross-referenced-modules)
-
-## Resource Types
-
-| Resource Type | API Version |
-| :-- | :-- |
-| `Microsoft.App/jobs` | [2023-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.App/2023-05-01/jobs) |
-| `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) |
-| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) |
-
-## Usage examples
-
-The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
-
->**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-
->**Note**: To reference the module, please use the following syntax `br:bicep/modules/app.job:1.0.0`.
-
-- [Using large parameter set](#example-1-using-large-parameter-set)
-- [Using only defaults](#example-2-using-only-defaults)
-
-### Example 1: _Using large parameter set_
-
-This instance deploys the module with most of its features enabled.
-
-
-<details>
-
-<summary>via Bicep module</summary>
-
-```bicep
-module job 'br:bicep/modules/app.job:1.0.0' = {
-  name: '${uniqueString(deployment().name, location)}-test-mcappcom'
-  params: {
-    // Required parameters
-    containers: [
-      {
-        image: 'mcr.microsoft.com/azuredocs/containerapps-helloworld:latest'
-        name: 'simple-hello-world-container'
-        probes: [
-          {
-            httpGet: {
-              httpHeaders: [
-                {
-                  name: 'Custom-Header'
-                  value: 'Awesome'
-                }
-              ]
-              path: '/health'
-              port: 8080
-            }
-            initialDelaySeconds: 3
-            periodSeconds: 3
-            type: 'Liveness'
-          }
-        ]
-        resources: {
-          cpu: '<cpu>'
-          memory: '0.5Gi'
-        }
-      }
-    ]
-    environmentId: '<environmentId>'
-    name: 'mcappcom001'
-    triggerType: 'Manual'
-    // Non-required parameters
-    enableDefaultTelemetry: '<enableDefaultTelemetry>'
-    location: '<location>'
-    lock: {
-      kind: 'CanNotDelete'
-      name: 'myCustomLockName'
-    }
-    manualTriggerConfig: {
-      parallelism: 1
-      replicaCompletionCount: 1
-    }
-    secrets: {
-      secureList: [
-        {
-          name: 'customtest'
-          value: '<value>'
-        }
-      ]
-    }
-    tags: {
-      Env: 'test'
-      'hidden-title': 'This is visible in the resource name'
-    }
-    userAssignedIdentities: {
-      '<managedIdentityResourceId>': {}
-    }
-  }
-}
-```
-
-</details>
-<p>
-
-<details>
-
-<summary>via JSON Parameter file</summary>
-
-```json
-{
-  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-  "contentVersion": "1.0.0.0",
-  "parameters": {
-    // Required parameters
-    "containers": {
-      "value": [
-        {
-          "image": "mcr.microsoft.com/azuredocs/containerapps-helloworld:latest",
-          "name": "simple-hello-world-container",
-          "probes": [
-            {
-              "httpGet": {
-                "httpHeaders": [
-                  {
-                    "name": "Custom-Header",
-                    "value": "Awesome"
-                  }
-                ],
-                "path": "/health",
-                "port": 8080
-              },
-              "initialDelaySeconds": 3,
-              "periodSeconds": 3,
-              "type": "Liveness"
-            }
-          ],
-          "resources": {
-            "cpu": "<cpu>",
-            "memory": "0.5Gi"
-          }
-        }
-      ]
-    },
-    "environmentId": {
-      "value": "<environmentId>"
-    },
-    "name": {
-      "value": "mcappcom001"
-    },
-    "triggerType": {
-      "value": "Manual"
-    },
-    // Non-required parameters
-    "enableDefaultTelemetry": {
-      "value": "<enableDefaultTelemetry>"
-    },
-    "location": {
-      "value": "<location>"
-    },
-    "lock": {
-      "value": {
-        "kind": "CanNotDelete",
-        "name": "myCustomLockName"
-      }
-    },
-    "manualTriggerConfig": {
-      "value": {
-        "parallelism": 1,
-        "replicaCompletionCount": 1
-      }
-    },
-    "secrets": {
-      "value": {
-        "secureList": [
-          {
-            "name": "customtest",
-            "value": "<value>"
-          }
-        ]
-      }
-    },
-    "tags": {
-      "value": {
-        "Env": "test",
-        "hidden-title": "This is visible in the resource name"
-      }
-    },
-    "userAssignedIdentities": {
-      "value": {
-        "<managedIdentityResourceId>": {}
-      }
-    }
-  }
-}
-```
-
-</details>
-<p>
-
-### Example 2: _Using only defaults_
-
-This instance deploys the module with the minimum set of required parameters.
-
-
-<details>
-
-<summary>via Bicep module</summary>
-
-```bicep
-module job 'br:bicep/modules/app.job:1.0.0' = {
-  name: '${uniqueString(deployment().name, location)}-test-mcappmin'
-  params: {
-    // Required parameters
-    containers: [
-      {
-        image: 'mcr.microsoft.com/azuredocs/containerapps-helloworld:latest'
-        name: 'simple-hello-world-container'
-        resources: {
-          cpu: '<cpu>'
-          memory: '0.5Gi'
-        }
-      }
-    ]
-    environmentId: '<environmentId>'
-    name: 'mcappmin001'
-    triggerType: 'Manual'
-    // Non-required parameters
-    enableDefaultTelemetry: '<enableDefaultTelemetry>'
-    location: '<location>'
-    manualTriggerConfig: {
-      parallelism: 1
-      replicaCompletionCount: 1
-    }
-    tags: {
-      Env: 'test'
-      'hidden-title': 'This is visible in the resource name'
-    }
-  }
-}
-```
-
-</details>
-<p>
-
-<details>
-
-<summary>via JSON Parameter file</summary>
-
-```json
-{
-  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-  "contentVersion": "1.0.0.0",
-  "parameters": {
-    // Required parameters
-    "containers": {
-      "value": [
-        {
-          "image": "mcr.microsoft.com/azuredocs/containerapps-helloworld:latest",
-          "name": "simple-hello-world-container",
-          "resources": {
-            "cpu": "<cpu>",
-            "memory": "0.5Gi"
-          }
-        }
-      ]
-    },
-    "environmentId": {
-      "value": "<environmentId>"
-    },
-    "name": {
-      "value": "mcappmin001"
-    },
-    "triggerType": {
-      "value": "Manual"
-    },
-    // Non-required parameters
-    "enableDefaultTelemetry": {
-      "value": "<enableDefaultTelemetry>"
-    },
-    "location": {
-      "value": "<location>"
-    },
-    "manualTriggerConfig": {
-      "value": {
-        "parallelism": 1,
-        "replicaCompletionCount": 1
-      }
-    },
-    "tags": {
-      "value": {
-        "Env": "test",
-        "hidden-title": "This is visible in the resource name"
-      }
-    }
-  }
-}
-```
-
-</details>
-<p>
-
-
-## Parameters
-
-**Required parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-| [`containers`](#parameter-containers) | array | List of container definitions for the Container App. |
-| [`environmentId`](#parameter-environmentid) | string | Resource ID of environment. |
-| [`name`](#parameter-name) | string | Name of the Container App. |
-
-**Optional parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
-| [`initContainersTemplate`](#parameter-initcontainerstemplate) | array | List of specialized containers that run before app containers. |
-| [`location`](#parameter-location) | string | Location for all Resources. |
-| [`lock`](#parameter-lock) | object | The lock settings of the service. |
-| [`registries`](#parameter-registries) | array | Collection of private container registry credentials for containers used by the Container app. |
-| [`replicaRetryLimit`](#parameter-replicaretrylimit) | int | The maximum number of times a replica can be retried. |
-| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute. |
-| [`secrets`](#parameter-secrets) | secureObject | The secrets of the Container App. |
-| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. |
-| [`tags`](#parameter-tags) | object | Tags of the resource. |
-| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The set of user assigned identities associated with the resource, the userAssignedIdentities dictionary keys will be ARM resource IDs and The dictionary values can be empty objects ({}) in requests. |
-| [`volumes`](#parameter-volumes) | array | List of volume definitions for the Container App. |
-| [`workloadProfileName`](#parameter-workloadprofilename) | string | The name of the workload profile to use. |
-
-**Required if TriggerType is Event parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-| [`eventTriggerConfig`](#parameter-eventtriggerconfig) | object | Configuration of an event driven job. |
-
-**Required if TriggerType is Schedule parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-| [`scheduleTriggerConfig`](#parameter-scheduletriggerconfig) | object | Configuration of a schedule based job. |
-
-**Required if TriggerType is Manual parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-| [`manualTriggerConfig`](#parameter-manualtriggerconfig) | object | Configuration of a manual job. |
-
-**Maximum number of seconds a replica is allowed to run parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-
-**Trigger type of the job parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-
-### Parameter: `containers`
-
-List of container definitions for the Container App.
-- Required: Yes
-- Type: array
-
-### Parameter: `enableDefaultTelemetry`
-
-Enable telemetry via a Globally Unique Identifier (GUID).
-- Required: No
-- Type: bool
-- Default: `True`
-
-### Parameter: `environmentId`
-
-Resource ID of environment.
-- Required: Yes
-- Type: string
-
-### Parameter: `eventTriggerConfig`
-
-Configuration of an event driven job.
-- Required: No
-- Type: object
-- Default: `{object}`
-
-### Parameter: `initContainersTemplate`
-
-List of specialized containers that run before app containers.
-- Required: No
-- Type: array
-- Default: `[]`
-
-### Parameter: `location`
-
-Location for all Resources.
-- Required: No
-- Type: string
-- Default: `[resourceGroup().location]`
-
-### Parameter: `lock`
-
-The lock settings of the service.
-- Required: No
-- Type: object
-
-
-| Name | Required | Type | Description |
-| :-- | :-- | :--| :-- |
-| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. |
-| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. |
-
-### Parameter: `lock.kind`
-
-Optional. Specify the type of lock.
-
-- Required: No
-- Type: string
-- Allowed: `[CanNotDelete, None, ReadOnly]`
-
-### Parameter: `lock.name`
-
-Optional. Specify the name of lock.
-
-- Required: No
-- Type: string
-
-### Parameter: `manualTriggerConfig`
-
-Configuration of a manual job.
-- Required: No
-- Type: object
-- Default: `{object}`
-
-### Parameter: `name`
-
-Name of the Container App.
-- Required: Yes
-- Type: string
-
-### Parameter: `registries`
-
-Collection of private container registry credentials for containers used by the Container app.
-- Required: No
-- Type: array
-- Default: `[]`
-
-### Parameter: `replicaRetryLimit`
-
-The maximum number of times a replica can be retried.
-- Required: No
-- Type: int
-- Default: `0`
-
-### Parameter: `roleAssignments`
-
-Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute.
-- Required: No
-- Type: array
-
-
-| Name | Required | Type | Description |
-| :-- | :-- | :--| :-- |
-| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" |
-| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. |
-| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. |
-| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. |
-| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. |
-| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. |
-| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. |
-
-### Parameter: `roleAssignments.condition`
-
-Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"
-
-- Required: No
-- Type: string
-
-### Parameter: `roleAssignments.conditionVersion`
-
-Optional. Version of the condition.
-
-- Required: No
-- Type: string
-- Allowed: `[2.0]`
-
-### Parameter: `roleAssignments.delegatedManagedIdentityResourceId`
-
-Optional. The Resource Id of the delegated managed identity resource.
-
-- Required: No
-- Type: string
-
-### Parameter: `roleAssignments.description`
-
-Optional. The description of the role assignment.
-
-- Required: No
-- Type: string
-
-### Parameter: `roleAssignments.principalId`
-
-Required. The principal ID of the principal (user/group/identity) to assign the role to.
-
-- Required: Yes
-- Type: string
-
-### Parameter: `roleAssignments.principalType`
-
-Optional. The principal type of the assigned principal ID.
-
-- Required: No
-- Type: string
-- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]`
-
-### Parameter: `roleAssignments.roleDefinitionIdOrName`
-
-Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.
-
-- Required: Yes
-- Type: string
-
-### Parameter: `scheduleTriggerConfig`
-
-Configuration of a schedule based job.
-- Required: No
-- Type: object
-- Default: `{object}`
-
-### Parameter: `secrets`
-
-The secrets of the Container App.
-- Required: No
-- Type: secureObject
-- Default: `{object}`
-
-### Parameter: `systemAssignedIdentity`
-
-Enables system assigned managed identity on the resource.
-- Required: No
-- Type: bool
-- Default: `False`
-
-### Parameter: `tags`
-
-Tags of the resource.
-- Required: No
-- Type: object
-- Default: `{object}`
-
-### Parameter: `userAssignedIdentities`
-
-The set of user assigned identities associated with the resource, the userAssignedIdentities dictionary keys will be ARM resource IDs and The dictionary values can be empty objects ({}) in requests.
-- Required: No
-- Type: object
-- Default: `{object}`
-
-### Parameter: `volumes`
-
-List of volume definitions for the Container App.
-- Required: No
-- Type: array
-- Default: `[]`
-
-### Parameter: `workloadProfileName`
-
-The name of the workload profile to use.
-- Required: No
-- Type: string
-- Default: `'Default'`
-
-
-## Outputs
-
-| Output | Type | Description |
-| :-- | :-- | :-- |
-| `location` | string | The location the resource was deployed into. |
-| `name` | string | The name of the Container App Job. |
-| `resourceGroupName` | string | The name of the resource group the Container App Job was deployed into. |
-| `resourceId` | string | The resource ID of the Container App Job. |
-
-## Cross-referenced modules
-
-_None_
+# Container App Jobs `[Microsoft.App/jobs]`
+
+This module deploys a Container App Job.
+
+## Navigation
+
+- [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
+- [Parameters](#Parameters)
+- [Outputs](#Outputs)
+- [Cross-referenced modules](#Cross-referenced-modules)
+
+## Resource Types
+
+| Resource Type | API Version |
+| :-- | :-- |
+| `Microsoft.App/jobs` | [2023-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.App/2023-05-01/jobs) |
+| `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) |
+| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) |
+
+## Usage examples
+
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
+
+>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
+
+>**Note**: To reference the module, please use the following syntax `br:bicep/modules/app.job:1.0.0`.
+
+- [Using large parameter set](#example-1-using-large-parameter-set)
+- [Using only defaults](#example-2-using-only-defaults)
+
+### Example 1: _Using large parameter set_
+
+This instance deploys the module with most of its features enabled.
+
+
+<details>
+
+<summary>via Bicep module</summary>
+
+```bicep
+module job 'br:bicep/modules/app.job:1.0.0' = {
+  name: '${uniqueString(deployment().name, location)}-test-mcappcom'
+  params: {
+    // Required parameters
+    containers: [
+      {
+        image: 'mcr.microsoft.com/azuredocs/containerapps-helloworld:latest'
+        name: 'simple-hello-world-container'
+        probes: [
+          {
+            httpGet: {
+              httpHeaders: [
+                {
+                  name: 'Custom-Header'
+                  value: 'Awesome'
+                }
+              ]
+              path: '/health'
+              port: 8080
+            }
+            initialDelaySeconds: 3
+            periodSeconds: 3
+            type: 'Liveness'
+          }
+        ]
+        resources: {
+          cpu: '<cpu>'
+          memory: '0.5Gi'
+        }
+      }
+    ]
+    environmentId: '<environmentId>'
+    name: 'mcappcom001'
+    triggerType: 'Manual'
+    // Non-required parameters
+    enableDefaultTelemetry: '<enableDefaultTelemetry>'
+    location: '<location>'
+    lock: {
+      kind: 'CanNotDelete'
+      name: 'myCustomLockName'
+    }
+    manualTriggerConfig: {
+      parallelism: 1
+      replicaCompletionCount: 1
+    }
+    secrets: {
+      secureList: [
+        {
+          name: 'customtest'
+          value: '<value>'
+        }
+      ]
+    }
+    tags: {
+      Env: 'test'
+      'hidden-title': 'This is visible in the resource name'
+    }
+    userAssignedIdentities: {
+      '<managedIdentityResourceId>': {}
+    }
+  }
+}
+```
+
+</details>
+<p>
+
+<details>
+
+<summary>via JSON Parameter file</summary>
+
+```json
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    // Required parameters
+    "containers": {
+      "value": [
+        {
+          "image": "mcr.microsoft.com/azuredocs/containerapps-helloworld:latest",
+          "name": "simple-hello-world-container",
+          "probes": [
+            {
+              "httpGet": {
+                "httpHeaders": [
+                  {
+                    "name": "Custom-Header",
+                    "value": "Awesome"
+                  }
+                ],
+                "path": "/health",
+                "port": 8080
+              },
+              "initialDelaySeconds": 3,
+              "periodSeconds": 3,
+              "type": "Liveness"
+            }
+          ],
+          "resources": {
+            "cpu": "<cpu>",
+            "memory": "0.5Gi"
+          }
+        }
+      ]
+    },
+    "environmentId": {
+      "value": "<environmentId>"
+    },
+    "name": {
+      "value": "mcappcom001"
+    },
+    "triggerType": {
+      "value": "Manual"
+    },
+    // Non-required parameters
+    "enableDefaultTelemetry": {
+      "value": "<enableDefaultTelemetry>"
+    },
+    "location": {
+      "value": "<location>"
+    },
+    "lock": {
+      "value": {
+        "kind": "CanNotDelete",
+        "name": "myCustomLockName"
+      }
+    },
+    "manualTriggerConfig": {
+      "value": {
+        "parallelism": 1,
+        "replicaCompletionCount": 1
+      }
+    },
+    "secrets": {
+      "value": {
+        "secureList": [
+          {
+            "name": "customtest",
+            "value": "<value>"
+          }
+        ]
+      }
+    },
+    "tags": {
+      "value": {
+        "Env": "test",
+        "hidden-title": "This is visible in the resource name"
+      }
+    },
+    "userAssignedIdentities": {
+      "value": {
+        "<managedIdentityResourceId>": {}
+      }
+    }
+  }
+}
+```
+
+</details>
+<p>
+
+### Example 2: _Using only defaults_
+
+This instance deploys the module with the minimum set of required parameters.
+
+
+<details>
+
+<summary>via Bicep module</summary>
+
+```bicep
+module job 'br:bicep/modules/app.job:1.0.0' = {
+  name: '${uniqueString(deployment().name, location)}-test-mcappmin'
+  params: {
+    // Required parameters
+    containers: [
+      {
+        image: 'mcr.microsoft.com/azuredocs/containerapps-helloworld:latest'
+        name: 'simple-hello-world-container'
+        resources: {
+          cpu: '<cpu>'
+          memory: '0.5Gi'
+        }
+      }
+    ]
+    environmentId: '<environmentId>'
+    name: 'mcappmin001'
+    triggerType: 'Manual'
+    // Non-required parameters
+    enableDefaultTelemetry: '<enableDefaultTelemetry>'
+    location: '<location>'
+    manualTriggerConfig: {
+      parallelism: 1
+      replicaCompletionCount: 1
+    }
+    tags: {
+      Env: 'test'
+      'hidden-title': 'This is visible in the resource name'
+    }
+  }
+}
+```
+
+</details>
+<p>
+
+<details>
+
+<summary>via JSON Parameter file</summary>
+
+```json
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    // Required parameters
+    "containers": {
+      "value": [
+        {
+          "image": "mcr.microsoft.com/azuredocs/containerapps-helloworld:latest",
+          "name": "simple-hello-world-container",
+          "resources": {
+            "cpu": "<cpu>",
+            "memory": "0.5Gi"
+          }
+        }
+      ]
+    },
+    "environmentId": {
+      "value": "<environmentId>"
+    },
+    "name": {
+      "value": "mcappmin001"
+    },
+    "triggerType": {
+      "value": "Manual"
+    },
+    // Non-required parameters
+    "enableDefaultTelemetry": {
+      "value": "<enableDefaultTelemetry>"
+    },
+    "location": {
+      "value": "<location>"
+    },
+    "manualTriggerConfig": {
+      "value": {
+        "parallelism": 1,
+        "replicaCompletionCount": 1
+      }
+    },
+    "tags": {
+      "value": {
+        "Env": "test",
+        "hidden-title": "This is visible in the resource name"
+      }
+    }
+  }
+}
+```
+
+</details>
+<p>
+
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`containers`](#parameter-containers) | array | List of container definitions for the Container App. |
+| [`environmentId`](#parameter-environmentid) | string | Resource ID of environment. |
+| [`name`](#parameter-name) | string | Name of the Container App. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`initContainersTemplate`](#parameter-initcontainerstemplate) | array | List of specialized containers that run before app containers. |
+| [`location`](#parameter-location) | string | Location for all Resources. |
+| [`lock`](#parameter-lock) | object | The lock settings of the service. |
+| [`registries`](#parameter-registries) | array | Collection of private container registry credentials for containers used by the Container app. |
+| [`replicaRetryLimit`](#parameter-replicaretrylimit) | int | The maximum number of times a replica can be retried. |
+| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute. |
+| [`secrets`](#parameter-secrets) | secureObject | The secrets of the Container App. |
+| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. |
+| [`tags`](#parameter-tags) | object | Tags of the resource. |
+| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The set of user assigned identities associated with the resource, the userAssignedIdentities dictionary keys will be ARM resource IDs and The dictionary values can be empty objects ({}) in requests. |
+| [`volumes`](#parameter-volumes) | array | List of volume definitions for the Container App. |
+| [`workloadProfileName`](#parameter-workloadprofilename) | string | The name of the workload profile to use. |
+
+**Required if TriggerType is Event parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`eventTriggerConfig`](#parameter-eventtriggerconfig) | object | Configuration of an event driven job. |
+
+**Required if TriggerType is Schedule parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`scheduleTriggerConfig`](#parameter-scheduletriggerconfig) | object | Configuration of a schedule based job. |
+
+**Required if TriggerType is Manual parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`manualTriggerConfig`](#parameter-manualtriggerconfig) | object | Configuration of a manual job. |
+
+**Maximum number of seconds a replica is allowed to run parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+
+**Trigger type of the job parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+
+### Parameter: `containers`
+
+List of container definitions for the Container App.
+- Required: Yes
+- Type: array
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `environmentId`
+
+Resource ID of environment.
+- Required: Yes
+- Type: string
+
+### Parameter: `eventTriggerConfig`
+
+Configuration of an event driven job.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `initContainersTemplate`
+
+List of specialized containers that run before app containers.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `location`
+
+Location for all Resources.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `lock`
+
+The lock settings of the service.
+- Required: No
+- Type: object
+
+
+| Name | Required | Type | Description |
+| :-- | :-- | :--| :-- |
+| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. |
+| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. |
+
+### Parameter: `lock.kind`
+
+Optional. Specify the type of lock.
+
+- Required: No
+- Type: string
+- Allowed: `[CanNotDelete, None, ReadOnly]`
+
+### Parameter: `lock.name`
+
+Optional. Specify the name of lock.
+
+- Required: No
+- Type: string
+
+### Parameter: `manualTriggerConfig`
+
+Configuration of a manual job.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `name`
+
+Name of the Container App.
+- Required: Yes
+- Type: string
+
+### Parameter: `registries`
+
+Collection of private container registry credentials for containers used by the Container app.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `replicaRetryLimit`
+
+The maximum number of times a replica can be retried.
+- Required: No
+- Type: int
+- Default: `0`
+
+### Parameter: `roleAssignments`
+
+Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute.
+- Required: No
+- Type: array
+
+
+| Name | Required | Type | Description |
+| :-- | :-- | :--| :-- |
+| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" |
+| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. |
+| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. |
+| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. |
+| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. |
+| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. |
+| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. |
+
+### Parameter: `roleAssignments.condition`
+
+Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"
+
+- Required: No
+- Type: string
+
+### Parameter: `roleAssignments.conditionVersion`
+
+Optional. Version of the condition.
+
+- Required: No
+- Type: string
+- Allowed: `[2.0]`
+
+### Parameter: `roleAssignments.delegatedManagedIdentityResourceId`
+
+Optional. The Resource Id of the delegated managed identity resource.
+
+- Required: No
+- Type: string
+
+### Parameter: `roleAssignments.description`
+
+Optional. The description of the role assignment.
+
+- Required: No
+- Type: string
+
+### Parameter: `roleAssignments.principalId`
+
+Required. The principal ID of the principal (user/group/identity) to assign the role to.
+
+- Required: Yes
+- Type: string
+
+### Parameter: `roleAssignments.principalType`
+
+Optional. The principal type of the assigned principal ID.
+
+- Required: No
+- Type: string
+- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]`
+
+### Parameter: `roleAssignments.roleDefinitionIdOrName`
+
+Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.
+
+- Required: Yes
+- Type: string
+
+### Parameter: `scheduleTriggerConfig`
+
+Configuration of a schedule based job.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `secrets`
+
+The secrets of the Container App.
+- Required: No
+- Type: secureObject
+- Default: `{object}`
+
+### Parameter: `systemAssignedIdentity`
+
+Enables system assigned managed identity on the resource.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `tags`
+
+Tags of the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `userAssignedIdentities`
+
+The set of user assigned identities associated with the resource, the userAssignedIdentities dictionary keys will be ARM resource IDs and The dictionary values can be empty objects ({}) in requests.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `volumes`
+
+List of volume definitions for the Container App.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `workloadProfileName`
+
+The name of the workload profile to use.
+- Required: No
+- Type: string
+- Default: `'Default'`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The name of the Container App Job. |
+| `resourceGroupName` | string | The name of the resource group the Container App Job was deployed into. |
+| `resourceId` | string | The resource ID of the Container App Job. |
+
+## Cross-referenced modules
+
+_None_

From 38b37fd8533e4ea0b97c24f943dc5e467035a42f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robin=20M=C3=BCller?= <robin.mueller@microsoft.com>
Date: Thu, 26 Oct 2023 16:30:48 +0200
Subject: [PATCH 05/21] trigger test

---
 .github/workflows/ms.app.jobs.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/ms.app.jobs.yml b/.github/workflows/ms.app.jobs.yml
index cc08740813..35ea520434 100644
--- a/.github/workflows/ms.app.jobs.yml
+++ b/.github/workflows/ms.app.jobs.yml
@@ -27,6 +27,7 @@ on:
     branches:
       - main
       - feature/new-module-container-app-jobs
+      - dummy
     paths:
       - '.github/actions/templates/**'
       - '.github/workflows/template.module.yml'

From 6425dba5b4dd2f33180f62816c0e5a714ce248de Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robin=20M=C3=BCller?= <robin.mueller@microsoft.com>
Date: Thu, 26 Oct 2023 16:37:51 +0200
Subject: [PATCH 06/21] fixed parameter descriptions

---
 modules/app/job/main.bicep | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/modules/app/job/main.bicep b/modules/app/job/main.bicep
index 2329cec7cb..dfedb1a0c3 100644
--- a/modules/app/job/main.bicep
+++ b/modules/app/job/main.bicep
@@ -38,13 +38,13 @@ param containers array
 @description('Optional. List of specialized containers that run before app containers.')
 param initContainersTemplate array = []
 
-@description('Required if TriggerType is Event. Configuration of an event driven job.')
+@description('Optional. Required if TriggerType is Event. Configuration of an event driven job.')
 param eventTriggerConfig object = {}
 
-@description('Required if TriggerType is Schedule. Configuration of a schedule based job.')
+@description('Optional. Required if TriggerType is Schedule. Configuration of a schedule based job.')
 param scheduleTriggerConfig object = {}
 
-@description('Required if TriggerType is Manual. Configuration of a manual job.')
+@description('Optional. Required if TriggerType is Manual. Configuration of a manual job.')
 param manualTriggerConfig object = {}
 
 @description('Optional. The maximum number of times a replica can be retried.')
@@ -60,7 +60,7 @@ param secrets object = {}
 @description('Optional. List of volume definitions for the Container App.')
 param volumes array = []
 
-@description('Maximum number of seconds a replica is allowed to run.')
+@description('Optional. Maximum number of seconds a replica is allowed to run.')
 param replicaTimeout int = 1800
 
 @allowed([
@@ -68,7 +68,7 @@ param replicaTimeout int = 1800
   'Manual'
   'Schedule'
 ])
-@description('Trigger type of the job.')
+@description('Optional. Trigger type of the job.')
 param triggerType string
 
 var secretList = !empty(secrets) ? secrets.secureList : []

From eb834c6b8c465182d535294ccd54c002565cd778 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robin=20M=C3=BCller?= <robin.mueller@microsoft.com>
Date: Thu, 26 Oct 2023 16:51:53 +0200
Subject: [PATCH 07/21] update description in main.json

---
 modules/app/job/main.json | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/modules/app/job/main.json b/modules/app/job/main.json
index 682fad38f9..768390f060 100644
--- a/modules/app/job/main.json
+++ b/modules/app/job/main.json
@@ -6,7 +6,7 @@
     "_generator": {
       "name": "bicep",
       "version": "0.22.6.54827",
-      "templateHash": "16298065054374494160"
+      "templateHash": "17871914311057597575"
     },
     "name": "Container App Jobs",
     "description": "This module deploys a Container App Job.",
@@ -189,21 +189,21 @@
       "type": "object",
       "defaultValue": {},
       "metadata": {
-        "description": "Required if TriggerType is Event. Configuration of an event driven job."
+        "description": "Optional. Required if TriggerType is Event. Configuration of an event driven job."
       }
     },
     "scheduleTriggerConfig": {
       "type": "object",
       "defaultValue": {},
       "metadata": {
-        "description": "Required if TriggerType is Schedule. Configuration of a schedule based job."
+        "description": "Optional. Required if TriggerType is Schedule. Configuration of a schedule based job."
       }
     },
     "manualTriggerConfig": {
       "type": "object",
       "defaultValue": {},
       "metadata": {
-        "description": "Required if TriggerType is Manual. Configuration of a manual job."
+        "description": "Optional. Required if TriggerType is Manual. Configuration of a manual job."
       }
     },
     "replicaRetryLimit": {
@@ -238,7 +238,7 @@
       "type": "int",
       "defaultValue": 1800,
       "metadata": {
-        "description": "Maximum number of seconds a replica is allowed to run."
+        "description": "Optional. Maximum number of seconds a replica is allowed to run."
       }
     },
     "triggerType": {
@@ -249,7 +249,7 @@
         "Schedule"
       ],
       "metadata": {
-        "description": "Trigger type of the job."
+        "description": "Optional. Trigger type of the job."
       }
     }
   },

From 8d446d6c29d20903fdf9f74de8e11ac70dc4c9aa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robin=20M=C3=BCller?= <robin.mueller@microsoft.com>
Date: Thu, 26 Oct 2023 17:09:51 +0200
Subject: [PATCH 08/21] update readme

---
 modules/app/job/README.md | 1163 ++++++++++++++++++-------------------
 1 file changed, 577 insertions(+), 586 deletions(-)

diff --git a/modules/app/job/README.md b/modules/app/job/README.md
index a1a0c07932..008e60ce50 100644
--- a/modules/app/job/README.md
+++ b/modules/app/job/README.md
@@ -1,586 +1,577 @@
-# Container App Jobs `[Microsoft.App/jobs]`
-
-This module deploys a Container App Job.
-
-## Navigation
-
-- [Resource Types](#Resource-Types)
-- [Usage examples](#Usage-examples)
-- [Parameters](#Parameters)
-- [Outputs](#Outputs)
-- [Cross-referenced modules](#Cross-referenced-modules)
-
-## Resource Types
-
-| Resource Type | API Version |
-| :-- | :-- |
-| `Microsoft.App/jobs` | [2023-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.App/2023-05-01/jobs) |
-| `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) |
-| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) |
-
-## Usage examples
-
-The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
-
->**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-
->**Note**: To reference the module, please use the following syntax `br:bicep/modules/app.job:1.0.0`.
-
-- [Using large parameter set](#example-1-using-large-parameter-set)
-- [Using only defaults](#example-2-using-only-defaults)
-
-### Example 1: _Using large parameter set_
-
-This instance deploys the module with most of its features enabled.
-
-
-<details>
-
-<summary>via Bicep module</summary>
-
-```bicep
-module job 'br:bicep/modules/app.job:1.0.0' = {
-  name: '${uniqueString(deployment().name, location)}-test-mcappcom'
-  params: {
-    // Required parameters
-    containers: [
-      {
-        image: 'mcr.microsoft.com/azuredocs/containerapps-helloworld:latest'
-        name: 'simple-hello-world-container'
-        probes: [
-          {
-            httpGet: {
-              httpHeaders: [
-                {
-                  name: 'Custom-Header'
-                  value: 'Awesome'
-                }
-              ]
-              path: '/health'
-              port: 8080
-            }
-            initialDelaySeconds: 3
-            periodSeconds: 3
-            type: 'Liveness'
-          }
-        ]
-        resources: {
-          cpu: '<cpu>'
-          memory: '0.5Gi'
-        }
-      }
-    ]
-    environmentId: '<environmentId>'
-    name: 'mcappcom001'
-    triggerType: 'Manual'
-    // Non-required parameters
-    enableDefaultTelemetry: '<enableDefaultTelemetry>'
-    location: '<location>'
-    lock: {
-      kind: 'CanNotDelete'
-      name: 'myCustomLockName'
-    }
-    manualTriggerConfig: {
-      parallelism: 1
-      replicaCompletionCount: 1
-    }
-    secrets: {
-      secureList: [
-        {
-          name: 'customtest'
-          value: '<value>'
-        }
-      ]
-    }
-    tags: {
-      Env: 'test'
-      'hidden-title': 'This is visible in the resource name'
-    }
-    userAssignedIdentities: {
-      '<managedIdentityResourceId>': {}
-    }
-  }
-}
-```
-
-</details>
-<p>
-
-<details>
-
-<summary>via JSON Parameter file</summary>
-
-```json
-{
-  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-  "contentVersion": "1.0.0.0",
-  "parameters": {
-    // Required parameters
-    "containers": {
-      "value": [
-        {
-          "image": "mcr.microsoft.com/azuredocs/containerapps-helloworld:latest",
-          "name": "simple-hello-world-container",
-          "probes": [
-            {
-              "httpGet": {
-                "httpHeaders": [
-                  {
-                    "name": "Custom-Header",
-                    "value": "Awesome"
-                  }
-                ],
-                "path": "/health",
-                "port": 8080
-              },
-              "initialDelaySeconds": 3,
-              "periodSeconds": 3,
-              "type": "Liveness"
-            }
-          ],
-          "resources": {
-            "cpu": "<cpu>",
-            "memory": "0.5Gi"
-          }
-        }
-      ]
-    },
-    "environmentId": {
-      "value": "<environmentId>"
-    },
-    "name": {
-      "value": "mcappcom001"
-    },
-    "triggerType": {
-      "value": "Manual"
-    },
-    // Non-required parameters
-    "enableDefaultTelemetry": {
-      "value": "<enableDefaultTelemetry>"
-    },
-    "location": {
-      "value": "<location>"
-    },
-    "lock": {
-      "value": {
-        "kind": "CanNotDelete",
-        "name": "myCustomLockName"
-      }
-    },
-    "manualTriggerConfig": {
-      "value": {
-        "parallelism": 1,
-        "replicaCompletionCount": 1
-      }
-    },
-    "secrets": {
-      "value": {
-        "secureList": [
-          {
-            "name": "customtest",
-            "value": "<value>"
-          }
-        ]
-      }
-    },
-    "tags": {
-      "value": {
-        "Env": "test",
-        "hidden-title": "This is visible in the resource name"
-      }
-    },
-    "userAssignedIdentities": {
-      "value": {
-        "<managedIdentityResourceId>": {}
-      }
-    }
-  }
-}
-```
-
-</details>
-<p>
-
-### Example 2: _Using only defaults_
-
-This instance deploys the module with the minimum set of required parameters.
-
-
-<details>
-
-<summary>via Bicep module</summary>
-
-```bicep
-module job 'br:bicep/modules/app.job:1.0.0' = {
-  name: '${uniqueString(deployment().name, location)}-test-mcappmin'
-  params: {
-    // Required parameters
-    containers: [
-      {
-        image: 'mcr.microsoft.com/azuredocs/containerapps-helloworld:latest'
-        name: 'simple-hello-world-container'
-        resources: {
-          cpu: '<cpu>'
-          memory: '0.5Gi'
-        }
-      }
-    ]
-    environmentId: '<environmentId>'
-    name: 'mcappmin001'
-    triggerType: 'Manual'
-    // Non-required parameters
-    enableDefaultTelemetry: '<enableDefaultTelemetry>'
-    location: '<location>'
-    manualTriggerConfig: {
-      parallelism: 1
-      replicaCompletionCount: 1
-    }
-    tags: {
-      Env: 'test'
-      'hidden-title': 'This is visible in the resource name'
-    }
-  }
-}
-```
-
-</details>
-<p>
-
-<details>
-
-<summary>via JSON Parameter file</summary>
-
-```json
-{
-  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-  "contentVersion": "1.0.0.0",
-  "parameters": {
-    // Required parameters
-    "containers": {
-      "value": [
-        {
-          "image": "mcr.microsoft.com/azuredocs/containerapps-helloworld:latest",
-          "name": "simple-hello-world-container",
-          "resources": {
-            "cpu": "<cpu>",
-            "memory": "0.5Gi"
-          }
-        }
-      ]
-    },
-    "environmentId": {
-      "value": "<environmentId>"
-    },
-    "name": {
-      "value": "mcappmin001"
-    },
-    "triggerType": {
-      "value": "Manual"
-    },
-    // Non-required parameters
-    "enableDefaultTelemetry": {
-      "value": "<enableDefaultTelemetry>"
-    },
-    "location": {
-      "value": "<location>"
-    },
-    "manualTriggerConfig": {
-      "value": {
-        "parallelism": 1,
-        "replicaCompletionCount": 1
-      }
-    },
-    "tags": {
-      "value": {
-        "Env": "test",
-        "hidden-title": "This is visible in the resource name"
-      }
-    }
-  }
-}
-```
-
-</details>
-<p>
-
-
-## Parameters
-
-**Required parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-| [`containers`](#parameter-containers) | array | List of container definitions for the Container App. |
-| [`environmentId`](#parameter-environmentid) | string | Resource ID of environment. |
-| [`name`](#parameter-name) | string | Name of the Container App. |
-
-**Optional parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
-| [`initContainersTemplate`](#parameter-initcontainerstemplate) | array | List of specialized containers that run before app containers. |
-| [`location`](#parameter-location) | string | Location for all Resources. |
-| [`lock`](#parameter-lock) | object | The lock settings of the service. |
-| [`registries`](#parameter-registries) | array | Collection of private container registry credentials for containers used by the Container app. |
-| [`replicaRetryLimit`](#parameter-replicaretrylimit) | int | The maximum number of times a replica can be retried. |
-| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute. |
-| [`secrets`](#parameter-secrets) | secureObject | The secrets of the Container App. |
-| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. |
-| [`tags`](#parameter-tags) | object | Tags of the resource. |
-| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The set of user assigned identities associated with the resource, the userAssignedIdentities dictionary keys will be ARM resource IDs and The dictionary values can be empty objects ({}) in requests. |
-| [`volumes`](#parameter-volumes) | array | List of volume definitions for the Container App. |
-| [`workloadProfileName`](#parameter-workloadprofilename) | string | The name of the workload profile to use. |
-
-**Required if TriggerType is Event parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-| [`eventTriggerConfig`](#parameter-eventtriggerconfig) | object | Configuration of an event driven job. |
-
-**Required if TriggerType is Schedule parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-| [`scheduleTriggerConfig`](#parameter-scheduletriggerconfig) | object | Configuration of a schedule based job. |
-
-**Required if TriggerType is Manual parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-| [`manualTriggerConfig`](#parameter-manualtriggerconfig) | object | Configuration of a manual job. |
-
-**Maximum number of seconds a replica is allowed to run parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-
-**Trigger type of the job parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-
-### Parameter: `containers`
-
-List of container definitions for the Container App.
-- Required: Yes
-- Type: array
-
-### Parameter: `enableDefaultTelemetry`
-
-Enable telemetry via a Globally Unique Identifier (GUID).
-- Required: No
-- Type: bool
-- Default: `True`
-
-### Parameter: `environmentId`
-
-Resource ID of environment.
-- Required: Yes
-- Type: string
-
-### Parameter: `eventTriggerConfig`
-
-Configuration of an event driven job.
-- Required: No
-- Type: object
-- Default: `{object}`
-
-### Parameter: `initContainersTemplate`
-
-List of specialized containers that run before app containers.
-- Required: No
-- Type: array
-- Default: `[]`
-
-### Parameter: `location`
-
-Location for all Resources.
-- Required: No
-- Type: string
-- Default: `[resourceGroup().location]`
-
-### Parameter: `lock`
-
-The lock settings of the service.
-- Required: No
-- Type: object
-
-
-| Name | Required | Type | Description |
-| :-- | :-- | :--| :-- |
-| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. |
-| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. |
-
-### Parameter: `lock.kind`
-
-Optional. Specify the type of lock.
-
-- Required: No
-- Type: string
-- Allowed: `[CanNotDelete, None, ReadOnly]`
-
-### Parameter: `lock.name`
-
-Optional. Specify the name of lock.
-
-- Required: No
-- Type: string
-
-### Parameter: `manualTriggerConfig`
-
-Configuration of a manual job.
-- Required: No
-- Type: object
-- Default: `{object}`
-
-### Parameter: `name`
-
-Name of the Container App.
-- Required: Yes
-- Type: string
-
-### Parameter: `registries`
-
-Collection of private container registry credentials for containers used by the Container app.
-- Required: No
-- Type: array
-- Default: `[]`
-
-### Parameter: `replicaRetryLimit`
-
-The maximum number of times a replica can be retried.
-- Required: No
-- Type: int
-- Default: `0`
-
-### Parameter: `roleAssignments`
-
-Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute.
-- Required: No
-- Type: array
-
-
-| Name | Required | Type | Description |
-| :-- | :-- | :--| :-- |
-| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" |
-| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. |
-| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. |
-| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. |
-| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. |
-| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. |
-| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. |
-
-### Parameter: `roleAssignments.condition`
-
-Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"
-
-- Required: No
-- Type: string
-
-### Parameter: `roleAssignments.conditionVersion`
-
-Optional. Version of the condition.
-
-- Required: No
-- Type: string
-- Allowed: `[2.0]`
-
-### Parameter: `roleAssignments.delegatedManagedIdentityResourceId`
-
-Optional. The Resource Id of the delegated managed identity resource.
-
-- Required: No
-- Type: string
-
-### Parameter: `roleAssignments.description`
-
-Optional. The description of the role assignment.
-
-- Required: No
-- Type: string
-
-### Parameter: `roleAssignments.principalId`
-
-Required. The principal ID of the principal (user/group/identity) to assign the role to.
-
-- Required: Yes
-- Type: string
-
-### Parameter: `roleAssignments.principalType`
-
-Optional. The principal type of the assigned principal ID.
-
-- Required: No
-- Type: string
-- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]`
-
-### Parameter: `roleAssignments.roleDefinitionIdOrName`
-
-Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.
-
-- Required: Yes
-- Type: string
-
-### Parameter: `scheduleTriggerConfig`
-
-Configuration of a schedule based job.
-- Required: No
-- Type: object
-- Default: `{object}`
-
-### Parameter: `secrets`
-
-The secrets of the Container App.
-- Required: No
-- Type: secureObject
-- Default: `{object}`
-
-### Parameter: `systemAssignedIdentity`
-
-Enables system assigned managed identity on the resource.
-- Required: No
-- Type: bool
-- Default: `False`
-
-### Parameter: `tags`
-
-Tags of the resource.
-- Required: No
-- Type: object
-- Default: `{object}`
-
-### Parameter: `userAssignedIdentities`
-
-The set of user assigned identities associated with the resource, the userAssignedIdentities dictionary keys will be ARM resource IDs and The dictionary values can be empty objects ({}) in requests.
-- Required: No
-- Type: object
-- Default: `{object}`
-
-### Parameter: `volumes`
-
-List of volume definitions for the Container App.
-- Required: No
-- Type: array
-- Default: `[]`
-
-### Parameter: `workloadProfileName`
-
-The name of the workload profile to use.
-- Required: No
-- Type: string
-- Default: `'Default'`
-
-
-## Outputs
-
-| Output | Type | Description |
-| :-- | :-- | :-- |
-| `location` | string | The location the resource was deployed into. |
-| `name` | string | The name of the Container App Job. |
-| `resourceGroupName` | string | The name of the resource group the Container App Job was deployed into. |
-| `resourceId` | string | The resource ID of the Container App Job. |
-
-## Cross-referenced modules
-
-_None_
+# Container App Jobs `[Microsoft.App/jobs]`
+
+This module deploys a Container App Job.
+
+## Navigation
+
+- [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
+- [Parameters](#Parameters)
+- [Outputs](#Outputs)
+- [Cross-referenced modules](#Cross-referenced-modules)
+
+## Resource Types
+
+| Resource Type | API Version |
+| :-- | :-- |
+| `Microsoft.App/jobs` | [2023-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.App/2023-05-01/jobs) |
+| `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) |
+| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) |
+
+## Usage examples
+
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
+
+>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
+
+>**Note**: To reference the module, please use the following syntax `br:bicep/modules/app.job:1.0.0`.
+
+- [Using large parameter set](#example-1-using-large-parameter-set)
+- [Using only defaults](#example-2-using-only-defaults)
+
+### Example 1: _Using large parameter set_
+
+This instance deploys the module with most of its features enabled.
+
+
+<details>
+
+<summary>via Bicep module</summary>
+
+```bicep
+module job 'br:bicep/modules/app.job:1.0.0' = {
+  name: '${uniqueString(deployment().name, location)}-test-mcappcom'
+  params: {
+    // Required parameters
+    containers: [
+      {
+        image: 'mcr.microsoft.com/azuredocs/containerapps-helloworld:latest'
+        name: 'simple-hello-world-container'
+        probes: [
+          {
+            httpGet: {
+              httpHeaders: [
+                {
+                  name: 'Custom-Header'
+                  value: 'Awesome'
+                }
+              ]
+              path: '/health'
+              port: 8080
+            }
+            initialDelaySeconds: 3
+            periodSeconds: 3
+            type: 'Liveness'
+          }
+        ]
+        resources: {
+          cpu: '<cpu>'
+          memory: '0.5Gi'
+        }
+      }
+    ]
+    environmentId: '<environmentId>'
+    name: 'mcappcom001'
+    triggerType: 'Manual'
+    // Non-required parameters
+    enableDefaultTelemetry: '<enableDefaultTelemetry>'
+    location: '<location>'
+    lock: {
+      kind: 'CanNotDelete'
+      name: 'myCustomLockName'
+    }
+    manualTriggerConfig: {
+      parallelism: 1
+      replicaCompletionCount: 1
+    }
+    secrets: {
+      secureList: [
+        {
+          name: 'customtest'
+          value: '<value>'
+        }
+      ]
+    }
+    tags: {
+      Env: 'test'
+      'hidden-title': 'This is visible in the resource name'
+    }
+    userAssignedIdentities: {
+      '<managedIdentityResourceId>': {}
+    }
+  }
+}
+```
+
+</details>
+<p>
+
+<details>
+
+<summary>via JSON Parameter file</summary>
+
+```json
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    // Required parameters
+    "containers": {
+      "value": [
+        {
+          "image": "mcr.microsoft.com/azuredocs/containerapps-helloworld:latest",
+          "name": "simple-hello-world-container",
+          "probes": [
+            {
+              "httpGet": {
+                "httpHeaders": [
+                  {
+                    "name": "Custom-Header",
+                    "value": "Awesome"
+                  }
+                ],
+                "path": "/health",
+                "port": 8080
+              },
+              "initialDelaySeconds": 3,
+              "periodSeconds": 3,
+              "type": "Liveness"
+            }
+          ],
+          "resources": {
+            "cpu": "<cpu>",
+            "memory": "0.5Gi"
+          }
+        }
+      ]
+    },
+    "environmentId": {
+      "value": "<environmentId>"
+    },
+    "name": {
+      "value": "mcappcom001"
+    },
+    "triggerType": {
+      "value": "Manual"
+    },
+    // Non-required parameters
+    "enableDefaultTelemetry": {
+      "value": "<enableDefaultTelemetry>"
+    },
+    "location": {
+      "value": "<location>"
+    },
+    "lock": {
+      "value": {
+        "kind": "CanNotDelete",
+        "name": "myCustomLockName"
+      }
+    },
+    "manualTriggerConfig": {
+      "value": {
+        "parallelism": 1,
+        "replicaCompletionCount": 1
+      }
+    },
+    "secrets": {
+      "value": {
+        "secureList": [
+          {
+            "name": "customtest",
+            "value": "<value>"
+          }
+        ]
+      }
+    },
+    "tags": {
+      "value": {
+        "Env": "test",
+        "hidden-title": "This is visible in the resource name"
+      }
+    },
+    "userAssignedIdentities": {
+      "value": {
+        "<managedIdentityResourceId>": {}
+      }
+    }
+  }
+}
+```
+
+</details>
+<p>
+
+### Example 2: _Using only defaults_
+
+This instance deploys the module with the minimum set of required parameters.
+
+
+<details>
+
+<summary>via Bicep module</summary>
+
+```bicep
+module job 'br:bicep/modules/app.job:1.0.0' = {
+  name: '${uniqueString(deployment().name, location)}-test-mcappmin'
+  params: {
+    // Required parameters
+    containers: [
+      {
+        image: 'mcr.microsoft.com/azuredocs/containerapps-helloworld:latest'
+        name: 'simple-hello-world-container'
+        resources: {
+          cpu: '<cpu>'
+          memory: '0.5Gi'
+        }
+      }
+    ]
+    environmentId: '<environmentId>'
+    name: 'mcappmin001'
+    triggerType: 'Manual'
+    // Non-required parameters
+    enableDefaultTelemetry: '<enableDefaultTelemetry>'
+    location: '<location>'
+    manualTriggerConfig: {
+      parallelism: 1
+      replicaCompletionCount: 1
+    }
+    tags: {
+      Env: 'test'
+      'hidden-title': 'This is visible in the resource name'
+    }
+  }
+}
+```
+
+</details>
+<p>
+
+<details>
+
+<summary>via JSON Parameter file</summary>
+
+```json
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    // Required parameters
+    "containers": {
+      "value": [
+        {
+          "image": "mcr.microsoft.com/azuredocs/containerapps-helloworld:latest",
+          "name": "simple-hello-world-container",
+          "resources": {
+            "cpu": "<cpu>",
+            "memory": "0.5Gi"
+          }
+        }
+      ]
+    },
+    "environmentId": {
+      "value": "<environmentId>"
+    },
+    "name": {
+      "value": "mcappmin001"
+    },
+    "triggerType": {
+      "value": "Manual"
+    },
+    // Non-required parameters
+    "enableDefaultTelemetry": {
+      "value": "<enableDefaultTelemetry>"
+    },
+    "location": {
+      "value": "<location>"
+    },
+    "manualTriggerConfig": {
+      "value": {
+        "parallelism": 1,
+        "replicaCompletionCount": 1
+      }
+    },
+    "tags": {
+      "value": {
+        "Env": "test",
+        "hidden-title": "This is visible in the resource name"
+      }
+    }
+  }
+}
+```
+
+</details>
+<p>
+
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`containers`](#parameter-containers) | array | List of container definitions for the Container App. |
+| [`environmentId`](#parameter-environmentid) | string | Resource ID of environment. |
+| [`name`](#parameter-name) | string | Name of the Container App. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`eventTriggerConfig`](#parameter-eventtriggerconfig) | object | Required if TriggerType is Event. Configuration of an event driven job. |
+| [`initContainersTemplate`](#parameter-initcontainerstemplate) | array | List of specialized containers that run before app containers. |
+| [`location`](#parameter-location) | string | Location for all Resources. |
+| [`lock`](#parameter-lock) | object | The lock settings of the service. |
+| [`manualTriggerConfig`](#parameter-manualtriggerconfig) | object | Required if TriggerType is Manual. Configuration of a manual job. |
+| [`registries`](#parameter-registries) | array | Collection of private container registry credentials for containers used by the Container app. |
+| [`replicaRetryLimit`](#parameter-replicaretrylimit) | int | The maximum number of times a replica can be retried. |
+| [`replicaTimeout`](#parameter-replicatimeout) | int | Maximum number of seconds a replica is allowed to run. |
+| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute. |
+| [`scheduleTriggerConfig`](#parameter-scheduletriggerconfig) | object | Required if TriggerType is Schedule. Configuration of a schedule based job. |
+| [`secrets`](#parameter-secrets) | secureObject | The secrets of the Container App. |
+| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. |
+| [`tags`](#parameter-tags) | object | Tags of the resource. |
+| [`triggerType`](#parameter-triggertype) | string | Trigger type of the job. |
+| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The set of user assigned identities associated with the resource, the userAssignedIdentities dictionary keys will be ARM resource IDs and The dictionary values can be empty objects ({}) in requests. |
+| [`volumes`](#parameter-volumes) | array | List of volume definitions for the Container App. |
+| [`workloadProfileName`](#parameter-workloadprofilename) | string | The name of the workload profile to use. |
+
+### Parameter: `containers`
+
+List of container definitions for the Container App.
+- Required: Yes
+- Type: array
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `environmentId`
+
+Resource ID of environment.
+- Required: Yes
+- Type: string
+
+### Parameter: `eventTriggerConfig`
+
+Required if TriggerType is Event. Configuration of an event driven job.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `initContainersTemplate`
+
+List of specialized containers that run before app containers.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `location`
+
+Location for all Resources.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `lock`
+
+The lock settings of the service.
+- Required: No
+- Type: object
+
+
+| Name | Required | Type | Description |
+| :-- | :-- | :--| :-- |
+| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. |
+| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. |
+
+### Parameter: `lock.kind`
+
+Optional. Specify the type of lock.
+
+- Required: No
+- Type: string
+- Allowed: `[CanNotDelete, None, ReadOnly]`
+
+### Parameter: `lock.name`
+
+Optional. Specify the name of lock.
+
+- Required: No
+- Type: string
+
+### Parameter: `manualTriggerConfig`
+
+Required if TriggerType is Manual. Configuration of a manual job.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `name`
+
+Name of the Container App.
+- Required: Yes
+- Type: string
+
+### Parameter: `registries`
+
+Collection of private container registry credentials for containers used by the Container app.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `replicaRetryLimit`
+
+The maximum number of times a replica can be retried.
+- Required: No
+- Type: int
+- Default: `0`
+
+### Parameter: `replicaTimeout`
+
+Maximum number of seconds a replica is allowed to run.
+- Required: No
+- Type: int
+- Default: `1800`
+
+### Parameter: `roleAssignments`
+
+Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute.
+- Required: No
+- Type: array
+
+
+| Name | Required | Type | Description |
+| :-- | :-- | :--| :-- |
+| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" |
+| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. |
+| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. |
+| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. |
+| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. |
+| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. |
+| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. |
+
+### Parameter: `roleAssignments.condition`
+
+Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"
+
+- Required: No
+- Type: string
+
+### Parameter: `roleAssignments.conditionVersion`
+
+Optional. Version of the condition.
+
+- Required: No
+- Type: string
+- Allowed: `[2.0]`
+
+### Parameter: `roleAssignments.delegatedManagedIdentityResourceId`
+
+Optional. The Resource Id of the delegated managed identity resource.
+
+- Required: No
+- Type: string
+
+### Parameter: `roleAssignments.description`
+
+Optional. The description of the role assignment.
+
+- Required: No
+- Type: string
+
+### Parameter: `roleAssignments.principalId`
+
+Required. The principal ID of the principal (user/group/identity) to assign the role to.
+
+- Required: Yes
+- Type: string
+
+### Parameter: `roleAssignments.principalType`
+
+Optional. The principal type of the assigned principal ID.
+
+- Required: No
+- Type: string
+- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]`
+
+### Parameter: `roleAssignments.roleDefinitionIdOrName`
+
+Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.
+
+- Required: Yes
+- Type: string
+
+### Parameter: `scheduleTriggerConfig`
+
+Required if TriggerType is Schedule. Configuration of a schedule based job.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `secrets`
+
+The secrets of the Container App.
+- Required: No
+- Type: secureObject
+- Default: `{object}`
+
+### Parameter: `systemAssignedIdentity`
+
+Enables system assigned managed identity on the resource.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `tags`
+
+Tags of the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `triggerType`
+
+Trigger type of the job.
+- Required: Yes
+- Type: string
+- Allowed: `[Event, Manual, Schedule]`
+
+### Parameter: `userAssignedIdentities`
+
+The set of user assigned identities associated with the resource, the userAssignedIdentities dictionary keys will be ARM resource IDs and The dictionary values can be empty objects ({}) in requests.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `volumes`
+
+List of volume definitions for the Container App.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `workloadProfileName`
+
+The name of the workload profile to use.
+- Required: No
+- Type: string
+- Default: `'Default'`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The name of the Container App Job. |
+| `resourceGroupName` | string | The name of the resource group the Container App Job was deployed into. |
+| `resourceId` | string | The resource ID of the Container App Job. |
+
+## Cross-referenced modules
+
+_None_

From 15c0eb03797b1613d0beb9756a70a7fbe5fa81d6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robin=20M=C3=BCller?= <robin.mueller@microsoft.com>
Date: Thu, 26 Oct 2023 17:11:35 +0200
Subject: [PATCH 09/21] trigger validation

---
 .github/workflows/ms.app.jobs.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/ms.app.jobs.yml b/.github/workflows/ms.app.jobs.yml
index 35ea520434..cc08740813 100644
--- a/.github/workflows/ms.app.jobs.yml
+++ b/.github/workflows/ms.app.jobs.yml
@@ -27,7 +27,6 @@ on:
     branches:
       - main
       - feature/new-module-container-app-jobs
-      - dummy
     paths:
       - '.github/actions/templates/**'
       - '.github/workflows/template.module.yml'

From bcd4f3f7f8ddc2df8c9390fa40acbf3f392bf56a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robin=20M=C3=BCller?= <robin.mueller@microsoft.com>
Date: Thu, 26 Oct 2023 17:27:05 +0200
Subject: [PATCH 10/21] fix line ending

---
 modules/app/job/README.md | 1154 ++++++++++++++++++-------------------
 1 file changed, 577 insertions(+), 577 deletions(-)

diff --git a/modules/app/job/README.md b/modules/app/job/README.md
index 008e60ce50..87ac9fa7d1 100644
--- a/modules/app/job/README.md
+++ b/modules/app/job/README.md
@@ -1,577 +1,577 @@
-# Container App Jobs `[Microsoft.App/jobs]`
-
-This module deploys a Container App Job.
-
-## Navigation
-
-- [Resource Types](#Resource-Types)
-- [Usage examples](#Usage-examples)
-- [Parameters](#Parameters)
-- [Outputs](#Outputs)
-- [Cross-referenced modules](#Cross-referenced-modules)
-
-## Resource Types
-
-| Resource Type | API Version |
-| :-- | :-- |
-| `Microsoft.App/jobs` | [2023-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.App/2023-05-01/jobs) |
-| `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) |
-| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) |
-
-## Usage examples
-
-The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
-
->**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-
->**Note**: To reference the module, please use the following syntax `br:bicep/modules/app.job:1.0.0`.
-
-- [Using large parameter set](#example-1-using-large-parameter-set)
-- [Using only defaults](#example-2-using-only-defaults)
-
-### Example 1: _Using large parameter set_
-
-This instance deploys the module with most of its features enabled.
-
-
-<details>
-
-<summary>via Bicep module</summary>
-
-```bicep
-module job 'br:bicep/modules/app.job:1.0.0' = {
-  name: '${uniqueString(deployment().name, location)}-test-mcappcom'
-  params: {
-    // Required parameters
-    containers: [
-      {
-        image: 'mcr.microsoft.com/azuredocs/containerapps-helloworld:latest'
-        name: 'simple-hello-world-container'
-        probes: [
-          {
-            httpGet: {
-              httpHeaders: [
-                {
-                  name: 'Custom-Header'
-                  value: 'Awesome'
-                }
-              ]
-              path: '/health'
-              port: 8080
-            }
-            initialDelaySeconds: 3
-            periodSeconds: 3
-            type: 'Liveness'
-          }
-        ]
-        resources: {
-          cpu: '<cpu>'
-          memory: '0.5Gi'
-        }
-      }
-    ]
-    environmentId: '<environmentId>'
-    name: 'mcappcom001'
-    triggerType: 'Manual'
-    // Non-required parameters
-    enableDefaultTelemetry: '<enableDefaultTelemetry>'
-    location: '<location>'
-    lock: {
-      kind: 'CanNotDelete'
-      name: 'myCustomLockName'
-    }
-    manualTriggerConfig: {
-      parallelism: 1
-      replicaCompletionCount: 1
-    }
-    secrets: {
-      secureList: [
-        {
-          name: 'customtest'
-          value: '<value>'
-        }
-      ]
-    }
-    tags: {
-      Env: 'test'
-      'hidden-title': 'This is visible in the resource name'
-    }
-    userAssignedIdentities: {
-      '<managedIdentityResourceId>': {}
-    }
-  }
-}
-```
-
-</details>
-<p>
-
-<details>
-
-<summary>via JSON Parameter file</summary>
-
-```json
-{
-  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-  "contentVersion": "1.0.0.0",
-  "parameters": {
-    // Required parameters
-    "containers": {
-      "value": [
-        {
-          "image": "mcr.microsoft.com/azuredocs/containerapps-helloworld:latest",
-          "name": "simple-hello-world-container",
-          "probes": [
-            {
-              "httpGet": {
-                "httpHeaders": [
-                  {
-                    "name": "Custom-Header",
-                    "value": "Awesome"
-                  }
-                ],
-                "path": "/health",
-                "port": 8080
-              },
-              "initialDelaySeconds": 3,
-              "periodSeconds": 3,
-              "type": "Liveness"
-            }
-          ],
-          "resources": {
-            "cpu": "<cpu>",
-            "memory": "0.5Gi"
-          }
-        }
-      ]
-    },
-    "environmentId": {
-      "value": "<environmentId>"
-    },
-    "name": {
-      "value": "mcappcom001"
-    },
-    "triggerType": {
-      "value": "Manual"
-    },
-    // Non-required parameters
-    "enableDefaultTelemetry": {
-      "value": "<enableDefaultTelemetry>"
-    },
-    "location": {
-      "value": "<location>"
-    },
-    "lock": {
-      "value": {
-        "kind": "CanNotDelete",
-        "name": "myCustomLockName"
-      }
-    },
-    "manualTriggerConfig": {
-      "value": {
-        "parallelism": 1,
-        "replicaCompletionCount": 1
-      }
-    },
-    "secrets": {
-      "value": {
-        "secureList": [
-          {
-            "name": "customtest",
-            "value": "<value>"
-          }
-        ]
-      }
-    },
-    "tags": {
-      "value": {
-        "Env": "test",
-        "hidden-title": "This is visible in the resource name"
-      }
-    },
-    "userAssignedIdentities": {
-      "value": {
-        "<managedIdentityResourceId>": {}
-      }
-    }
-  }
-}
-```
-
-</details>
-<p>
-
-### Example 2: _Using only defaults_
-
-This instance deploys the module with the minimum set of required parameters.
-
-
-<details>
-
-<summary>via Bicep module</summary>
-
-```bicep
-module job 'br:bicep/modules/app.job:1.0.0' = {
-  name: '${uniqueString(deployment().name, location)}-test-mcappmin'
-  params: {
-    // Required parameters
-    containers: [
-      {
-        image: 'mcr.microsoft.com/azuredocs/containerapps-helloworld:latest'
-        name: 'simple-hello-world-container'
-        resources: {
-          cpu: '<cpu>'
-          memory: '0.5Gi'
-        }
-      }
-    ]
-    environmentId: '<environmentId>'
-    name: 'mcappmin001'
-    triggerType: 'Manual'
-    // Non-required parameters
-    enableDefaultTelemetry: '<enableDefaultTelemetry>'
-    location: '<location>'
-    manualTriggerConfig: {
-      parallelism: 1
-      replicaCompletionCount: 1
-    }
-    tags: {
-      Env: 'test'
-      'hidden-title': 'This is visible in the resource name'
-    }
-  }
-}
-```
-
-</details>
-<p>
-
-<details>
-
-<summary>via JSON Parameter file</summary>
-
-```json
-{
-  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-  "contentVersion": "1.0.0.0",
-  "parameters": {
-    // Required parameters
-    "containers": {
-      "value": [
-        {
-          "image": "mcr.microsoft.com/azuredocs/containerapps-helloworld:latest",
-          "name": "simple-hello-world-container",
-          "resources": {
-            "cpu": "<cpu>",
-            "memory": "0.5Gi"
-          }
-        }
-      ]
-    },
-    "environmentId": {
-      "value": "<environmentId>"
-    },
-    "name": {
-      "value": "mcappmin001"
-    },
-    "triggerType": {
-      "value": "Manual"
-    },
-    // Non-required parameters
-    "enableDefaultTelemetry": {
-      "value": "<enableDefaultTelemetry>"
-    },
-    "location": {
-      "value": "<location>"
-    },
-    "manualTriggerConfig": {
-      "value": {
-        "parallelism": 1,
-        "replicaCompletionCount": 1
-      }
-    },
-    "tags": {
-      "value": {
-        "Env": "test",
-        "hidden-title": "This is visible in the resource name"
-      }
-    }
-  }
-}
-```
-
-</details>
-<p>
-
-
-## Parameters
-
-**Required parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-| [`containers`](#parameter-containers) | array | List of container definitions for the Container App. |
-| [`environmentId`](#parameter-environmentid) | string | Resource ID of environment. |
-| [`name`](#parameter-name) | string | Name of the Container App. |
-
-**Optional parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
-| [`eventTriggerConfig`](#parameter-eventtriggerconfig) | object | Required if TriggerType is Event. Configuration of an event driven job. |
-| [`initContainersTemplate`](#parameter-initcontainerstemplate) | array | List of specialized containers that run before app containers. |
-| [`location`](#parameter-location) | string | Location for all Resources. |
-| [`lock`](#parameter-lock) | object | The lock settings of the service. |
-| [`manualTriggerConfig`](#parameter-manualtriggerconfig) | object | Required if TriggerType is Manual. Configuration of a manual job. |
-| [`registries`](#parameter-registries) | array | Collection of private container registry credentials for containers used by the Container app. |
-| [`replicaRetryLimit`](#parameter-replicaretrylimit) | int | The maximum number of times a replica can be retried. |
-| [`replicaTimeout`](#parameter-replicatimeout) | int | Maximum number of seconds a replica is allowed to run. |
-| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute. |
-| [`scheduleTriggerConfig`](#parameter-scheduletriggerconfig) | object | Required if TriggerType is Schedule. Configuration of a schedule based job. |
-| [`secrets`](#parameter-secrets) | secureObject | The secrets of the Container App. |
-| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. |
-| [`tags`](#parameter-tags) | object | Tags of the resource. |
-| [`triggerType`](#parameter-triggertype) | string | Trigger type of the job. |
-| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The set of user assigned identities associated with the resource, the userAssignedIdentities dictionary keys will be ARM resource IDs and The dictionary values can be empty objects ({}) in requests. |
-| [`volumes`](#parameter-volumes) | array | List of volume definitions for the Container App. |
-| [`workloadProfileName`](#parameter-workloadprofilename) | string | The name of the workload profile to use. |
-
-### Parameter: `containers`
-
-List of container definitions for the Container App.
-- Required: Yes
-- Type: array
-
-### Parameter: `enableDefaultTelemetry`
-
-Enable telemetry via a Globally Unique Identifier (GUID).
-- Required: No
-- Type: bool
-- Default: `True`
-
-### Parameter: `environmentId`
-
-Resource ID of environment.
-- Required: Yes
-- Type: string
-
-### Parameter: `eventTriggerConfig`
-
-Required if TriggerType is Event. Configuration of an event driven job.
-- Required: No
-- Type: object
-- Default: `{object}`
-
-### Parameter: `initContainersTemplate`
-
-List of specialized containers that run before app containers.
-- Required: No
-- Type: array
-- Default: `[]`
-
-### Parameter: `location`
-
-Location for all Resources.
-- Required: No
-- Type: string
-- Default: `[resourceGroup().location]`
-
-### Parameter: `lock`
-
-The lock settings of the service.
-- Required: No
-- Type: object
-
-
-| Name | Required | Type | Description |
-| :-- | :-- | :--| :-- |
-| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. |
-| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. |
-
-### Parameter: `lock.kind`
-
-Optional. Specify the type of lock.
-
-- Required: No
-- Type: string
-- Allowed: `[CanNotDelete, None, ReadOnly]`
-
-### Parameter: `lock.name`
-
-Optional. Specify the name of lock.
-
-- Required: No
-- Type: string
-
-### Parameter: `manualTriggerConfig`
-
-Required if TriggerType is Manual. Configuration of a manual job.
-- Required: No
-- Type: object
-- Default: `{object}`
-
-### Parameter: `name`
-
-Name of the Container App.
-- Required: Yes
-- Type: string
-
-### Parameter: `registries`
-
-Collection of private container registry credentials for containers used by the Container app.
-- Required: No
-- Type: array
-- Default: `[]`
-
-### Parameter: `replicaRetryLimit`
-
-The maximum number of times a replica can be retried.
-- Required: No
-- Type: int
-- Default: `0`
-
-### Parameter: `replicaTimeout`
-
-Maximum number of seconds a replica is allowed to run.
-- Required: No
-- Type: int
-- Default: `1800`
-
-### Parameter: `roleAssignments`
-
-Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute.
-- Required: No
-- Type: array
-
-
-| Name | Required | Type | Description |
-| :-- | :-- | :--| :-- |
-| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" |
-| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. |
-| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. |
-| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. |
-| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. |
-| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. |
-| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. |
-
-### Parameter: `roleAssignments.condition`
-
-Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"
-
-- Required: No
-- Type: string
-
-### Parameter: `roleAssignments.conditionVersion`
-
-Optional. Version of the condition.
-
-- Required: No
-- Type: string
-- Allowed: `[2.0]`
-
-### Parameter: `roleAssignments.delegatedManagedIdentityResourceId`
-
-Optional. The Resource Id of the delegated managed identity resource.
-
-- Required: No
-- Type: string
-
-### Parameter: `roleAssignments.description`
-
-Optional. The description of the role assignment.
-
-- Required: No
-- Type: string
-
-### Parameter: `roleAssignments.principalId`
-
-Required. The principal ID of the principal (user/group/identity) to assign the role to.
-
-- Required: Yes
-- Type: string
-
-### Parameter: `roleAssignments.principalType`
-
-Optional. The principal type of the assigned principal ID.
-
-- Required: No
-- Type: string
-- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]`
-
-### Parameter: `roleAssignments.roleDefinitionIdOrName`
-
-Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.
-
-- Required: Yes
-- Type: string
-
-### Parameter: `scheduleTriggerConfig`
-
-Required if TriggerType is Schedule. Configuration of a schedule based job.
-- Required: No
-- Type: object
-- Default: `{object}`
-
-### Parameter: `secrets`
-
-The secrets of the Container App.
-- Required: No
-- Type: secureObject
-- Default: `{object}`
-
-### Parameter: `systemAssignedIdentity`
-
-Enables system assigned managed identity on the resource.
-- Required: No
-- Type: bool
-- Default: `False`
-
-### Parameter: `tags`
-
-Tags of the resource.
-- Required: No
-- Type: object
-- Default: `{object}`
-
-### Parameter: `triggerType`
-
-Trigger type of the job.
-- Required: Yes
-- Type: string
-- Allowed: `[Event, Manual, Schedule]`
-
-### Parameter: `userAssignedIdentities`
-
-The set of user assigned identities associated with the resource, the userAssignedIdentities dictionary keys will be ARM resource IDs and The dictionary values can be empty objects ({}) in requests.
-- Required: No
-- Type: object
-- Default: `{object}`
-
-### Parameter: `volumes`
-
-List of volume definitions for the Container App.
-- Required: No
-- Type: array
-- Default: `[]`
-
-### Parameter: `workloadProfileName`
-
-The name of the workload profile to use.
-- Required: No
-- Type: string
-- Default: `'Default'`
-
-
-## Outputs
-
-| Output | Type | Description |
-| :-- | :-- | :-- |
-| `location` | string | The location the resource was deployed into. |
-| `name` | string | The name of the Container App Job. |
-| `resourceGroupName` | string | The name of the resource group the Container App Job was deployed into. |
-| `resourceId` | string | The resource ID of the Container App Job. |
-
-## Cross-referenced modules
-
-_None_
+# Container App Jobs `[Microsoft.App/jobs]`
+
+This module deploys a Container App Job.
+
+## Navigation
+
+- [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
+- [Parameters](#Parameters)
+- [Outputs](#Outputs)
+- [Cross-referenced modules](#Cross-referenced-modules)
+
+## Resource Types
+
+| Resource Type | API Version |
+| :-- | :-- |
+| `Microsoft.App/jobs` | [2023-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.App/2023-05-01/jobs) |
+| `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) |
+| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) |
+
+## Usage examples
+
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
+
+>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
+
+>**Note**: To reference the module, please use the following syntax `br:bicep/modules/app.job:1.0.0`.
+
+- [Using large parameter set](#example-1-using-large-parameter-set)
+- [Using only defaults](#example-2-using-only-defaults)
+
+### Example 1: _Using large parameter set_
+
+This instance deploys the module with most of its features enabled.
+
+
+<details>
+
+<summary>via Bicep module</summary>
+
+```bicep
+module job 'br:bicep/modules/app.job:1.0.0' = {
+  name: '${uniqueString(deployment().name, location)}-test-mcappcom'
+  params: {
+    // Required parameters
+    containers: [
+      {
+        image: 'mcr.microsoft.com/azuredocs/containerapps-helloworld:latest'
+        name: 'simple-hello-world-container'
+        probes: [
+          {
+            httpGet: {
+              httpHeaders: [
+                {
+                  name: 'Custom-Header'
+                  value: 'Awesome'
+                }
+              ]
+              path: '/health'
+              port: 8080
+            }
+            initialDelaySeconds: 3
+            periodSeconds: 3
+            type: 'Liveness'
+          }
+        ]
+        resources: {
+          cpu: '<cpu>'
+          memory: '0.5Gi'
+        }
+      }
+    ]
+    environmentId: '<environmentId>'
+    name: 'mcappcom001'
+    triggerType: 'Manual'
+    // Non-required parameters
+    enableDefaultTelemetry: '<enableDefaultTelemetry>'
+    location: '<location>'
+    lock: {
+      kind: 'CanNotDelete'
+      name: 'myCustomLockName'
+    }
+    manualTriggerConfig: {
+      parallelism: 1
+      replicaCompletionCount: 1
+    }
+    secrets: {
+      secureList: [
+        {
+          name: 'customtest'
+          value: '<value>'
+        }
+      ]
+    }
+    tags: {
+      Env: 'test'
+      'hidden-title': 'This is visible in the resource name'
+    }
+    userAssignedIdentities: {
+      '<managedIdentityResourceId>': {}
+    }
+  }
+}
+```
+
+</details>
+<p>
+
+<details>
+
+<summary>via JSON Parameter file</summary>
+
+```json
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    // Required parameters
+    "containers": {
+      "value": [
+        {
+          "image": "mcr.microsoft.com/azuredocs/containerapps-helloworld:latest",
+          "name": "simple-hello-world-container",
+          "probes": [
+            {
+              "httpGet": {
+                "httpHeaders": [
+                  {
+                    "name": "Custom-Header",
+                    "value": "Awesome"
+                  }
+                ],
+                "path": "/health",
+                "port": 8080
+              },
+              "initialDelaySeconds": 3,
+              "periodSeconds": 3,
+              "type": "Liveness"
+            }
+          ],
+          "resources": {
+            "cpu": "<cpu>",
+            "memory": "0.5Gi"
+          }
+        }
+      ]
+    },
+    "environmentId": {
+      "value": "<environmentId>"
+    },
+    "name": {
+      "value": "mcappcom001"
+    },
+    "triggerType": {
+      "value": "Manual"
+    },
+    // Non-required parameters
+    "enableDefaultTelemetry": {
+      "value": "<enableDefaultTelemetry>"
+    },
+    "location": {
+      "value": "<location>"
+    },
+    "lock": {
+      "value": {
+        "kind": "CanNotDelete",
+        "name": "myCustomLockName"
+      }
+    },
+    "manualTriggerConfig": {
+      "value": {
+        "parallelism": 1,
+        "replicaCompletionCount": 1
+      }
+    },
+    "secrets": {
+      "value": {
+        "secureList": [
+          {
+            "name": "customtest",
+            "value": "<value>"
+          }
+        ]
+      }
+    },
+    "tags": {
+      "value": {
+        "Env": "test",
+        "hidden-title": "This is visible in the resource name"
+      }
+    },
+    "userAssignedIdentities": {
+      "value": {
+        "<managedIdentityResourceId>": {}
+      }
+    }
+  }
+}
+```
+
+</details>
+<p>
+
+### Example 2: _Using only defaults_
+
+This instance deploys the module with the minimum set of required parameters.
+
+
+<details>
+
+<summary>via Bicep module</summary>
+
+```bicep
+module job 'br:bicep/modules/app.job:1.0.0' = {
+  name: '${uniqueString(deployment().name, location)}-test-mcappmin'
+  params: {
+    // Required parameters
+    containers: [
+      {
+        image: 'mcr.microsoft.com/azuredocs/containerapps-helloworld:latest'
+        name: 'simple-hello-world-container'
+        resources: {
+          cpu: '<cpu>'
+          memory: '0.5Gi'
+        }
+      }
+    ]
+    environmentId: '<environmentId>'
+    name: 'mcappmin001'
+    triggerType: 'Manual'
+    // Non-required parameters
+    enableDefaultTelemetry: '<enableDefaultTelemetry>'
+    location: '<location>'
+    manualTriggerConfig: {
+      parallelism: 1
+      replicaCompletionCount: 1
+    }
+    tags: {
+      Env: 'test'
+      'hidden-title': 'This is visible in the resource name'
+    }
+  }
+}
+```
+
+</details>
+<p>
+
+<details>
+
+<summary>via JSON Parameter file</summary>
+
+```json
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    // Required parameters
+    "containers": {
+      "value": [
+        {
+          "image": "mcr.microsoft.com/azuredocs/containerapps-helloworld:latest",
+          "name": "simple-hello-world-container",
+          "resources": {
+            "cpu": "<cpu>",
+            "memory": "0.5Gi"
+          }
+        }
+      ]
+    },
+    "environmentId": {
+      "value": "<environmentId>"
+    },
+    "name": {
+      "value": "mcappmin001"
+    },
+    "triggerType": {
+      "value": "Manual"
+    },
+    // Non-required parameters
+    "enableDefaultTelemetry": {
+      "value": "<enableDefaultTelemetry>"
+    },
+    "location": {
+      "value": "<location>"
+    },
+    "manualTriggerConfig": {
+      "value": {
+        "parallelism": 1,
+        "replicaCompletionCount": 1
+      }
+    },
+    "tags": {
+      "value": {
+        "Env": "test",
+        "hidden-title": "This is visible in the resource name"
+      }
+    }
+  }
+}
+```
+
+</details>
+<p>
+
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`containers`](#parameter-containers) | array | List of container definitions for the Container App. |
+| [`environmentId`](#parameter-environmentid) | string | Resource ID of environment. |
+| [`name`](#parameter-name) | string | Name of the Container App. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`eventTriggerConfig`](#parameter-eventtriggerconfig) | object | Required if TriggerType is Event. Configuration of an event driven job. |
+| [`initContainersTemplate`](#parameter-initcontainerstemplate) | array | List of specialized containers that run before app containers. |
+| [`location`](#parameter-location) | string | Location for all Resources. |
+| [`lock`](#parameter-lock) | object | The lock settings of the service. |
+| [`manualTriggerConfig`](#parameter-manualtriggerconfig) | object | Required if TriggerType is Manual. Configuration of a manual job. |
+| [`registries`](#parameter-registries) | array | Collection of private container registry credentials for containers used by the Container app. |
+| [`replicaRetryLimit`](#parameter-replicaretrylimit) | int | The maximum number of times a replica can be retried. |
+| [`replicaTimeout`](#parameter-replicatimeout) | int | Maximum number of seconds a replica is allowed to run. |
+| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute. |
+| [`scheduleTriggerConfig`](#parameter-scheduletriggerconfig) | object | Required if TriggerType is Schedule. Configuration of a schedule based job. |
+| [`secrets`](#parameter-secrets) | secureObject | The secrets of the Container App. |
+| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. |
+| [`tags`](#parameter-tags) | object | Tags of the resource. |
+| [`triggerType`](#parameter-triggertype) | string | Trigger type of the job. |
+| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The set of user assigned identities associated with the resource, the userAssignedIdentities dictionary keys will be ARM resource IDs and The dictionary values can be empty objects ({}) in requests. |
+| [`volumes`](#parameter-volumes) | array | List of volume definitions for the Container App. |
+| [`workloadProfileName`](#parameter-workloadprofilename) | string | The name of the workload profile to use. |
+
+### Parameter: `containers`
+
+List of container definitions for the Container App.
+- Required: Yes
+- Type: array
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `environmentId`
+
+Resource ID of environment.
+- Required: Yes
+- Type: string
+
+### Parameter: `eventTriggerConfig`
+
+Required if TriggerType is Event. Configuration of an event driven job.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `initContainersTemplate`
+
+List of specialized containers that run before app containers.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `location`
+
+Location for all Resources.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `lock`
+
+The lock settings of the service.
+- Required: No
+- Type: object
+
+
+| Name | Required | Type | Description |
+| :-- | :-- | :--| :-- |
+| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. |
+| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. |
+
+### Parameter: `lock.kind`
+
+Optional. Specify the type of lock.
+
+- Required: No
+- Type: string
+- Allowed: `[CanNotDelete, None, ReadOnly]`
+
+### Parameter: `lock.name`
+
+Optional. Specify the name of lock.
+
+- Required: No
+- Type: string
+
+### Parameter: `manualTriggerConfig`
+
+Required if TriggerType is Manual. Configuration of a manual job.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `name`
+
+Name of the Container App.
+- Required: Yes
+- Type: string
+
+### Parameter: `registries`
+
+Collection of private container registry credentials for containers used by the Container app.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `replicaRetryLimit`
+
+The maximum number of times a replica can be retried.
+- Required: No
+- Type: int
+- Default: `0`
+
+### Parameter: `replicaTimeout`
+
+Maximum number of seconds a replica is allowed to run.
+- Required: No
+- Type: int
+- Default: `1800`
+
+### Parameter: `roleAssignments`
+
+Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute.
+- Required: No
+- Type: array
+
+
+| Name | Required | Type | Description |
+| :-- | :-- | :--| :-- |
+| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" |
+| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. |
+| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. |
+| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. |
+| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. |
+| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. |
+| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. |
+
+### Parameter: `roleAssignments.condition`
+
+Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"
+
+- Required: No
+- Type: string
+
+### Parameter: `roleAssignments.conditionVersion`
+
+Optional. Version of the condition.
+
+- Required: No
+- Type: string
+- Allowed: `[2.0]`
+
+### Parameter: `roleAssignments.delegatedManagedIdentityResourceId`
+
+Optional. The Resource Id of the delegated managed identity resource.
+
+- Required: No
+- Type: string
+
+### Parameter: `roleAssignments.description`
+
+Optional. The description of the role assignment.
+
+- Required: No
+- Type: string
+
+### Parameter: `roleAssignments.principalId`
+
+Required. The principal ID of the principal (user/group/identity) to assign the role to.
+
+- Required: Yes
+- Type: string
+
+### Parameter: `roleAssignments.principalType`
+
+Optional. The principal type of the assigned principal ID.
+
+- Required: No
+- Type: string
+- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]`
+
+### Parameter: `roleAssignments.roleDefinitionIdOrName`
+
+Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.
+
+- Required: Yes
+- Type: string
+
+### Parameter: `scheduleTriggerConfig`
+
+Required if TriggerType is Schedule. Configuration of a schedule based job.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `secrets`
+
+The secrets of the Container App.
+- Required: No
+- Type: secureObject
+- Default: `{object}`
+
+### Parameter: `systemAssignedIdentity`
+
+Enables system assigned managed identity on the resource.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `tags`
+
+Tags of the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `triggerType`
+
+Trigger type of the job.
+- Required: Yes
+- Type: string
+- Allowed: `[Event, Manual, Schedule]`
+
+### Parameter: `userAssignedIdentities`
+
+The set of user assigned identities associated with the resource, the userAssignedIdentities dictionary keys will be ARM resource IDs and The dictionary values can be empty objects ({}) in requests.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `volumes`
+
+List of volume definitions for the Container App.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `workloadProfileName`
+
+The name of the workload profile to use.
+- Required: No
+- Type: string
+- Default: `'Default'`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The name of the Container App Job. |
+| `resourceGroupName` | string | The name of the resource group the Container App Job was deployed into. |
+| `resourceId` | string | The resource ID of the Container App Job. |
+
+## Cross-referenced modules
+
+_None_

From 1276053284bd8110bcaaef174a06dd81ad30f771 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robin=20M=C3=BCller?= <robin.mueller@microsoft.com>
Date: Thu, 26 Oct 2023 17:29:16 +0200
Subject: [PATCH 11/21] trigger validation

---
 .github/workflows/ms.app.jobs.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/ms.app.jobs.yml b/.github/workflows/ms.app.jobs.yml
index cc08740813..35ea520434 100644
--- a/.github/workflows/ms.app.jobs.yml
+++ b/.github/workflows/ms.app.jobs.yml
@@ -27,6 +27,7 @@ on:
     branches:
       - main
       - feature/new-module-container-app-jobs
+      - dummy
     paths:
       - '.github/actions/templates/**'
       - '.github/workflows/template.module.yml'

From 4109af21f15fa874cc2985416a09094d5b97b50c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robin=20M=C3=BCller?= <robin.mueller@microsoft.com>
Date: Thu, 26 Oct 2023 17:59:29 +0200
Subject: [PATCH 12/21] fix workload profile

---
 modules/app/job/README.md  | 2 +-
 modules/app/job/main.bicep | 2 +-
 modules/app/job/main.json  | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/modules/app/job/README.md b/modules/app/job/README.md
index 87ac9fa7d1..cfd4da27a3 100644
--- a/modules/app/job/README.md
+++ b/modules/app/job/README.md
@@ -560,7 +560,7 @@ List of volume definitions for the Container App.
 The name of the workload profile to use.
 - Required: No
 - Type: string
-- Default: `'Default'`
+- Default: `'Consumption'`
 
 
 ## Outputs
diff --git a/modules/app/job/main.bicep b/modules/app/job/main.bicep
index dfedb1a0c3..29c6b01df5 100644
--- a/modules/app/job/main.bicep
+++ b/modules/app/job/main.bicep
@@ -51,7 +51,7 @@ param manualTriggerConfig object = {}
 param replicaRetryLimit int = 0
 
 @description('Optional. The name of the workload profile to use.')
-param workloadProfileName string = 'Default'
+param workloadProfileName string = 'Consumption'
 
 @description('Optional. The secrets of the Container App.')
 @secure()
diff --git a/modules/app/job/main.json b/modules/app/job/main.json
index 768390f060..f577406d86 100644
--- a/modules/app/job/main.json
+++ b/modules/app/job/main.json
@@ -6,7 +6,7 @@
     "_generator": {
       "name": "bicep",
       "version": "0.22.6.54827",
-      "templateHash": "17871914311057597575"
+      "templateHash": "546025291925907408"
     },
     "name": "Container App Jobs",
     "description": "This module deploys a Container App Job.",
@@ -215,7 +215,7 @@
     },
     "workloadProfileName": {
       "type": "string",
-      "defaultValue": "Default",
+      "defaultValue": "Consumption",
       "metadata": {
         "description": "Optional. The name of the workload profile to use."
       }

From bb7f683fb61c04cb88c1a11243b30afba1b5b158 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robin=20M=C3=BCller?= <robin.mueller@microsoft.com>
Date: Fri, 27 Oct 2023 09:48:27 +0200
Subject: [PATCH 13/21] add workload profile test

---
 modules/app/job/.test/common/dependencies.bicep | 17 +++++++++++++----
 modules/app/job/.test/common/main.test.bicep    |  4 +++-
 modules/app/job/.test/min/dependencies.bicep    | 12 ++++++++----
 modules/app/job/.test/min/main.test.bicep       |  2 +-
 4 files changed, 25 insertions(+), 10 deletions(-)

diff --git a/modules/app/job/.test/common/dependencies.bicep b/modules/app/job/.test/common/dependencies.bicep
index a6700c9d60..5aa65e7275 100644
--- a/modules/app/job/.test/common/dependencies.bicep
+++ b/modules/app/job/.test/common/dependencies.bicep
@@ -7,13 +7,22 @@ param managedEnvironmentName string
 @description('Required. The name of the managed identity to create.')
 param managedIdentityName string
 
-resource managedEnvironment 'Microsoft.App/managedEnvironments@2022-10-01' = {
+@description('Required. The name of the workload profile to create.')
+param workloadProfileName string
+
+resource managedEnvironment 'Microsoft.App/managedEnvironments@2023-05-01' = {
   name: managedEnvironmentName
   location: location
-  sku: {
-    name: 'Consumption'
+  properties: {
+    workloadProfiles: [
+      {
+        name: workloadProfileName
+        workloadProfileType: 'D4'
+        maximumCount: 1
+        minimumCount: 1
+      }
+    ]
   }
-  properties: {}
 }
 
 resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2022-01-31-preview' = {
diff --git a/modules/app/job/.test/common/main.test.bicep b/modules/app/job/.test/common/main.test.bicep
index 7ae6c974a3..b76af64427 100644
--- a/modules/app/job/.test/common/main.test.bicep
+++ b/modules/app/job/.test/common/main.test.bicep
@@ -15,7 +15,7 @@ param resourceGroupName string = 'dep-${namePrefix}-app.containerApps-${serviceS
 param location string = deployment().location
 
 @description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.')
-param serviceShort string = 'mcappcom'
+param serviceShort string = 'mcappjobcom'
 
 @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
 param enableDefaultTelemetry bool = true
@@ -41,6 +41,7 @@ module nestedDependencies 'dependencies.bicep' = {
     location: location
     managedEnvironmentName: 'dep-${namePrefix}-menv-${serviceShort}'
     managedIdentityName: 'dep-${namePrefix}-msi-${serviceShort}'
+    workloadProfileName: 'dep-${namePrefix}-wlp-${serviceShort}'
   }
 }
 
@@ -59,6 +60,7 @@ module testDeployment '../../main.bicep' = {
     }
     enableDefaultTelemetry: enableDefaultTelemetry
     environmentId: nestedDependencies.outputs.managedEnvironmentResourceId
+    workloadProfileName: 'dep-${namePrefix}-wlp-${serviceShort}'
     location: location
     lock: {
       kind: 'CanNotDelete'
diff --git a/modules/app/job/.test/min/dependencies.bicep b/modules/app/job/.test/min/dependencies.bicep
index edf4adee4b..bb2af3d0f8 100644
--- a/modules/app/job/.test/min/dependencies.bicep
+++ b/modules/app/job/.test/min/dependencies.bicep
@@ -4,13 +4,17 @@ param location string = resourceGroup().location
 @description('Required. The name of the Managed Environment to create.')
 param managedEnvironmentName string
 
-resource managedEnvironment 'Microsoft.App/managedEnvironments@2022-10-01' = {
+resource managedEnvironment 'Microsoft.App/managedEnvironments@2023-05-01' = {
   name: managedEnvironmentName
   location: location
-  sku: {
-    name: 'Consumption'
+  properties: {
+    workloadProfiles: [
+      {
+        workloadProfileType: 'Consumption'
+        name: 'Consumption'
+      }
+    ]
   }
-  properties: {}
 }
 
 @description('The resource ID of the created Managed Environment.')
diff --git a/modules/app/job/.test/min/main.test.bicep b/modules/app/job/.test/min/main.test.bicep
index 295f2aa9b7..5e9751034a 100644
--- a/modules/app/job/.test/min/main.test.bicep
+++ b/modules/app/job/.test/min/main.test.bicep
@@ -15,7 +15,7 @@ param resourceGroupName string = 'dep-${namePrefix}-app.containerApps-${serviceS
 param location string = deployment().location
 
 @description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.')
-param serviceShort string = 'mcappmin'
+param serviceShort string = 'mcappjobmin'
 
 @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
 param enableDefaultTelemetry bool = true

From d5cfe9711fa7bb4dfb42c6bf1d8670f5867d2a9b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robin=20M=C3=BCller?= <robin.mueller@microsoft.com>
Date: Fri, 27 Oct 2023 09:57:52 +0200
Subject: [PATCH 14/21] update readme

---
 .github/workflows/ms.app.jobs.yml |  1 -
 modules/app/job/README.md         | 16 ++++++++++------
 2 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/ms.app.jobs.yml b/.github/workflows/ms.app.jobs.yml
index 35ea520434..cc08740813 100644
--- a/.github/workflows/ms.app.jobs.yml
+++ b/.github/workflows/ms.app.jobs.yml
@@ -27,7 +27,6 @@ on:
     branches:
       - main
       - feature/new-module-container-app-jobs
-      - dummy
     paths:
       - '.github/actions/templates/**'
       - '.github/workflows/template.module.yml'
diff --git a/modules/app/job/README.md b/modules/app/job/README.md
index cfd4da27a3..d977d1e7ed 100644
--- a/modules/app/job/README.md
+++ b/modules/app/job/README.md
@@ -40,7 +40,7 @@ This instance deploys the module with most of its features enabled.
 
 ```bicep
 module job 'br:bicep/modules/app.job:1.0.0' = {
-  name: '${uniqueString(deployment().name, location)}-test-mcappcom'
+  name: '${uniqueString(deployment().name, location)}-test-mcappjobcom'
   params: {
     // Required parameters
     containers: [
@@ -71,7 +71,7 @@ module job 'br:bicep/modules/app.job:1.0.0' = {
       }
     ]
     environmentId: '<environmentId>'
-    name: 'mcappcom001'
+    name: 'mcappjobcom001'
     triggerType: 'Manual'
     // Non-required parameters
     enableDefaultTelemetry: '<enableDefaultTelemetry>'
@@ -99,6 +99,7 @@ module job 'br:bicep/modules/app.job:1.0.0' = {
     userAssignedIdentities: {
       '<managedIdentityResourceId>': {}
     }
+    workloadProfileName: 'dep-wlp-mcappjobcom'
   }
 }
 ```
@@ -149,7 +150,7 @@ module job 'br:bicep/modules/app.job:1.0.0' = {
       "value": "<environmentId>"
     },
     "name": {
-      "value": "mcappcom001"
+      "value": "mcappjobcom001"
     },
     "triggerType": {
       "value": "Manual"
@@ -193,6 +194,9 @@ module job 'br:bicep/modules/app.job:1.0.0' = {
       "value": {
         "<managedIdentityResourceId>": {}
       }
+    },
+    "workloadProfileName": {
+      "value": "dep-wlp-mcappjobcom"
     }
   }
 }
@@ -212,7 +216,7 @@ This instance deploys the module with the minimum set of required parameters.
 
 ```bicep
 module job 'br:bicep/modules/app.job:1.0.0' = {
-  name: '${uniqueString(deployment().name, location)}-test-mcappmin'
+  name: '${uniqueString(deployment().name, location)}-test-mcappjobmin'
   params: {
     // Required parameters
     containers: [
@@ -226,7 +230,7 @@ module job 'br:bicep/modules/app.job:1.0.0' = {
       }
     ]
     environmentId: '<environmentId>'
-    name: 'mcappmin001'
+    name: 'mcappjobmin001'
     triggerType: 'Manual'
     // Non-required parameters
     enableDefaultTelemetry: '<enableDefaultTelemetry>'
@@ -272,7 +276,7 @@ module job 'br:bicep/modules/app.job:1.0.0' = {
       "value": "<environmentId>"
     },
     "name": {
-      "value": "mcappmin001"
+      "value": "mcappjobmin001"
     },
     "triggerType": {
       "value": "Manual"

From 7fff660d1170f346542071eb1f6070dd8def11f1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robin=20M=C3=BCller?= <robin.mueller@microsoft.com>
Date: Fri, 27 Oct 2023 10:19:30 +0200
Subject: [PATCH 15/21] reduce test serviceShort

---
 modules/app/job/.test/common/main.test.bicep |  2 +-
 modules/app/job/.test/min/main.test.bicep    |  2 +-
 modules/app/job/README.md                    | 16 ++++++++--------
 3 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/modules/app/job/.test/common/main.test.bicep b/modules/app/job/.test/common/main.test.bicep
index b76af64427..da96c07992 100644
--- a/modules/app/job/.test/common/main.test.bicep
+++ b/modules/app/job/.test/common/main.test.bicep
@@ -15,7 +15,7 @@ param resourceGroupName string = 'dep-${namePrefix}-app.containerApps-${serviceS
 param location string = deployment().location
 
 @description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.')
-param serviceShort string = 'mcappjobcom'
+param serviceShort string = 'mcajcom'
 
 @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
 param enableDefaultTelemetry bool = true
diff --git a/modules/app/job/.test/min/main.test.bicep b/modules/app/job/.test/min/main.test.bicep
index 5e9751034a..4399053c5b 100644
--- a/modules/app/job/.test/min/main.test.bicep
+++ b/modules/app/job/.test/min/main.test.bicep
@@ -15,7 +15,7 @@ param resourceGroupName string = 'dep-${namePrefix}-app.containerApps-${serviceS
 param location string = deployment().location
 
 @description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.')
-param serviceShort string = 'mcappjobmin'
+param serviceShort string = 'mcajmin'
 
 @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
 param enableDefaultTelemetry bool = true
diff --git a/modules/app/job/README.md b/modules/app/job/README.md
index d977d1e7ed..72a5207124 100644
--- a/modules/app/job/README.md
+++ b/modules/app/job/README.md
@@ -40,7 +40,7 @@ This instance deploys the module with most of its features enabled.
 
 ```bicep
 module job 'br:bicep/modules/app.job:1.0.0' = {
-  name: '${uniqueString(deployment().name, location)}-test-mcappjobcom'
+  name: '${uniqueString(deployment().name, location)}-test-mcajcom'
   params: {
     // Required parameters
     containers: [
@@ -71,7 +71,7 @@ module job 'br:bicep/modules/app.job:1.0.0' = {
       }
     ]
     environmentId: '<environmentId>'
-    name: 'mcappjobcom001'
+    name: 'mcajcom001'
     triggerType: 'Manual'
     // Non-required parameters
     enableDefaultTelemetry: '<enableDefaultTelemetry>'
@@ -99,7 +99,7 @@ module job 'br:bicep/modules/app.job:1.0.0' = {
     userAssignedIdentities: {
       '<managedIdentityResourceId>': {}
     }
-    workloadProfileName: 'dep-wlp-mcappjobcom'
+    workloadProfileName: 'dep-wlp-mcajcom'
   }
 }
 ```
@@ -150,7 +150,7 @@ module job 'br:bicep/modules/app.job:1.0.0' = {
       "value": "<environmentId>"
     },
     "name": {
-      "value": "mcappjobcom001"
+      "value": "mcajcom001"
     },
     "triggerType": {
       "value": "Manual"
@@ -196,7 +196,7 @@ module job 'br:bicep/modules/app.job:1.0.0' = {
       }
     },
     "workloadProfileName": {
-      "value": "dep-wlp-mcappjobcom"
+      "value": "dep-wlp-mcajcom"
     }
   }
 }
@@ -216,7 +216,7 @@ This instance deploys the module with the minimum set of required parameters.
 
 ```bicep
 module job 'br:bicep/modules/app.job:1.0.0' = {
-  name: '${uniqueString(deployment().name, location)}-test-mcappjobmin'
+  name: '${uniqueString(deployment().name, location)}-test-mcajmin'
   params: {
     // Required parameters
     containers: [
@@ -230,7 +230,7 @@ module job 'br:bicep/modules/app.job:1.0.0' = {
       }
     ]
     environmentId: '<environmentId>'
-    name: 'mcappjobmin001'
+    name: 'mcajmin001'
     triggerType: 'Manual'
     // Non-required parameters
     enableDefaultTelemetry: '<enableDefaultTelemetry>'
@@ -276,7 +276,7 @@ module job 'br:bicep/modules/app.job:1.0.0' = {
       "value": "<environmentId>"
     },
     "name": {
-      "value": "mcappjobmin001"
+      "value": "mcajmin001"
     },
     "triggerType": {
       "value": "Manual"

From 18a79b2dd3db8bc004915e89c9b3a13baaff085e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robin=20M=C3=BCller?= <robin.mueller@microsoft.com>
Date: Fri, 27 Oct 2023 11:38:28 +0200
Subject: [PATCH 16/21] fix test

---
 modules/app/job/.test/common/main.test.bicep | 2 +-
 modules/app/job/README.md                    | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/modules/app/job/.test/common/main.test.bicep b/modules/app/job/.test/common/main.test.bicep
index da96c07992..82867dd9f7 100644
--- a/modules/app/job/.test/common/main.test.bicep
+++ b/modules/app/job/.test/common/main.test.bicep
@@ -60,7 +60,7 @@ module testDeployment '../../main.bicep' = {
     }
     enableDefaultTelemetry: enableDefaultTelemetry
     environmentId: nestedDependencies.outputs.managedEnvironmentResourceId
-    workloadProfileName: 'dep-${namePrefix}-wlp-${serviceShort}'
+    workloadProfileName: serviceShort
     location: location
     lock: {
       kind: 'CanNotDelete'
diff --git a/modules/app/job/README.md b/modules/app/job/README.md
index 72a5207124..741b798ea9 100644
--- a/modules/app/job/README.md
+++ b/modules/app/job/README.md
@@ -99,7 +99,7 @@ module job 'br:bicep/modules/app.job:1.0.0' = {
     userAssignedIdentities: {
       '<managedIdentityResourceId>': {}
     }
-    workloadProfileName: 'dep-wlp-mcajcom'
+    workloadProfileName: '<workloadProfileName>'
   }
 }
 ```
@@ -196,7 +196,7 @@ module job 'br:bicep/modules/app.job:1.0.0' = {
       }
     },
     "workloadProfileName": {
-      "value": "dep-wlp-mcajcom"
+      "value": "<workloadProfileName>"
     }
   }
 }

From 0357c801d3b9c547b0394d71a6c9941bc572aa34 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robin=20M=C3=BCller?= <robin.mueller@microsoft.com>
Date: Fri, 27 Oct 2023 11:47:19 +0200
Subject: [PATCH 17/21] fix dependency

---
 modules/app/job/.test/common/main.test.bicep | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/app/job/.test/common/main.test.bicep b/modules/app/job/.test/common/main.test.bicep
index 82867dd9f7..8fcdda7f0d 100644
--- a/modules/app/job/.test/common/main.test.bicep
+++ b/modules/app/job/.test/common/main.test.bicep
@@ -41,7 +41,7 @@ module nestedDependencies 'dependencies.bicep' = {
     location: location
     managedEnvironmentName: 'dep-${namePrefix}-menv-${serviceShort}'
     managedIdentityName: 'dep-${namePrefix}-msi-${serviceShort}'
-    workloadProfileName: 'dep-${namePrefix}-wlp-${serviceShort}'
+    workloadProfileName: serviceShort
   }
 }
 

From 436b94fdc80543ac3515e94b99d87981a1bf9e5b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robin=20M=C3=BCller?= <robin.mueller@microsoft.com>
Date: Fri, 27 Oct 2023 15:23:39 +0200
Subject: [PATCH 18/21] Prepare PR

---
 .github/workflows/ms.app.jobs.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/ms.app.jobs.yml b/.github/workflows/ms.app.jobs.yml
index cc08740813..bde1eff318 100644
--- a/.github/workflows/ms.app.jobs.yml
+++ b/.github/workflows/ms.app.jobs.yml
@@ -26,7 +26,6 @@ on:
   push:
     branches:
       - main
-      - feature/new-module-container-app-jobs
     paths:
       - '.github/actions/templates/**'
       - '.github/workflows/template.module.yml'

From 11a135cebbc4e8b67cecf7110adcf3f34763d805 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robin=20M=C3=BCller?= <robin.mueller@microsoft.com>
Date: Fri, 27 Oct 2023 17:34:44 +0200
Subject: [PATCH 19/21] Fix spelling of ID

---
 modules/app/job/README.md  | 4 ++--
 modules/app/job/main.bicep | 2 +-
 modules/app/job/main.json  | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/modules/app/job/README.md b/modules/app/job/README.md
index 741b798ea9..5fe6f6fd29 100644
--- a/modules/app/job/README.md
+++ b/modules/app/job/README.md
@@ -453,7 +453,7 @@ Array of role assignment objects that contain the 'roleDefinitionIdOrName' and '
 | :-- | :-- | :--| :-- |
 | [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" |
 | [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. |
-| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. |
+| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource ID of the delegated managed identity resource. |
 | [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. |
 | [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. |
 | [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. |
@@ -476,7 +476,7 @@ Optional. Version of the condition.
 
 ### Parameter: `roleAssignments.delegatedManagedIdentityResourceId`
 
-Optional. The Resource Id of the delegated managed identity resource.
+Optional. The Resource ID of the delegated managed identity resource.
 
 - Required: No
 - Type: string
diff --git a/modules/app/job/main.bicep b/modules/app/job/main.bicep
index 29c6b01df5..b4a42d86b4 100644
--- a/modules/app/job/main.bicep
+++ b/modules/app/job/main.bicep
@@ -193,6 +193,6 @@ type roleAssignmentType = {
   @description('Optional. Version of the condition.')
   conditionVersion: '2.0'?
 
-  @description('Optional. The Resource Id of the delegated managed identity resource.')
+  @description('Optional. The Resource ID of the delegated managed identity resource.')
   delegatedManagedIdentityResourceId: string?
 }[]?
diff --git a/modules/app/job/main.json b/modules/app/job/main.json
index f577406d86..9eff093ef9 100644
--- a/modules/app/job/main.json
+++ b/modules/app/job/main.json
@@ -97,7 +97,7 @@
             "type": "string",
             "nullable": true,
             "metadata": {
-              "description": "Optional. The Resource Id of the delegated managed identity resource."
+              "description": "Optional. The Resource ID of the delegated managed identity resource."
             }
           }
         }

From 4ad455be9cf685bb64569ea9fa21c80c0bbca301 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robin=20M=C3=BCller?= <robin.mueller@microsoft.com>
Date: Mon, 30 Oct 2023 08:41:31 +0100
Subject: [PATCH 20/21] Resolved review topics

---
 modules/app/job/.test/common/dependencies.bicep |  3 +++
 modules/app/job/.test/common/main.test.bicep    | 11 +++++++++--
 modules/app/job/.test/min/main.test.bicep       |  4 ++--
 3 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/modules/app/job/.test/common/dependencies.bicep b/modules/app/job/.test/common/dependencies.bicep
index 5aa65e7275..b03d4aca93 100644
--- a/modules/app/job/.test/common/dependencies.bicep
+++ b/modules/app/job/.test/common/dependencies.bicep
@@ -35,3 +35,6 @@ output managedIdentityResourceId string = managedIdentity.id
 
 @description('The resource ID of the created Managed Environment.')
 output managedEnvironmentResourceId string = managedEnvironment.id
+
+@description('The principal ID of the created Managed Identity.')
+output managedIdentityPrincipalId string = managedIdentity.properties.principalId
diff --git a/modules/app/job/.test/common/main.test.bicep b/modules/app/job/.test/common/main.test.bicep
index 8fcdda7f0d..f9ce10d459 100644
--- a/modules/app/job/.test/common/main.test.bicep
+++ b/modules/app/job/.test/common/main.test.bicep
@@ -9,13 +9,13 @@ metadata description = 'This instance deploys the module with most of its featur
 
 @description('Optional. The name of the resource group to deploy for testing purposes.')
 @maxLength(90)
-param resourceGroupName string = 'dep-${namePrefix}-app.containerApps-${serviceShort}-rg'
+param resourceGroupName string = 'dep-${namePrefix}-app.job-${serviceShort}-rg'
 
 @description('Optional. The location to deploy resources to.')
 param location string = deployment().location
 
 @description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.')
-param serviceShort string = 'mcajcom'
+param serviceShort string = 'ajcom'
 
 @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
 param enableDefaultTelemetry bool = true
@@ -110,5 +110,12 @@ module testDeployment '../../main.bicep' = {
         ]
       }
     ]
+    roleAssignments: [
+      {
+        principalId: nestedDependencies.outputs.managedIdentityResourceId
+        roleDefinitionIdOrName: 'ContainerApp Reader'
+        principalType: 'ServicePrincipal'
+      }
+    ]
   }
 }
diff --git a/modules/app/job/.test/min/main.test.bicep b/modules/app/job/.test/min/main.test.bicep
index 4399053c5b..b1e06bbb23 100644
--- a/modules/app/job/.test/min/main.test.bicep
+++ b/modules/app/job/.test/min/main.test.bicep
@@ -9,13 +9,13 @@ metadata description = 'This instance deploys the module with the minimum set of
 
 @description('Optional. The name of the resource group to deploy for testing purposes.')
 @maxLength(90)
-param resourceGroupName string = 'dep-${namePrefix}-app.containerApps-${serviceShort}-rg'
+param resourceGroupName string = 'dep-${namePrefix}-app.job-${serviceShort}-rg'
 
 @description('Optional. The location to deploy resources to.')
 param location string = deployment().location
 
 @description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.')
-param serviceShort string = 'mcajmin'
+param serviceShort string = 'ajmin'
 
 @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
 param enableDefaultTelemetry bool = true

From fece3e26acd17fda8ed98cd04ea787e3c4160ca4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robin=20M=C3=BCller?= <robin.mueller@microsoft.com>
Date: Mon, 30 Oct 2023 11:04:16 +0100
Subject: [PATCH 21/21] added new managed identities method

---
 modules/app/job/.test/common/main.test.bicep |    7 +-
 modules/app/job/README.md                    | 1196 +++++++++---------
 modules/app/job/main.bicep                   |   27 +-
 modules/app/job/main.json                    |   50 +-
 4 files changed, 673 insertions(+), 607 deletions(-)

diff --git a/modules/app/job/.test/common/main.test.bicep b/modules/app/job/.test/common/main.test.bicep
index f9ce10d459..5d608f7db8 100644
--- a/modules/app/job/.test/common/main.test.bicep
+++ b/modules/app/job/.test/common/main.test.bicep
@@ -66,8 +66,11 @@ module testDeployment '../../main.bicep' = {
       kind: 'CanNotDelete'
       name: 'myCustomLockName'
     }
-    userAssignedIdentities: {
-      '${nestedDependencies.outputs.managedIdentityResourceId}': {}
+    managedIdentities: {
+      systemAssigned: true
+      userAssignedResourcesIds: [
+        nestedDependencies.outputs.managedIdentityResourceId
+      ]
     }
     secrets: {
       secureList: [
diff --git a/modules/app/job/README.md b/modules/app/job/README.md
index 5fe6f6fd29..5d12efcabe 100644
--- a/modules/app/job/README.md
+++ b/modules/app/job/README.md
@@ -1,581 +1,615 @@
-# Container App Jobs `[Microsoft.App/jobs]`
-
-This module deploys a Container App Job.
-
-## Navigation
-
-- [Resource Types](#Resource-Types)
-- [Usage examples](#Usage-examples)
-- [Parameters](#Parameters)
-- [Outputs](#Outputs)
-- [Cross-referenced modules](#Cross-referenced-modules)
-
-## Resource Types
-
-| Resource Type | API Version |
-| :-- | :-- |
-| `Microsoft.App/jobs` | [2023-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.App/2023-05-01/jobs) |
-| `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) |
-| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) |
-
-## Usage examples
-
-The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
-
->**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-
->**Note**: To reference the module, please use the following syntax `br:bicep/modules/app.job:1.0.0`.
-
-- [Using large parameter set](#example-1-using-large-parameter-set)
-- [Using only defaults](#example-2-using-only-defaults)
-
-### Example 1: _Using large parameter set_
-
-This instance deploys the module with most of its features enabled.
-
-
-<details>
-
-<summary>via Bicep module</summary>
-
-```bicep
-module job 'br:bicep/modules/app.job:1.0.0' = {
-  name: '${uniqueString(deployment().name, location)}-test-mcajcom'
-  params: {
-    // Required parameters
-    containers: [
-      {
-        image: 'mcr.microsoft.com/azuredocs/containerapps-helloworld:latest'
-        name: 'simple-hello-world-container'
-        probes: [
-          {
-            httpGet: {
-              httpHeaders: [
-                {
-                  name: 'Custom-Header'
-                  value: 'Awesome'
-                }
-              ]
-              path: '/health'
-              port: 8080
-            }
-            initialDelaySeconds: 3
-            periodSeconds: 3
-            type: 'Liveness'
-          }
-        ]
-        resources: {
-          cpu: '<cpu>'
-          memory: '0.5Gi'
-        }
-      }
-    ]
-    environmentId: '<environmentId>'
-    name: 'mcajcom001'
-    triggerType: 'Manual'
-    // Non-required parameters
-    enableDefaultTelemetry: '<enableDefaultTelemetry>'
-    location: '<location>'
-    lock: {
-      kind: 'CanNotDelete'
-      name: 'myCustomLockName'
-    }
-    manualTriggerConfig: {
-      parallelism: 1
-      replicaCompletionCount: 1
-    }
-    secrets: {
-      secureList: [
-        {
-          name: 'customtest'
-          value: '<value>'
-        }
-      ]
-    }
-    tags: {
-      Env: 'test'
-      'hidden-title': 'This is visible in the resource name'
-    }
-    userAssignedIdentities: {
-      '<managedIdentityResourceId>': {}
-    }
-    workloadProfileName: '<workloadProfileName>'
-  }
-}
-```
-
-</details>
-<p>
-
-<details>
-
-<summary>via JSON Parameter file</summary>
-
-```json
-{
-  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-  "contentVersion": "1.0.0.0",
-  "parameters": {
-    // Required parameters
-    "containers": {
-      "value": [
-        {
-          "image": "mcr.microsoft.com/azuredocs/containerapps-helloworld:latest",
-          "name": "simple-hello-world-container",
-          "probes": [
-            {
-              "httpGet": {
-                "httpHeaders": [
-                  {
-                    "name": "Custom-Header",
-                    "value": "Awesome"
-                  }
-                ],
-                "path": "/health",
-                "port": 8080
-              },
-              "initialDelaySeconds": 3,
-              "periodSeconds": 3,
-              "type": "Liveness"
-            }
-          ],
-          "resources": {
-            "cpu": "<cpu>",
-            "memory": "0.5Gi"
-          }
-        }
-      ]
-    },
-    "environmentId": {
-      "value": "<environmentId>"
-    },
-    "name": {
-      "value": "mcajcom001"
-    },
-    "triggerType": {
-      "value": "Manual"
-    },
-    // Non-required parameters
-    "enableDefaultTelemetry": {
-      "value": "<enableDefaultTelemetry>"
-    },
-    "location": {
-      "value": "<location>"
-    },
-    "lock": {
-      "value": {
-        "kind": "CanNotDelete",
-        "name": "myCustomLockName"
-      }
-    },
-    "manualTriggerConfig": {
-      "value": {
-        "parallelism": 1,
-        "replicaCompletionCount": 1
-      }
-    },
-    "secrets": {
-      "value": {
-        "secureList": [
-          {
-            "name": "customtest",
-            "value": "<value>"
-          }
-        ]
-      }
-    },
-    "tags": {
-      "value": {
-        "Env": "test",
-        "hidden-title": "This is visible in the resource name"
-      }
-    },
-    "userAssignedIdentities": {
-      "value": {
-        "<managedIdentityResourceId>": {}
-      }
-    },
-    "workloadProfileName": {
-      "value": "<workloadProfileName>"
-    }
-  }
-}
-```
-
-</details>
-<p>
-
-### Example 2: _Using only defaults_
-
-This instance deploys the module with the minimum set of required parameters.
-
-
-<details>
-
-<summary>via Bicep module</summary>
-
-```bicep
-module job 'br:bicep/modules/app.job:1.0.0' = {
-  name: '${uniqueString(deployment().name, location)}-test-mcajmin'
-  params: {
-    // Required parameters
-    containers: [
-      {
-        image: 'mcr.microsoft.com/azuredocs/containerapps-helloworld:latest'
-        name: 'simple-hello-world-container'
-        resources: {
-          cpu: '<cpu>'
-          memory: '0.5Gi'
-        }
-      }
-    ]
-    environmentId: '<environmentId>'
-    name: 'mcajmin001'
-    triggerType: 'Manual'
-    // Non-required parameters
-    enableDefaultTelemetry: '<enableDefaultTelemetry>'
-    location: '<location>'
-    manualTriggerConfig: {
-      parallelism: 1
-      replicaCompletionCount: 1
-    }
-    tags: {
-      Env: 'test'
-      'hidden-title': 'This is visible in the resource name'
-    }
-  }
-}
-```
-
-</details>
-<p>
-
-<details>
-
-<summary>via JSON Parameter file</summary>
-
-```json
-{
-  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-  "contentVersion": "1.0.0.0",
-  "parameters": {
-    // Required parameters
-    "containers": {
-      "value": [
-        {
-          "image": "mcr.microsoft.com/azuredocs/containerapps-helloworld:latest",
-          "name": "simple-hello-world-container",
-          "resources": {
-            "cpu": "<cpu>",
-            "memory": "0.5Gi"
-          }
-        }
-      ]
-    },
-    "environmentId": {
-      "value": "<environmentId>"
-    },
-    "name": {
-      "value": "mcajmin001"
-    },
-    "triggerType": {
-      "value": "Manual"
-    },
-    // Non-required parameters
-    "enableDefaultTelemetry": {
-      "value": "<enableDefaultTelemetry>"
-    },
-    "location": {
-      "value": "<location>"
-    },
-    "manualTriggerConfig": {
-      "value": {
-        "parallelism": 1,
-        "replicaCompletionCount": 1
-      }
-    },
-    "tags": {
-      "value": {
-        "Env": "test",
-        "hidden-title": "This is visible in the resource name"
-      }
-    }
-  }
-}
-```
-
-</details>
-<p>
-
-
-## Parameters
-
-**Required parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-| [`containers`](#parameter-containers) | array | List of container definitions for the Container App. |
-| [`environmentId`](#parameter-environmentid) | string | Resource ID of environment. |
-| [`name`](#parameter-name) | string | Name of the Container App. |
-
-**Optional parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
-| [`eventTriggerConfig`](#parameter-eventtriggerconfig) | object | Required if TriggerType is Event. Configuration of an event driven job. |
-| [`initContainersTemplate`](#parameter-initcontainerstemplate) | array | List of specialized containers that run before app containers. |
-| [`location`](#parameter-location) | string | Location for all Resources. |
-| [`lock`](#parameter-lock) | object | The lock settings of the service. |
-| [`manualTriggerConfig`](#parameter-manualtriggerconfig) | object | Required if TriggerType is Manual. Configuration of a manual job. |
-| [`registries`](#parameter-registries) | array | Collection of private container registry credentials for containers used by the Container app. |
-| [`replicaRetryLimit`](#parameter-replicaretrylimit) | int | The maximum number of times a replica can be retried. |
-| [`replicaTimeout`](#parameter-replicatimeout) | int | Maximum number of seconds a replica is allowed to run. |
-| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute. |
-| [`scheduleTriggerConfig`](#parameter-scheduletriggerconfig) | object | Required if TriggerType is Schedule. Configuration of a schedule based job. |
-| [`secrets`](#parameter-secrets) | secureObject | The secrets of the Container App. |
-| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. |
-| [`tags`](#parameter-tags) | object | Tags of the resource. |
-| [`triggerType`](#parameter-triggertype) | string | Trigger type of the job. |
-| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The set of user assigned identities associated with the resource, the userAssignedIdentities dictionary keys will be ARM resource IDs and The dictionary values can be empty objects ({}) in requests. |
-| [`volumes`](#parameter-volumes) | array | List of volume definitions for the Container App. |
-| [`workloadProfileName`](#parameter-workloadprofilename) | string | The name of the workload profile to use. |
-
-### Parameter: `containers`
-
-List of container definitions for the Container App.
-- Required: Yes
-- Type: array
-
-### Parameter: `enableDefaultTelemetry`
-
-Enable telemetry via a Globally Unique Identifier (GUID).
-- Required: No
-- Type: bool
-- Default: `True`
-
-### Parameter: `environmentId`
-
-Resource ID of environment.
-- Required: Yes
-- Type: string
-
-### Parameter: `eventTriggerConfig`
-
-Required if TriggerType is Event. Configuration of an event driven job.
-- Required: No
-- Type: object
-- Default: `{object}`
-
-### Parameter: `initContainersTemplate`
-
-List of specialized containers that run before app containers.
-- Required: No
-- Type: array
-- Default: `[]`
-
-### Parameter: `location`
-
-Location for all Resources.
-- Required: No
-- Type: string
-- Default: `[resourceGroup().location]`
-
-### Parameter: `lock`
-
-The lock settings of the service.
-- Required: No
-- Type: object
-
-
-| Name | Required | Type | Description |
-| :-- | :-- | :--| :-- |
-| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. |
-| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. |
-
-### Parameter: `lock.kind`
-
-Optional. Specify the type of lock.
-
-- Required: No
-- Type: string
-- Allowed: `[CanNotDelete, None, ReadOnly]`
-
-### Parameter: `lock.name`
-
-Optional. Specify the name of lock.
-
-- Required: No
-- Type: string
-
-### Parameter: `manualTriggerConfig`
-
-Required if TriggerType is Manual. Configuration of a manual job.
-- Required: No
-- Type: object
-- Default: `{object}`
-
-### Parameter: `name`
-
-Name of the Container App.
-- Required: Yes
-- Type: string
-
-### Parameter: `registries`
-
-Collection of private container registry credentials for containers used by the Container app.
-- Required: No
-- Type: array
-- Default: `[]`
-
-### Parameter: `replicaRetryLimit`
-
-The maximum number of times a replica can be retried.
-- Required: No
-- Type: int
-- Default: `0`
-
-### Parameter: `replicaTimeout`
-
-Maximum number of seconds a replica is allowed to run.
-- Required: No
-- Type: int
-- Default: `1800`
-
-### Parameter: `roleAssignments`
-
-Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute.
-- Required: No
-- Type: array
-
-
-| Name | Required | Type | Description |
-| :-- | :-- | :--| :-- |
-| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" |
-| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. |
-| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource ID of the delegated managed identity resource. |
-| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. |
-| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. |
-| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. |
-| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. |
-
-### Parameter: `roleAssignments.condition`
-
-Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"
-
-- Required: No
-- Type: string
-
-### Parameter: `roleAssignments.conditionVersion`
-
-Optional. Version of the condition.
-
-- Required: No
-- Type: string
-- Allowed: `[2.0]`
-
-### Parameter: `roleAssignments.delegatedManagedIdentityResourceId`
-
-Optional. The Resource ID of the delegated managed identity resource.
-
-- Required: No
-- Type: string
-
-### Parameter: `roleAssignments.description`
-
-Optional. The description of the role assignment.
-
-- Required: No
-- Type: string
-
-### Parameter: `roleAssignments.principalId`
-
-Required. The principal ID of the principal (user/group/identity) to assign the role to.
-
-- Required: Yes
-- Type: string
-
-### Parameter: `roleAssignments.principalType`
-
-Optional. The principal type of the assigned principal ID.
-
-- Required: No
-- Type: string
-- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]`
-
-### Parameter: `roleAssignments.roleDefinitionIdOrName`
-
-Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.
-
-- Required: Yes
-- Type: string
-
-### Parameter: `scheduleTriggerConfig`
-
-Required if TriggerType is Schedule. Configuration of a schedule based job.
-- Required: No
-- Type: object
-- Default: `{object}`
-
-### Parameter: `secrets`
-
-The secrets of the Container App.
-- Required: No
-- Type: secureObject
-- Default: `{object}`
-
-### Parameter: `systemAssignedIdentity`
-
-Enables system assigned managed identity on the resource.
-- Required: No
-- Type: bool
-- Default: `False`
-
-### Parameter: `tags`
-
-Tags of the resource.
-- Required: No
-- Type: object
-- Default: `{object}`
-
-### Parameter: `triggerType`
-
-Trigger type of the job.
-- Required: Yes
-- Type: string
-- Allowed: `[Event, Manual, Schedule]`
-
-### Parameter: `userAssignedIdentities`
-
-The set of user assigned identities associated with the resource, the userAssignedIdentities dictionary keys will be ARM resource IDs and The dictionary values can be empty objects ({}) in requests.
-- Required: No
-- Type: object
-- Default: `{object}`
-
-### Parameter: `volumes`
-
-List of volume definitions for the Container App.
-- Required: No
-- Type: array
-- Default: `[]`
-
-### Parameter: `workloadProfileName`
-
-The name of the workload profile to use.
-- Required: No
-- Type: string
-- Default: `'Consumption'`
-
-
-## Outputs
-
-| Output | Type | Description |
-| :-- | :-- | :-- |
-| `location` | string | The location the resource was deployed into. |
-| `name` | string | The name of the Container App Job. |
-| `resourceGroupName` | string | The name of the resource group the Container App Job was deployed into. |
-| `resourceId` | string | The resource ID of the Container App Job. |
-
-## Cross-referenced modules
-
-_None_
+# Container App Jobs `[Microsoft.App/jobs]`
+
+This module deploys a Container App Job.
+
+## Navigation
+
+- [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
+- [Parameters](#Parameters)
+- [Outputs](#Outputs)
+- [Cross-referenced modules](#Cross-referenced-modules)
+
+## Resource Types
+
+| Resource Type | API Version |
+| :-- | :-- |
+| `Microsoft.App/jobs` | [2023-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.App/2023-05-01/jobs) |
+| `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) |
+| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) |
+
+## Usage examples
+
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
+
+>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
+
+>**Note**: To reference the module, please use the following syntax `br:bicep/modules/app.job:1.0.0`.
+
+- [Using large parameter set](#example-1-using-large-parameter-set)
+- [Using only defaults](#example-2-using-only-defaults)
+
+### Example 1: _Using large parameter set_
+
+This instance deploys the module with most of its features enabled.
+
+
+<details>
+
+<summary>via Bicep module</summary>
+
+```bicep
+module job 'br:bicep/modules/app.job:1.0.0' = {
+  name: '${uniqueString(deployment().name, location)}-test-ajcom'
+  params: {
+    // Required parameters
+    containers: [
+      {
+        image: 'mcr.microsoft.com/azuredocs/containerapps-helloworld:latest'
+        name: 'simple-hello-world-container'
+        probes: [
+          {
+            httpGet: {
+              httpHeaders: [
+                {
+                  name: 'Custom-Header'
+                  value: 'Awesome'
+                }
+              ]
+              path: '/health'
+              port: 8080
+            }
+            initialDelaySeconds: 3
+            periodSeconds: 3
+            type: 'Liveness'
+          }
+        ]
+        resources: {
+          cpu: '<cpu>'
+          memory: '0.5Gi'
+        }
+      }
+    ]
+    environmentId: '<environmentId>'
+    name: 'ajcom001'
+    triggerType: 'Manual'
+    // Non-required parameters
+    enableDefaultTelemetry: '<enableDefaultTelemetry>'
+    location: '<location>'
+    lock: {
+      kind: 'CanNotDelete'
+      name: 'myCustomLockName'
+    }
+    managedIdentities: {
+      systemAssigned: true
+      userAssignedResourcesIds: [
+        '<managedIdentityResourceId>'
+      ]
+    }
+    manualTriggerConfig: {
+      parallelism: 1
+      replicaCompletionCount: 1
+    }
+    roleAssignments: [
+      {
+        principalId: '<principalId>'
+        principalType: 'ServicePrincipal'
+        roleDefinitionIdOrName: 'ContainerApp Reader'
+      }
+    ]
+    secrets: {
+      secureList: [
+        {
+          name: 'customtest'
+          value: '<value>'
+        }
+      ]
+    }
+    tags: {
+      Env: 'test'
+      'hidden-title': 'This is visible in the resource name'
+    }
+    workloadProfileName: '<workloadProfileName>'
+  }
+}
+```
+
+</details>
+<p>
+
+<details>
+
+<summary>via JSON Parameter file</summary>
+
+```json
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    // Required parameters
+    "containers": {
+      "value": [
+        {
+          "image": "mcr.microsoft.com/azuredocs/containerapps-helloworld:latest",
+          "name": "simple-hello-world-container",
+          "probes": [
+            {
+              "httpGet": {
+                "httpHeaders": [
+                  {
+                    "name": "Custom-Header",
+                    "value": "Awesome"
+                  }
+                ],
+                "path": "/health",
+                "port": 8080
+              },
+              "initialDelaySeconds": 3,
+              "periodSeconds": 3,
+              "type": "Liveness"
+            }
+          ],
+          "resources": {
+            "cpu": "<cpu>",
+            "memory": "0.5Gi"
+          }
+        }
+      ]
+    },
+    "environmentId": {
+      "value": "<environmentId>"
+    },
+    "name": {
+      "value": "ajcom001"
+    },
+    "triggerType": {
+      "value": "Manual"
+    },
+    // Non-required parameters
+    "enableDefaultTelemetry": {
+      "value": "<enableDefaultTelemetry>"
+    },
+    "location": {
+      "value": "<location>"
+    },
+    "lock": {
+      "value": {
+        "kind": "CanNotDelete",
+        "name": "myCustomLockName"
+      }
+    },
+    "managedIdentities": {
+      "value": {
+        "systemAssigned": true,
+        "userAssignedResourcesIds": [
+          "<managedIdentityResourceId>"
+        ]
+      }
+    },
+    "manualTriggerConfig": {
+      "value": {
+        "parallelism": 1,
+        "replicaCompletionCount": 1
+      }
+    },
+    "roleAssignments": {
+      "value": [
+        {
+          "principalId": "<principalId>",
+          "principalType": "ServicePrincipal",
+          "roleDefinitionIdOrName": "ContainerApp Reader"
+        }
+      ]
+    },
+    "secrets": {
+      "value": {
+        "secureList": [
+          {
+            "name": "customtest",
+            "value": "<value>"
+          }
+        ]
+      }
+    },
+    "tags": {
+      "value": {
+        "Env": "test",
+        "hidden-title": "This is visible in the resource name"
+      }
+    },
+    "workloadProfileName": {
+      "value": "<workloadProfileName>"
+    }
+  }
+}
+```
+
+</details>
+<p>
+
+### Example 2: _Using only defaults_
+
+This instance deploys the module with the minimum set of required parameters.
+
+
+<details>
+
+<summary>via Bicep module</summary>
+
+```bicep
+module job 'br:bicep/modules/app.job:1.0.0' = {
+  name: '${uniqueString(deployment().name, location)}-test-ajmin'
+  params: {
+    // Required parameters
+    containers: [
+      {
+        image: 'mcr.microsoft.com/azuredocs/containerapps-helloworld:latest'
+        name: 'simple-hello-world-container'
+        resources: {
+          cpu: '<cpu>'
+          memory: '0.5Gi'
+        }
+      }
+    ]
+    environmentId: '<environmentId>'
+    name: 'ajmin001'
+    triggerType: 'Manual'
+    // Non-required parameters
+    enableDefaultTelemetry: '<enableDefaultTelemetry>'
+    location: '<location>'
+    manualTriggerConfig: {
+      parallelism: 1
+      replicaCompletionCount: 1
+    }
+    tags: {
+      Env: 'test'
+      'hidden-title': 'This is visible in the resource name'
+    }
+  }
+}
+```
+
+</details>
+<p>
+
+<details>
+
+<summary>via JSON Parameter file</summary>
+
+```json
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    // Required parameters
+    "containers": {
+      "value": [
+        {
+          "image": "mcr.microsoft.com/azuredocs/containerapps-helloworld:latest",
+          "name": "simple-hello-world-container",
+          "resources": {
+            "cpu": "<cpu>",
+            "memory": "0.5Gi"
+          }
+        }
+      ]
+    },
+    "environmentId": {
+      "value": "<environmentId>"
+    },
+    "name": {
+      "value": "ajmin001"
+    },
+    "triggerType": {
+      "value": "Manual"
+    },
+    // Non-required parameters
+    "enableDefaultTelemetry": {
+      "value": "<enableDefaultTelemetry>"
+    },
+    "location": {
+      "value": "<location>"
+    },
+    "manualTriggerConfig": {
+      "value": {
+        "parallelism": 1,
+        "replicaCompletionCount": 1
+      }
+    },
+    "tags": {
+      "value": {
+        "Env": "test",
+        "hidden-title": "This is visible in the resource name"
+      }
+    }
+  }
+}
+```
+
+</details>
+<p>
+
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`containers`](#parameter-containers) | array | List of container definitions for the Container App. |
+| [`environmentId`](#parameter-environmentid) | string | Resource ID of environment. |
+| [`name`](#parameter-name) | string | Name of the Container App. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`eventTriggerConfig`](#parameter-eventtriggerconfig) | object | Required if TriggerType is Event. Configuration of an event driven job. |
+| [`initContainersTemplate`](#parameter-initcontainerstemplate) | array | List of specialized containers that run before app containers. |
+| [`location`](#parameter-location) | string | Location for all Resources. |
+| [`lock`](#parameter-lock) | object | The lock settings of the service. |
+| [`managedIdentities`](#parameter-managedidentities) | object | The managed identity definition for this resource. |
+| [`manualTriggerConfig`](#parameter-manualtriggerconfig) | object | Required if TriggerType is Manual. Configuration of a manual job. |
+| [`registries`](#parameter-registries) | array | Collection of private container registry credentials for containers used by the Container app. |
+| [`replicaRetryLimit`](#parameter-replicaretrylimit) | int | The maximum number of times a replica can be retried. |
+| [`replicaTimeout`](#parameter-replicatimeout) | int | Maximum number of seconds a replica is allowed to run. |
+| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute. |
+| [`scheduleTriggerConfig`](#parameter-scheduletriggerconfig) | object | Required if TriggerType is Schedule. Configuration of a schedule based job. |
+| [`secrets`](#parameter-secrets) | secureObject | The secrets of the Container App. |
+| [`tags`](#parameter-tags) | object | Tags of the resource. |
+| [`triggerType`](#parameter-triggertype) | string | Trigger type of the job. |
+| [`volumes`](#parameter-volumes) | array | List of volume definitions for the Container App. |
+| [`workloadProfileName`](#parameter-workloadprofilename) | string | The name of the workload profile to use. |
+
+### Parameter: `containers`
+
+List of container definitions for the Container App.
+- Required: Yes
+- Type: array
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `environmentId`
+
+Resource ID of environment.
+- Required: Yes
+- Type: string
+
+### Parameter: `eventTriggerConfig`
+
+Required if TriggerType is Event. Configuration of an event driven job.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `initContainersTemplate`
+
+List of specialized containers that run before app containers.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `location`
+
+Location for all Resources.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `lock`
+
+The lock settings of the service.
+- Required: No
+- Type: object
+
+
+| Name | Required | Type | Description |
+| :-- | :-- | :--| :-- |
+| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. |
+| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. |
+
+### Parameter: `lock.kind`
+
+Optional. Specify the type of lock.
+
+- Required: No
+- Type: string
+- Allowed: `[CanNotDelete, None, ReadOnly]`
+
+### Parameter: `lock.name`
+
+Optional. Specify the name of lock.
+
+- Required: No
+- Type: string
+
+### Parameter: `managedIdentities`
+
+The managed identity definition for this resource.
+- Required: No
+- Type: object
+
+
+| Name | Required | Type | Description |
+| :-- | :-- | :--| :-- |
+| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | No | bool | Optional. Enables system assigned managed identity on the resource. |
+| [`userAssignedResourcesIds`](#parameter-managedidentitiesuserassignedresourcesids) | No | array | Optional. The resource ID(s) to assign to the resource. Required if a user assigned identity is used for encryption. |
+
+### Parameter: `managedIdentities.systemAssigned`
+
+Optional. Enables system assigned managed identity on the resource.
+
+- Required: No
+- Type: bool
+
+### Parameter: `managedIdentities.userAssignedResourcesIds`
+
+Optional. The resource ID(s) to assign to the resource. Required if a user assigned identity is used for encryption.
+
+- Required: No
+- Type: array
+
+### Parameter: `manualTriggerConfig`
+
+Required if TriggerType is Manual. Configuration of a manual job.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `name`
+
+Name of the Container App.
+- Required: Yes
+- Type: string
+
+### Parameter: `registries`
+
+Collection of private container registry credentials for containers used by the Container app.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `replicaRetryLimit`
+
+The maximum number of times a replica can be retried.
+- Required: No
+- Type: int
+- Default: `0`
+
+### Parameter: `replicaTimeout`
+
+Maximum number of seconds a replica is allowed to run.
+- Required: No
+- Type: int
+- Default: `1800`
+
+### Parameter: `roleAssignments`
+
+Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute.
+- Required: No
+- Type: array
+
+
+| Name | Required | Type | Description |
+| :-- | :-- | :--| :-- |
+| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" |
+| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. |
+| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource ID of the delegated managed identity resource. |
+| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. |
+| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. |
+| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. |
+| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. |
+
+### Parameter: `roleAssignments.condition`
+
+Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"
+
+- Required: No
+- Type: string
+
+### Parameter: `roleAssignments.conditionVersion`
+
+Optional. Version of the condition.
+
+- Required: No
+- Type: string
+- Allowed: `[2.0]`
+
+### Parameter: `roleAssignments.delegatedManagedIdentityResourceId`
+
+Optional. The Resource ID of the delegated managed identity resource.
+
+- Required: No
+- Type: string
+
+### Parameter: `roleAssignments.description`
+
+Optional. The description of the role assignment.
+
+- Required: No
+- Type: string
+
+### Parameter: `roleAssignments.principalId`
+
+Required. The principal ID of the principal (user/group/identity) to assign the role to.
+
+- Required: Yes
+- Type: string
+
+### Parameter: `roleAssignments.principalType`
+
+Optional. The principal type of the assigned principal ID.
+
+- Required: No
+- Type: string
+- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]`
+
+### Parameter: `roleAssignments.roleDefinitionIdOrName`
+
+Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.
+
+- Required: Yes
+- Type: string
+
+### Parameter: `scheduleTriggerConfig`
+
+Required if TriggerType is Schedule. Configuration of a schedule based job.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `secrets`
+
+The secrets of the Container App.
+- Required: No
+- Type: secureObject
+- Default: `{object}`
+
+### Parameter: `tags`
+
+Tags of the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `triggerType`
+
+Trigger type of the job.
+- Required: Yes
+- Type: string
+- Allowed: `[Event, Manual, Schedule]`
+
+### Parameter: `volumes`
+
+List of volume definitions for the Container App.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `workloadProfileName`
+
+The name of the workload profile to use.
+- Required: No
+- Type: string
+- Default: `'Consumption'`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The name of the Container App Job. |
+| `resourceGroupName` | string | The name of the resource group the Container App Job was deployed into. |
+| `resourceId` | string | The resource ID of the Container App Job. |
+| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. |
+
+## Cross-referenced modules
+
+_None_
diff --git a/modules/app/job/main.bicep b/modules/app/job/main.bicep
index b4a42d86b4..75b067268c 100644
--- a/modules/app/job/main.bicep
+++ b/modules/app/job/main.bicep
@@ -20,11 +20,8 @@ param tags object = {}
 @description('Optional. Collection of private container registry credentials for containers used by the Container app.')
 param registries array = []
 
-@description('Optional. Enables system assigned managed identity on the resource.')
-param systemAssignedIdentity bool = false
-
-@description('Optional. The set of user assigned identities associated with the resource, the userAssignedIdentities dictionary keys will be ARM resource IDs and The dictionary values can be empty objects ({}) in requests.')
-param userAssignedIdentities object = {}
+@description('Optional. The managed identity definition for this resource.')
+param managedIdentities managedIdentitiesType
 
 @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute.')
 param roleAssignments roleAssignmentType
@@ -73,11 +70,10 @@ param triggerType string
 
 var secretList = !empty(secrets) ? secrets.secureList : []
 
-var identityType = systemAssignedIdentity ? (!empty(userAssignedIdentities) ? 'SystemAssigned,UserAssigned' : 'SystemAssigned') : (!empty(userAssignedIdentities) ? 'UserAssigned' : 'None')
-
-var identity = identityType != 'None' ? {
-  type: identityType
-  userAssignedIdentities: !empty(userAssignedIdentities) ? userAssignedIdentities : null
+var formattedUserAssignedIdentities = reduce(map((managedIdentities.?userAssignedResourcesIds ?? []), (id) => { '${id}': {} }), {}, (cur, next) => union(cur, next)) // Converts the flat array to an object like { '${id1}': {}, '${id2}': {} }
+var identity = !empty(managedIdentities) ? {
+  type: (managedIdentities.?systemAssigned ?? false) ? (!empty(managedIdentities.?userAssignedResourcesIds ?? {}) ? 'SystemAssigned,UserAssigned' : 'SystemAssigned') : (!empty(managedIdentities.?userAssignedResourcesIds ?? {}) ? 'UserAssigned' : null)
+  userAssignedIdentities: !empty(formattedUserAssignedIdentities) ? formattedUserAssignedIdentities : null
 } : null
 
 var builtInRoleNames = {
@@ -162,6 +158,9 @@ output name string = containerAppJob.name
 @description('The location the resource was deployed into.')
 output location string = containerAppJob.location
 
+@description('The principal ID of the system assigned identity.')
+output systemAssignedPrincipalId string = (managedIdentities.?systemAssigned ?? false) && contains(containerAppJob.identity, 'principalId') ? containerAppJob.identity.principalId : ''
+
 // =============== //
 //   Definitions   //
 // =============== //
@@ -196,3 +195,11 @@ type roleAssignmentType = {
   @description('Optional. The Resource ID of the delegated managed identity resource.')
   delegatedManagedIdentityResourceId: string?
 }[]?
+
+type managedIdentitiesType = {
+  @description('Optional. Enables system assigned managed identity on the resource.')
+  systemAssigned: bool?
+
+  @description('Optional. The resource ID(s) to assign to the resource. Required if a user assigned identity is used for encryption.')
+  userAssignedResourcesIds: string[]?
+}?
diff --git a/modules/app/job/main.json b/modules/app/job/main.json
index 9eff093ef9..fa8d8beed1 100644
--- a/modules/app/job/main.json
+++ b/modules/app/job/main.json
@@ -6,7 +6,7 @@
     "_generator": {
       "name": "bicep",
       "version": "0.22.6.54827",
-      "templateHash": "546025291925907408"
+      "templateHash": "3431886018605625039"
     },
     "name": "Container App Jobs",
     "description": "This module deploys a Container App Job.",
@@ -103,6 +103,29 @@
         }
       },
       "nullable": true
+    },
+    "managedIdentitiesType": {
+      "type": "object",
+      "properties": {
+        "systemAssigned": {
+          "type": "bool",
+          "nullable": true,
+          "metadata": {
+            "description": "Optional. Enables system assigned managed identity on the resource."
+          }
+        },
+        "userAssignedResourcesIds": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          },
+          "nullable": true,
+          "metadata": {
+            "description": "Optional. The resource ID(s) to assign to the resource. Required if a user assigned identity is used for encryption."
+          }
+        }
+      },
+      "nullable": true
     }
   },
   "parameters": {
@@ -145,18 +168,10 @@
         "description": "Optional. Collection of private container registry credentials for containers used by the Container app."
       }
     },
-    "systemAssignedIdentity": {
-      "type": "bool",
-      "defaultValue": false,
-      "metadata": {
-        "description": "Optional. Enables system assigned managed identity on the resource."
-      }
-    },
-    "userAssignedIdentities": {
-      "type": "object",
-      "defaultValue": {},
+    "managedIdentities": {
+      "$ref": "#/definitions/managedIdentitiesType",
       "metadata": {
-        "description": "Optional. The set of user assigned identities associated with the resource, the userAssignedIdentities dictionary keys will be ARM resource IDs and The dictionary values can be empty objects ({}) in requests."
+        "description": "Optional. The managed identity definition for this resource."
       }
     },
     "roleAssignments": {
@@ -255,8 +270,8 @@
   },
   "variables": {
     "secretList": "[if(not(empty(parameters('secrets'))), parameters('secrets').secureList, createArray())]",
-    "identityType": "[if(parameters('systemAssignedIdentity'), if(not(empty(parameters('userAssignedIdentities'))), 'SystemAssigned,UserAssigned', 'SystemAssigned'), if(not(empty(parameters('userAssignedIdentities'))), 'UserAssigned', 'None'))]",
-    "identity": "[if(not(equals(variables('identityType'), 'None')), createObject('type', variables('identityType'), 'userAssignedIdentities', if(not(empty(parameters('userAssignedIdentities'))), parameters('userAssignedIdentities'), null())), null())]",
+    "formattedUserAssignedIdentities": "[reduce(map(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourcesIds'), createArray()), lambda('id', createObject(format('{0}', lambdaVariables('id')), createObject()))), createObject(), lambda('cur', 'next', union(lambdaVariables('cur'), lambdaVariables('next'))))]",
+    "identity": "[if(not(empty(parameters('managedIdentities'))), createObject('type', if(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourcesIds'), createObject()))), 'SystemAssigned,UserAssigned', 'SystemAssigned'), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourcesIds'), createObject()))), 'UserAssigned', null())), 'userAssignedIdentities', if(not(empty(variables('formattedUserAssignedIdentities'))), variables('formattedUserAssignedIdentities'), null())), null())]",
     "builtInRoleNames": {
       "ContainerApp Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ad2dd5fb-cd4b-4fd4-a9b6-4fed3630980b')]",
       "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]",
@@ -373,6 +388,13 @@
         "description": "The location the resource was deployed into."
       },
       "value": "[reference('containerAppJob', '2023-05-01', 'full').location]"
+    },
+    "systemAssignedPrincipalId": {
+      "type": "string",
+      "metadata": {
+        "description": "The principal ID of the system assigned identity."
+      },
+      "value": "[if(and(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), contains(reference('containerAppJob', '2023-05-01', 'full').identity, 'principalId')), reference('containerAppJob', '2023-05-01', 'full').identity.principalId, '')]"
     }
   }
 }
\ No newline at end of file