diff --git a/arm/Microsoft.AnalysisServices/servers/.bicep/nested_rbac.bicep b/arm/Microsoft.AnalysisServices/servers/.bicep/nested_rbac.bicep index 7056ee0f78..5187be04b7 100644 --- a/arm/Microsoft.AnalysisServices/servers/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.AnalysisServices/servers/.bicep/nested_rbac.bicep @@ -22,7 +22,7 @@ resource server 'Microsoft.AnalysisServices/servers@2017-08-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(server.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.AnalysisServices/servers/.parameters/parameters.json b/arm/Microsoft.AnalysisServices/servers/.parameters/parameters.json index b7e9243d4e..b5a737dd26 100644 --- a/arm/Microsoft.AnalysisServices/servers/.parameters/parameters.json +++ b/arm/Microsoft.AnalysisServices/servers/.parameters/parameters.json @@ -24,13 +24,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsax001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.AnalysisServices/servers/deploy.bicep b/arm/Microsoft.AnalysisServices/servers/deploy.bicep index e115076004..c8f76e244a 100644 --- a/arm/Microsoft.AnalysisServices/servers/deploy.bicep +++ b/arm/Microsoft.AnalysisServices/servers/deploy.bicep @@ -30,14 +30,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @allowed([ 'CanNotDelete' @@ -111,7 +111,7 @@ resource server 'Microsoft.AnalysisServices/servers@2017-08-01' = { } } -resource server_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource server_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${server.name}-${lock}-lock' properties: { level: lock @@ -120,13 +120,13 @@ resource server_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'N scope: server } -resource server_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource server_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${server.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } diff --git a/arm/Microsoft.AnalysisServices/servers/readme.md b/arm/Microsoft.AnalysisServices/servers/readme.md index 5712fa2635..f20a0be96b 100644 --- a/arm/Microsoft.AnalysisServices/servers/readme.md +++ b/arm/Microsoft.AnalysisServices/servers/readme.md @@ -7,8 +7,8 @@ This module deploys an analysis service server. | Resource Type | API Version | | :-- | :-- | | `Microsoft.AnalysisServices/servers` | 2017-08-01 | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | ### Resource dependency @@ -22,10 +22,11 @@ The following resources are required to be able to deploy this resource. | Parameter Name | Type | Default Value | Possible Values | Description | | :-- | :-- | :-- | :-- | :-- | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `firewallSettings` | object | `{object}` | | Optional. The inbound firewall rules to define on the server. If not specified, firewall is disabled. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all Resources. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | @@ -36,7 +37,6 @@ The following resources are required to be able to deploy this resource. | `skuCapacity` | int | `1` | | Optional. The total number of query replica scale-out instances. | | `skuName` | string | `S0` | | Optional. The sku name of the Azure Analysis Services server to create. | | `tags` | object | `{object}` | | Optional. Tags of the resource. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ### Parameter Usage: `tags` @@ -87,7 +87,7 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Servers](https://docs.microsoft.com/en-us/azure/templates/Microsoft.AnalysisServices/2017-08-01/servers) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) +- [Servers](https://docs.microsoft.com/en-us/azure/templates/Microsoft.AnalysisServices/2017-08-01/servers) diff --git a/arm/Microsoft.ApiManagement/service/.bicep/nested_rbac.bicep b/arm/Microsoft.ApiManagement/service/.bicep/nested_rbac.bicep index a1ed2db6ab..2d8ca81f35 100644 --- a/arm/Microsoft.ApiManagement/service/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.ApiManagement/service/.bicep/nested_rbac.bicep @@ -25,7 +25,7 @@ resource service 'Microsoft.ApiManagement/service@2020-12-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(service.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.ApiManagement/service/.parameters/max.parameters.json b/arm/Microsoft.ApiManagement/service/.parameters/max.parameters.json index ff49e7262a..828cab1ffe 100644 --- a/arm/Microsoft.ApiManagement/service/.parameters/max.parameters.json +++ b/arm/Microsoft.ApiManagement/service/.parameters/max.parameters.json @@ -164,13 +164,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsax001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.ApiManagement/service/apiVersionSets/deploy.bicep b/arm/Microsoft.ApiManagement/service/apiVersionSets/deploy.bicep index 2aac7bb207..9cd80c64a0 100644 --- a/arm/Microsoft.ApiManagement/service/apiVersionSets/deploy.bicep +++ b/arm/Microsoft.ApiManagement/service/apiVersionSets/deploy.bicep @@ -15,11 +15,11 @@ module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { params: {} } -resource service 'Microsoft.ApiManagement/service@2021-04-01-preview' existing = { +resource service 'Microsoft.ApiManagement/service@2021-08-01' existing = { name: apiManagementServiceName } -resource apiVersionSet 'Microsoft.ApiManagement/service/apiVersionSets@2020-06-01-preview' = { +resource apiVersionSet 'Microsoft.ApiManagement/service/apiVersionSets@2021-08-01' = { name: name parent: service properties: properties diff --git a/arm/Microsoft.ApiManagement/service/apiVersionSets/readme.md b/arm/Microsoft.ApiManagement/service/apiVersionSets/readme.md index 28f4e3ab5d..d945c9e91f 100644 --- a/arm/Microsoft.ApiManagement/service/apiVersionSets/readme.md +++ b/arm/Microsoft.ApiManagement/service/apiVersionSets/readme.md @@ -6,7 +6,7 @@ This module deploys API Management Service APIs Version Set. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.ApiManagement/service/apiVersionSets` | 2020-06-01-preview | +| `Microsoft.ApiManagement/service/apiVersionSets` | 2021-08-01 | ## Parameters @@ -27,4 +27,4 @@ This module deploys API Management Service APIs Version Set. ## Template references -- [Service/Apiversionsets](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-06-01-preview/service/apiVersionSets) +- [Service/Apiversionsets](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/apiVersionSets) diff --git a/arm/Microsoft.ApiManagement/service/apis/deploy.bicep b/arm/Microsoft.ApiManagement/service/apis/deploy.bicep index 36fb8968f9..d21f2a9b0c 100644 --- a/arm/Microsoft.ApiManagement/service/apis/deploy.bicep +++ b/arm/Microsoft.ApiManagement/service/apis/deploy.bicep @@ -99,11 +99,11 @@ module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { params: {} } -resource service 'Microsoft.ApiManagement/service@2021-04-01-preview' existing = { +resource service 'Microsoft.ApiManagement/service@2021-08-01' existing = { name: apiManagementServiceName } -resource api 'Microsoft.ApiManagement/service/apis@2020-06-01-preview' = { +resource api 'Microsoft.ApiManagement/service/apis@2021-08-01' = { name: name parent: service properties: { diff --git a/arm/Microsoft.ApiManagement/service/apis/policies/deploy.bicep b/arm/Microsoft.ApiManagement/service/apis/policies/deploy.bicep index 78428c8bbf..e435a91976 100644 --- a/arm/Microsoft.ApiManagement/service/apis/policies/deploy.bicep +++ b/arm/Microsoft.ApiManagement/service/apis/policies/deploy.bicep @@ -27,15 +27,15 @@ module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { params: {} } -resource service 'Microsoft.ApiManagement/service@2021-04-01-preview' existing = { +resource service 'Microsoft.ApiManagement/service@2021-08-01' existing = { name: apiManagementServiceName - resource api 'apis@2020-06-01-preview' existing = { + resource api 'apis@2021-08-01' existing = { name: apiName } } -resource policy 'Microsoft.ApiManagement/service/apis/policies@2020-06-01-preview' = { +resource policy 'Microsoft.ApiManagement/service/apis/policies@2021-08-01' = { name: name parent: service::api properties: { diff --git a/arm/Microsoft.ApiManagement/service/apis/policies/readme.md b/arm/Microsoft.ApiManagement/service/apis/policies/readme.md index ac5d624b03..49ec350e8c 100644 --- a/arm/Microsoft.ApiManagement/service/apis/policies/readme.md +++ b/arm/Microsoft.ApiManagement/service/apis/policies/readme.md @@ -6,7 +6,7 @@ This module deploys API Management Service APIs policies. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.ApiManagement/service/apis/policies` | 2020-06-01-preview | +| `Microsoft.ApiManagement/service/apis/policies` | 2021-08-01 | ## Parameters @@ -29,4 +29,4 @@ This module deploys API Management Service APIs policies. ## Template references -- [Service/Apis/Policies](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-06-01-preview/service/apis/policies) +- [Service/Apis/Policies](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/apis/policies) diff --git a/arm/Microsoft.ApiManagement/service/apis/readme.md b/arm/Microsoft.ApiManagement/service/apis/readme.md index 2bdad2dc22..1650c52887 100644 --- a/arm/Microsoft.ApiManagement/service/apis/readme.md +++ b/arm/Microsoft.ApiManagement/service/apis/readme.md @@ -6,8 +6,8 @@ This module deploys API Management Service APIs. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.ApiManagement/service/apis` | 2020-06-01-preview | -| `Microsoft.ApiManagement/service/apis/policies` | 2020-06-01-preview | +| `Microsoft.ApiManagement/service/apis` | 2021-08-01 | +| `Microsoft.ApiManagement/service/apis/policies` | 2021-08-01 | ### Resource dependency @@ -71,5 +71,5 @@ The following resources are required to be able to deploy this resource. ## Template references -- [Service/Apis](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-06-01-preview/service/apis) -- [Service/Apis/Policies](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-06-01-preview/service/apis/policies) +- [Service/Apis](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/apis) +- [Service/Apis/Policies](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/apis/policies) diff --git a/arm/Microsoft.ApiManagement/service/authorizationServers/deploy.bicep b/arm/Microsoft.ApiManagement/service/authorizationServers/deploy.bicep index caeca8d351..aab8579631 100644 --- a/arm/Microsoft.ApiManagement/service/authorizationServers/deploy.bicep +++ b/arm/Microsoft.ApiManagement/service/authorizationServers/deploy.bicep @@ -70,11 +70,11 @@ module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { params: {} } -resource service 'Microsoft.ApiManagement/service@2021-04-01-preview' existing = { +resource service 'Microsoft.ApiManagement/service@2021-08-01' existing = { name: apiManagementServiceName } -resource authorizationServer 'Microsoft.ApiManagement/service/authorizationServers@2020-06-01-preview' = { +resource authorizationServer 'Microsoft.ApiManagement/service/authorizationServers@2021-08-01' = { name: name parent: service properties: { diff --git a/arm/Microsoft.ApiManagement/service/authorizationServers/readme.md b/arm/Microsoft.ApiManagement/service/authorizationServers/readme.md index 0fd31e7eba..92f269c74c 100644 --- a/arm/Microsoft.ApiManagement/service/authorizationServers/readme.md +++ b/arm/Microsoft.ApiManagement/service/authorizationServers/readme.md @@ -6,7 +6,7 @@ This module deploys API Management Service Authorization Servers. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.ApiManagement/service/authorizationServers` | 2020-06-01-preview | +| `Microsoft.ApiManagement/service/authorizationServers` | 2021-08-01 | ### Resource dependency @@ -47,4 +47,4 @@ The following resources are required to be able to deploy this resource. ## Template references -- [Service/Authorizationservers](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-06-01-preview/service/authorizationServers) +- [Service/Authorizationservers](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/authorizationServers) diff --git a/arm/Microsoft.ApiManagement/service/backends/deploy.bicep b/arm/Microsoft.ApiManagement/service/backends/deploy.bicep index e5c1034f0e..f10995efdc 100644 --- a/arm/Microsoft.ApiManagement/service/backends/deploy.bicep +++ b/arm/Microsoft.ApiManagement/service/backends/deploy.bicep @@ -42,11 +42,11 @@ module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { params: {} } -resource service 'Microsoft.ApiManagement/service@2021-04-01-preview' existing = { +resource service 'Microsoft.ApiManagement/service@2021-08-01' existing = { name: apiManagementServiceName } -resource backend 'Microsoft.ApiManagement/service/backends@2020-06-01-preview' = { +resource backend 'Microsoft.ApiManagement/service/backends@2021-08-01' = { name: name parent: service properties: { diff --git a/arm/Microsoft.ApiManagement/service/backends/readme.md b/arm/Microsoft.ApiManagement/service/backends/readme.md index eaa4fa2a6b..60afde975a 100644 --- a/arm/Microsoft.ApiManagement/service/backends/readme.md +++ b/arm/Microsoft.ApiManagement/service/backends/readme.md @@ -6,7 +6,7 @@ This module deploys API Management Service Backends. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.ApiManagement/service/backends` | 2020-06-01-preview | +| `Microsoft.ApiManagement/service/backends` | 2021-08-01 | ### Resource dependency @@ -128,4 +128,4 @@ The following resources are required to be able to deploy this resource. ## Template references -- [Service/Backends](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-06-01-preview/service/backends) +- [Service/Backends](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/backends) diff --git a/arm/Microsoft.ApiManagement/service/caches/deploy.bicep b/arm/Microsoft.ApiManagement/service/caches/deploy.bicep index 8e12e3598c..6e7328ae67 100644 --- a/arm/Microsoft.ApiManagement/service/caches/deploy.bicep +++ b/arm/Microsoft.ApiManagement/service/caches/deploy.bicep @@ -24,11 +24,11 @@ module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { params: {} } -resource service 'Microsoft.ApiManagement/service@2021-04-01-preview' existing = { +resource service 'Microsoft.ApiManagement/service@2021-08-01' existing = { name: apiManagementServiceName } -resource cache 'Microsoft.ApiManagement/service/caches@2020-06-01-preview' = { +resource cache 'Microsoft.ApiManagement/service/caches@2021-08-01' = { name: name parent: service properties: { diff --git a/arm/Microsoft.ApiManagement/service/caches/readme.md b/arm/Microsoft.ApiManagement/service/caches/readme.md index e9c380964b..29903f89b7 100644 --- a/arm/Microsoft.ApiManagement/service/caches/readme.md +++ b/arm/Microsoft.ApiManagement/service/caches/readme.md @@ -6,7 +6,7 @@ This module deploys an API Management Service Cache. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.ApiManagement/service/caches` | 2020-06-01-preview | +| `Microsoft.ApiManagement/service/caches` | 2021-08-01 | ### Resource dependency @@ -36,4 +36,4 @@ The following resources are required to be able to deploy this resource. ## Template references -- [Service/Caches](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-06-01-preview/service/caches) +- [Service/Caches](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/caches) diff --git a/arm/Microsoft.ApiManagement/service/deploy.bicep b/arm/Microsoft.ApiManagement/service/deploy.bicep index 3a1016ae6f..5a12eba217 100644 --- a/arm/Microsoft.ApiManagement/service/deploy.bicep +++ b/arm/Microsoft.ApiManagement/service/deploy.bicep @@ -28,11 +28,11 @@ param disableGateway bool = false @description('Optional. Property only meant to be used for Consumption SKU Service. This enforces a client certificate to be presented on each request to the gateway. This also enables the ability to authenticate the certificate in the policy on the gateway.') param enableClientCertificate bool = false -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @description('Optional. Custom hostname configuration of the API Management service.') param hostnameConfigurations array = [] @@ -103,8 +103,8 @@ param tags object = {} ]) param virtualNetworkType string = 'None' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' @description('Optional. A list of availability zones denoting where the resource needs to come from.') param zones array = [] @@ -181,7 +181,7 @@ module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { params: {} } -resource apiManagementService 'Microsoft.ApiManagement/service@2020-12-01' = { +resource apiManagementService 'Microsoft.ApiManagement/service@2021-08-01' = { name: name location: location tags: tags @@ -396,7 +396,7 @@ module subscriptions_resource 'subscriptions/deploy.bicep' = [for (subscription, } }] -resource apiManagementService_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource apiManagementService_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${apiManagementService.name}-${lock}-lock' properties: { level: lock @@ -405,13 +405,13 @@ resource apiManagementService_lock 'Microsoft.Authorization/locks@2016-09-01' = scope: apiManagementService } -resource apiManagementService_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(workspaceId) || !empty(eventHubAuthorizationRuleId) || !empty(eventHubName)) { +resource apiManagementService_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { name: '${apiManagementService.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } diff --git a/arm/Microsoft.ApiManagement/service/identityProviders/deploy.bicep b/arm/Microsoft.ApiManagement/service/identityProviders/deploy.bicep index 778b653bc4..9cd37e5f2e 100644 --- a/arm/Microsoft.ApiManagement/service/identityProviders/deploy.bicep +++ b/arm/Microsoft.ApiManagement/service/identityProviders/deploy.bicep @@ -56,11 +56,11 @@ module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { params: {} } -resource service 'Microsoft.ApiManagement/service@2021-04-01-preview' existing = { +resource service 'Microsoft.ApiManagement/service@2021-08-01' existing = { name: apiManagementServiceName } -resource identityProvider 'Microsoft.ApiManagement/service/identityProviders@2020-06-01-preview' = if (enableIdentityProviders) { +resource identityProvider 'Microsoft.ApiManagement/service/identityProviders@2021-08-01' = if (enableIdentityProviders) { name: name parent: service properties: { diff --git a/arm/Microsoft.ApiManagement/service/identityProviders/readme.md b/arm/Microsoft.ApiManagement/service/identityProviders/readme.md index 77c57af372..1ff0d0ada5 100644 --- a/arm/Microsoft.ApiManagement/service/identityProviders/readme.md +++ b/arm/Microsoft.ApiManagement/service/identityProviders/readme.md @@ -6,7 +6,7 @@ This module deploys API Management Service Identity Provider. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.ApiManagement/service/identityProviders` | 2020-06-01-preview | +| `Microsoft.ApiManagement/service/identityProviders` | 2021-08-01 | ## Parameters @@ -37,4 +37,4 @@ This module deploys API Management Service Identity Provider. ## Template references -- [Service/Identityproviders](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-06-01-preview/service/identityProviders) +- [Service/Identityproviders](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/identityProviders) diff --git a/arm/Microsoft.ApiManagement/service/namedValues/deploy.bicep b/arm/Microsoft.ApiManagement/service/namedValues/deploy.bicep index 73dbdf9be8..7ac51b1365 100644 --- a/arm/Microsoft.ApiManagement/service/namedValues/deploy.bicep +++ b/arm/Microsoft.ApiManagement/service/namedValues/deploy.bicep @@ -29,11 +29,11 @@ module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { params: {} } -resource service 'Microsoft.ApiManagement/service@2021-04-01-preview' existing = { +resource service 'Microsoft.ApiManagement/service@2021-08-01' existing = { name: apiManagementServiceName } -resource namedValue 'Microsoft.ApiManagement/service/namedValues@2020-06-01-preview' = { +resource namedValue 'Microsoft.ApiManagement/service/namedValues@2021-08-01' = { name: name parent: service properties: { diff --git a/arm/Microsoft.ApiManagement/service/namedValues/readme.md b/arm/Microsoft.ApiManagement/service/namedValues/readme.md index a2ac2606fb..23895a82f0 100644 --- a/arm/Microsoft.ApiManagement/service/namedValues/readme.md +++ b/arm/Microsoft.ApiManagement/service/namedValues/readme.md @@ -6,7 +6,7 @@ This module deploys API Management Service Named Values. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.ApiManagement/service/namedValues` | 2020-06-01-preview | +| `Microsoft.ApiManagement/service/namedValues` | 2021-08-01 | ### Resource dependency @@ -48,4 +48,4 @@ The following resources are required to be able to deploy this resource. ## Template references -- [Service/Namedvalues](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-06-01-preview/service/namedValues) +- [Service/Namedvalues](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/namedValues) diff --git a/arm/Microsoft.ApiManagement/service/policies/deploy.bicep b/arm/Microsoft.ApiManagement/service/policies/deploy.bicep index 497721cbda..ebebcd144d 100644 --- a/arm/Microsoft.ApiManagement/service/policies/deploy.bicep +++ b/arm/Microsoft.ApiManagement/service/policies/deploy.bicep @@ -24,11 +24,11 @@ module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { params: {} } -resource service 'Microsoft.ApiManagement/service@2021-04-01-preview' existing = { +resource service 'Microsoft.ApiManagement/service@2021-08-01' existing = { name: apiManagementServiceName } -resource policy 'Microsoft.ApiManagement/service/policies@2020-06-01-preview' = { +resource policy 'Microsoft.ApiManagement/service/policies@2021-08-01' = { name: name parent: service properties: { diff --git a/arm/Microsoft.ApiManagement/service/policies/readme.md b/arm/Microsoft.ApiManagement/service/policies/readme.md index 0f0eea93ea..9f7c2ac389 100644 --- a/arm/Microsoft.ApiManagement/service/policies/readme.md +++ b/arm/Microsoft.ApiManagement/service/policies/readme.md @@ -6,7 +6,7 @@ This module deploys API Management Service Policy. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.ApiManagement/service/policies` | 2020-06-01-preview | +| `Microsoft.ApiManagement/service/policies` | 2021-08-01 | ## Parameters @@ -28,4 +28,4 @@ This module deploys API Management Service Policy. ## Template references -- [Service/Policies](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-06-01-preview/service/policies) +- [Service/Policies](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/policies) diff --git a/arm/Microsoft.ApiManagement/service/portalsettings/deploy.bicep b/arm/Microsoft.ApiManagement/service/portalsettings/deploy.bicep index bf47b791b3..da385b7dc2 100644 --- a/arm/Microsoft.ApiManagement/service/portalsettings/deploy.bicep +++ b/arm/Microsoft.ApiManagement/service/portalsettings/deploy.bicep @@ -20,11 +20,11 @@ module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { params: {} } -resource service 'Microsoft.ApiManagement/service@2021-04-01-preview' existing = { +resource service 'Microsoft.ApiManagement/service@2021-08-01' existing = { name: apiManagementServiceName } -resource portalSetting 'Microsoft.ApiManagement/service/portalsettings@2019-12-01' = if (!empty(properties)) { +resource portalSetting 'Microsoft.ApiManagement/service/portalsettings@2021-08-01' = if (!empty(properties)) { name: any(name) parent: service properties: properties diff --git a/arm/Microsoft.ApiManagement/service/portalsettings/readme.md b/arm/Microsoft.ApiManagement/service/portalsettings/readme.md index f6fb9eb86e..a1e6fa0659 100644 --- a/arm/Microsoft.ApiManagement/service/portalsettings/readme.md +++ b/arm/Microsoft.ApiManagement/service/portalsettings/readme.md @@ -6,7 +6,7 @@ This module deploys API Management Service Portal Setting. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.ApiManagement/service/portalsettings` | 2019-12-01 | +| `Microsoft.ApiManagement/service/portalsettings` | 2021-08-01 | ## Parameters diff --git a/arm/Microsoft.ApiManagement/service/products/apis/deploy.bicep b/arm/Microsoft.ApiManagement/service/products/apis/deploy.bicep index 7999f11be1..41beac09f7 100644 --- a/arm/Microsoft.ApiManagement/service/products/apis/deploy.bicep +++ b/arm/Microsoft.ApiManagement/service/products/apis/deploy.bicep @@ -15,7 +15,7 @@ module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { params: {} } -resource service 'Microsoft.ApiManagement/service@2021-04-01-preview' existing = { +resource service 'Microsoft.ApiManagement/service@2021-08-01' existing = { name: apiManagementServiceName resource product 'products@2021-04-01-preview' existing = { @@ -23,7 +23,7 @@ resource service 'Microsoft.ApiManagement/service@2021-04-01-preview' existing = } } -resource api 'Microsoft.ApiManagement/service/products/apis@2020-06-01-preview' = { +resource api 'Microsoft.ApiManagement/service/products/apis@2021-08-01' = { name: name parent: service::product } diff --git a/arm/Microsoft.ApiManagement/service/products/apis/readme.md b/arm/Microsoft.ApiManagement/service/products/apis/readme.md index 23144493f4..6e53faecf2 100644 --- a/arm/Microsoft.ApiManagement/service/products/apis/readme.md +++ b/arm/Microsoft.ApiManagement/service/products/apis/readme.md @@ -6,7 +6,7 @@ This module deploys API Management Service Product APIs. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.ApiManagement/service/products/apis` | 2020-06-01-preview | +| `Microsoft.ApiManagement/service/products/apis` | 2021-08-01 | ## Parameters @@ -27,4 +27,4 @@ This module deploys API Management Service Product APIs. ## Template references -- [Service/Products/Apis](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-06-01-preview/service/products/apis) +- [Service/Products/Apis](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/products/apis) diff --git a/arm/Microsoft.ApiManagement/service/products/deploy.bicep b/arm/Microsoft.ApiManagement/service/products/deploy.bicep index c54ce33c82..317351f5b0 100644 --- a/arm/Microsoft.ApiManagement/service/products/deploy.bicep +++ b/arm/Microsoft.ApiManagement/service/products/deploy.bicep @@ -36,11 +36,11 @@ module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { params: {} } -resource service 'Microsoft.ApiManagement/service@2021-04-01-preview' existing = { +resource service 'Microsoft.ApiManagement/service@2021-08-01' existing = { name: apiManagementServiceName } -resource product 'Microsoft.ApiManagement/service/products@2020-06-01-preview' = { +resource product 'Microsoft.ApiManagement/service/products@2021-08-01' = { name: name parent: service properties: { diff --git a/arm/Microsoft.ApiManagement/service/products/groups/deploy.bicep b/arm/Microsoft.ApiManagement/service/products/groups/deploy.bicep index 37d1ddc071..8a61338bef 100644 --- a/arm/Microsoft.ApiManagement/service/products/groups/deploy.bicep +++ b/arm/Microsoft.ApiManagement/service/products/groups/deploy.bicep @@ -15,7 +15,7 @@ module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { params: {} } -resource service 'Microsoft.ApiManagement/service@2021-04-01-preview' existing = { +resource service 'Microsoft.ApiManagement/service@2021-08-01' existing = { name: apiManagementServiceName resource product 'products@2021-04-01-preview' existing = { @@ -23,7 +23,7 @@ resource service 'Microsoft.ApiManagement/service@2021-04-01-preview' existing = } } -resource group 'Microsoft.ApiManagement/service/products/groups@2020-06-01-preview' = { +resource group 'Microsoft.ApiManagement/service/products/groups@2021-08-01' = { name: name parent: service::product } diff --git a/arm/Microsoft.ApiManagement/service/products/groups/readme.md b/arm/Microsoft.ApiManagement/service/products/groups/readme.md index a568fbe3c7..247b3edd54 100644 --- a/arm/Microsoft.ApiManagement/service/products/groups/readme.md +++ b/arm/Microsoft.ApiManagement/service/products/groups/readme.md @@ -6,7 +6,7 @@ This module deploys API Management Service Product Groups. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.ApiManagement/service/products/groups` | 2020-06-01-preview | +| `Microsoft.ApiManagement/service/products/groups` | 2021-08-01 | ## Parameters @@ -27,4 +27,4 @@ This module deploys API Management Service Product Groups. ## Template references -- [Service/Products/Groups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-06-01-preview/service/products/groups) +- [Service/Products/Groups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/products/groups) diff --git a/arm/Microsoft.ApiManagement/service/products/readme.md b/arm/Microsoft.ApiManagement/service/products/readme.md index 3cc6a639ba..d2c6a186b5 100644 --- a/arm/Microsoft.ApiManagement/service/products/readme.md +++ b/arm/Microsoft.ApiManagement/service/products/readme.md @@ -6,9 +6,9 @@ This module deploys API Management Service Products. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.ApiManagement/service/products` | 2020-06-01-preview | -| `Microsoft.ApiManagement/service/products/apis` | 2020-06-01-preview | -| `Microsoft.ApiManagement/service/products/groups` | 2020-06-01-preview | +| `Microsoft.ApiManagement/service/products` | 2021-08-01 | +| `Microsoft.ApiManagement/service/products/apis` | 2021-08-01 | +| `Microsoft.ApiManagement/service/products/groups` | 2021-08-01 | ### Resource dependency @@ -44,6 +44,6 @@ The following resources are required to be able to deploy this resource. ## Template references -- [Service/Products](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-06-01-preview/service/products) -- [Service/Products/Apis](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-06-01-preview/service/products/apis) -- [Service/Products/Groups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-06-01-preview/service/products/groups) +- [Service/Products](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/products) +- [Service/Products/Apis](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/products/apis) +- [Service/Products/Groups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/products/groups) diff --git a/arm/Microsoft.ApiManagement/service/readme.md b/arm/Microsoft.ApiManagement/service/readme.md index 36768ae46d..2017224728 100644 --- a/arm/Microsoft.ApiManagement/service/readme.md +++ b/arm/Microsoft.ApiManagement/service/readme.md @@ -6,23 +6,23 @@ This module deploys an API management service. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.ApiManagement/service` | 2020-12-01 | -| `Microsoft.ApiManagement/service/apis` | 2020-06-01-preview | -| `Microsoft.ApiManagement/service/apis/policies` | 2020-06-01-preview | -| `Microsoft.ApiManagement/service/apiVersionSets` | 2020-06-01-preview | -| `Microsoft.ApiManagement/service/authorizationServers` | 2020-06-01-preview | -| `Microsoft.ApiManagement/service/backends` | 2020-06-01-preview | -| `Microsoft.ApiManagement/service/caches` | 2020-06-01-preview | -| `Microsoft.ApiManagement/service/identityProviders` | 2020-06-01-preview | -| `Microsoft.ApiManagement/service/namedValues` | 2020-06-01-preview | -| `Microsoft.ApiManagement/service/policies` | 2020-06-01-preview | -| `Microsoft.ApiManagement/service/portalsettings` | 2019-12-01 | -| `Microsoft.ApiManagement/service/products` | 2020-06-01-preview | -| `Microsoft.ApiManagement/service/products/apis` | 2020-06-01-preview | -| `Microsoft.ApiManagement/service/products/groups` | 2020-06-01-preview | -| `Microsoft.ApiManagement/service/subscriptions` | 2020-06-01-preview | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.ApiManagement/service` | 2021-08-01 | +| `Microsoft.ApiManagement/service/apis` | 2021-08-01 | +| `Microsoft.ApiManagement/service/apis/policies` | 2021-08-01 | +| `Microsoft.ApiManagement/service/apiVersionSets` | 2021-08-01 | +| `Microsoft.ApiManagement/service/authorizationServers` | 2021-08-01 | +| `Microsoft.ApiManagement/service/backends` | 2021-08-01 | +| `Microsoft.ApiManagement/service/caches` | 2021-08-01 | +| `Microsoft.ApiManagement/service/identityProviders` | 2021-08-01 | +| `Microsoft.ApiManagement/service/namedValues` | 2021-08-01 | +| `Microsoft.ApiManagement/service/policies` | 2021-08-01 | +| `Microsoft.ApiManagement/service/portalsettings` | 2021-08-01 | +| `Microsoft.ApiManagement/service/products` | 2021-08-01 | +| `Microsoft.ApiManagement/service/products/apis` | 2021-08-01 | +| `Microsoft.ApiManagement/service/products/groups` | 2021-08-01 | +| `Microsoft.ApiManagement/service/subscriptions` | 2021-08-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | ## Parameters @@ -38,12 +38,13 @@ This module deploys an API management service. | `certificates` | array | `[]` | | Optional. List of Certificates that need to be installed in the API Management service. Max supported certificates that can be installed is 10. | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | | `customProperties` | object | `{object}` | | Optional. Custom properties of the API Management service. | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `disableGateway` | bool | | | Optional. Property only valid for an API Management service deployed in multiple locations. This can be used to disable the gateway in master region. | | `enableClientCertificate` | bool | | | Optional. Property only meant to be used for Consumption SKU Service. This enforces a client certificate to be presented on each request to the gateway. This also enables the ability to authenticate the certificate in the policy on the gateway. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `hostnameConfigurations` | array | `[]` | | Optional. Custom hostname configuration of the API Management service. | | `identityProviders` | _[identityProviders](identityProviders/readme.md)_ array | `[]` | | Optional. Identity providers. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all Resources. | @@ -70,7 +71,6 @@ This module deploys an API management service. | `tags` | object | `{object}` | | Optional. Tags of the resource. | | `userAssignedIdentities` | object | `{object}` | | Optional. The ID(s) to assign to the resource. | | `virtualNetworkType` | string | `None` | `[None, External, Internal]` | Optional. The type of VPN in which API Management service needs to be configured in. None (Default Value) means the API Management service is not part of any Virtual Network, External means the API Management deployment is set up inside a Virtual Network having an internet Facing Endpoint, and Internal means that API Management deployment is setup inside a Virtual Network having an Intranet Facing Endpoint only. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | | `zones` | array | `[]` | | Optional. A list of availability zones denoting where the resource needs to come from. | ### Parameter Usage: `roleAssignments` @@ -153,19 +153,19 @@ You can specify multiple user assigned identities to a resource by providing add - ['service/portalsettings' Parent Documentation](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/service) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) -- [Service](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-12-01/service) -- [Service/Apis](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-06-01-preview/service/apis) -- [Service/Apis/Policies](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-06-01-preview/service/apis/policies) -- [Service/Apiversionsets](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-06-01-preview/service/apiVersionSets) -- [Service/Authorizationservers](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-06-01-preview/service/authorizationServers) -- [Service/Backends](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-06-01-preview/service/backends) -- [Service/Caches](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-06-01-preview/service/caches) -- [Service/Identityproviders](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-06-01-preview/service/identityProviders) -- [Service/Namedvalues](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-06-01-preview/service/namedValues) -- [Service/Policies](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-06-01-preview/service/policies) -- [Service/Products](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-06-01-preview/service/products) -- [Service/Products/Apis](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-06-01-preview/service/products/apis) -- [Service/Products/Groups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-06-01-preview/service/products/groups) -- [Service/Subscriptions](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-06-01-preview/service/subscriptions) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) +- [Service](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service) +- [Service/Apis](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/apis) +- [Service/Apis/Policies](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/apis/policies) +- [Service/Apiversionsets](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/apiVersionSets) +- [Service/Authorizationservers](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/authorizationServers) +- [Service/Backends](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/backends) +- [Service/Caches](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/caches) +- [Service/Identityproviders](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/identityProviders) +- [Service/Namedvalues](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/namedValues) +- [Service/Policies](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/policies) +- [Service/Products](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/products) +- [Service/Products/Apis](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/products/apis) +- [Service/Products/Groups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/products/groups) +- [Service/Subscriptions](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/subscriptions) diff --git a/arm/Microsoft.ApiManagement/service/subscriptions/deploy.bicep b/arm/Microsoft.ApiManagement/service/subscriptions/deploy.bicep index 8d719350b5..47fed49e8d 100644 --- a/arm/Microsoft.ApiManagement/service/subscriptions/deploy.bicep +++ b/arm/Microsoft.ApiManagement/service/subscriptions/deploy.bicep @@ -30,11 +30,11 @@ module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { params: {} } -resource service 'Microsoft.ApiManagement/service@2021-04-01-preview' existing = { +resource service 'Microsoft.ApiManagement/service@2021-08-01' existing = { name: apiManagementServiceName } -resource subscription 'Microsoft.ApiManagement/service/subscriptions@2020-06-01-preview' = { +resource subscription 'Microsoft.ApiManagement/service/subscriptions@2021-08-01' = { name: name parent: service properties: { diff --git a/arm/Microsoft.ApiManagement/service/subscriptions/readme.md b/arm/Microsoft.ApiManagement/service/subscriptions/readme.md index eeae901ec6..cd86527a4f 100644 --- a/arm/Microsoft.ApiManagement/service/subscriptions/readme.md +++ b/arm/Microsoft.ApiManagement/service/subscriptions/readme.md @@ -6,7 +6,7 @@ This module deploys API Management Subscriptions. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.ApiManagement/service/subscriptions` | 2020-06-01-preview | +| `Microsoft.ApiManagement/service/subscriptions` | 2021-08-01 | ### Resource dependency @@ -38,4 +38,4 @@ The following resources are required to be able to deploy this resource. ## Template references -- [Service/Subscriptions](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-06-01-preview/service/subscriptions) +- [Service/Subscriptions](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/subscriptions) diff --git a/arm/Microsoft.Authorization/policyAssignments/.bicep/nested_policyAssignments_mg.bicep b/arm/Microsoft.Authorization/policyAssignments/.bicep/nested_policyAssignments_mg.bicep index 926ec3a71c..bf89f8048d 100644 --- a/arm/Microsoft.Authorization/policyAssignments/.bicep/nested_policyAssignments_mg.bicep +++ b/arm/Microsoft.Authorization/policyAssignments/.bicep/nested_policyAssignments_mg.bicep @@ -72,7 +72,7 @@ resource policyAssignment 'Microsoft.Authorization/policyAssignments@2021-06-01' identity: identity_var } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for roleDefinitionId in roleDefinitionIds: if (!empty(roleDefinitionIds) && identity != 'None') { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for roleDefinitionId in roleDefinitionIds: if (!empty(roleDefinitionIds) && identity != 'None') { name: guid(managementGroupId, roleDefinitionId, location, name) properties: { roleDefinitionId: roleDefinitionId diff --git a/arm/Microsoft.Authorization/policyAssignments/.bicep/nested_policyAssignments_rg.bicep b/arm/Microsoft.Authorization/policyAssignments/.bicep/nested_policyAssignments_rg.bicep index 5d91063b93..b71054156d 100644 --- a/arm/Microsoft.Authorization/policyAssignments/.bicep/nested_policyAssignments_rg.bicep +++ b/arm/Microsoft.Authorization/policyAssignments/.bicep/nested_policyAssignments_rg.bicep @@ -75,7 +75,7 @@ resource policyAssignment 'Microsoft.Authorization/policyAssignments@2021-06-01' identity: identity_var } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for roleDefinitionId in roleDefinitionIds: if (!empty(roleDefinitionIds) && identity != 'None') { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for roleDefinitionId in roleDefinitionIds: if (!empty(roleDefinitionIds) && identity != 'None') { name: guid(subscriptionId, resourceGroupName, roleDefinitionId, location, name) properties: { roleDefinitionId: roleDefinitionId diff --git a/arm/Microsoft.Authorization/policyAssignments/.bicep/nested_policyAssignments_sub.bicep b/arm/Microsoft.Authorization/policyAssignments/.bicep/nested_policyAssignments_sub.bicep index 4b7d583dc3..d1ff81664a 100644 --- a/arm/Microsoft.Authorization/policyAssignments/.bicep/nested_policyAssignments_sub.bicep +++ b/arm/Microsoft.Authorization/policyAssignments/.bicep/nested_policyAssignments_sub.bicep @@ -72,7 +72,7 @@ resource policyAssignment 'Microsoft.Authorization/policyAssignments@2021-06-01' identity: identity_var } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for roleDefinitionId in roleDefinitionIds: if (!empty(roleDefinitionIds) && identity != 'None') { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for roleDefinitionId in roleDefinitionIds: if (!empty(roleDefinitionIds) && identity != 'None') { name: guid(subscriptionId, roleDefinitionId, location, name) properties: { roleDefinitionId: roleDefinitionId diff --git a/arm/Microsoft.Authorization/policyAssignments/readme.md b/arm/Microsoft.Authorization/policyAssignments/readme.md index 2d892371bf..9186cc3142 100644 --- a/arm/Microsoft.Authorization/policyAssignments/readme.md +++ b/arm/Microsoft.Authorization/policyAssignments/readme.md @@ -5,7 +5,7 @@ | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/policyAssignments` | 2021-06-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | ## Parameters @@ -75,4 +75,4 @@ To deploy resource to a Resource Group, provide the `subscriptionId` and `resour ## Template references - [Policyassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-06-01/policyAssignments) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Authorization/roleAssignments/readme.md b/arm/Microsoft.Authorization/roleAssignments/readme.md index 85d6286130..db6653d0d6 100644 --- a/arm/Microsoft.Authorization/roleAssignments/readme.md +++ b/arm/Microsoft.Authorization/roleAssignments/readme.md @@ -19,7 +19,7 @@ This module deploys Role Assignments. | `location` | string | `[deployment().location]` | | Optional. Location for all resources. | | `managementGroupId` | string | | | Optional. Group ID of the Management Group to assign the RBAC role to. If no Subscription is provided, the module deploys at management group level, therefore assigns the provided RBAC role to the management group. | | `principalId` | string | | | Required. The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity) | -| `principalType` | string | '' | `[ServicePrincipal, Group, User, ForeignGroup, Device, ]` | Optional. The principal type of the assigned principal ID. | +| `principalType` | string | | `[ServicePrincipal, Group, User, ForeignGroup, Device, ]` | Optional. The principal type of the assigned principal ID. | | `resourceGroupName` | string | | | Optional. Name of the Resource Group to assign the RBAC role to. If no Resource Group name is provided, and Subscription ID is provided, the module deploys at subscription level, therefore assigns the provided RBAC role to the subscription. | | `roleDefinitionIdOrName` | string | | | Required. You can provide either the display name of the role definition, or it's fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' | | `subscriptionId` | string | | | Optional. Subscription ID of the subscription to assign the RBAC role to. If no Resource Group name is provided, the module deploys at subscription level, therefore assigns the provided RBAC role to the subscription. | @@ -75,4 +75,4 @@ This module can be deployed at the management group, subscription or resource gr ## Template references -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-08-01-preview/roleAssignments) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Automanage/accounts/deploy.bicep b/arm/Microsoft.Automanage/accounts/deploy.bicep index a03fa62b1e..804388736e 100644 --- a/arm/Microsoft.Automanage/accounts/deploy.bicep +++ b/arm/Microsoft.Automanage/accounts/deploy.bicep @@ -42,7 +42,7 @@ module autoManageAccount '.bicep/nested_autoManageAccount.bicep' = { } } -resource autoManageAccount_permissions_contributor 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = { +resource autoManageAccount_permissions_contributor 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = { name: guid(autoManageAccountResourceGroupName, name, contributor) properties: { roleDefinitionId: contributor @@ -51,7 +51,7 @@ resource autoManageAccount_permissions_contributor 'Microsoft.Authorization/role } } -resource autoManageAccount_permissions_resourcePolicyContributor 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = { +resource autoManageAccount_permissions_resourcePolicyContributor 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = { name: guid(autoManageAccountResourceGroupName, name, resourcePolicyContributor) properties: { roleDefinitionId: resourcePolicyContributor diff --git a/arm/Microsoft.Automanage/accounts/readme.md b/arm/Microsoft.Automanage/accounts/readme.md index c6f108b5cf..8c98e2d856 100644 --- a/arm/Microsoft.Automanage/accounts/readme.md +++ b/arm/Microsoft.Automanage/accounts/readme.md @@ -6,7 +6,7 @@ This module deploys an Automanage account and associates VM with it. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Automanage/accounts` | 2020-06-30-preview | | `Microsoft.Compute/virtualMachines/providers/configurationProfileAssignments` | 2020-06-30-preview | @@ -33,3 +33,4 @@ This module deploys an Automanage account and associates VM with it. ## Template references - [Define resources with Bicep and ARM templates](https://docs.microsoft.com/en-us/azure/templates) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Automation/automationAccounts/.bicep/nested_rbac.bicep b/arm/Microsoft.Automation/automationAccounts/.bicep/nested_rbac.bicep index e3fc0d678b..777f9d3bdb 100644 --- a/arm/Microsoft.Automation/automationAccounts/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Automation/automationAccounts/.bicep/nested_rbac.bicep @@ -26,7 +26,7 @@ resource automationAccount 'Microsoft.Automation/automationAccounts@2020-01-13-p name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(automationAccount.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Automation/automationAccounts/.parameters/parameters.json b/arm/Microsoft.Automation/automationAccounts/.parameters/parameters.json index 90003c4a27..f8b3a2e4c8 100644 --- a/arm/Microsoft.Automation/automationAccounts/.parameters/parameters.json +++ b/arm/Microsoft.Automation/automationAccounts/.parameters/parameters.json @@ -179,13 +179,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsax001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.Automation/automationAccounts/deploy.bicep b/arm/Microsoft.Automation/automationAccounts/deploy.bicep index 129545abfb..fa0b69746d 100644 --- a/arm/Microsoft.Automation/automationAccounts/deploy.bicep +++ b/arm/Microsoft.Automation/automationAccounts/deploy.bicep @@ -46,14 +46,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @description('Optional. Enables system assigned managed identity on the resource.') param systemAssignedIdentity bool = false @@ -287,7 +287,7 @@ module automationAccount_softwareUpdateConfigurations 'softwareUpdateConfigurati ] }] -resource automationAccount_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource automationAccount_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${automationAccount.name}-AutoAccount-${lock}-lock' properties: { level: lock @@ -296,13 +296,13 @@ resource automationAccount_lock 'Microsoft.Authorization/locks@2016-09-01' = if scope: automationAccount } -resource automationAccount_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource automationAccount_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${automationAccount.name}-AutoAccount-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } diff --git a/arm/Microsoft.Automation/automationAccounts/readme.md b/arm/Microsoft.Automation/automationAccounts/readme.md index dde5a5471d..c0c8f87546 100644 --- a/arm/Microsoft.Automation/automationAccounts/readme.md +++ b/arm/Microsoft.Automation/automationAccounts/readme.md @@ -6,8 +6,8 @@ This module deploys an Azure Automation Account. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Automation/automationAccounts` | 2020-01-13-preview | | `Microsoft.Automation/automationAccounts/jobSchedules` | 2020-01-13-preview | | `Microsoft.Automation/automationAccounts/modules` | 2020-01-13-preview | @@ -26,10 +26,11 @@ This module deploys an Azure Automation Account. | Parameter Name | Type | Default Value | Possible Values | Description | | :-- | :-- | :-- | :-- | :-- | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered. | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `gallerySolutions` | array | `[]` | | Optional. List of gallerySolutions to be created in the linked log analytics workspace | | `jobSchedules` | _[jobSchedules](jobSchedules/readme.md)_ array | `[]` | | Optional. List of jobSchedules to be created in the automation account. | | `linkedWorkspaceId` | string | | | Optional. ID of the log analytics workspace to be linked to the deployed automation account. | @@ -49,7 +50,6 @@ This module deploys an Azure Automation Account. | `tags` | object | `{object}` | | Optional. Tags of the Automation Account resource. | | `userAssignedIdentities` | object | `{object}` | | Optional. The ID(s) to assign to the resource. | | `variables` | _[variables](variables/readme.md)_ array | `[]` | | Optional. List of variables to be created in the automation account. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ### Parameter Usage: `privateEndpoints` @@ -150,8 +150,6 @@ You can specify multiple user assigned identities to a resource by providing add ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Automationaccounts](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Automation/2020-01-13-preview/automationAccounts) - [Automationaccounts/Jobschedules](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Automation/2020-01-13-preview/automationAccounts/jobSchedules) - [Automationaccounts/Modules](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Automation/2020-01-13-preview/automationAccounts/modules) @@ -160,7 +158,9 @@ You can specify multiple user assigned identities to a resource by providing add - [Automationaccounts/Softwareupdateconfigurations](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Automation/2019-06-01/automationAccounts/softwareUpdateConfigurations) - [Automationaccounts/Variables](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Automation/2020-01-13-preview/automationAccounts/variables) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/privateEndpoints) - [Privateendpoints/Privatednszonegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/privateEndpoints/privateDnsZoneGroups) -- [Workspaces/Linkedservices](https://docs.microsoft.com/en-us/azure/templates/Microsoft.OperationalInsights/2020-03-01-preview/workspaces/linkedServices) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Solutions](https://docs.microsoft.com/en-us/azure/templates/Microsoft.OperationsManagement/2015-11-01-preview/solutions) +- [Workspaces/Linkedservices](https://docs.microsoft.com/en-us/azure/templates/Microsoft.OperationalInsights/2020-03-01-preview/workspaces/linkedServices) diff --git a/arm/Microsoft.Batch/batchAccounts/.parameters/parameters.json b/arm/Microsoft.Batch/batchAccounts/.parameters/parameters.json index 7ddf2f5261..e0ad046bab 100644 --- a/arm/Microsoft.Batch/batchAccounts/.parameters/parameters.json +++ b/arm/Microsoft.Batch/batchAccounts/.parameters/parameters.json @@ -11,13 +11,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsax001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.Batch/batchAccounts/deploy.bicep b/arm/Microsoft.Batch/batchAccounts/deploy.bicep index fa5473dcff..a30debf1ff 100644 --- a/arm/Microsoft.Batch/batchAccounts/deploy.bicep +++ b/arm/Microsoft.Batch/batchAccounts/deploy.bicep @@ -12,14 +12,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @allowed([ 'CanNotDelete' @@ -82,7 +82,7 @@ resource batchAccount 'Microsoft.Batch/batchAccounts@2020-09-01' = { properties: {} } -resource batchAccount_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource batchAccount_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${batchAccount.name}-${lock}-lock' properties: { level: lock @@ -91,13 +91,13 @@ resource batchAccount_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock scope: batchAccount } -resource batchAccount_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource batchAccount_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${batchAccount.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } diff --git a/arm/Microsoft.Batch/batchAccounts/readme.md b/arm/Microsoft.Batch/batchAccounts/readme.md index 2826f2f295..ae1d9529a2 100644 --- a/arm/Microsoft.Batch/batchAccounts/readme.md +++ b/arm/Microsoft.Batch/batchAccounts/readme.md @@ -4,7 +4,7 @@ | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Batch/batchAccounts` | 2020-09-01 | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | @@ -13,17 +13,17 @@ | Parameter Name | Type | Default Value | Possible Values | Description | | :-- | :-- | :-- | :-- | :-- | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all Resources. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | | `logsToEnable` | array | `[ServiceLog]` | `[ServiceLog]` | Optional. The name of logs that will be streamed. | | `metricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | Optional. The name of metrics that will be streamed. | | `name` | string | | | Required. Name of the Azure Batch | | `tags` | object | `{object}` | | Optional. Tags of the resource. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ### Parameter Usage: `tags` @@ -52,6 +52,6 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) - [Batchaccounts](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Batch/2020-09-01/batchAccounts) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) diff --git a/arm/Microsoft.CognitiveServices/accounts/.bicep/nested_rbac.bicep b/arm/Microsoft.CognitiveServices/accounts/.bicep/nested_rbac.bicep index ea7010c59c..fa64b26cba 100644 --- a/arm/Microsoft.CognitiveServices/accounts/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.CognitiveServices/accounts/.bicep/nested_rbac.bicep @@ -39,7 +39,7 @@ resource account 'Microsoft.CognitiveServices/accounts@2017-04-18' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(account.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.CognitiveServices/accounts/.parameters/parameters.json b/arm/Microsoft.CognitiveServices/accounts/.parameters/parameters.json index bdbda5df5f..1f9afa7c44 100644 --- a/arm/Microsoft.CognitiveServices/accounts/.parameters/parameters.json +++ b/arm/Microsoft.CognitiveServices/accounts/.parameters/parameters.json @@ -38,13 +38,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsax001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.CognitiveServices/accounts/deploy.bicep b/arm/Microsoft.CognitiveServices/accounts/deploy.bicep index 372ea25cb7..bd8040908a 100644 --- a/arm/Microsoft.CognitiveServices/accounts/deploy.bicep +++ b/arm/Microsoft.CognitiveServices/accounts/deploy.bicep @@ -61,14 +61,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @description('Optional. Subdomain name used for token-based authentication. Required if \'networkAcls\' are set.') param customSubDomainName string = '' @@ -180,7 +180,7 @@ resource cognitiveServices 'Microsoft.CognitiveServices/accounts@2017-04-18' = { } } -resource cognitiveServices_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource cognitiveServices_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${cognitiveServices.name}-${lock}-lock' properties: { level: lock @@ -189,13 +189,13 @@ resource cognitiveServices_lock 'Microsoft.Authorization/locks@2016-09-01' = if scope: cognitiveServices } -resource cognitiveServices_diagnosticSettingName 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = { +resource cognitiveServices_diagnosticSettingName 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${cognitiveServices.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } diff --git a/arm/Microsoft.CognitiveServices/accounts/readme.md b/arm/Microsoft.CognitiveServices/accounts/readme.md index 39266f085c..025c3d9b38 100644 --- a/arm/Microsoft.CognitiveServices/accounts/readme.md +++ b/arm/Microsoft.CognitiveServices/accounts/readme.md @@ -6,8 +6,8 @@ This module deploys different kinds of cognitive services resources | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.CognitiveServices/accounts` | 2017-04-18 | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Network/privateEndpoints` | 2021-05-01 | @@ -19,10 +19,11 @@ This module deploys different kinds of cognitive services resources | :-- | :-- | :-- | :-- | :-- | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | | `customSubDomainName` | string | | | Optional. Subdomain name used for token-based authentication. Required if 'networkAcls' are set. | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `kind` | string | | `[AnomalyDetector, Bing.Autosuggest.v7, Bing.CustomSearch, Bing.EntitySearch, Bing.Search.v7, Bing.SpellCheck.v7, CognitiveServices, ComputerVision, ContentModerator, CustomVision.Prediction, CustomVision.Training, Face, FormRecognizer, ImmersiveReader, Internal.AllInOne, LUIS, LUIS.Authoring, Personalizer, QnAMaker, SpeechServices, TextAnalytics, TextTranslation]` | Required. Kind of the Cognitive Services. Use 'Get-AzCognitiveServicesAccountSku' to determine a valid combinations of 'kind' and 'sku' for your Azure region. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all Resources. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | @@ -37,7 +38,6 @@ This module deploys different kinds of cognitive services resources | `systemAssignedIdentity` | bool | | | Optional. Enables system assigned managed identity on the resource. | | `tags` | object | `{object}` | | Optional. Tags of the resource. | | `userAssignedIdentities` | object | `{object}` | | Optional. The ID(s) to assign to the resource. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ### Parameter Usage: `privateEndpoints` @@ -202,7 +202,7 @@ You can specify multiple user assigned identities to a resource by providing add - [Accounts](https://docs.microsoft.com/en-us/azure/templates/Microsoft.CognitiveServices/2017-04-18/accounts) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/privateEndpoints) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) +- [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints) - [Privateendpoints/Privatednszonegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/privateEndpoints/privateDnsZoneGroups) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Compute/availabilitySets/.bicep/nested_rbac.bicep b/arm/Microsoft.Compute/availabilitySets/.bicep/nested_rbac.bicep index cd69291972..028ee46c65 100644 --- a/arm/Microsoft.Compute/availabilitySets/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Compute/availabilitySets/.bicep/nested_rbac.bicep @@ -30,7 +30,7 @@ resource availabilitySet 'Microsoft.Compute/availabilitySets@2021-04-01' existin name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(availabilitySet.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Compute/availabilitySets/deploy.bicep b/arm/Microsoft.Compute/availabilitySets/deploy.bicep index 687c53f292..5b89a2a418 100644 --- a/arm/Microsoft.Compute/availabilitySets/deploy.bicep +++ b/arm/Microsoft.Compute/availabilitySets/deploy.bicep @@ -52,7 +52,7 @@ resource availabilitySet 'Microsoft.Compute/availabilitySets@2021-04-01' = { } } -resource availabilitySet_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource availabilitySet_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${availabilitySet.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Compute/availabilitySets/readme.md b/arm/Microsoft.Compute/availabilitySets/readme.md index 406434f7e9..ac8a3d356c 100644 --- a/arm/Microsoft.Compute/availabilitySets/readme.md +++ b/arm/Microsoft.Compute/availabilitySets/readme.md @@ -6,8 +6,8 @@ This template deploys an availability set | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Compute/availabilitySets` | 2021-04-01 | ## Parameters @@ -74,6 +74,6 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Availabilitysets](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Compute/2021-04-01/availabilitySets) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Compute/diskEncryptionSets/.bicep/nested_rbac.bicep b/arm/Microsoft.Compute/diskEncryptionSets/.bicep/nested_rbac.bicep index 08aafffc1f..8528dbddad 100644 --- a/arm/Microsoft.Compute/diskEncryptionSets/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Compute/diskEncryptionSets/.bicep/nested_rbac.bicep @@ -28,7 +28,7 @@ resource diskEncryptionSet 'Microsoft.Compute/diskEncryptionSets@2020-12-01' exi name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(diskEncryptionSet.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Compute/diskEncryptionSets/readme.md b/arm/Microsoft.Compute/diskEncryptionSets/readme.md index e656a38f7a..564d13bf55 100644 --- a/arm/Microsoft.Compute/diskEncryptionSets/readme.md +++ b/arm/Microsoft.Compute/diskEncryptionSets/readme.md @@ -6,7 +6,7 @@ This template deploys a disk encryption set. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Compute/diskEncryptionSets` | 2021-04-01 | | `Microsoft.KeyVault/vaults/accessPolicies` | 2021-06-01-preview | @@ -76,5 +76,5 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references - [Diskencryptionsets](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Compute/2021-04-01/diskEncryptionSets) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Vaults/Accesspolicies](https://docs.microsoft.com/en-us/azure/templates/Microsoft.KeyVault/2021-06-01-preview/vaults/accessPolicies) diff --git a/arm/Microsoft.Compute/galleries/.bicep/nested_rbac.bicep b/arm/Microsoft.Compute/galleries/.bicep/nested_rbac.bicep index 4d4229022f..18ddea9d6e 100644 --- a/arm/Microsoft.Compute/galleries/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Compute/galleries/.bicep/nested_rbac.bicep @@ -24,7 +24,7 @@ resource gallery 'Microsoft.Compute/galleries@2020-09-30' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(gallery.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Compute/galleries/deploy.bicep b/arm/Microsoft.Compute/galleries/deploy.bicep index fa4d9e153f..b315394af7 100644 --- a/arm/Microsoft.Compute/galleries/deploy.bicep +++ b/arm/Microsoft.Compute/galleries/deploy.bicep @@ -43,7 +43,7 @@ resource gallery 'Microsoft.Compute/galleries@2020-09-30' = { } } -resource gallery_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource gallery_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${gallery.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Compute/galleries/images/.bicep/nested_rbac.bicep b/arm/Microsoft.Compute/galleries/images/.bicep/nested_rbac.bicep index 69963ace28..537bc8351f 100644 --- a/arm/Microsoft.Compute/galleries/images/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Compute/galleries/images/.bicep/nested_rbac.bicep @@ -26,7 +26,7 @@ resource galleryImage 'Microsoft.Compute/galleries/images@2020-09-30' existing = name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}' } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(galleryImage.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Compute/galleries/images/readme.md b/arm/Microsoft.Compute/galleries/images/readme.md index 4833596125..9cddb56a9c 100644 --- a/arm/Microsoft.Compute/galleries/images/readme.md +++ b/arm/Microsoft.Compute/galleries/images/readme.md @@ -6,7 +6,7 @@ This module deploys an Image Definition in a Shared Image Gallery. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Compute/galleries/images` | 2020-09-30 | ## Parameters @@ -88,5 +88,5 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Galleries/Images](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Compute/2020-09-30/galleries/images) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Compute/galleries/readme.md b/arm/Microsoft.Compute/galleries/readme.md index f6ba72ccf3..10de8bbdbf 100644 --- a/arm/Microsoft.Compute/galleries/readme.md +++ b/arm/Microsoft.Compute/galleries/readme.md @@ -6,8 +6,8 @@ This module deploys an Azure compute gallery (formerly known as shared image gal | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Compute/galleries` | 2020-09-30 | | `Microsoft.Compute/galleries/images` | 2020-09-30 | @@ -73,7 +73,7 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Galleries](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Compute/2020-09-30/galleries) - [Galleries/Images](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Compute/2020-09-30/galleries/images) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Compute/images/.bicep/nested_rbac.bicep b/arm/Microsoft.Compute/images/.bicep/nested_rbac.bicep index 3d2047d90d..aa3a3fa030 100644 --- a/arm/Microsoft.Compute/images/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Compute/images/.bicep/nested_rbac.bicep @@ -26,7 +26,7 @@ resource image 'Microsoft.Compute/images@2021-04-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(image.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Compute/images/readme.md b/arm/Microsoft.Compute/images/readme.md index 281408871f..87adf5b488 100644 --- a/arm/Microsoft.Compute/images/readme.md +++ b/arm/Microsoft.Compute/images/readme.md @@ -6,7 +6,7 @@ This module deploys a compute image. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Compute/images` | 2021-04-01 | ## Parameters @@ -74,5 +74,5 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Images](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Compute/2021-04-01/images) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Compute/proximityPlacementGroups/.bicep/nested_rbac.bicep b/arm/Microsoft.Compute/proximityPlacementGroups/.bicep/nested_rbac.bicep index 044d27fba1..b4f7f380f7 100644 --- a/arm/Microsoft.Compute/proximityPlacementGroups/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Compute/proximityPlacementGroups/.bicep/nested_rbac.bicep @@ -28,7 +28,7 @@ resource proximityPlacementGroup 'Microsoft.Compute/proximityPlacementGroups@202 name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(proximityPlacementGroup.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Compute/proximityPlacementGroups/deploy.bicep b/arm/Microsoft.Compute/proximityPlacementGroups/deploy.bicep index 152fa60727..dadc3ec338 100644 --- a/arm/Microsoft.Compute/proximityPlacementGroups/deploy.bicep +++ b/arm/Microsoft.Compute/proximityPlacementGroups/deploy.bicep @@ -42,7 +42,7 @@ resource proximityPlacementGroup 'Microsoft.Compute/proximityPlacementGroups@202 } } -resource proximityPlacementGroup_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource proximityPlacementGroup_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${proximityPlacementGroup.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Compute/proximityPlacementGroups/readme.md b/arm/Microsoft.Compute/proximityPlacementGroups/readme.md index 1174bfa2a2..781982c285 100644 --- a/arm/Microsoft.Compute/proximityPlacementGroups/readme.md +++ b/arm/Microsoft.Compute/proximityPlacementGroups/readme.md @@ -6,8 +6,8 @@ This template deploys a proximity placement group. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Compute/proximityPlacementGroups` | 2021-04-01 | ## Parameters @@ -71,6 +71,6 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Proximityplacementgroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Compute/2021-04-01/proximityPlacementGroups) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Compute/virtualMachineScaleSets/.bicep/nested_rbac.bicep b/arm/Microsoft.Compute/virtualMachineScaleSets/.bicep/nested_rbac.bicep index 2ed8626ec1..6648bea369 100644 --- a/arm/Microsoft.Compute/virtualMachineScaleSets/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Compute/virtualMachineScaleSets/.bicep/nested_rbac.bicep @@ -29,7 +29,7 @@ resource vmss 'Microsoft.Compute/virtualMachineScaleSets@2021-04-01' existing = name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(vmss.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Compute/virtualMachineScaleSets/.parameters/linux.parameters.json b/arm/Microsoft.Compute/virtualMachineScaleSets/.parameters/linux.parameters.json index 7abca92aff..95acfadcfc 100644 --- a/arm/Microsoft.Compute/virtualMachineScaleSets/.parameters/linux.parameters.json +++ b/arm/Microsoft.Compute/virtualMachineScaleSets/.parameters/linux.parameters.json @@ -126,13 +126,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsax001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" }, "extensionMonitoringAgentConfig": { diff --git a/arm/Microsoft.Compute/virtualMachineScaleSets/.parameters/windows.parameters.json b/arm/Microsoft.Compute/virtualMachineScaleSets/.parameters/windows.parameters.json index de06e25cc5..45c470766e 100644 --- a/arm/Microsoft.Compute/virtualMachineScaleSets/.parameters/windows.parameters.json +++ b/arm/Microsoft.Compute/virtualMachineScaleSets/.parameters/windows.parameters.json @@ -97,13 +97,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsax001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" }, "extensionAntiMalwareConfig": { diff --git a/arm/Microsoft.Compute/virtualMachineScaleSets/deploy.bicep b/arm/Microsoft.Compute/virtualMachineScaleSets/deploy.bicep index 6b4f7f5d5c..6e763584e7 100644 --- a/arm/Microsoft.Compute/virtualMachineScaleSets/deploy.bicep +++ b/arm/Microsoft.Compute/virtualMachineScaleSets/deploy.bicep @@ -93,6 +93,9 @@ param extensionMonitoringAgentConfig object = { enabled: false } +@description('Optional. Resource ID of the monitoring log analytics workspace.') +param monitoringWorkspaceId string = '' + @description('Optional. The configuration for the [Dependency Agent] extension. Must at least contain the ["enabled": true] property to be executed') param extensionDependencyAgentConfig object = { enabled: false @@ -133,14 +136,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @allowed([ 'CanNotDelete' @@ -477,9 +480,9 @@ module vmss_microsoftAntiMalwareExtension 'extensions/deploy.bicep' = if (extens } } -resource vmss_logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2021-06-01' existing = if (!empty(workspaceId)) { - name: last(split(workspaceId, '/')) - scope: resourceGroup(split(workspaceId, '/')[2], split(workspaceId, '/')[4]) +resource vmss_logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2021-06-01' existing = if (!empty(monitoringWorkspaceId)) { + name: last(split(monitoringWorkspaceId, '/')) + scope: resourceGroup(split(monitoringWorkspaceId, '/')[2], split(monitoringWorkspaceId, '/')[4]) } module vmss_microsoftMonitoringAgentExtension 'extensions/deploy.bicep' = if (extensionMonitoringAgentConfig.enabled) { @@ -493,10 +496,10 @@ module vmss_microsoftMonitoringAgentExtension 'extensions/deploy.bicep' = if (ex autoUpgradeMinorVersion: contains(extensionMonitoringAgentConfig, 'autoUpgradeMinorVersion') ? extensionMonitoringAgentConfig.autoUpgradeMinorVersion : true enableAutomaticUpgrade: contains(extensionMonitoringAgentConfig, 'enableAutomaticUpgrade') ? extensionMonitoringAgentConfig.enableAutomaticUpgrade : false settings: { - workspaceId: !empty(workspaceId) ? reference(vmss_logAnalyticsWorkspace.id, vmss_logAnalyticsWorkspace.apiVersion).customerId : '' + workspaceId: !empty(monitoringWorkspaceId) ? reference(vmss_logAnalyticsWorkspace.id, vmss_logAnalyticsWorkspace.apiVersion).customerId : '' } protectedSettings: { - workspaceKey: !empty(workspaceId) ? vmss_logAnalyticsWorkspace.listKeys().primarySharedKey : '' + workspaceKey: !empty(monitoringWorkspaceId) ? vmss_logAnalyticsWorkspace.listKeys().primarySharedKey : '' } } } @@ -581,7 +584,7 @@ module vmss_diskEncryptionExtension 'extensions/deploy.bicep' = if (extensionDis ] } -resource vmss_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource vmss_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${vmss.name}-${lock}-lock' properties: { level: lock @@ -590,13 +593,13 @@ resource vmss_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'Not scope: vmss } -resource vmss_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource vmss_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${vmss.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics } scope: vmss diff --git a/arm/Microsoft.Compute/virtualMachineScaleSets/extensions/readme.md b/arm/Microsoft.Compute/virtualMachineScaleSets/extensions/readme.md index 49762c337c..8d2ef006ea 100644 --- a/arm/Microsoft.Compute/virtualMachineScaleSets/extensions/readme.md +++ b/arm/Microsoft.Compute/virtualMachineScaleSets/extensions/readme.md @@ -31,7 +31,7 @@ This module deploys a virtual machine scale set extension. | :-- | :-- | :-- | | `extensionName` | string | The name of the extension | | `extensionResourceGroup` | string | The name of the Resource Group the extension was created in. | -| `extensionResourceId` | string | The resource ID of the extension | +| `extensionResourceId` | string | The Resource ID of the extension | ## Template references diff --git a/arm/Microsoft.Compute/virtualMachineScaleSets/readme.md b/arm/Microsoft.Compute/virtualMachineScaleSets/readme.md index b6c47d8e92..7a45e172be 100644 --- a/arm/Microsoft.Compute/virtualMachineScaleSets/readme.md +++ b/arm/Microsoft.Compute/virtualMachineScaleSets/readme.md @@ -6,8 +6,8 @@ This module deploys a virtual machine scale set. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Compute/proximityPlacementGroups` | 2021-04-01 | | `Microsoft.Compute/virtualMachineScaleSets` | 2021-04-01 | | `Microsoft.Compute/virtualMachineScaleSets/extensions` | 2021-07-01 | @@ -34,8 +34,11 @@ The following resources are required to be able to deploy this resource. | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | | `customData` | string | | | Optional. Custom data associated to the VM, this value will be automatically converted into base64 to account for the expected VM format. | | `dataDisks` | array | `[]` | | Optional. Specifies the data disks. | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `disableAutomaticRollback` | bool | | | Optional. Whether OS image rollback feature should be disabled. | | `disablePasswordAuthentication` | bool | | | Optional. Specifies whether password authentication should be disabled. | | `doNotRunExtensionsOnOverprovisionedVMs` | bool | | | Optional. When Overprovision is enabled, extensions are launched only on the requested number of VMs which are finally kept. This property will hence ensure that the extensions do not run on the extra overprovisioned VMs. | @@ -43,8 +46,6 @@ The following resources are required to be able to deploy this resource. | `enableAutomaticUpdates` | bool | `True` | | Optional. Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning. | | `enableEvictionPolicy` | bool | | | Optional. Specifies the eviction policy for the low priority virtual machine. Will result in 'Deallocate' eviction policy. | | `enableServerSideEncryption` | bool | | | Optional. Specifies if Windows VM disks should be encrypted with Server-side encryption + Customer managed Key. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `extensionAntiMalwareConfig` | object | `{object}` | | Optional. The configuration for the [Anti Malware] extension. Must at least contain the ["enabled": true] property to be executed | | `extensionCustomScriptConfig` | object | `{object}` | | Optional. The configuration for the [Custom Script] extension. Must at least contain the ["enabled": true] property to be executed | | `extensionDependencyAgentConfig` | object | `{object}` | | Optional. The configuration for the [Dependency Agent] extension. Must at least contain the ["enabled": true] property to be executed | @@ -64,6 +65,7 @@ The following resources are required to be able to deploy this resource. | `maxUnhealthyInstancePercent` | int | `20` | | Optional. The maximum percentage of the total virtual machine instances in the scale set that can be simultaneously unhealthy, either as a result of being upgraded, or by being found in an unhealthy state by the virtual machine health checks before the rolling upgrade aborts. This constraint will be checked prior to starting any batch | | `maxUnhealthyUpgradedInstancePercent` | int | `20` | | Optional. The maximum percentage of the total virtual machine instances in the scale set that can be simultaneously unhealthy, either as a result of being upgraded, or by being found in an unhealthy state by the virtual machine health checks before the rolling upgrade aborts. This constraint will be checked prior to starting any batch. | | `metricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | Optional. The name of metrics that will be streamed. | +| `monitoringWorkspaceId` | string | | | Optional. Resource ID of the monitoring log analytics workspace. | | `name` | string | | | Required. Name of the VMSS. | | `nicConfigurations` | array | `[]` | | Required. Configures NICs and PIPs. | | `osDisk` | object | | | Required. Specifies the OS disk. | @@ -93,7 +95,6 @@ The following resources are required to be able to deploy this resource. | `vmNamePrefix` | string | `vmssvm` | | Optional. Specifies the computer name prefix for all of the virtual machines in the scale set. | | `vmPriority` | string | `Regular` | `[Regular, Low, Spot]` | Optional. Specifies the priority for the virtual machine. | | `winRM` | object | `{object}` | | Optional. Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. - WinRMConfiguration object. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | | `zoneBalance` | bool | | | Optional. Whether to force strictly even Virtual Machine distribution cross x-zones in case there is zone outage. | #### Marketplace images @@ -422,9 +423,9 @@ You can specify multiple user assigned identities to a resource by providing add ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Proximityplacementgroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Compute/2021-04-01/proximityPlacementGroups) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Virtualmachinescalesets](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Compute/2021-04-01/virtualMachineScaleSets) - [Virtualmachinescalesets/Extensions](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Compute/2021-07-01/virtualMachineScaleSets/extensions) -- [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) diff --git a/arm/Microsoft.Compute/virtualMachines/.bicep/nested_networkInterface.bicep b/arm/Microsoft.Compute/virtualMachines/.bicep/nested_networkInterface.bicep index 9ee9a5af2e..9a379fb2fb 100644 --- a/arm/Microsoft.Compute/virtualMachines/.bicep/nested_networkInterface.bicep +++ b/arm/Microsoft.Compute/virtualMachines/.bicep/nested_networkInterface.bicep @@ -10,9 +10,9 @@ param ipConfigurationArray array param lock string param diagnosticStorageAccountId string param diagnosticLogsRetentionInDays int -param workspaceId string -param eventHubAuthorizationRuleId string -param eventHubName string +param diagnosticWorkspaceId string +param diagnosticEventHubAuthorizationRuleId string +param diagnosticEventHubName string param pipMetricsToEnable array param pipLogsToEnable array param metricsToEnable array @@ -47,9 +47,9 @@ module networkInterface_publicIPConfigurations 'nested_networkInterface_publicIP location: location diagnosticStorageAccountId: diagnosticStorageAccountId diagnosticLogsRetentionInDays: diagnosticLogsRetentionInDays - workspaceId: workspaceId - eventHubAuthorizationRuleId: eventHubAuthorizationRuleId - eventHubName: eventHubName + diagnosticWorkspaceId: diagnosticWorkspaceId + diagnosticEventHubAuthorizationRuleId: diagnosticEventHubAuthorizationRuleId + diagnosticEventHubName: diagnosticEventHubName metricsToEnable: pipMetricsToEnable logsToEnable: pipLogsToEnable lock: lock @@ -94,13 +94,13 @@ resource networkInterface_lock 'Microsoft.Authorization/locks@2017-04-01' = if ( scope: networkInterface } -resource networkInterface_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource networkInterface_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${networkInterface.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics } scope: networkInterface diff --git a/arm/Microsoft.Compute/virtualMachines/.bicep/nested_networkInterface_publicIPAddress.bicep b/arm/Microsoft.Compute/virtualMachines/.bicep/nested_networkInterface_publicIPAddress.bicep index 19fa8f08e3..d523fb1a4d 100644 --- a/arm/Microsoft.Compute/virtualMachines/.bicep/nested_networkInterface_publicIPAddress.bicep +++ b/arm/Microsoft.Compute/virtualMachines/.bicep/nested_networkInterface_publicIPAddress.bicep @@ -6,9 +6,9 @@ param skuTier string param location string param diagnosticStorageAccountId string param diagnosticLogsRetentionInDays int -param workspaceId string -param eventHubAuthorizationRuleId string -param eventHubName string +param diagnosticWorkspaceId string +param diagnosticEventHubAuthorizationRuleId string +param diagnosticEventHubName string param metricsToEnable array param logsToEnable array param lock string @@ -61,13 +61,13 @@ resource publicIpAddress_lock 'Microsoft.Authorization/locks@2017-04-01' = if (l scope: publicIpAddress } -resource publicIpAddress_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource publicIpAddress_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${publicIpAddress.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } diff --git a/arm/Microsoft.Compute/virtualMachines/.bicep/nested_networkInterface_publicIPAddress_rbac.bicep b/arm/Microsoft.Compute/virtualMachines/.bicep/nested_networkInterface_publicIPAddress_rbac.bicep index 5168799fb6..f2d02c5cbb 100644 --- a/arm/Microsoft.Compute/virtualMachines/.bicep/nested_networkInterface_publicIPAddress_rbac.bicep +++ b/arm/Microsoft.Compute/virtualMachines/.bicep/nested_networkInterface_publicIPAddress_rbac.bicep @@ -30,7 +30,7 @@ resource publicIpAddress 'Microsoft.Network/publicIPAddresses@2021-03-01' existi name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(publicIpAddress.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Compute/virtualMachines/.bicep/nested_networkInterface_rbac.bicep b/arm/Microsoft.Compute/virtualMachines/.bicep/nested_networkInterface_rbac.bicep index b05abf98b9..01a40acca0 100644 --- a/arm/Microsoft.Compute/virtualMachines/.bicep/nested_networkInterface_rbac.bicep +++ b/arm/Microsoft.Compute/virtualMachines/.bicep/nested_networkInterface_rbac.bicep @@ -30,7 +30,7 @@ resource networkInterface 'Microsoft.Network/networkInterfaces@2021-03-01' exist name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(networkInterface.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Compute/virtualMachines/.bicep/nested_rbac.bicep b/arm/Microsoft.Compute/virtualMachines/.bicep/nested_rbac.bicep index 3e3e7db2f2..ef06824409 100644 --- a/arm/Microsoft.Compute/virtualMachines/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Compute/virtualMachines/.bicep/nested_rbac.bicep @@ -30,7 +30,7 @@ resource virtualMachine 'Microsoft.Compute/virtualMachines@2021-07-01' existing name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(virtualMachine.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Compute/virtualMachines/.parameters/linux.parameters.json b/arm/Microsoft.Compute/virtualMachines/.parameters/linux.parameters.json index 19e2c2bdba..2c9aa86919 100644 --- a/arm/Microsoft.Compute/virtualMachines/.parameters/linux.parameters.json +++ b/arm/Microsoft.Compute/virtualMachines/.parameters/linux.parameters.json @@ -106,13 +106,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsax001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" }, "extensionMonitoringAgentConfig": { diff --git a/arm/Microsoft.Compute/virtualMachines/.parameters/windows.parameters.json b/arm/Microsoft.Compute/virtualMachines/.parameters/windows.parameters.json index 921a2150fb..2e2a27cb2e 100644 --- a/arm/Microsoft.Compute/virtualMachines/.parameters/windows.parameters.json +++ b/arm/Microsoft.Compute/virtualMachines/.parameters/windows.parameters.json @@ -95,13 +95,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsax001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" }, "systemAssignedIdentity": { diff --git a/arm/Microsoft.Compute/virtualMachines/deploy.bicep b/arm/Microsoft.Compute/virtualMachines/deploy.bicep index 9837490f3d..e97729e07a 100644 --- a/arm/Microsoft.Compute/virtualMachines/deploy.bicep +++ b/arm/Microsoft.Compute/virtualMachines/deploy.bicep @@ -162,6 +162,9 @@ param extensionMonitoringAgentConfig object = { enabled: false } +@description('Optional. Resource ID of the monitoring log analytics workspace.') +param monitoringWorkspaceId string = '' + @description('Optional. The configuration for the [Dependency Agent] extension. Must at least contain the ["enabled": true] property to be executed') param extensionDependencyAgentConfig object = { enabled: false @@ -200,14 +203,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @allowed([ 'CanNotDelete' @@ -317,9 +320,9 @@ module virtualMachine_nic '.bicep/nested_networkInterface.bicep' = [for (nicConf lock: lock diagnosticStorageAccountId: diagnosticStorageAccountId diagnosticLogsRetentionInDays: diagnosticLogsRetentionInDays - workspaceId: workspaceId - eventHubAuthorizationRuleId: eventHubAuthorizationRuleId - eventHubName: eventHubName + diagnosticWorkspaceId: diagnosticWorkspaceId + diagnosticEventHubAuthorizationRuleId: diagnosticEventHubAuthorizationRuleId + diagnosticEventHubName: diagnosticEventHubName metricsToEnable: nicMetricsToEnable pipMetricsToEnable: pipMetricsToEnable pipLogsToEnable: pipLogsToEnable @@ -436,9 +439,9 @@ module vm_microsoftAntiMalwareExtension 'extensions/deploy.bicep' = if (extensio } } -resource vm_logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2021-06-01' existing = if (!empty(workspaceId)) { - name: last(split(workspaceId, '/')) - scope: resourceGroup(split(workspaceId, '/')[2], split(workspaceId, '/')[4]) +resource vm_logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2021-06-01' existing = if (!empty(monitoringWorkspaceId)) { + name: last(split(monitoringWorkspaceId, '/')) + scope: resourceGroup(split(monitoringWorkspaceId, '/')[2], split(monitoringWorkspaceId, '/')[4]) } module vm_microsoftMonitoringAgentExtension 'extensions/deploy.bicep' = if (extensionMonitoringAgentConfig.enabled) { @@ -452,10 +455,10 @@ module vm_microsoftMonitoringAgentExtension 'extensions/deploy.bicep' = if (exte autoUpgradeMinorVersion: contains(extensionMonitoringAgentConfig, 'autoUpgradeMinorVersion') ? extensionMonitoringAgentConfig.autoUpgradeMinorVersion : true enableAutomaticUpgrade: contains(extensionMonitoringAgentConfig, 'enableAutomaticUpgrade') ? extensionMonitoringAgentConfig.enableAutomaticUpgrade : false settings: { - workspaceId: !empty(workspaceId) ? reference(vm_logAnalyticsWorkspace.id, vm_logAnalyticsWorkspace.apiVersion).customerId : '' + workspaceId: !empty(monitoringWorkspaceId) ? reference(vm_logAnalyticsWorkspace.id, vm_logAnalyticsWorkspace.apiVersion).customerId : '' } protectedSettings: { - workspaceKey: !empty(workspaceId) ? vm_logAnalyticsWorkspace.listKeys().primarySharedKey : '' + workspaceKey: !empty(monitoringWorkspaceId) ? vm_logAnalyticsWorkspace.listKeys().primarySharedKey : '' } } } diff --git a/arm/Microsoft.Compute/virtualMachines/readme.md b/arm/Microsoft.Compute/virtualMachines/readme.md index cc5c50b98e..3de2d18d09 100644 --- a/arm/Microsoft.Compute/virtualMachines/readme.md +++ b/arm/Microsoft.Compute/virtualMachines/readme.md @@ -7,7 +7,7 @@ This module deploys one Virtual Machine with one or multiple nics and optionally | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | 2017-04-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Compute/virtualMachines` | 2021-07-01 | | `Microsoft.Compute/virtualMachines/extensions` | 2021-07-01 | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | @@ -36,14 +36,15 @@ This module deploys one Virtual Machine with one or multiple nics and optionally | `customData` | string | | | Optional. Custom data associated to the VM, this value will be automatically converted into base64 to account for the expected VM format. | | `dataDisks` | array | `[]` | | Optional. Specifies the data disks. | | `dedicatedHostId` | string | | | Optional. Specifies resource ID about the dedicated host that the virtual machine resides in. | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `disablePasswordAuthentication` | bool | | | Optional. Specifies whether password authentication should be disabled. | | `enableAutomaticUpdates` | bool | `True` | | Optional. Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning. | | `enableEvictionPolicy` | bool | | | Optional. Specifies the eviction policy for the low priority virtual machine. Will result in 'Deallocate' eviction policy. | | `enableServerSideEncryption` | bool | | | Optional. Specifies if Windows VM disks should be encrypted with Server-side encryption + Customer managed Key. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `extensionAntiMalwareConfig` | object | `{object}` | | Optional. The configuration for the [Anti Malware] extension. Must at least contain the ["enabled": true] property to be executed | | `extensionCustomScriptConfig` | object | `{object}` | | Optional. The configuration for the [Custom Script] extension. Must at least contain the ["enabled": true] property to be executed | | `extensionDependencyAgentConfig` | object | `{object}` | | Optional. The configuration for the [Dependency Agent] extension. Must at least contain the ["enabled": true] property to be executed | @@ -58,6 +59,7 @@ This module deploys one Virtual Machine with one or multiple nics and optionally | `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | | `maxPriceForLowPriorityVm` | string | | | Optional. Specifies the maximum price you are willing to pay for a low priority VM/VMSS. This price is in US Dollars. | +| `monitoringWorkspaceId` | string | | | Optional. Resource ID of the monitoring log analytics workspace. | | `name` | string | `[take(toLower(uniqueString(resourceGroup().name)), 10)]` | | Optional. The name of the virtual machine to be created. You should use a unique prefix to reduce name collisions in Active Directory. If no value is provided, a 10 character long unique string will be generated based on the Resource Group's name. | | `nicConfigurations` | array | | | Required. Configures NICs and PIPs. | | `nicMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | Optional. The name of metrics that will be streamed. | @@ -81,7 +83,6 @@ This module deploys one Virtual Machine with one or multiple nics and optionally | `vmPriority` | string | `Regular` | `[Regular, Low, Spot]` | Optional. Specifies the priority for the virtual machine. | | `vmSize` | string | `Standard_D2s_v3` | | Optional. Specifies the size for the VMs | | `winRM` | object | `{object}` | | Optional. Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. - WinRMConfiguration object. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ### Parameter Usage: `imageReference` @@ -519,7 +520,7 @@ You can specify multiple user assigned identities to a resource by providing add - [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Networkinterfaces](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/networkInterfaces) - [Publicipaddresses](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/publicIPAddresses) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Vaults/Backupfabrics/Protectioncontainers/Protecteditems](https://docs.microsoft.com/en-us/azure/templates/Microsoft.RecoveryServices/2021-06-01/vaults/backupFabrics/protectionContainers/protectedItems) - [Virtualmachines](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Compute/2021-07-01/virtualMachines) - [Virtualmachines/Extensions](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Compute/2021-07-01/virtualMachines/extensions) diff --git a/arm/Microsoft.ContainerInstance/containerGroups/deploy.bicep b/arm/Microsoft.ContainerInstance/containerGroups/deploy.bicep index 2f351a5e80..d68894cf06 100644 --- a/arm/Microsoft.ContainerInstance/containerGroups/deploy.bicep +++ b/arm/Microsoft.ContainerInstance/containerGroups/deploy.bicep @@ -104,7 +104,7 @@ resource containergroup 'Microsoft.ContainerInstance/containerGroups@2021-03-01' } } -resource containergroup_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource containergroup_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${containergroup.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.ContainerInstance/containerGroups/readme.md b/arm/Microsoft.ContainerInstance/containerGroups/readme.md index 2265083bd4..9b02b6d1f3 100644 --- a/arm/Microsoft.ContainerInstance/containerGroups/readme.md +++ b/arm/Microsoft.ContainerInstance/containerGroups/readme.md @@ -8,7 +8,7 @@ The top-level resource in Azure Container Instances is the container group. A co | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.ContainerInstance/containerGroups` | 2021-03-01 | ## Parameters @@ -90,5 +90,5 @@ You can specify multiple user assigned identities to a resource by providing add ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) - [Containergroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ContainerInstance/2021-03-01/containerGroups) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) diff --git a/arm/Microsoft.ContainerRegistry/registries/.bicep/nested_rbac.bicep b/arm/Microsoft.ContainerRegistry/registries/.bicep/nested_rbac.bicep index 8be6bbe8a0..a89f40e9cc 100644 --- a/arm/Microsoft.ContainerRegistry/registries/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.ContainerRegistry/registries/.bicep/nested_rbac.bicep @@ -31,7 +31,7 @@ resource registry 'Microsoft.ContainerRegistry/registries@2020-11-01-preview' ex name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(registry.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.ContainerRegistry/registries/.parameters/parameters.json b/arm/Microsoft.ContainerRegistry/registries/.parameters/parameters.json index fc852fba6d..32d7eb8784 100644 --- a/arm/Microsoft.ContainerRegistry/registries/.parameters/parameters.json +++ b/arm/Microsoft.ContainerRegistry/registries/.parameters/parameters.json @@ -24,13 +24,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsax001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" }, "systemAssignedIdentity": { diff --git a/arm/Microsoft.ContainerRegistry/registries/deploy.bicep b/arm/Microsoft.ContainerRegistry/registries/deploy.bicep index 79c92684e2..0b8c18e2bc 100644 --- a/arm/Microsoft.ContainerRegistry/registries/deploy.bicep +++ b/arm/Microsoft.ContainerRegistry/registries/deploy.bicep @@ -90,14 +90,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' var diagnosticsLogs = [for log in logsToEnable: { category: log @@ -159,7 +159,7 @@ resource registry 'Microsoft.ContainerRegistry/registries@2020-11-01-preview' = } } -resource registry_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource registry_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${registry.name}-${lock}-lock' properties: { level: lock @@ -168,13 +168,13 @@ resource registry_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != scope: registry } -resource registry_diagnosticSettingName 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource registry_diagnosticSettingName 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${registry.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } diff --git a/arm/Microsoft.ContainerRegistry/registries/readme.md b/arm/Microsoft.ContainerRegistry/registries/readme.md index 6be9b75c05..bfd25bdca8 100644 --- a/arm/Microsoft.ContainerRegistry/registries/readme.md +++ b/arm/Microsoft.ContainerRegistry/registries/readme.md @@ -6,8 +6,8 @@ Azure Container Registry is a managed, private Docker registry service based on | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.ContainerRegistry/registries` | 2020-11-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Network/privateEndpoints` | 2021-02-01 | @@ -21,10 +21,11 @@ Azure Container Registry is a managed, private Docker registry service based on | `acrSku` | string | `Basic` | `[Basic, Standard, Premium]` | Optional. Tier of your Azure container registry. | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | | `dataEndpointEnabled` | bool | | | Optional. Enable a single data endpoint per region for serving data. Not relevant in case of disabled public access. | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | | `logsToEnable` | array | `[ContainerRegistryRepositoryEvents, ContainerRegistryLoginEvents]` | `[ContainerRegistryRepositoryEvents, ContainerRegistryLoginEvents]` | Optional. The name of logs that will be streamed. | @@ -41,7 +42,6 @@ Azure Container Registry is a managed, private Docker registry service based on | `tags` | object | `{object}` | | Optional. Tags of the resource. | | `trustPolicyStatus` | string | | | Optional. The value that indicates whether the policy is enabled or not. | | `userAssignedIdentities` | object | `{object}` | | Optional. The ID(s) to assign to the resource. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ### Parameter Usage: `roleAssignments` @@ -158,9 +158,9 @@ You can specify multiple user assigned identities to a resource by providing add ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) -- [Registries](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ContainerRegistry/2020-11-01-preview/registries) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/privateEndpoints) - [Privateendpoints/Privatednszonegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/privateEndpoints/privateDnsZoneGroups) +- [Registries](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ContainerRegistry/2020-11-01-preview/registries) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.ContainerService/managedClusters/.bicep/nested_rbac.bicep b/arm/Microsoft.ContainerService/managedClusters/.bicep/nested_rbac.bicep index e1d30cd82b..79db5f959b 100644 --- a/arm/Microsoft.ContainerService/managedClusters/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.ContainerService/managedClusters/.bicep/nested_rbac.bicep @@ -29,7 +29,7 @@ resource managedCluster 'Microsoft.ContainerService/managedClusters@2021-07-01' name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(managedCluster.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.ContainerService/managedClusters/.parameters/azure.parameters.json b/arm/Microsoft.ContainerService/managedClusters/.parameters/azure.parameters.json index c2b76f4ed8..d6a7e584ca 100644 --- a/arm/Microsoft.ContainerService/managedClusters/.parameters/azure.parameters.json +++ b/arm/Microsoft.ContainerService/managedClusters/.parameters/azure.parameters.json @@ -101,13 +101,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsax001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" }, "systemAssignedIdentity": { diff --git a/arm/Microsoft.ContainerService/managedClusters/.parameters/kubenet.parameters.json b/arm/Microsoft.ContainerService/managedClusters/.parameters/kubenet.parameters.json index 1034eb4c53..bc2bb3b24b 100644 --- a/arm/Microsoft.ContainerService/managedClusters/.parameters/kubenet.parameters.json +++ b/arm/Microsoft.ContainerService/managedClusters/.parameters/kubenet.parameters.json @@ -98,13 +98,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsax001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" }, "userAssignedIdentities": { diff --git a/arm/Microsoft.ContainerService/managedClusters/deploy.bicep b/arm/Microsoft.ContainerService/managedClusters/deploy.bicep index 76dc1d8dab..ff93a7a2a6 100644 --- a/arm/Microsoft.ContainerService/managedClusters/deploy.bicep +++ b/arm/Microsoft.ContainerService/managedClusters/deploy.bicep @@ -152,17 +152,20 @@ param autoScalerProfileMaxGracefulTerminationSec string = '600' @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' @description('Optional. Specifies whether the OMS agent is enabled.') param omsAgentEnabled bool = true -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the monitoring log analytics workspace.') +param monitoringWorkspaceId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' + +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @description('Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely.') @minValue(0) @@ -279,9 +282,9 @@ resource managedCluster 'Microsoft.ContainerService/managedClusters@2021-07-01' enabled: httpApplicationRoutingEnabled } omsagent: { - enabled: (omsAgentEnabled && (!empty(workspaceId))) + enabled: omsAgentEnabled && !empty(monitoringWorkspaceId) config: { - logAnalyticsWorkspaceResourceID: ((!empty(workspaceId)) ? workspaceId : null) + logAnalyticsWorkspaceResourceID: !empty(monitoringWorkspaceId) ? monitoringWorkspaceId : null } } aciConnectorLinux: { @@ -348,23 +351,23 @@ module managedCluster_agentPools 'agentPools/deploy.bicep' = [for (agentPool, in enableFIPS: contains(agentPool, 'enableFIPS') ? agentPool.enableFIPS : false enableNodePublicIP: contains(agentPool, 'enableNodePublicIP') ? agentPool.enableNodePublicIP : false enableUltraSSD: contains(agentPool, 'enableUltraSSD') ? agentPool.enableUltraSSD : false - gpuInstanceProfile: contains(agentPool, 'gpuInstanceProfile') ? agentPool.gpuInstanceProfile: '' + gpuInstanceProfile: contains(agentPool, 'gpuInstanceProfile') ? agentPool.gpuInstanceProfile : '' kubeletDiskType: contains(agentPool, 'kubeletDiskType') ? agentPool.kubeletDiskType : '' maxCount: contains(agentPool, 'maxCount') ? agentPool.maxCount : -1 maxPods: contains(agentPool, 'maxPods') ? agentPool.maxPods : -1 minCount: contains(agentPool, 'minCount') ? agentPool.minCount : -1 - mode: contains(agentPool, 'mode') ? agentPool.mode: '' + mode: contains(agentPool, 'mode') ? agentPool.mode : '' nodeLabels: contains(agentPool, 'nodeLabels') ? agentPool.nodeLabels : {} - nodePublicIpPrefixId: contains(agentPool, 'nodePublicIpPrefixId') ? agentPool.nodePublicIpPrefixId: '' + nodePublicIpPrefixId: contains(agentPool, 'nodePublicIpPrefixId') ? agentPool.nodePublicIpPrefixId : '' nodeTaints: contains(agentPool, 'nodeTaints') ? agentPool.nodeTaints : [] - orchestratorVersion: contains(agentPool, 'orchestratorVersion') ? agentPool.orchestratorVersion: '' - osDiskSizeGB: contains(agentPool, 'osDiskSizeGB') ? agentPool.osDiskSizeGB: -1 - osDiskType: contains(agentPool, 'osDiskType') ? agentPool.osDiskType: '' + orchestratorVersion: contains(agentPool, 'orchestratorVersion') ? agentPool.orchestratorVersion : '' + osDiskSizeGB: contains(agentPool, 'osDiskSizeGB') ? agentPool.osDiskSizeGB : -1 + osDiskType: contains(agentPool, 'osDiskType') ? agentPool.osDiskType : '' osSku: contains(agentPool, 'osSku') ? agentPool.osSku : '' osType: contains(agentPool, 'osType') ? agentPool.osType : 'Linux' podSubnetId: contains(agentPool, 'podSubnetId') ? agentPool.podSubnetId : '' proximityPlacementGroupId: contains(agentPool, 'proximityPlacementGroupId') ? agentPool.proximityPlacementGroupId : '' - scaleDownMode: contains(agentPool, 'scaleDownMode') ? agentPool.scaleDownMode: 'Delete' + scaleDownMode: contains(agentPool, 'scaleDownMode') ? agentPool.scaleDownMode : 'Delete' scaleSetEvictionPolicy: contains(agentPool, 'scaleSetEvictionPolicy') ? agentPool.scaleSetEvictionPolicy : 'Delete' scaleSetPriority: contains(agentPool, 'scaleSetPriority') ? agentPool.scaleSetPriority : '' spotMaxPrice: contains(agentPool, 'spotMaxPrice') ? agentPool.spotMaxPrice : -1 @@ -377,7 +380,7 @@ module managedCluster_agentPools 'agentPools/deploy.bicep' = [for (agentPool, in } }] -resource managedCluster_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource managedCluster_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${managedCluster.name}-${lock}-lock' properties: { level: lock @@ -386,13 +389,13 @@ resource managedCluster_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lo scope: managedCluster } -resource managedCluster_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource managedCluster_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${managedCluster.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } diff --git a/arm/Microsoft.ContainerService/managedClusters/readme.md b/arm/Microsoft.ContainerService/managedClusters/readme.md index ab3d640bff..225b40261d 100644 --- a/arm/Microsoft.ContainerService/managedClusters/readme.md +++ b/arm/Microsoft.ContainerService/managedClusters/readme.md @@ -6,8 +6,8 @@ This module deploys Azure Kubernetes Cluster (AKS). | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.ContainerService/managedClusters` | 2021-07-01 | | `Microsoft.ContainerService/managedClusters/agentPools` | 2021-08-01 | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | @@ -51,10 +51,11 @@ This module deploys Azure Kubernetes Cluster (AKS). | `azurePolicyEnabled` | bool | `True` | | Optional. Specifies whether the azurepolicy add-on is enabled or not. | | `azurePolicyVersion` | string | `v2` | | Optional. Specifies the azure policy version to use. | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `httpApplicationRoutingEnabled` | bool | | | Optional. Specifies whether the httpApplicationRouting add-on is enabled or not. | | `kubeDashboardEnabled` | bool | | | Optional. Specifies whether the kubeDashboard add-on is enabled or not. | | `location` | string | `[resourceGroup().location]` | | Optional. Specifies the location of AKS cluster. It picks up Resource Group's location by default. | @@ -62,6 +63,7 @@ This module deploys Azure Kubernetes Cluster (AKS). | `logsToEnable` | array | `[kube-apiserver, kube-audit, kube-controller-manager, kube-scheduler, cluster-autoscaler]` | `[kube-apiserver, kube-audit, kube-controller-manager, kube-scheduler, cluster-autoscaler]` | Optional. The name of logs that will be streamed. | | `managedOutboundIPCount` | int | | | Optional. Outbound IP Count for the Load balancer. | | `metricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | Optional. The name of metrics that will be streamed. | +| `monitoringWorkspaceId` | string | | | Optional. Resource ID of the monitoring log analytics workspace. | | `name` | string | | | Required. Specifies the name of the AKS cluster. | | `nodeResourceGroup` | string | `[format('{0}_aks_{1}_nodes', resourceGroup().name, parameters('name'))]` | | Optional. Name of the resource group containing agent pool nodes. | | `omsAgentEnabled` | bool | `True` | | Optional. Specifies whether the OMS agent is enabled. | @@ -70,7 +72,6 @@ This module deploys Azure Kubernetes Cluster (AKS). | `systemAssignedIdentity` | bool | | | Optional. Enables system assigned managed identity on the resource. | | `tags` | object | `{object}` | | Optional. Tags of the resource. | | `userAssignedIdentities` | object | `{object}` | | Optional. The ID(s) to assign to the resource. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ### Parameter Usage: `roleAssignments` @@ -207,7 +208,7 @@ You can specify multiple user assigned identities to a resource by providing add ## Template references - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Managedclusters](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ContainerService/2021-07-01/managedClusters) - [Managedclusters/Agentpools](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ContainerService/2021-08-01/managedClusters/agentPools) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.DataFactory/factories/.bicep/nested_rbac.bicep b/arm/Microsoft.DataFactory/factories/.bicep/nested_rbac.bicep index 757fb3b7e1..b9a0076ab8 100644 --- a/arm/Microsoft.DataFactory/factories/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.DataFactory/factories/.bicep/nested_rbac.bicep @@ -23,7 +23,7 @@ resource dataFactory 'Microsoft.DataFactory/factories@2018-06-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(dataFactory.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.DataFactory/factories/.parameters/parameters.json b/arm/Microsoft.DataFactory/factories/.parameters/parameters.json index 66193d06e9..de1e7559dc 100644 --- a/arm/Microsoft.DataFactory/factories/.parameters/parameters.json +++ b/arm/Microsoft.DataFactory/factories/.parameters/parameters.json @@ -42,13 +42,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsax001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" }, "systemAssignedIdentity": { diff --git a/arm/Microsoft.DataFactory/factories/deploy.bicep b/arm/Microsoft.DataFactory/factories/deploy.bicep index e29e0a1be6..56ef5545c8 100644 --- a/arm/Microsoft.DataFactory/factories/deploy.bicep +++ b/arm/Microsoft.DataFactory/factories/deploy.bicep @@ -42,14 +42,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @allowed([ 'CanNotDelete' @@ -170,7 +170,7 @@ module dataFactory_integrationRuntime 'integrationRuntime/deploy.bicep' = if (!e ] } -resource dataFactory_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource dataFactory_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${dataFactory.name}-${lock}-lock' properties: { level: lock @@ -179,13 +179,13 @@ resource dataFactory_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock scope: dataFactory } -resource dataFactory_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId))) { +resource dataFactory_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${dataFactory.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } diff --git a/arm/Microsoft.DataFactory/factories/readme.md b/arm/Microsoft.DataFactory/factories/readme.md index 83383f0d5e..78ec8ec99b 100644 --- a/arm/Microsoft.DataFactory/factories/readme.md +++ b/arm/Microsoft.DataFactory/factories/readme.md @@ -4,8 +4,8 @@ | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.DataFactory/factories` | 2018-06-01 | | `Microsoft.DataFactory/factories/integrationRuntimes` | 2018-06-01 | | `Microsoft.DataFactory/factories/managedVirtualNetworks` | 2018-06-01 | @@ -16,10 +16,11 @@ | Parameter Name | Type | Default Value | Possible Values | Description | | :-- | :-- | :-- | :-- | :-- | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `gitAccountName` | string | | | Optional. The account name. | | `gitCollaborationBranch` | string | `main` | | Optional. The collaboration branch name. Default is 'main'. | | `gitConfigureLater` | bool | `True` | | Optional. Boolean to define whether or not to configure git during template deployment. | @@ -39,7 +40,6 @@ | `systemAssignedIdentity` | bool | | | Optional. Enables system assigned managed identity on the resource. | | `tags` | object | `{object}` | | Optional. Tags of the resource. | | `userAssignedIdentities` | object | `{object}` | | Optional. The ID(s) to assign to the resource. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ### Parameter Usage: `roleAssignments` @@ -104,9 +104,9 @@ You can specify multiple user assigned identities to a resource by providing add ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) - [Factories](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DataFactory/2018-06-01/factories) - [Factories/Integrationruntimes](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DataFactory/2018-06-01/factories/integrationRuntimes) - [Factories/Managedvirtualnetworks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DataFactory/2018-06-01/factories/managedVirtualNetworks) -- [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Databricks/workspaces/.bicep/nested_rbac.bicep b/arm/Microsoft.Databricks/workspaces/.bicep/nested_rbac.bicep index 6769e5b7bf..fb6f95154b 100644 --- a/arm/Microsoft.Databricks/workspaces/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Databricks/workspaces/.bicep/nested_rbac.bicep @@ -24,7 +24,7 @@ resource workspace 'Microsoft.Databricks/workspaces@2018-04-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(workspace.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Databricks/workspaces/.parameters/parameters.json b/arm/Microsoft.Databricks/workspaces/.parameters/parameters.json index a29a04ad89..24dde0d3cc 100644 --- a/arm/Microsoft.Databricks/workspaces/.parameters/parameters.json +++ b/arm/Microsoft.Databricks/workspaces/.parameters/parameters.json @@ -21,13 +21,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsax001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.Databricks/workspaces/deploy.bicep b/arm/Microsoft.Databricks/workspaces/deploy.bicep index 8eaab5bb4d..369173234e 100644 --- a/arm/Microsoft.Databricks/workspaces/deploy.bicep +++ b/arm/Microsoft.Databricks/workspaces/deploy.bicep @@ -29,14 +29,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @allowed([ 'CanNotDelete' @@ -108,7 +108,7 @@ resource workspace 'Microsoft.Databricks/workspaces@2018-04-01' = { } } -resource workspace_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource workspace_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${workspace.name}-${lock}-lock' properties: { level: lock @@ -117,13 +117,13 @@ resource workspace_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != scope: workspace } -resource workspace_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource workspace_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${workspace.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null logs: diagnosticsLogs } scope: workspace diff --git a/arm/Microsoft.Databricks/workspaces/readme.md b/arm/Microsoft.Databricks/workspaces/readme.md index 5c0d3c35c1..44370b931f 100644 --- a/arm/Microsoft.Databricks/workspaces/readme.md +++ b/arm/Microsoft.Databricks/workspaces/readme.md @@ -4,8 +4,8 @@ | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Databricks/workspaces` | 2018-04-01 | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | @@ -14,10 +14,11 @@ | Parameter Name | Type | Default Value | Possible Values | Description | | :-- | :-- | :-- | :-- | :-- | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all Resources. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | | `logsToEnable` | array | `[dbfs, clusters, accounts, jobs, notebook, ssh, workspace, secrets, sqlPermissions, instancePools]` | `[dbfs, clusters, accounts, jobs, notebook, ssh, workspace, secrets, sqlPermissions, instancePools]` | Optional. The name of logs that will be streamed. | @@ -26,7 +27,6 @@ | `pricingTier` | string | `premium` | `[trial, standard, premium]` | Optional. The pricing tier of workspace | | `roleAssignments` | array | `[]` | | Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or it's fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | `tags` | object | `{object}` | | Optional. Tags of the resource. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | | `workspaceParameters` | object | `{object}` | | Optional. The workspace's custom parameters. | ### Parameter Usage: `roleAssignments` @@ -111,7 +111,7 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) -- [Workspaces](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Databricks/2018-04-01/workspaces) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) +- [Workspaces](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Databricks/2018-04-01/workspaces) diff --git a/arm/Microsoft.DesktopVirtualization/applicationgroups/.bicep/nested_rbac.bicep b/arm/Microsoft.DesktopVirtualization/applicationgroups/.bicep/nested_rbac.bicep index f47f307b2d..cb0e1d3d09 100644 --- a/arm/Microsoft.DesktopVirtualization/applicationgroups/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.DesktopVirtualization/applicationgroups/.bicep/nested_rbac.bicep @@ -30,7 +30,7 @@ resource appGroup 'Microsoft.DesktopVirtualization/applicationgroups@2021-07-12' name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(appGroup.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.DesktopVirtualization/applicationgroups/.parameters/parameters.json b/arm/Microsoft.DesktopVirtualization/applicationgroups/.parameters/parameters.json index 4f5d450f2f..e8d4e7a157 100644 --- a/arm/Microsoft.DesktopVirtualization/applicationgroups/.parameters/parameters.json +++ b/arm/Microsoft.DesktopVirtualization/applicationgroups/.parameters/parameters.json @@ -56,13 +56,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsax001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.DesktopVirtualization/applicationgroups/deploy.bicep b/arm/Microsoft.DesktopVirtualization/applicationgroups/deploy.bicep index 93d21124b5..af8cc7b32e 100644 --- a/arm/Microsoft.DesktopVirtualization/applicationgroups/deploy.bicep +++ b/arm/Microsoft.DesktopVirtualization/applicationgroups/deploy.bicep @@ -33,13 +33,13 @@ param diagnosticLogsRetentionInDays int = 365 param diagnosticStorageAccountId string = '' @sys.description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +param diagnosticWorkspaceId string = '' -@sys.description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@sys.description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@sys.description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@sys.description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @allowed([ 'CanNotDelete' @@ -100,7 +100,7 @@ resource appGroup 'Microsoft.DesktopVirtualization/applicationgroups@2021-07-12' } } -resource appGroup_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource appGroup_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${appGroup.name}-${lock}-lock' properties: { level: lock @@ -109,13 +109,13 @@ resource appGroup_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != scope: appGroup } -resource appGroup_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource appGroup_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${appGroup.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null logs: diagnosticsLogs } scope: appGroup diff --git a/arm/Microsoft.DesktopVirtualization/applicationgroups/readme.md b/arm/Microsoft.DesktopVirtualization/applicationgroups/readme.md index 710564a7a6..c02c89d540 100644 --- a/arm/Microsoft.DesktopVirtualization/applicationgroups/readme.md +++ b/arm/Microsoft.DesktopVirtualization/applicationgroups/readme.md @@ -6,8 +6,8 @@ This module deploys an Azure virtual desktop application group. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.DesktopVirtualization/applicationGroups` | 2021-07-12 | | `Microsoft.DesktopVirtualization/applicationGroups/applications` | 2021-07-12 | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | @@ -20,10 +20,11 @@ This module deploys an Azure virtual desktop application group. | `applications` | _[applications](applications/readme.md)_ array | `[]` | | Optional. List of applications to be created in the Application Group. | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | | `description` | string | | | Optional. The description of the Application Group to be created. | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of log analytics. | | `friendlyName` | string | | | Optional. The friendly name of the Application Group to be created. | | `hostpoolName` | string | | | Required. Name of the Host Pool to be linked to this Application Group. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | @@ -32,7 +33,6 @@ This module deploys an Azure virtual desktop application group. | `name` | string | | | Required. Name of the Application Group to create this application in. | | `roleAssignments` | array | `[]` | | Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or it's fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' | | `tags` | object | `{object}` | | Optional. Tags of the resource. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ### Parameter Usage: `roleAssignments` @@ -83,8 +83,8 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Applicationgroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DesktopVirtualization/2021-07-12/applicationGroups) - [Applicationgroups/Applications](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DesktopVirtualization/2021-07-12/applicationGroups/applications) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.DesktopVirtualization/hostpools/.bicep/nested_rbac.bicep b/arm/Microsoft.DesktopVirtualization/hostpools/.bicep/nested_rbac.bicep index 29fad856db..92fa484242 100644 --- a/arm/Microsoft.DesktopVirtualization/hostpools/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.DesktopVirtualization/hostpools/.bicep/nested_rbac.bicep @@ -31,7 +31,7 @@ resource hostPool 'Microsoft.DesktopVirtualization/hostpools@2021-07-12' existin name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(hostPool.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.DesktopVirtualization/hostpools/.parameters/parameters.json b/arm/Microsoft.DesktopVirtualization/hostpools/.parameters/parameters.json index 852c9f1fb0..7e68ea9b18 100644 --- a/arm/Microsoft.DesktopVirtualization/hostpools/.parameters/parameters.json +++ b/arm/Microsoft.DesktopVirtualization/hostpools/.parameters/parameters.json @@ -67,13 +67,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsax001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.DesktopVirtualization/hostpools/deploy.bicep b/arm/Microsoft.DesktopVirtualization/hostpools/deploy.bicep index a7bcd81d7d..9cbd1b8cc4 100644 --- a/arm/Microsoft.DesktopVirtualization/hostpools/deploy.bicep +++ b/arm/Microsoft.DesktopVirtualization/hostpools/deploy.bicep @@ -60,14 +60,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @allowed([ 'CanNotDelete' @@ -159,7 +159,7 @@ resource hostPool 'Microsoft.DesktopVirtualization/hostpools@2021-07-12' = { } } -resource hostPool_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource hostPool_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${hostPool.name}-${lock}-lock' properties: { level: lock @@ -168,13 +168,13 @@ resource hostPool_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != scope: hostPool } -resource hostPool_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource hostPool_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${hostPool.name}-diagnosticsetting' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null logs: diagnosticsLogs } scope: hostPool diff --git a/arm/Microsoft.DesktopVirtualization/hostpools/readme.md b/arm/Microsoft.DesktopVirtualization/hostpools/readme.md index 39df7e0c41..5c1333ad58 100644 --- a/arm/Microsoft.DesktopVirtualization/hostpools/readme.md +++ b/arm/Microsoft.DesktopVirtualization/hostpools/readme.md @@ -6,8 +6,8 @@ This module deploys an Azure virtual desktop host pool. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.DesktopVirtualization/hostPools` | 2021-07-12 | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | @@ -18,10 +18,11 @@ This module deploys an Azure virtual desktop host pool. | `baseTime` | string | `[utcNow('u')]` | | Generated. Do not provide a value! This date value is used to generate a registration token. | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | | `customRdpProperty` | string | `audiocapturemode:i:1;audiomode:i:0;drivestoredirect:s:;redirectclipboard:i:1;redirectcomports:i:1;redirectprinters:i:1;redirectsmartcards:i:1;screen mode id:i:2;` | | Optional. Host Pool RDP properties | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `hostpoolDescription` | string | | | Optional. The description of the Host Pool to be created. | | `hostpoolFriendlyName` | string | | | Optional. The friendly name of the Host Pool to be created. | | `hostpoolType` | string | `Pooled` | `[Personal, Pooled]` | Optional. Set this parameter to Personal if you would like to enable Persistent Desktop experience. Defaults to Pooled. | @@ -40,7 +41,6 @@ This module deploys an Azure virtual desktop host pool. | `validationEnviroment` | bool | | | Optional. Whether to use validation enviroment. When set to true, the Host Pool will be deployed in a validation 'ring' (environment) that receives all the new features (might be less stable). Ddefaults to false that stands for the stable, production-ready environment. | | `validationEnvironment` | bool | | | Optional. Validation host pool allows you to test service changes before they are deployed to production. | | `vmTemplate` | object | `{object}` | | Optional. The necessary information for adding more VMs to this Host Pool. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ### Parameter Usage: `roleAssignments` @@ -126,7 +126,7 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) -- [Hostpools](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DesktopVirtualization/2021-07-12/hostPools) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) +- [Hostpools](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DesktopVirtualization/2021-07-12/hostPools) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.DesktopVirtualization/workspaces/.bicep/nested_rbac.bicep b/arm/Microsoft.DesktopVirtualization/workspaces/.bicep/nested_rbac.bicep index 73bbe1886e..c91e776c66 100644 --- a/arm/Microsoft.DesktopVirtualization/workspaces/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.DesktopVirtualization/workspaces/.bicep/nested_rbac.bicep @@ -27,7 +27,7 @@ resource workspace 'Microsoft.DesktopVirtualization/workspaces@2021-07-12' exist name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(workspace.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.DesktopVirtualization/workspaces/.parameters/parameters.json b/arm/Microsoft.DesktopVirtualization/workspaces/.parameters/parameters.json index 9e987303cf..e843c8267e 100644 --- a/arm/Microsoft.DesktopVirtualization/workspaces/.parameters/parameters.json +++ b/arm/Microsoft.DesktopVirtualization/workspaces/.parameters/parameters.json @@ -35,13 +35,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsax001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.DesktopVirtualization/workspaces/deploy.bicep b/arm/Microsoft.DesktopVirtualization/workspaces/deploy.bicep index 2efcacae42..8681b131e6 100644 --- a/arm/Microsoft.DesktopVirtualization/workspaces/deploy.bicep +++ b/arm/Microsoft.DesktopVirtualization/workspaces/deploy.bicep @@ -21,14 +21,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @allowed([ 'CanNotDelete' @@ -86,7 +86,7 @@ resource workspace 'Microsoft.DesktopVirtualization/workspaces@2021-07-12' = { } } -resource workspace_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource workspace_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${workspace.name}-${lock}-lock' properties: { level: lock @@ -95,13 +95,13 @@ resource workspace_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != scope: workspace } -resource workspace_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource workspace_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${workspace.name}-diagnosticsetting' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null logs: diagnosticsLogs } scope: workspace diff --git a/arm/Microsoft.DesktopVirtualization/workspaces/readme.md b/arm/Microsoft.DesktopVirtualization/workspaces/readme.md index cd0d5c132e..b0f97aea44 100644 --- a/arm/Microsoft.DesktopVirtualization/workspaces/readme.md +++ b/arm/Microsoft.DesktopVirtualization/workspaces/readme.md @@ -6,8 +6,8 @@ This module deploys an Azure virtual desktop workspace. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.DesktopVirtualization/workspaces` | 2021-07-12 | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | @@ -17,10 +17,11 @@ This module deploys an Azure virtual desktop workspace. | :-- | :-- | :-- | :-- | :-- | | `appGroupResourceIds` | array | `[]` | | Required. Resource IDs fo the existing Application groups this workspace will group together. | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | | `logsToEnable` | array | `[Checkpoint, Error, Management, Feed]` | `[Checkpoint, Error, Management, Feed]` | Optional. The name of logs that will be streamed. | @@ -29,7 +30,6 @@ This module deploys an Azure virtual desktop workspace. | `tags` | object | `{object}` | | Optional. Tags of the resource. | | `workspaceDescription` | string | | | Optional. The description of the Workspace to be created. | | `workspaceFriendlyName` | string | | | Optional. The friendly name of the Workspace to be created. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ### Parameter Usage: `roleAssignments` @@ -81,7 +81,7 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) -- [Workspaces](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DesktopVirtualization/2021-07-12/workspaces) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) +- [Workspaces](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DesktopVirtualization/2021-07-12/workspaces) diff --git a/arm/Microsoft.DocumentDB/databaseAccounts/.bicep/nested_rbac.bicep b/arm/Microsoft.DocumentDB/databaseAccounts/.bicep/nested_rbac.bicep index d4945f77d3..36b073bf90 100644 --- a/arm/Microsoft.DocumentDB/databaseAccounts/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.DocumentDB/databaseAccounts/.bicep/nested_rbac.bicep @@ -26,7 +26,7 @@ resource databaseAccount 'Microsoft.DocumentDB/databaseAccounts@2021-06-15' exis name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(databaseAccount.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.DocumentDB/databaseAccounts/.parameters/mongodb.parameters.json b/arm/Microsoft.DocumentDB/databaseAccounts/.parameters/mongodb.parameters.json index d78897e728..6a099f38eb 100644 --- a/arm/Microsoft.DocumentDB/databaseAccounts/.parameters/mongodb.parameters.json +++ b/arm/Microsoft.DocumentDB/databaseAccounts/.parameters/mongodb.parameters.json @@ -224,13 +224,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsax001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" }, "systemAssignedIdentity": { diff --git a/arm/Microsoft.DocumentDB/databaseAccounts/.parameters/plain.parameters.json b/arm/Microsoft.DocumentDB/databaseAccounts/.parameters/plain.parameters.json index 09b678be68..2d42fcfdf3 100644 --- a/arm/Microsoft.DocumentDB/databaseAccounts/.parameters/plain.parameters.json +++ b/arm/Microsoft.DocumentDB/databaseAccounts/.parameters/plain.parameters.json @@ -35,13 +35,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsax001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.DocumentDB/databaseAccounts/.parameters/sqldb.parameters.json b/arm/Microsoft.DocumentDB/databaseAccounts/.parameters/sqldb.parameters.json index c3c1bb3f73..dfe323340b 100644 --- a/arm/Microsoft.DocumentDB/databaseAccounts/.parameters/sqldb.parameters.json +++ b/arm/Microsoft.DocumentDB/databaseAccounts/.parameters/sqldb.parameters.json @@ -58,13 +58,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsax001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" }, "userAssignedIdentities": { diff --git a/arm/Microsoft.DocumentDB/databaseAccounts/deploy.bicep b/arm/Microsoft.DocumentDB/databaseAccounts/deploy.bicep index ab28a99347..0386bfa11f 100644 --- a/arm/Microsoft.DocumentDB/databaseAccounts/deploy.bicep +++ b/arm/Microsoft.DocumentDB/databaseAccounts/deploy.bicep @@ -82,13 +82,13 @@ param diagnosticLogsRetentionInDays int = 365 param diagnosticStorageAccountId string = '' @description('Optional. Resource ID of the log analytics workspace.') -param workspaceId string = '' +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @description('Optional. The name of logs that will be streamed.') @allowed([ @@ -206,7 +206,7 @@ resource databaseAccount 'Microsoft.DocumentDB/databaseAccounts@2021-06-15' = { properties: databaseAccount_properties } -resource databaseAccount_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource databaseAccount_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${databaseAccount.name}-${lock}-lock' properties: { level: lock @@ -215,13 +215,13 @@ resource databaseAccount_lock 'Microsoft.Authorization/locks@2016-09-01' = if (l scope: databaseAccount } -resource databaseAccount_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource databaseAccount_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${databaseAccount.name}-diagnosticsetting' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } diff --git a/arm/Microsoft.DocumentDB/databaseAccounts/readme.md b/arm/Microsoft.DocumentDB/databaseAccounts/readme.md index e97f6d1183..85361f5708 100644 --- a/arm/Microsoft.DocumentDB/databaseAccounts/readme.md +++ b/arm/Microsoft.DocumentDB/databaseAccounts/readme.md @@ -6,8 +6,8 @@ This module deploys a DocumentDB database account and its child resources. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.DocumentDB/databaseAccounts` | 2021-06-15 | | `Microsoft.DocumentDB/databaseAccounts/mongodbDatabases` | 2021-07-01-preview | | `Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/collections` | 2021-07-01-preview | @@ -23,10 +23,11 @@ This module deploys a DocumentDB database account and its child resources. | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | | `databaseAccountOfferType` | string | `Standard` | `[Standard]` | Optional. The offer type for the Cosmos DB database account. | | `defaultConsistencyLevel` | string | `Session` | `[Eventual, ConsistentPrefix, Session, BoundedStaleness, Strong]` | Optional. The default consistency level of the Cosmos DB account. | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the log analytics workspace. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | | `locations` | array | | | Required. Locations enabled for the Cosmos DB account. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | @@ -42,7 +43,6 @@ This module deploys a DocumentDB database account and its child resources. | `systemAssignedIdentity` | bool | | | Optional. Enables system assigned managed identity on the resource. | | `tags` | object | `{object}` | | Optional. Tags of the Database Account resource. | | `userAssignedIdentities` | object | `{object}` | | Optional. The ID(s) to assign to the resource. | -| `workspaceId` | string | | | Optional. Resource ID of the log analytics workspace. | ### Parameter Usage: `roleAssignments` @@ -210,11 +210,11 @@ You can specify multiple user assigned identities to a resource by providing add ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Databaseaccounts](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DocumentDB/2021-06-15/databaseAccounts) - [Databaseaccounts/Mongodbdatabases](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DocumentDB/2021-07-01-preview/databaseAccounts/mongodbDatabases) - [Databaseaccounts/Mongodbdatabases/Collections](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DocumentDB/2021-07-01-preview/databaseAccounts/mongodbDatabases/collections) - [Databaseaccounts/Sqldatabases](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DocumentDB/2021-06-15/databaseAccounts/sqlDatabases) - [Databaseaccounts/Sqldatabases/Containers](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DocumentDB/2021-07-01-preview/databaseAccounts/sqlDatabases/containers) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.EventGrid/topics/.bicep/nested_rbac.bicep b/arm/Microsoft.EventGrid/topics/.bicep/nested_rbac.bicep index fdbbfa67b0..59b68eba65 100644 --- a/arm/Microsoft.EventGrid/topics/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.EventGrid/topics/.bicep/nested_rbac.bicep @@ -24,7 +24,7 @@ resource eventGrid 'Microsoft.EventGrid/topics@2020-06-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(eventGrid.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.EventGrid/topics/.parameters/parameters.json b/arm/Microsoft.EventGrid/topics/.parameters/parameters.json index 65434b8031..cd5991d501 100644 --- a/arm/Microsoft.EventGrid/topics/.parameters/parameters.json +++ b/arm/Microsoft.EventGrid/topics/.parameters/parameters.json @@ -21,13 +21,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsax001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.EventGrid/topics/deploy.bicep b/arm/Microsoft.EventGrid/topics/deploy.bicep index 675eef42a4..d52af252e3 100644 --- a/arm/Microsoft.EventGrid/topics/deploy.bicep +++ b/arm/Microsoft.EventGrid/topics/deploy.bicep @@ -18,14 +18,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @description('Optional. Configuration Details for private endpoints.') param privateEndpoints array = [] @@ -99,7 +99,7 @@ resource eventGrid 'Microsoft.EventGrid/topics@2020-06-01' = { } } -resource eventGrid_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource eventGrid_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${eventGrid.name}-${lock}-lock' properties: { level: lock @@ -108,13 +108,13 @@ resource eventGrid_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != scope: eventGrid } -resource eventGrid_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource eventGrid_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${eventGrid.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } diff --git a/arm/Microsoft.EventGrid/topics/readme.md b/arm/Microsoft.EventGrid/topics/readme.md index 9d9611da7e..e5098c6d3b 100644 --- a/arm/Microsoft.EventGrid/topics/readme.md +++ b/arm/Microsoft.EventGrid/topics/readme.md @@ -6,8 +6,8 @@ This module deploys an event grid topic. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.EventGrid/topics` | 2020-06-01 | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Network/privateEndpoints` | 2021-05-01 | @@ -18,10 +18,11 @@ This module deploys an event grid topic. | Parameter Name | Type | Default Value | Possible Values | Description | | :-- | :-- | :-- | :-- | :-- | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `inboundIpRules` | array | `[]` | | Optional. Array of IPs to whitelist. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all Resources. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | @@ -32,7 +33,6 @@ This module deploys an event grid topic. | `publicNetworkAccess` | string | `Enabled` | | Optional. Determines if traffic is allowed over public network. | | `roleAssignments` | array | `[]` | | Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' | | `tags` | object | `{object}` | | Optional. Tags of the resource. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ### Parameter Usage: `privateEndpoints` @@ -120,8 +120,8 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/privateEndpoints) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) +- [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints) - [Privateendpoints/Privatednszonegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/privateEndpoints/privateDnsZoneGroups) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Topics](https://docs.microsoft.com/en-us/azure/templates/Microsoft.EventGrid/2020-06-01/topics) diff --git a/arm/Microsoft.EventHub/namespaces/.bicep/nested_privateEndpoint.bicep b/arm/Microsoft.EventHub/namespaces/.bicep/nested_privateEndpoint.bicep index e54b6948f7..c3bcaedfc1 100644 --- a/arm/Microsoft.EventHub/namespaces/.bicep/nested_privateEndpoint.bicep +++ b/arm/Microsoft.EventHub/namespaces/.bicep/nested_privateEndpoint.bicep @@ -36,7 +36,7 @@ resource privateEndpoint 'Microsoft.Network/privateEndpoints@2021-03-01' = { } } -resource privateDnsZoneGroups 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2020-05-01' = if (!empty(privateEndpoint_var.privateDnsZoneResourceIds)) { +resource privateDnsZoneGroups 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2021-05-01' = if (!empty(privateEndpoint_var.privateDnsZoneResourceIds)) { name: '${privateEndpoint_var.name}/default' properties: { privateDnsZoneConfigs: [for privateDnsZoneResourceId in privateEndpoint_var.privateDnsZoneResourceIds: { diff --git a/arm/Microsoft.EventHub/namespaces/.bicep/nested_rbac.bicep b/arm/Microsoft.EventHub/namespaces/.bicep/nested_rbac.bicep index 8d1462e8ad..21a1919228 100644 --- a/arm/Microsoft.EventHub/namespaces/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.EventHub/namespaces/.bicep/nested_rbac.bicep @@ -27,7 +27,7 @@ resource eventHubNamespace 'Microsoft.EventHub/namespaces@2017-04-01' existing = name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(eventHubNamespace.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.EventHub/namespaces/.parameters/parameters.json b/arm/Microsoft.EventHub/namespaces/.parameters/parameters.json index 9440fecbca..078fad2146 100644 --- a/arm/Microsoft.EventHub/namespaces/.parameters/parameters.json +++ b/arm/Microsoft.EventHub/namespaces/.parameters/parameters.json @@ -90,13 +90,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsax001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" }, "systemAssignedIdentity": { diff --git a/arm/Microsoft.EventHub/namespaces/deploy.bicep b/arm/Microsoft.EventHub/namespaces/deploy.bicep index 92dbfc1775..4197861e75 100644 --- a/arm/Microsoft.EventHub/namespaces/deploy.bicep +++ b/arm/Microsoft.EventHub/namespaces/deploy.bicep @@ -57,14 +57,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @allowed([ 'CanNotDelete' @@ -192,7 +192,7 @@ resource eventHubNamespace 'Microsoft.EventHub/namespaces@2021-06-01-preview' = } } -resource eventHubNamespace_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource eventHubNamespace_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${eventHubNamespace.name}-${lock}-lock' properties: { level: lock @@ -201,13 +201,13 @@ resource eventHubNamespace_lock 'Microsoft.Authorization/locks@2016-09-01' = if scope: eventHubNamespace } -resource eventHubNamespace_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId))) { +resource eventHubNamespace_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${eventHubNamespace.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } @@ -295,11 +295,5 @@ output namespaceResourceId string = eventHubNamespace.id @description('The resource group where the namespace is deployed.') output namespaceResourceGroup string = resourceGroup().name -@description('The connection string to the namespace.') -output namespaceConnectionString string = listkeys(authRuleResourceId, '2017-04-01').primaryConnectionString - -@description('The shared access policy primary key.') -output sharedAccessPolicyPrimaryKey string = listkeys(authRuleResourceId, '2017-04-01').primaryKey - @description('The principal ID of the system assigned identity.') output systemAssignedPrincipalId string = systemAssignedIdentity && contains(eventHubNamespace.identity, 'principalId') ? eventHubNamespace.identity.principalId : '' diff --git a/arm/Microsoft.EventHub/namespaces/eventhubs/.bicep/nested_rbac.bicep b/arm/Microsoft.EventHub/namespaces/eventhubs/.bicep/nested_rbac.bicep index ee1c74bec4..e9cc6a9f5a 100644 --- a/arm/Microsoft.EventHub/namespaces/eventhubs/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.EventHub/namespaces/eventhubs/.bicep/nested_rbac.bicep @@ -25,7 +25,7 @@ resource eventHub 'Microsoft.EventHub/namespaces/eventhubs@2021-06-01-preview' e name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}}' } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(split(resourceId, '/')[0], split(resourceId, '/')[1], principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.EventHub/namespaces/eventhubs/deploy.bicep b/arm/Microsoft.EventHub/namespaces/eventhubs/deploy.bicep index 43bc7ac446..9f90d167c5 100644 --- a/arm/Microsoft.EventHub/namespaces/eventhubs/deploy.bicep +++ b/arm/Microsoft.EventHub/namespaces/eventhubs/deploy.bicep @@ -137,7 +137,7 @@ resource eventHub 'Microsoft.EventHub/namespaces/eventhubs@2021-06-01-preview' = properties: captureDescriptionEnabled ? eventHubPropertiesWithCapture : eventHubPropertiesSimple } -resource eventHub_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource eventHub_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${eventHub.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.EventHub/namespaces/eventhubs/readme.md b/arm/Microsoft.EventHub/namespaces/eventhubs/readme.md index 992c932666..3ab5c1ae22 100644 --- a/arm/Microsoft.EventHub/namespaces/eventhubs/readme.md +++ b/arm/Microsoft.EventHub/namespaces/eventhubs/readme.md @@ -6,8 +6,8 @@ This module deploys an Event Hub. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.EventHub/namespaces/eventhubs` | 2021-06-01-preview | | `Microsoft.EventHub/namespaces/eventhubs/authorizationRules` | 2021-06-01-preview | | `Microsoft.EventHub/namespaces/eventhubs/consumergroups` | 2021-06-01-preview | @@ -69,8 +69,8 @@ This module deploys an Event Hub. ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Namespaces/Eventhubs](https://docs.microsoft.com/en-us/azure/templates/Microsoft.EventHub/2021-06-01-preview/namespaces/eventhubs) - [Namespaces/Eventhubs/Authorizationrules](https://docs.microsoft.com/en-us/azure/templates/Microsoft.EventHub/2021-06-01-preview/namespaces/eventhubs/authorizationRules) - [Namespaces/Eventhubs/Consumergroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.EventHub/2021-06-01-preview/namespaces/eventhubs/consumergroups) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.EventHub/namespaces/readme.md b/arm/Microsoft.EventHub/namespaces/readme.md index 167327cc51..c414c637b9 100644 --- a/arm/Microsoft.EventHub/namespaces/readme.md +++ b/arm/Microsoft.EventHub/namespaces/readme.md @@ -6,8 +6,8 @@ This module deploys an event hub namespace. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.EventHub/namespaces` | 2021-06-01-preview | | `Microsoft.EventHub/namespaces/authorizationRules` | 2017-04-01 | | `Microsoft.EventHub/namespaces/disasterRecoveryConfigs` | 2017-04-01 | @@ -16,7 +16,7 @@ This module deploys an event hub namespace. | `Microsoft.EventHub/namespaces/eventhubs/consumergroups` | 2021-06-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Network/privateEndpoints` | 2021-03-01 | -| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | 2020-05-01 | +| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | 2021-05-01 | ## Parameters @@ -25,11 +25,12 @@ This module deploys an event hub namespace. | `authorizationRules` | _[authorizationRules](authorizationRules/readme.md)_ array | `[System.Collections.Hashtable]` | | Optional. Authorization Rules for the Event Hub namespace | | `baseTime` | string | `[utcNow('u')]` | | Generated. Do not provide a value! This date value is used to generate a SAS token to access the modules. | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `disasterRecoveryConfig` | object | `{object}` | | Optional. The disaster recovery config for this namespace | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `eventHubs` | _[eventHubs](eventHubs/readme.md)_ array | `[]` | | Optional. The event hubs to deploy into this namespace | | `isAutoInflateEnabled` | bool | | | Optional. Switch to enable the Auto Inflate feature of Event Hub. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | @@ -47,7 +48,6 @@ This module deploys an event hub namespace. | `tags` | object | `{object}` | | Optional. Tags of the resource. | | `userAssignedIdentities` | object | `{object}` | | Optional. The ID(s) to assign to the resource. | | `vNetId` | string | | | Optional. Virtual Network ID to lock down the Event Hub. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | | `zoneRedundant` | bool | | | Optional. Switch to make the Event Hub Namespace zone redundant. | ### Parameter Usage: `privateEndpoints` @@ -143,22 +143,20 @@ You can specify multiple user assigned identities to a resource by providing add | Output Name | Type | Description | | :-- | :-- | :-- | | `namespace` | string | The name of the eventspace. | -| `namespaceConnectionString` | string | The connection string to the namespace. | | `namespaceResourceGroup` | string | The resource group where the namespace is deployed. | | `namespaceResourceId` | string | The resource ID of the eventspace. | -| `sharedAccessPolicyPrimaryKey` | string | The shared access policy primary key. | | `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Namespaces](https://docs.microsoft.com/en-us/azure/templates/Microsoft.EventHub/2021-06-01-preview/namespaces) - [Namespaces/Authorizationrules](https://docs.microsoft.com/en-us/azure/templates/Microsoft.EventHub/2017-04-01/namespaces/authorizationRules) - [Namespaces/Disasterrecoveryconfigs](https://docs.microsoft.com/en-us/azure/templates/Microsoft.EventHub/2017-04-01/namespaces/disasterRecoveryConfigs) - [Namespaces/Eventhubs](https://docs.microsoft.com/en-us/azure/templates/Microsoft.EventHub/2021-06-01-preview/namespaces/eventhubs) - [Namespaces/Eventhubs/Authorizationrules](https://docs.microsoft.com/en-us/azure/templates/Microsoft.EventHub/2021-06-01-preview/namespaces/eventhubs/authorizationRules) - [Namespaces/Eventhubs/Consumergroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.EventHub/2021-06-01-preview/namespaces/eventhubs/consumergroups) -- [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) - [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/privateEndpoints) -- [Privateendpoints/Privatednszonegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2020-05-01/privateEndpoints/privateDnsZoneGroups) +- [Privateendpoints/Privatednszonegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints/privateDnsZoneGroups) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/roleAssignments) diff --git a/arm/Microsoft.HealthBot/healthBots/.bicep/nested_rbac.bicep b/arm/Microsoft.HealthBot/healthBots/.bicep/nested_rbac.bicep index 82b46f0934..6d9805b9cf 100644 --- a/arm/Microsoft.HealthBot/healthBots/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.HealthBot/healthBots/.bicep/nested_rbac.bicep @@ -22,7 +22,7 @@ resource healthBot 'Microsoft.HealthBot/healthBots@2021-06-10' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(healthBot.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.HealthBot/healthBots/deploy.bicep b/arm/Microsoft.HealthBot/healthBots/deploy.bicep index 1fa1b1170c..413c3ebdb1 100644 --- a/arm/Microsoft.HealthBot/healthBots/deploy.bicep +++ b/arm/Microsoft.HealthBot/healthBots/deploy.bicep @@ -39,7 +39,7 @@ resource azureHealthBot 'Microsoft.HealthBot/healthBots@2020-12-08' = { properties: {} } -resource azureHealthBot_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource azureHealthBot_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${azureHealthBot.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.HealthBot/healthBots/readme.md b/arm/Microsoft.HealthBot/healthBots/readme.md index 60f5b17dbb..e8acfd748f 100644 --- a/arm/Microsoft.HealthBot/healthBots/readme.md +++ b/arm/Microsoft.HealthBot/healthBots/readme.md @@ -6,8 +6,8 @@ This module deploys an Azure Health Bot. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.HealthBot/healthBots` | 2020-12-08 | ## Parameters @@ -72,5 +72,5 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references - [Define resources with Bicep and ARM templates](https://docs.microsoft.com/en-us/azure/templates) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Insights/actionGroups/.bicep/nested_rbac.bicep b/arm/Microsoft.Insights/actionGroups/.bicep/nested_rbac.bicep index 7cecafd606..4f06a27f69 100644 --- a/arm/Microsoft.Insights/actionGroups/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Insights/actionGroups/.bicep/nested_rbac.bicep @@ -23,7 +23,7 @@ resource actionGroup 'microsoft.insights/actionGroups@2019-06-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(actionGroup.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Insights/actionGroups/readme.md b/arm/Microsoft.Insights/actionGroups/readme.md index 41d78a614b..a301e71892 100644 --- a/arm/Microsoft.Insights/actionGroups/readme.md +++ b/arm/Microsoft.Insights/actionGroups/readme.md @@ -6,7 +6,7 @@ This module deploys an Action Group. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `microsoft.insights/actionGroups` | 2019-06-01 | ## Parameters @@ -124,5 +124,5 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Actiongroups](https://docs.microsoft.com/en-us/azure/templates/microsoft.insights/2019-06-01/actionGroups) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Insights/activityLogAlerts/.bicep/nested_rbac.bicep b/arm/Microsoft.Insights/activityLogAlerts/.bicep/nested_rbac.bicep index f6fb000ea4..ade3b2a850 100644 --- a/arm/Microsoft.Insights/activityLogAlerts/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Insights/activityLogAlerts/.bicep/nested_rbac.bicep @@ -23,7 +23,7 @@ resource activityLogAlert 'Microsoft.Insights/activityLogAlerts@2020-10-01' exis name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(activityLogAlert.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Insights/activityLogAlerts/readme.md b/arm/Microsoft.Insights/activityLogAlerts/readme.md index af77147d35..ffcfad8963 100644 --- a/arm/Microsoft.Insights/activityLogAlerts/readme.md +++ b/arm/Microsoft.Insights/activityLogAlerts/readme.md @@ -6,7 +6,7 @@ This module deploys an Alert based on Activity Log. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/activityLogAlerts` | 2020-10-01 | ## Parameters @@ -178,5 +178,5 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Activitylogalerts](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2020-10-01/activityLogAlerts) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Insights/components/.bicep/nested_rbac.bicep b/arm/Microsoft.Insights/components/.bicep/nested_rbac.bicep index 2072a48725..3c4de64b82 100644 --- a/arm/Microsoft.Insights/components/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Insights/components/.bicep/nested_rbac.bicep @@ -26,7 +26,7 @@ resource appInsights 'Microsoft.Insights/components@2020-02-02' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(appInsights.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Insights/components/readme.md b/arm/Microsoft.Insights/components/readme.md index 94c53c7d69..191215ecfa 100644 --- a/arm/Microsoft.Insights/components/readme.md +++ b/arm/Microsoft.Insights/components/readme.md @@ -4,7 +4,7 @@ | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/components` | 2020-02-02 | ## Parameters @@ -72,5 +72,5 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Components](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2020-02-02/components) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Insights/diagnosticSettings/.parameters/parameters.json b/arm/Microsoft.Insights/diagnosticSettings/.parameters/parameters.json index 266236defd..f647f40c11 100644 --- a/arm/Microsoft.Insights/diagnosticSettings/.parameters/parameters.json +++ b/arm/Microsoft.Insights/diagnosticSettings/.parameters/parameters.json @@ -11,13 +11,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsax001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.Insights/diagnosticSettings/deploy.bicep b/arm/Microsoft.Insights/diagnosticSettings/deploy.bicep index 1eba4001ab..f6f196b51b 100644 --- a/arm/Microsoft.Insights/diagnosticSettings/deploy.bicep +++ b/arm/Microsoft.Insights/diagnosticSettings/deploy.bicep @@ -13,14 +13,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @description('Optional. The name of logs that will be streamed.') @allowed([ @@ -57,10 +57,10 @@ resource diagnosticSetting 'Microsoft.Insights/diagnosticSettings@2021-05-01-pre name: name properties: { storageAccountId: (empty(diagnosticStorageAccountId) ? null : diagnosticStorageAccountId) - workspaceId: (empty(workspaceId) ? null : workspaceId) - eventHubAuthorizationRuleId: (empty(eventHubAuthorizationRuleId) ? null : eventHubAuthorizationRuleId) - eventHubName: (empty(eventHubName) ? null : eventHubName) - logs: ((empty(diagnosticStorageAccountId) && empty(workspaceId) && empty(eventHubAuthorizationRuleId) && empty(eventHubName)) ? null : diagnosticsLogs) + workspaceId: (empty(diagnosticWorkspaceId) ? null : diagnosticWorkspaceId) + eventHubAuthorizationRuleId: (empty(diagnosticEventHubAuthorizationRuleId) ? null : diagnosticEventHubAuthorizationRuleId) + eventHubName: (empty(diagnosticEventHubName) ? null : diagnosticEventHubName) + logs: ((empty(diagnosticStorageAccountId) && empty(diagnosticWorkspaceId) && empty(diagnosticEventHubAuthorizationRuleId) && empty(diagnosticEventHubName)) ? null : diagnosticsLogs) } } diff --git a/arm/Microsoft.Insights/diagnosticSettings/readme.md b/arm/Microsoft.Insights/diagnosticSettings/readme.md index f15df9bae4..9939c4d2fa 100644 --- a/arm/Microsoft.Insights/diagnosticSettings/readme.md +++ b/arm/Microsoft.Insights/diagnosticSettings/readme.md @@ -12,13 +12,13 @@ This module deploys a subscription wide export of the activity log. | Parameter Name | Type | Default Value | Possible Values | Description | | :-- | :-- | :-- | :-- | :-- | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `logsToEnable` | array | `[Administrative, Security, ServiceHealth, Alert, Recommendation, Policy, Autoscale, ResourceHealth]` | `[Administrative, Security, ServiceHealth, Alert, Recommendation, Policy, Autoscale, ResourceHealth]` | Optional. The name of logs that will be streamed. | | `name` | string | `[format('{0}-ActivityLog', uniqueString(subscription().id))]` | | Optional. Name of the ActivityLog diagnostic settings. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ## Outputs diff --git a/arm/Microsoft.Insights/metricAlerts/.bicep/nested_rbac.bicep b/arm/Microsoft.Insights/metricAlerts/.bicep/nested_rbac.bicep index 4e898950dc..aecb16deec 100644 --- a/arm/Microsoft.Insights/metricAlerts/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Insights/metricAlerts/.bicep/nested_rbac.bicep @@ -26,7 +26,7 @@ resource metricAlert 'Microsoft.Insights/metricAlerts@2018-03-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(metricAlert.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Insights/metricAlerts/readme.md b/arm/Microsoft.Insights/metricAlerts/readme.md index ae17d9552d..8861c251bc 100644 --- a/arm/Microsoft.Insights/metricAlerts/readme.md +++ b/arm/Microsoft.Insights/metricAlerts/readme.md @@ -6,7 +6,7 @@ This module deploys an alert based on metrics. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/metricAlerts` | 2018-03-01 | ## Parameters @@ -168,5 +168,5 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Metricalerts](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2018-03-01/metricAlerts) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Insights/privateLinkScopes/.bicep/nested_privateEndpoint.bicep b/arm/Microsoft.Insights/privateLinkScopes/.bicep/nested_privateEndpoint.bicep index 595b138a0d..3f3dcb5698 100644 --- a/arm/Microsoft.Insights/privateLinkScopes/.bicep/nested_privateEndpoint.bicep +++ b/arm/Microsoft.Insights/privateLinkScopes/.bicep/nested_privateEndpoint.bicep @@ -35,7 +35,7 @@ resource privateEndpoint 'Microsoft.Network/privateEndpoints@2021-03-01' = { customDnsConfigs: privateEndpoint_var.customDnsConfigs } - resource privateDnsZoneGroups 'privateDnsZoneGroups@2020-05-01' = { + resource privateDnsZoneGroups 'privateDnsZoneGroups@2021-05-01' = { name: 'default' properties: { privateDnsZoneConfigs: [for privateDnsZoneResourceId in privateEndpoint_var.privateDnsZoneResourceIds: { diff --git a/arm/Microsoft.Insights/privateLinkScopes/.bicep/nested_rbac.bicep b/arm/Microsoft.Insights/privateLinkScopes/.bicep/nested_rbac.bicep index 5456c1418e..479082e698 100644 --- a/arm/Microsoft.Insights/privateLinkScopes/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Insights/privateLinkScopes/.bicep/nested_rbac.bicep @@ -22,7 +22,7 @@ resource privateLinkScope 'Microsoft.Insights/privateLinkScopes@2019-10-17-previ name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(privateLinkScope.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Insights/privateLinkScopes/deploy.bicep b/arm/Microsoft.Insights/privateLinkScopes/deploy.bicep index da84b93f41..7b0bb19c61 100644 --- a/arm/Microsoft.Insights/privateLinkScopes/deploy.bicep +++ b/arm/Microsoft.Insights/privateLinkScopes/deploy.bicep @@ -49,7 +49,7 @@ module privateLinkScope_scopedResource 'scopedResources/deploy.bicep' = [for (sc } }] -resource privateLinkScope_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource privateLinkScope_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${privateLinkScope.name}-${lock}-lock' scope: privateLinkScope properties: { diff --git a/arm/Microsoft.Insights/privateLinkScopes/readme.md b/arm/Microsoft.Insights/privateLinkScopes/readme.md index c3d3f830f9..3ac8cedf31 100644 --- a/arm/Microsoft.Insights/privateLinkScopes/readme.md +++ b/arm/Microsoft.Insights/privateLinkScopes/readme.md @@ -6,12 +6,12 @@ This module deploys an Azure Monitor Private Link Scope. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `microsoft.insights/privateLinkScopes` | 2019-10-17-preview | | `Microsoft.Insights/privateLinkScopes/scopedResources` | 2021-07-01-preview | | `Microsoft.Network/privateEndpoints` | 2021-03-01 | -| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | 2020-05-01 | +| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | 2021-05-01 | ## Parameters @@ -111,9 +111,9 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) +- [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/privateEndpoints) +- [Privateendpoints/Privatednszonegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints/privateDnsZoneGroups) - [Privatelinkscopes](https://docs.microsoft.com/en-us/azure/templates/microsoft.insights/2019-10-17-preview/privateLinkScopes) - [Privatelinkscopes/Scopedresources](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-07-01-preview/privateLinkScopes/scopedResources) -- [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/privateEndpoints) -- [Privateendpoints/Privatednszonegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2020-05-01/privateEndpoints/privateDnsZoneGroups) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Insights/scheduledQueryRules/.bicep/nested_rbac.bicep b/arm/Microsoft.Insights/scheduledQueryRules/.bicep/nested_rbac.bicep index 8e61a960a2..b7c9097a8f 100644 --- a/arm/Microsoft.Insights/scheduledQueryRules/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Insights/scheduledQueryRules/.bicep/nested_rbac.bicep @@ -24,7 +24,7 @@ resource queryAlert 'microsoft.insights/scheduledQueryRules@2018-04-16' existing name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(queryAlert.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Insights/scheduledQueryRules/readme.md b/arm/Microsoft.Insights/scheduledQueryRules/readme.md index 965235b49e..f9ae5440d7 100644 --- a/arm/Microsoft.Insights/scheduledQueryRules/readme.md +++ b/arm/Microsoft.Insights/scheduledQueryRules/readme.md @@ -6,7 +6,7 @@ This module deploys a scheduled query rule. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/scheduledQueryRules` | 2021-02-01-preview | ## Parameters @@ -82,5 +82,5 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Scheduledqueryrules](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-02-01-preview/scheduledQueryRules) diff --git a/arm/Microsoft.KeyVault/vaults/.bicep/nested_rbac.bicep b/arm/Microsoft.KeyVault/vaults/.bicep/nested_rbac.bicep index b888a741df..2af08d0837 100644 --- a/arm/Microsoft.KeyVault/vaults/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.KeyVault/vaults/.bicep/nested_rbac.bicep @@ -33,7 +33,7 @@ resource keyVault 'Microsoft.KeyVault/vaults@2019-09-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(keyVault.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.KeyVault/vaults/.parameters/parameters.json b/arm/Microsoft.KeyVault/vaults/.parameters/parameters.json index 71bbeff422..e47a93745f 100644 --- a/arm/Microsoft.KeyVault/vaults/.parameters/parameters.json +++ b/arm/Microsoft.KeyVault/vaults/.parameters/parameters.json @@ -92,13 +92,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsax001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.KeyVault/vaults/deploy.bicep b/arm/Microsoft.KeyVault/vaults/deploy.bicep index 3a29ec6dd7..44ee6033fa 100644 --- a/arm/Microsoft.KeyVault/vaults/deploy.bicep +++ b/arm/Microsoft.KeyVault/vaults/deploy.bicep @@ -71,14 +71,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @allowed([ 'CanNotDelete' @@ -187,7 +187,7 @@ resource keyVault 'Microsoft.KeyVault/vaults@2019-09-01' = { } } -resource keyVault_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource keyVault_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${keyVault.name}-${lock}-lock' properties: { level: lock @@ -196,13 +196,13 @@ resource keyVault_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != scope: keyVault } -resource keyVault_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource keyVault_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${name_var}-diagnosticSettingName' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } diff --git a/arm/Microsoft.KeyVault/vaults/keys/.bicep/nested_rbac.bicep b/arm/Microsoft.KeyVault/vaults/keys/.bicep/nested_rbac.bicep index 0b991d1c64..2a1cbd9313 100644 --- a/arm/Microsoft.KeyVault/vaults/keys/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.KeyVault/vaults/keys/.bicep/nested_rbac.bicep @@ -30,7 +30,7 @@ resource key 'Microsoft.KeyVault/vaults/keys@2021-06-01-preview' existing = { name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}' } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(key.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.KeyVault/vaults/keys/readme.md b/arm/Microsoft.KeyVault/vaults/keys/readme.md index c12ac3ddfe..8ff11b72b4 100644 --- a/arm/Microsoft.KeyVault/vaults/keys/readme.md +++ b/arm/Microsoft.KeyVault/vaults/keys/readme.md @@ -6,7 +6,7 @@ This module deploys a key vault key. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.KeyVault/vaults/keys` | 2019-09-01 | ## Parameters @@ -75,5 +75,5 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Vaults/Keys](https://docs.microsoft.com/en-us/azure/templates/Microsoft.KeyVault/2019-09-01/vaults/keys) diff --git a/arm/Microsoft.KeyVault/vaults/readme.md b/arm/Microsoft.KeyVault/vaults/readme.md index fff57bff3e..5281b52e24 100644 --- a/arm/Microsoft.KeyVault/vaults/readme.md +++ b/arm/Microsoft.KeyVault/vaults/readme.md @@ -6,8 +6,8 @@ This module deploys a key vault and it's child resources. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.KeyVault/vaults` | 2019-09-01 | | `Microsoft.KeyVault/vaults/accessPolicies` | 2021-06-01-preview | @@ -24,16 +24,17 @@ This module deploys a key vault and it's child resources. | `baseTime` | string | `[utcNow('u')]` | | Generated. Do not provide a value! This date value is used to generate a SAS token to access the modules. | | `createMode` | string | `default` | | Optional. The vault's create mode to indicate whether the vault need to be recovered or not. - recover or default. | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `enablePurgeProtection` | bool | | | Optional. Provide 'true' to enable Key Vault's purge protection feature. | | `enableRbacAuthorization` | bool | | | Optional. Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored (warning: this is a preview feature). When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC. | | `enableSoftDelete` | bool | `True` | | Optional. Switch to enable/disable Key Vault's soft delete feature. | | `enableVaultForDeployment` | bool | `True` | `[True, False]` | Optional. Specifies if the vault is enabled for deployment by script or compute | | `enableVaultForDiskEncryption` | bool | `True` | `[True, False]` | Optional. Specifies if the azure platform has access to the vault for enabling disk encryption scenarios. | | `enableVaultForTemplateDeployment` | bool | `True` | `[True, False]` | Optional. Specifies if the vault is enabled for a template deployment | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `keys` | _[keys](keys/readme.md)_ array | `[]` | | Optional. All keys to create | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | @@ -48,7 +49,6 @@ This module deploys a key vault and it's child resources. | `tags` | object | `{object}` | | Optional. Resource tags. | | `vaultSku` | string | `premium` | `[premium, standard]` | Optional. Specifies the SKU for the vault | | `vNetId` | string | | | Optional. Virtual Network resource identifier, if networkAcls is passed, this value must be passed as well | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ### Parameter Usage: `roleAssignments` @@ -187,10 +187,10 @@ To use Private Endpoint the following dependencies must be deployed: ## Template references - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/privateEndpoints) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) +- [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints) - [Privateendpoints/Privatednszonegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/privateEndpoints/privateDnsZoneGroups) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Vaults](https://docs.microsoft.com/en-us/azure/templates/Microsoft.KeyVault/2019-09-01/vaults) - [Vaults/Accesspolicies](https://docs.microsoft.com/en-us/azure/templates/Microsoft.KeyVault/2021-06-01-preview/vaults/accessPolicies) - [Vaults/Keys](https://docs.microsoft.com/en-us/azure/templates/Microsoft.KeyVault/2019-09-01/vaults/keys) diff --git a/arm/Microsoft.KeyVault/vaults/secrets/.bicep/nested_rbac.bicep b/arm/Microsoft.KeyVault/vaults/secrets/.bicep/nested_rbac.bicep index ad6f84eca9..e73c709635 100644 --- a/arm/Microsoft.KeyVault/vaults/secrets/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.KeyVault/vaults/secrets/.bicep/nested_rbac.bicep @@ -29,7 +29,7 @@ resource secret 'Microsoft.KeyVault/vaults/secrets@2021-06-01-preview' existing name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}' } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(secret.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.KeyVault/vaults/secrets/readme.md b/arm/Microsoft.KeyVault/vaults/secrets/readme.md index c9ef73a1f7..013d22d710 100644 --- a/arm/Microsoft.KeyVault/vaults/secrets/readme.md +++ b/arm/Microsoft.KeyVault/vaults/secrets/readme.md @@ -6,7 +6,7 @@ This module deploys a key vault secret. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.KeyVault/vaults/secrets` | 2019-09-01 | ## Parameters @@ -73,5 +73,5 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Vaults/Secrets](https://docs.microsoft.com/en-us/azure/templates/Microsoft.KeyVault/2019-09-01/vaults/secrets) diff --git a/arm/Microsoft.Logic/workflows/.bicep/nested_rbac.bicep b/arm/Microsoft.Logic/workflows/.bicep/nested_rbac.bicep index 125dd3a7df..9a4e712fd9 100644 --- a/arm/Microsoft.Logic/workflows/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Logic/workflows/.bicep/nested_rbac.bicep @@ -25,7 +25,7 @@ resource logicApp 'Microsoft.Logic/workflows@2019-05-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(logicApp.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Logic/workflows/.parameters/parameters.json b/arm/Microsoft.Logic/workflows/.parameters/parameters.json index 733ae4084e..1cb82dde20 100644 --- a/arm/Microsoft.Logic/workflows/.parameters/parameters.json +++ b/arm/Microsoft.Logic/workflows/.parameters/parameters.json @@ -59,13 +59,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsax001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" }, "systemAssignedIdentity": { diff --git a/arm/Microsoft.Logic/workflows/deploy.bicep b/arm/Microsoft.Logic/workflows/deploy.bicep index 5a013abc5d..c6c733e8b9 100644 --- a/arm/Microsoft.Logic/workflows/deploy.bicep +++ b/arm/Microsoft.Logic/workflows/deploy.bicep @@ -39,14 +39,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @allowed([ 'CanNotDelete' @@ -180,7 +180,7 @@ resource logicApp 'Microsoft.Logic/workflows@2019-05-01' = { } } -resource logicApp_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource logicApp_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${logicApp.name}-${lock}-lock' properties: { level: lock @@ -189,13 +189,13 @@ resource logicApp_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != scope: logicApp } -resource logicApp_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(workspaceId) || !empty(eventHubAuthorizationRuleId) || !empty(eventHubName)) { +resource logicApp_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { name: '${logicApp.name}-diagnosticsetting' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } diff --git a/arm/Microsoft.Logic/workflows/readme.md b/arm/Microsoft.Logic/workflows/readme.md index 2fba538994..3fc1d99cd2 100644 --- a/arm/Microsoft.Logic/workflows/readme.md +++ b/arm/Microsoft.Logic/workflows/readme.md @@ -6,8 +6,8 @@ This module deploys a Logic App resource. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Logic/workflows` | 2019-05-01 | @@ -20,10 +20,11 @@ This module deploys a Logic App resource. | `contentsAccessControlConfiguration` | object | `{object}` | | Optional. The access control configuration for accessing workflow run contents. | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered. | | `definitionParameters` | object | `{object}` | | Optional. Parameters for the definition template. | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `integrationAccount` | object | `{object}` | | Optional. The integration account. | | `integrationServiceEnvironment` | object | `{object}` | | Optional. The integration service environment. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | @@ -45,7 +46,6 @@ This module deploys a Logic App resource. | `workflowParameters` | object | `{object}` | | Optional. The definitions for one or more parameters that pass the values to use at your logic app's runtime. | | `workflowStaticResults` | object | `{object}` | | Optional. The definitions for one or more static results returned by actions as mock outputs when static results are enabled on those actions. In each action definition, the runtimeConfiguration.staticResult.name attribute references the corresponding definition inside staticResults. | | `workflowTriggers` | object | `{object}` | | Optional. The definitions for one or more triggers that instantiate your workflow. You can define more than one trigger, but only with the Workflow Definition Language, not visually through the Logic Apps Designer. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ### Parameter Usage `AccessControlConfiguration` @@ -162,7 +162,7 @@ You can specify multiple user assigned identities to a resource by providing add ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Workflows](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Logic/2019-05-01/workflows) diff --git a/arm/Microsoft.MachineLearningServices/workspaces/.bicep/nested_rbac.bicep b/arm/Microsoft.MachineLearningServices/workspaces/.bicep/nested_rbac.bicep index 733f81957c..1ec6025c2c 100644 --- a/arm/Microsoft.MachineLearningServices/workspaces/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.MachineLearningServices/workspaces/.bicep/nested_rbac.bicep @@ -23,7 +23,7 @@ resource workspace 'Microsoft.MachineLearningServices/workspaces@2021-04-01' exi name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(workspace.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.MachineLearningServices/workspaces/.parameters/parameters.json b/arm/Microsoft.MachineLearningServices/workspaces/.parameters/parameters.json index cfec7a8ae2..c9d9eed3f4 100644 --- a/arm/Microsoft.MachineLearningServices/workspaces/.parameters/parameters.json +++ b/arm/Microsoft.MachineLearningServices/workspaces/.parameters/parameters.json @@ -33,13 +33,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsax001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" }, "systemAssignedIdentity": { diff --git a/arm/Microsoft.MachineLearningServices/workspaces/deploy.bicep b/arm/Microsoft.MachineLearningServices/workspaces/deploy.bicep index 83d9c59d34..623c8886d6 100644 --- a/arm/Microsoft.MachineLearningServices/workspaces/deploy.bicep +++ b/arm/Microsoft.MachineLearningServices/workspaces/deploy.bicep @@ -60,14 +60,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @description('Optional. The name of logs that will be streamed.') @allowed([ @@ -143,7 +143,7 @@ resource workspace 'Microsoft.MachineLearningServices/workspaces@2021-04-01' = { } } -resource workspace_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource workspace_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${workspace.name}-${lock}-lock' properties: { level: lock @@ -152,13 +152,13 @@ resource workspace_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != scope: workspace } -resource workspace_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource workspace_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } diff --git a/arm/Microsoft.MachineLearningServices/workspaces/readme.md b/arm/Microsoft.MachineLearningServices/workspaces/readme.md index 1611babfda..fe3f8eae40 100644 --- a/arm/Microsoft.MachineLearningServices/workspaces/readme.md +++ b/arm/Microsoft.MachineLearningServices/workspaces/readme.md @@ -6,8 +6,8 @@ This module deploys a Machine Learning Services Workspace. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.MachineLearningServices/workspaces` | 2021-04-01 | | `Microsoft.Network/privateEndpoints` | 2021-05-01 | @@ -23,10 +23,11 @@ This module deploys a Machine Learning Services Workspace. | `associatedKeyVaultResourceId` | string | | | Required. The resource ID of the associated Key Vault. | | `associatedStorageAccountResourceId` | string | | | Required. The resource ID of the associated Storage Account. | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `hbiWorkspace` | bool | | | Optional. The flag to signal HBI data in the workspace and reduce diagnostic data collected by the service. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | @@ -38,7 +39,6 @@ This module deploys a Machine Learning Services Workspace. | `sku` | string | | `[Basic, Enterprise]` | Required. Specifies the sku, also referred as 'edition' of the Azure Machine Learning workspace. | | `systemAssignedIdentity` | bool | | | Optional. Enables system assigned managed identity on the resource. | | `tags` | object | `{object}` | | Optional. Resource tags. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ### Parameter Usage: `roleAssignments` @@ -127,8 +127,8 @@ To use Private Endpoint the following dependencies must be deployed: ## Template references - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/privateEndpoints) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) +- [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints) - [Privateendpoints/Privatednszonegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/privateEndpoints/privateDnsZoneGroups) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Workspaces](https://docs.microsoft.com/en-us/azure/templates/Microsoft.MachineLearningServices/2021-04-01/workspaces) diff --git a/arm/Microsoft.ManagedIdentity/userAssignedIdentities/.bicep/nested_rbac.bicep b/arm/Microsoft.ManagedIdentity/userAssignedIdentities/.bicep/nested_rbac.bicep index f05120c681..ae2197082e 100644 --- a/arm/Microsoft.ManagedIdentity/userAssignedIdentities/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.ManagedIdentity/userAssignedIdentities/.bicep/nested_rbac.bicep @@ -24,7 +24,7 @@ resource userMsi 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' e name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(userMsi.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.ManagedIdentity/userAssignedIdentities/deploy.bicep b/arm/Microsoft.ManagedIdentity/userAssignedIdentities/deploy.bicep index 390f39cdd8..67b1c9e825 100644 --- a/arm/Microsoft.ManagedIdentity/userAssignedIdentities/deploy.bicep +++ b/arm/Microsoft.ManagedIdentity/userAssignedIdentities/deploy.bicep @@ -32,7 +32,7 @@ resource userMsi 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = tags: tags } -resource userMsi_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource userMsi_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${userMsi.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.ManagedIdentity/userAssignedIdentities/readme.md b/arm/Microsoft.ManagedIdentity/userAssignedIdentities/readme.md index 04ce8c6e6a..00be0e27d8 100644 --- a/arm/Microsoft.ManagedIdentity/userAssignedIdentities/readme.md +++ b/arm/Microsoft.ManagedIdentity/userAssignedIdentities/readme.md @@ -6,8 +6,8 @@ This module deploys a user assigned identity. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.ManagedIdentity/userAssignedIdentities` | 2018-11-30 | ## Parameters @@ -71,6 +71,6 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Userassignedidentities](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ManagedIdentity/2018-11-30/userAssignedIdentities) diff --git a/arm/Microsoft.Management/managementGroups/.bicep/nested_rbac.bicep b/arm/Microsoft.Management/managementGroups/.bicep/nested_rbac.bicep index 4ebbe9cfd0..a1b14cfd9e 100644 --- a/arm/Microsoft.Management/managementGroups/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Management/managementGroups/.bicep/nested_rbac.bicep @@ -288,7 +288,7 @@ var builtInRoleNames = { 'Azure Maps Contributor': '/providers/Microsoft.Authorization/roleDefinitions/dba33070-676a-4fb0-87fa-064dc56ff7fb' } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(resourceName, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Management/managementGroups/readme.md b/arm/Microsoft.Management/managementGroups/readme.md index 302eb0526c..75055c0aa5 100644 --- a/arm/Microsoft.Management/managementGroups/readme.md +++ b/arm/Microsoft.Management/managementGroups/readme.md @@ -11,7 +11,7 @@ This module has some known **limitations**: | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Management/managementGroups` | 2021-04-01 | ## Parameters @@ -72,5 +72,5 @@ New-AzRoleAssignment -ObjectId $PrincipalID -Scope "/providers/Microsoft.Managem ## Template references -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Managementgroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Management/2021-04-01/managementGroups) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.NetApp/netAppAccounts/.bicep/nested_rbac.bicep b/arm/Microsoft.NetApp/netAppAccounts/.bicep/nested_rbac.bicep index 448744f6b2..99adf87f9c 100644 --- a/arm/Microsoft.NetApp/netAppAccounts/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.NetApp/netAppAccounts/.bicep/nested_rbac.bicep @@ -22,7 +22,7 @@ resource netAppAccount 'Microsoft.NetApp/netAppAccounts@2021-04-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(netAppAccount.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.NetApp/netAppAccounts/capacityPools/.bicep/nested_rbac.bicep b/arm/Microsoft.NetApp/netAppAccounts/capacityPools/.bicep/nested_rbac.bicep index e2c7c2b474..cc35a1f3d9 100644 --- a/arm/Microsoft.NetApp/netAppAccounts/capacityPools/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.NetApp/netAppAccounts/capacityPools/.bicep/nested_rbac.bicep @@ -22,7 +22,7 @@ resource capacityPool 'Microsoft.NetApp/netAppAccounts/capacityPools@2021-04-01' name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}' } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(capacityPool.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.NetApp/netAppAccounts/capacityPools/readme.md b/arm/Microsoft.NetApp/netAppAccounts/capacityPools/readme.md index 0412fed2b8..cb94472a45 100644 --- a/arm/Microsoft.NetApp/netAppAccounts/capacityPools/readme.md +++ b/arm/Microsoft.NetApp/netAppAccounts/capacityPools/readme.md @@ -6,7 +6,7 @@ This template deploys capacity pools in an Azure NetApp Files. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.NetApp/netAppAccounts/capacityPools` | 2021-06-01 | | `Microsoft.NetApp/netAppAccounts/capacityPools/volumes` | 2021-06-01 | @@ -75,6 +75,6 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Netappaccounts/Capacitypools](https://docs.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2021-06-01/netAppAccounts/capacityPools) - [Netappaccounts/Capacitypools/Volumes](https://docs.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2021-06-01/netAppAccounts/capacityPools/volumes) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/.bicep/nested_rbac.bicep b/arm/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/.bicep/nested_rbac.bicep index 1952f9ecfb..b7caad5b4c 100644 --- a/arm/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/.bicep/nested_rbac.bicep @@ -22,7 +22,7 @@ resource volume 'Microsoft.NetApp/netAppAccounts/capacityPools/volumes@2021-04-0 name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}/${split(resourceId, '/')[12]}' } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(volume.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/readme.md b/arm/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/readme.md index 7219c4b966..099a99e1ee 100644 --- a/arm/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/readme.md +++ b/arm/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/readme.md @@ -6,7 +6,7 @@ This template deploys volumes in a capacity pool of an Azure NetApp files. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.NetApp/netAppAccounts/capacityPools/volumes` | 2021-06-01 | ## Parameters @@ -58,5 +58,5 @@ This template deploys volumes in a capacity pool of an Azure NetApp files. ## Template references -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Netappaccounts/Capacitypools/Volumes](https://docs.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2021-06-01/netAppAccounts/capacityPools/volumes) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.NetApp/netAppAccounts/deploy.bicep b/arm/Microsoft.NetApp/netAppAccounts/deploy.bicep index 7d8b99ed9d..7119d4a611 100644 --- a/arm/Microsoft.NetApp/netAppAccounts/deploy.bicep +++ b/arm/Microsoft.NetApp/netAppAccounts/deploy.bicep @@ -68,7 +68,7 @@ resource netAppAccount 'Microsoft.NetApp/netAppAccounts@2021-04-01' = { } } -resource netAppAccount_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource netAppAccount_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${netAppAccount.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.NetApp/netAppAccounts/readme.md b/arm/Microsoft.NetApp/netAppAccounts/readme.md index 277c527037..cbf45e579c 100644 --- a/arm/Microsoft.NetApp/netAppAccounts/readme.md +++ b/arm/Microsoft.NetApp/netAppAccounts/readme.md @@ -6,8 +6,8 @@ This template deploys Azure NetApp Files. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.NetApp/netAppAccounts` | 2021-04-01 | | `Microsoft.NetApp/netAppAccounts/capacityPools` | 2021-06-01 | | `Microsoft.NetApp/netAppAccounts/capacityPools/volumes` | 2021-06-01 | @@ -79,8 +79,8 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Netappaccounts](https://docs.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2021-04-01/netAppAccounts) - [Netappaccounts/Capacitypools](https://docs.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2021-06-01/netAppAccounts/capacityPools) - [Netappaccounts/Capacitypools/Volumes](https://docs.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2021-06-01/netAppAccounts/capacityPools/volumes) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Network/applicationGateways/.bicep/nested_rbac.bicep b/arm/Microsoft.Network/applicationGateways/.bicep/nested_rbac.bicep index d56361f5c0..53e506ee6c 100644 --- a/arm/Microsoft.Network/applicationGateways/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Network/applicationGateways/.bicep/nested_rbac.bicep @@ -30,7 +30,7 @@ resource applicationGateway 'Microsoft.Network/applicationGateways@2021-02-01' e name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(applicationGateway.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Network/applicationGateways/.parameters/parameters.json b/arm/Microsoft.Network/applicationGateways/.parameters/parameters.json index 2a7c028171..f972b08ef2 100644 --- a/arm/Microsoft.Network/applicationGateways/.parameters/parameters.json +++ b/arm/Microsoft.Network/applicationGateways/.parameters/parameters.json @@ -148,13 +148,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsax001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.Network/applicationGateways/deploy.bicep b/arm/Microsoft.Network/applicationGateways/deploy.bicep index ddde05e285..57af3861cb 100644 --- a/arm/Microsoft.Network/applicationGateways/deploy.bicep +++ b/arm/Microsoft.Network/applicationGateways/deploy.bicep @@ -86,14 +86,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @allowed([ 'CanNotDelete' @@ -391,7 +391,7 @@ resource applicationGateway 'Microsoft.Network/applicationGateways@2021-03-01' = dependsOn: [] } -resource applicationGateway_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource applicationGateway_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${applicationGateway.name}-${lock}-lock' properties: { level: lock @@ -400,15 +400,15 @@ resource applicationGateway_lock 'Microsoft.Authorization/locks@2016-09-01' = if scope: applicationGateway } -resource applicationGateway_diagnosticSettingName 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(workspaceId) || !empty(eventHubAuthorizationRuleId) || !empty(eventHubName)) { +resource applicationGateway_diagnosticSettingName 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { name: '${applicationGateway.name}-diagnosticSettings' properties: { storageAccountId: empty(diagnosticStorageAccountId) ? null : diagnosticStorageAccountId - workspaceId: empty(workspaceId) ? null : workspaceId - eventHubAuthorizationRuleId: empty(eventHubAuthorizationRuleId) ? null : eventHubAuthorizationRuleId - eventHubName: empty(eventHubName) ? null : eventHubName - metrics: empty(diagnosticStorageAccountId) && empty(workspaceId) && empty(eventHubAuthorizationRuleId) && empty(eventHubName) ? null : diagnosticsMetrics - logs: empty(diagnosticStorageAccountId) && empty(workspaceId) && empty(eventHubAuthorizationRuleId) && empty(eventHubName) ? null : diagnosticsLogs + workspaceId: empty(diagnosticWorkspaceId) ? null : diagnosticWorkspaceId + eventHubAuthorizationRuleId: empty(diagnosticEventHubAuthorizationRuleId) ? null : diagnosticEventHubAuthorizationRuleId + eventHubName: empty(diagnosticEventHubName) ? null : diagnosticEventHubName + metrics: empty(diagnosticStorageAccountId) && empty(diagnosticWorkspaceId) && empty(diagnosticEventHubAuthorizationRuleId) && empty(diagnosticEventHubName) ? null : diagnosticsMetrics + logs: empty(diagnosticStorageAccountId) && empty(diagnosticWorkspaceId) && empty(diagnosticEventHubAuthorizationRuleId) && empty(diagnosticEventHubName) ? null : diagnosticsLogs } scope: applicationGateway } diff --git a/arm/Microsoft.Network/applicationGateways/readme.md b/arm/Microsoft.Network/applicationGateways/readme.md index 99588cff19..b95fa7ebc2 100644 --- a/arm/Microsoft.Network/applicationGateways/readme.md +++ b/arm/Microsoft.Network/applicationGateways/readme.md @@ -6,8 +6,8 @@ This template deploys an application gateway. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Network/applicationGateways` | 2021-03-01 | @@ -19,10 +19,11 @@ This template deploys an application gateway. | `backendPools` | array | | | Required. The backend pools to be configured. | | `capacity` | int | `2` | | Optional. The number of Application instances to be configured. | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered. | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `frontendHttpListeners` | array | `[]` | | Required. The frontend http listeners to be configured. | | `frontendHttpRedirects` | array | `[]` | | Optional. The http redirects to be configured. Each redirect will route http traffic to a predefined frontEnd HTTPS listener. | | `frontendHttpsListeners` | array | `[]` | | Required. The frontend HTTPS listeners to be configured. | @@ -47,7 +48,6 @@ This template deploys an application gateway. | `vNetName` | string | | | Required. The name of the Virtual Network where the Application Gateway will be deployed. | | `vNetResourceGroup` | string | `[resourceGroup().name]` | | Optional. The name of the Virtual Network Resource Group where the Application Gateway will be deployed. | | `vNetSubscriptionId` | string | `[subscription().subscriptionId]` | | Optional. The Subscription ID of the Virtual Network where the Application Gateway will be deployed. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ### Parameter Usage: `backendPools` @@ -241,7 +241,7 @@ You can specify multiple user assigned identities to a resource by providing add ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) -- [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) - [Applicationgateways](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/applicationGateways) +- [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Network/applicationSecurityGroups/.bicep/nested_rbac.bicep b/arm/Microsoft.Network/applicationSecurityGroups/.bicep/nested_rbac.bicep index 06790c16a9..c7196c15d2 100644 --- a/arm/Microsoft.Network/applicationSecurityGroups/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Network/applicationSecurityGroups/.bicep/nested_rbac.bicep @@ -29,7 +29,7 @@ resource applicationSecurityGroup 'Microsoft.Network/applicationSecurityGroups@2 name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(applicationSecurityGroup.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Network/applicationSecurityGroups/deploy.bicep b/arm/Microsoft.Network/applicationSecurityGroups/deploy.bicep index 6f8dfe041c..8b49ebdcf1 100644 --- a/arm/Microsoft.Network/applicationSecurityGroups/deploy.bicep +++ b/arm/Microsoft.Network/applicationSecurityGroups/deploy.bicep @@ -33,7 +33,7 @@ resource applicationSecurityGroup 'Microsoft.Network/applicationSecurityGroups@2 properties: {} } -resource applicationSecurityGroup_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource applicationSecurityGroup_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${applicationSecurityGroup.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Network/applicationSecurityGroups/readme.md b/arm/Microsoft.Network/applicationSecurityGroups/readme.md index 34b10c0c3e..badbccbc37 100644 --- a/arm/Microsoft.Network/applicationSecurityGroups/readme.md +++ b/arm/Microsoft.Network/applicationSecurityGroups/readme.md @@ -6,8 +6,8 @@ This module deploys an application security group. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Network/applicationSecurityGroups` | 2021-02-01 | ## Parameters @@ -70,6 +70,6 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Applicationsecuritygroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/applicationSecurityGroups) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Network/azureFirewalls/.bicep/nested_rbac.bicep b/arm/Microsoft.Network/azureFirewalls/.bicep/nested_rbac.bicep index fa9f4c56df..aea4610a17 100644 --- a/arm/Microsoft.Network/azureFirewalls/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Network/azureFirewalls/.bicep/nested_rbac.bicep @@ -29,7 +29,7 @@ resource azureFirewall 'Microsoft.Network/azureFirewalls@2021-02-01' existing = name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(azureFirewall.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Network/azureFirewalls/.parameters/parameters.json b/arm/Microsoft.Network/azureFirewalls/.parameters/parameters.json index 23ed879564..5ad67d13d7 100644 --- a/arm/Microsoft.Network/azureFirewalls/.parameters/parameters.json +++ b/arm/Microsoft.Network/azureFirewalls/.parameters/parameters.json @@ -116,13 +116,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsax001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.Network/azureFirewalls/deploy.bicep b/arm/Microsoft.Network/azureFirewalls/deploy.bicep index 180bac43ab..2aa1724aee 100644 --- a/arm/Microsoft.Network/azureFirewalls/deploy.bicep +++ b/arm/Microsoft.Network/azureFirewalls/deploy.bicep @@ -40,18 +40,18 @@ param publicIPPrefixId string = '' param diagnosticStorageAccountId string = '' @description('Optional. Log Analytics workspace resource identifier') -param workspaceId string = '' +param diagnosticWorkspaceId string = '' @description('Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely.') @minValue(0) @maxValue(365) param diagnosticLogsRetentionInDays int = 365 -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @description('Optional. Location for all resources.') param location string = resourceGroup().location @@ -166,7 +166,7 @@ resource azureFirewallPip 'Microsoft.Network/publicIPAddresses@2021-02-01' = { } } -resource azureFirewallPip_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource azureFirewallPip_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${azureFirewallPip.name}-${lock}-lock' properties: { level: lock @@ -175,13 +175,13 @@ resource azureFirewallPip_lock 'Microsoft.Authorization/locks@2016-09-01' = if ( scope: azureFirewallPip } -resource azureFirewallPip_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(workspaceId) || !empty(eventHubAuthorizationRuleId) || !empty(eventHubName)) { +resource azureFirewallPip_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { name: '${azureFirewallPip.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogsPublicIp } @@ -221,7 +221,7 @@ resource azureFirewall 'Microsoft.Network/azureFirewalls@2021-03-01' = { } } -resource azureFirewall_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource azureFirewall_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${azureFirewall.name}-${lock}-lock' properties: { level: lock @@ -230,13 +230,13 @@ resource azureFirewall_lock 'Microsoft.Authorization/locks@2016-09-01' = if (loc scope: azureFirewall } -resource azureFirewall_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(workspaceId) || !empty(eventHubAuthorizationRuleId) || !empty(eventHubName)) { +resource azureFirewall_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { name: '${azureFirewall.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogsAzureFirewall } diff --git a/arm/Microsoft.Network/azureFirewalls/readme.md b/arm/Microsoft.Network/azureFirewalls/readme.md index 4e03e4cc3b..2837ca8868 100644 --- a/arm/Microsoft.Network/azureFirewalls/readme.md +++ b/arm/Microsoft.Network/azureFirewalls/readme.md @@ -6,8 +6,8 @@ This module deploys a firewall. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Network/azureFirewalls` | 2021-03-01 | | `Microsoft.Network/publicIPAddresses` | 2021-02-01 | @@ -22,11 +22,12 @@ This module deploys a firewall. | `azureSkuName` | string | `AZFW_VNet` | `[AZFW_VNet, AZFW_Hub]` | Optional. Name of an Azure Firewall SKU. | | `azureSkuTier` | string | `Standard` | `[Standard, Premium]` | Optional. Tier of an Azure Firewall. | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Diagnostic Storage Account resource identifier | +| `diagnosticWorkspaceId` | string | | | Optional. Log Analytics workspace resource identifier | | `enableDnsProxy` | bool | | | Optional. Enable the preview feature for DNS proxy. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `firewallLogsToEnable` | array | `[AzureFirewallApplicationRule, AzureFirewallNetworkRule, AzureFirewallDnsProxy]` | `[AzureFirewallApplicationRule, AzureFirewallNetworkRule, AzureFirewallDnsProxy]` | Optional. The name of firewall logs that will be streamed. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | @@ -37,9 +38,8 @@ This module deploys a firewall. | `publicIPLogsToEnable` | array | `[DDoSProtectionNotifications, DDoSMitigationReports, DDoSMitigationFlowLogs]` | `[DDoSProtectionNotifications, DDoSMitigationReports, DDoSMitigationFlowLogs]` | Optional. The name of public IP logs that will be streamed. | | `publicIPPrefixId` | string | | | Optional. Resource ID of the Public IP Prefix object. This is only needed if you want your Public IPs created in a PIP Prefix. | | `roleAssignments` | array | `[]` | | Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' | -| `tags` | object | `{object}` | | Optional. Tags of the Automation Account resource. | +| `tags` | object | `{object}` | | Optional. Tags of the Azure Firewall resource. | | `vNetId` | string | | | Required. Shared services Virtual Network resource ID | -| `workspaceId` | string | | | Optional. Log Analytics workspace resource identifier | ### Parameter Usage: `roleAssignments` @@ -100,8 +100,8 @@ The `networkRuleCollections` parameter accepts a JSON Array of AzureFirewallNetw ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) -- [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) - [Azurefirewalls](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/azureFirewalls) +- [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Publicipaddresses](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/publicIPAddresses) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Network/bastionHosts/.bicep/nested_publicIPAddress.bicep b/arm/Microsoft.Network/bastionHosts/.bicep/nested_publicIPAddress.bicep index cdc4b29312..3190605988 100644 --- a/arm/Microsoft.Network/bastionHosts/.bicep/nested_publicIPAddress.bicep +++ b/arm/Microsoft.Network/bastionHosts/.bicep/nested_publicIPAddress.bicep @@ -22,13 +22,13 @@ param diagnosticLogsRetentionInDays int = 365 param diagnosticStorageAccountId string = '' @description('Optional. Resource identifier of log analytics.') -param workspaceId string = '' +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @allowed([ 'CanNotDelete' @@ -107,7 +107,7 @@ resource publicIpAddress 'Microsoft.Network/publicIPAddresses@2021-02-01' = { } } -resource publicIpAddress_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource publicIpAddress_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${publicIpAddress.name}-${lock}-lock' properties: { level: lock @@ -116,13 +116,13 @@ resource publicIpAddress_lock 'Microsoft.Authorization/locks@2016-09-01' = if (l scope: publicIpAddress } -resource publicIpAddress_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(workspaceId) || !empty(eventHubAuthorizationRuleId) || !empty(eventHubName)) { +resource publicIpAddress_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { name: '${publicIpAddress.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } diff --git a/arm/Microsoft.Network/bastionHosts/.bicep/nested_publicIPAddress_rbac.bicep b/arm/Microsoft.Network/bastionHosts/.bicep/nested_publicIPAddress_rbac.bicep index 5168799fb6..f2d02c5cbb 100644 --- a/arm/Microsoft.Network/bastionHosts/.bicep/nested_publicIPAddress_rbac.bicep +++ b/arm/Microsoft.Network/bastionHosts/.bicep/nested_publicIPAddress_rbac.bicep @@ -30,7 +30,7 @@ resource publicIpAddress 'Microsoft.Network/publicIPAddresses@2021-03-01' existi name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(publicIpAddress.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Network/bastionHosts/.bicep/nested_rbac.bicep b/arm/Microsoft.Network/bastionHosts/.bicep/nested_rbac.bicep index 5d4c85f4dc..2b74a32883 100644 --- a/arm/Microsoft.Network/bastionHosts/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Network/bastionHosts/.bicep/nested_rbac.bicep @@ -29,7 +29,7 @@ resource azureBastion 'Microsoft.Network/bastionHosts@2021-02-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(azureBastion.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Network/bastionHosts/.parameters/parameters.json b/arm/Microsoft.Network/bastionHosts/.parameters/parameters.json index dcfe4652bc..ca75ba78a1 100644 --- a/arm/Microsoft.Network/bastionHosts/.parameters/parameters.json +++ b/arm/Microsoft.Network/bastionHosts/.parameters/parameters.json @@ -27,13 +27,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsax001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.Network/bastionHosts/deploy.bicep b/arm/Microsoft.Network/bastionHosts/deploy.bicep index a4943e0a38..6c3792b0c5 100644 --- a/arm/Microsoft.Network/bastionHosts/deploy.bicep +++ b/arm/Microsoft.Network/bastionHosts/deploy.bicep @@ -21,14 +21,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @allowed([ 'CanNotDelete' @@ -100,9 +100,9 @@ module publicIPAddress '.bicep/nested_publicIPAddress.bicep' = if (empty(publicI location: location diagnosticStorageAccountId: diagnosticStorageAccountId diagnosticLogsRetentionInDays: diagnosticLogsRetentionInDays - workspaceId: workspaceId - eventHubAuthorizationRuleId: eventHubAuthorizationRuleId - eventHubName: eventHubName + diagnosticWorkspaceId: diagnosticWorkspaceId + diagnosticEventHubAuthorizationRuleId: diagnosticEventHubAuthorizationRuleId + diagnosticEventHubName: diagnosticEventHubName lock: lock tags: tags } @@ -129,7 +129,7 @@ resource azureBastion 'Microsoft.Network/bastionHosts@2021-02-01' = { } } -resource azureBastion_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource azureBastion_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${azureBastion.name}-${lock}-lock' properties: { level: lock @@ -138,13 +138,13 @@ resource azureBastion_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock scope: azureBastion } -resource azureBastion_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(workspaceId) || !empty(eventHubAuthorizationRuleId) || !empty(eventHubName)) { +resource azureBastion_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { name: '${azureBastion.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null logs: diagnosticsLogs } scope: azureBastion diff --git a/arm/Microsoft.Network/bastionHosts/readme.md b/arm/Microsoft.Network/bastionHosts/readme.md index 321d607b33..07f64754a5 100644 --- a/arm/Microsoft.Network/bastionHosts/readme.md +++ b/arm/Microsoft.Network/bastionHosts/readme.md @@ -6,8 +6,8 @@ This module deploys a bastion host. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Network/bastionHosts` | 2021-02-01 | | `Microsoft.Network/publicIPAddresses` | 2021-02-01 | @@ -17,10 +17,11 @@ This module deploys a bastion host. | Parameter Name | Type | Default Value | Possible Values | Description | | :-- | :-- | :-- | :-- | :-- | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | | `logsToEnable` | array | `[BastionAuditLogs]` | `[BastionAuditLogs]` | Optional. Optional. The name of bastion logs that will be streamed. | @@ -30,7 +31,6 @@ This module deploys a bastion host. | `roleAssignments` | array | `[]` | | Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' | | `tags` | object | `{object}` | | Optional. Tags of the resource. | | `vNetId` | string | | | Required. Shared services Virtual Network resource identifier | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ### Parameter Usage: `tags` @@ -83,6 +83,6 @@ Tag names and tag values can be provided as needed. A tag can be left without a - [Bastionhosts](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/bastionHosts) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Publicipaddresses](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/publicIPAddresses) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Network/connections/deploy.bicep b/arm/Microsoft.Network/connections/deploy.bicep index 25f33df51b..c780a20c32 100644 --- a/arm/Microsoft.Network/connections/deploy.bicep +++ b/arm/Microsoft.Network/connections/deploy.bicep @@ -113,7 +113,7 @@ resource connection 'Microsoft.Network/connections@2021-02-01' = { } } -resource connection_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource connection_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${connection.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Network/connections/readme.md b/arm/Microsoft.Network/connections/readme.md index 024b116e84..9090c7624f 100644 --- a/arm/Microsoft.Network/connections/readme.md +++ b/arm/Microsoft.Network/connections/readme.md @@ -6,7 +6,7 @@ This template deploys a virtual network gateway connection. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Network/connections` | 2021-02-01 | ## Parameters @@ -92,5 +92,5 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) - [Connections](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/connections) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) diff --git a/arm/Microsoft.Network/ddosProtectionPlans/.bicep/nested_rbac.bicep b/arm/Microsoft.Network/ddosProtectionPlans/.bicep/nested_rbac.bicep index 84ed798023..c4c999b454 100644 --- a/arm/Microsoft.Network/ddosProtectionPlans/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Network/ddosProtectionPlans/.bicep/nested_rbac.bicep @@ -24,7 +24,7 @@ resource ddosProtectionPlan 'Microsoft.Network/ddosProtectionPlans@2021-02-01' e name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(ddosProtectionPlan.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Network/ddosProtectionPlans/deploy.bicep b/arm/Microsoft.Network/ddosProtectionPlans/deploy.bicep index e966c8771c..402c245252 100644 --- a/arm/Microsoft.Network/ddosProtectionPlans/deploy.bicep +++ b/arm/Microsoft.Network/ddosProtectionPlans/deploy.bicep @@ -34,7 +34,7 @@ resource ddosProtectionPlan 'Microsoft.Network/ddosProtectionPlans@2021-02-01' = properties: {} } -resource ddosProtectionPlan_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource ddosProtectionPlan_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${ddosProtectionPlan.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Network/ddosProtectionPlans/readme.md b/arm/Microsoft.Network/ddosProtectionPlans/readme.md index 4e2eaff543..7282785758 100644 --- a/arm/Microsoft.Network/ddosProtectionPlans/readme.md +++ b/arm/Microsoft.Network/ddosProtectionPlans/readme.md @@ -6,8 +6,8 @@ This template deploys a DDoS protection plan. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Network/ddosProtectionPlans` | 2021-02-01 | ## Parameters @@ -70,6 +70,6 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Ddosprotectionplans](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/ddosProtectionPlans) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Network/expressRouteCircuits/.bicep/nested_rbac.bicep b/arm/Microsoft.Network/expressRouteCircuits/.bicep/nested_rbac.bicep index a46b4fa36f..92bb469fc2 100644 --- a/arm/Microsoft.Network/expressRouteCircuits/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Network/expressRouteCircuits/.bicep/nested_rbac.bicep @@ -24,7 +24,7 @@ resource expressRouteCircuits 'Microsoft.Network/expressRouteCircuits@2021-02-01 name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(expressRouteCircuits.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Network/expressRouteCircuits/.parameters/parameters.json b/arm/Microsoft.Network/expressRouteCircuits/.parameters/parameters.json index dda2c4134e..74c20d1de8 100644 --- a/arm/Microsoft.Network/expressRouteCircuits/.parameters/parameters.json +++ b/arm/Microsoft.Network/expressRouteCircuits/.parameters/parameters.json @@ -36,13 +36,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsax001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.Network/expressRouteCircuits/deploy.bicep b/arm/Microsoft.Network/expressRouteCircuits/deploy.bicep index bb06f8dac6..1b67c176c2 100644 --- a/arm/Microsoft.Network/expressRouteCircuits/deploy.bicep +++ b/arm/Microsoft.Network/expressRouteCircuits/deploy.bicep @@ -65,14 +65,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @allowed([ 'CanNotDelete' @@ -164,7 +164,7 @@ resource expressRouteCircuits 'Microsoft.Network/expressRouteCircuits@2021-02-01 } } -resource expressRouteCircuits_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource expressRouteCircuits_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${expressRouteCircuits.name}-${lock}-lock' properties: { level: lock @@ -173,13 +173,13 @@ resource expressRouteCircuits_lock 'Microsoft.Authorization/locks@2016-09-01' = scope: expressRouteCircuits } -resource expressRouteCircuits_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(workspaceId) || !empty(eventHubAuthorizationRuleId) || !empty(eventHubName)) { +resource expressRouteCircuits_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { name: '${expressRouteCircuits.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } @@ -205,4 +205,4 @@ output expressRouteCircuitResourceGroup string = resourceGroup().name output expressRouteCircuitName string = expressRouteCircuits.name @description('The service key of the express route circuit') -output expressRouteCircuitServiceKey string = reference(expressRouteCircuits.id, '2020-05-01').serviceKey +output expressRouteCircuitServiceKey string = reference(expressRouteCircuits.id, '2021-02-01').serviceKey diff --git a/arm/Microsoft.Network/expressRouteCircuits/readme.md b/arm/Microsoft.Network/expressRouteCircuits/readme.md index c8cf70a542..a66938ce1f 100644 --- a/arm/Microsoft.Network/expressRouteCircuits/readme.md +++ b/arm/Microsoft.Network/expressRouteCircuits/readme.md @@ -6,8 +6,8 @@ This template deploys an express route circuit. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Network/expressRouteCircuits` | 2021-02-01 | @@ -17,10 +17,11 @@ This template deploys an express route circuit. | :-- | :-- | :-- | :-- | :-- | | `bandwidthInMbps` | int | | | Required. This is the bandwidth in Mbps of the circuit being created. It must exactly match one of the available bandwidth offers List ExpressRoute Service Providers API call. | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | | `logsToEnable` | array | `[PeeringRouteLog]` | `[PeeringRouteLog]` | Optional. The name of logs that will be streamed. | @@ -39,7 +40,6 @@ This template deploys an express route circuit. | `skuTier` | string | `Standard` | `[Local, Standard, Premium]` | Required. Chosen SKU Tier of ExpressRoute circuit. Choose from Local, Premium or Standard SKU tiers. | | `tags` | object | `{object}` | | Optional. Tags of the resource. | | `vlanId` | int | | | Optional. Specifies the identifier that is used to identify the customer. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ### Parameter Usage: `roleAssignments` @@ -91,7 +91,7 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) - [Expressroutecircuits](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/expressRouteCircuits) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Network/firewallPolicies/readme.md b/arm/Microsoft.Network/firewallPolicies/readme.md index b73761e0e2..b02b680e6c 100644 --- a/arm/Microsoft.Network/firewallPolicies/readme.md +++ b/arm/Microsoft.Network/firewallPolicies/readme.md @@ -21,7 +21,7 @@ This module deploys Network Firewall Policies. | `defaultWorkspaceId` | string | | | Optional. Default Log Analytics Resource ID for Firewall Policy Insights. | | `enableProxy` | bool | | | Optional. Enable DNS Proxy on Firewalls attached to the Firewall Policy. | | `fqdns` | array | `[]` | | Optional. List of FQDNs for the ThreatIntel Allowlist. | -| `insightsIsEnabled ` | bool | | | Optional. A flag to indicate if the insights are enabled on the policy. | +| `insightsIsEnabled` | bool | | | Optional. A flag to indicate if the insights are enabled on the policy. | | `ipAddresses` | array | `[]` | | Optional. List of IP addresses for the ThreatIntel Allowlist. | | `keyVaultSecretId` | string | | | Optional. Secret Id of (base-64 encoded unencrypted pfx) Secret or Certificate object stored in KeyVault. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | @@ -81,6 +81,6 @@ You can specify multiple user assigned identities to a resource by providing add ## Template references +- ['firewallPolicies/ruleGroups' Parent Documentation](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/firewallPolicies) - [Firewallpolicies](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/firewallPolicies) - [Firewallpolicies/Rulecollectiongroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/firewallPolicies/ruleCollectionGroups) -- [Firewallpolicies/Rulegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2020-04-01/firewallPolicies/ruleGroups) diff --git a/arm/Microsoft.Network/firewallPolicies/ruleGroups/readme.md b/arm/Microsoft.Network/firewallPolicies/ruleGroups/readme.md index 24cdf44aa1..348848102d 100644 --- a/arm/Microsoft.Network/firewallPolicies/ruleGroups/readme.md +++ b/arm/Microsoft.Network/firewallPolicies/ruleGroups/readme.md @@ -43,4 +43,4 @@ For remaining properties, see [FirewallPolicyRule objects](https://docs.microsof ## Template references -- [Firewallpolicies/Rulegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2020-04-01/firewallPolicies/ruleGroups) +- ['firewallPolicies/ruleGroups' Parent Documentation](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/firewallPolicies) diff --git a/arm/Microsoft.Network/ipGroups/.bicep/nested_rbac.bicep b/arm/Microsoft.Network/ipGroups/.bicep/nested_rbac.bicep index 390546aced..b42fa91373 100644 --- a/arm/Microsoft.Network/ipGroups/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Network/ipGroups/.bicep/nested_rbac.bicep @@ -24,7 +24,7 @@ resource ipGroup 'Microsoft.Network/ipGroups@2021-02-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(ipGroup.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Network/ipGroups/deploy.bicep b/arm/Microsoft.Network/ipGroups/deploy.bicep index 8b768638f0..1424e1775f 100644 --- a/arm/Microsoft.Network/ipGroups/deploy.bicep +++ b/arm/Microsoft.Network/ipGroups/deploy.bicep @@ -39,7 +39,7 @@ resource ipGroup 'Microsoft.Network/ipGroups@2021-02-01' = { } } -resource ipGroup_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource ipGroup_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${ipGroup.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Network/ipGroups/readme.md b/arm/Microsoft.Network/ipGroups/readme.md index 5f025ae87d..28370e1f19 100644 --- a/arm/Microsoft.Network/ipGroups/readme.md +++ b/arm/Microsoft.Network/ipGroups/readme.md @@ -6,8 +6,8 @@ This module deploys an IP group. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Network/ipGroups` | 2021-02-01 | ## Parameters @@ -71,6 +71,6 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Ipgroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/ipGroups) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Network/loadBalancers/.bicep/nested_rbac.bicep b/arm/Microsoft.Network/loadBalancers/.bicep/nested_rbac.bicep index 6bce9a3753..b9960c3ff9 100644 --- a/arm/Microsoft.Network/loadBalancers/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Network/loadBalancers/.bicep/nested_rbac.bicep @@ -28,7 +28,7 @@ resource loadBalancer 'Microsoft.Network/loadBalancers@2021-02-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(loadBalancer.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Network/loadBalancers/.parameters/parameters.json b/arm/Microsoft.Network/loadBalancers/.parameters/parameters.json index 66db06f07c..0559aa0510 100644 --- a/arm/Microsoft.Network/loadBalancers/.parameters/parameters.json +++ b/arm/Microsoft.Network/loadBalancers/.parameters/parameters.json @@ -115,13 +115,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsax001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.Network/loadBalancers/backendAddressPools/readme.md b/arm/Microsoft.Network/loadBalancers/backendAddressPools/readme.md index 92a854508f..3f5c874f0d 100644 --- a/arm/Microsoft.Network/loadBalancers/backendAddressPools/readme.md +++ b/arm/Microsoft.Network/loadBalancers/backendAddressPools/readme.md @@ -28,4 +28,4 @@ This module deploys load balancer backend address pools. ## Template references -- [Loadbalancers/Backendaddresspools](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/loadBalancers/backendAddressPools) +- [Loadbalancers/Backendaddresspools](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/loadBalancers/backendAddressPools) diff --git a/arm/Microsoft.Network/loadBalancers/deploy.bicep b/arm/Microsoft.Network/loadBalancers/deploy.bicep index bec72843ea..ff6a91c1f0 100644 --- a/arm/Microsoft.Network/loadBalancers/deploy.bicep +++ b/arm/Microsoft.Network/loadBalancers/deploy.bicep @@ -32,14 +32,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @allowed([ 'CanNotDelete' @@ -207,7 +207,7 @@ module loadBalancer_inboundNATRules 'inboundNatRules/deploy.bicep' = [for (inbou ] }] -resource loadBalancer_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource loadBalancer_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${loadBalancer.name}-${lock}-lock' properties: { level: lock @@ -216,13 +216,13 @@ resource loadBalancer_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock scope: loadBalancer } -resource loadBalancer_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(workspaceId) || !empty(eventHubAuthorizationRuleId) || !empty(eventHubName)) { +resource loadBalancer_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { name: '${loadBalancer.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics } scope: loadBalancer diff --git a/arm/Microsoft.Network/loadBalancers/inboundNatRules/readme.md b/arm/Microsoft.Network/loadBalancers/inboundNatRules/readme.md index e011695b7b..c33987048e 100644 --- a/arm/Microsoft.Network/loadBalancers/inboundNatRules/readme.md +++ b/arm/Microsoft.Network/loadBalancers/inboundNatRules/readme.md @@ -36,4 +36,4 @@ This module deploys load balancers inbound NAT rules. ## Template references -- [Loadbalancers/Inboundnatrules](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/loadBalancers/inboundNatRules) +- [Loadbalancers/Inboundnatrules](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/loadBalancers/inboundNatRules) diff --git a/arm/Microsoft.Network/loadBalancers/readme.md b/arm/Microsoft.Network/loadBalancers/readme.md index 76be954c28..ae23863c40 100644 --- a/arm/Microsoft.Network/loadBalancers/readme.md +++ b/arm/Microsoft.Network/loadBalancers/readme.md @@ -6,8 +6,8 @@ This module deploys a load balancer. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Network/loadBalancers` | 2021-02-01 | | `Microsoft.Network/loadBalancers/backendAddressPools` | 2021-05-01 | @@ -19,10 +19,11 @@ This module deploys a load balancer. | :-- | :-- | :-- | :-- | :-- | | `backendAddressPools` | _[backendAddressPools](backendAddressPools/readme.md)_ array | `[]` | | Optional. Collection of backend address pools used by a load balancer. | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `frontendIPConfigurations` | array | | | Required. Array of objects containing all frontend IP configurations | | `inboundNatRules` | _[inboundNatRules](inboundNatRules/readme.md)_ array | `[]` | | Optional. Collection of inbound NAT Rules used by a load balancer. Defining inbound NAT rules on your load balancer is mutually exclusive with defining an inbound NAT pool. Inbound NAT pools are referenced from virtual machine scale sets. NICs that are associated with individual virtual machines cannot reference an Inbound NAT pool. They have to reference individual inbound NAT rules. | | `loadBalancerSku` | string | `Standard` | `[Basic, Standard]` | Optional. Name of a load balancer SKU. | @@ -35,7 +36,6 @@ This module deploys a load balancer. | `probes` | array | `[]` | | Optional. Array of objects containing all probes, these are references in the load balancing rules | | `roleAssignments` | array | `[]` | | Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' | | `tags` | object | `{object}` | | Optional. Tags of the resource. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ### Parameter Usage: `frontendIPConfigurations` @@ -218,7 +218,7 @@ Tag names and tag values can be provided as needed. A tag can be left without a - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) - [Loadbalancers](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/loadBalancers) -- [Loadbalancers/Backendaddresspools](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/loadBalancers/backendAddressPools) -- [Loadbalancers/Inboundnatrules](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/loadBalancers/inboundNatRules) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Loadbalancers/Backendaddresspools](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/loadBalancers/backendAddressPools) +- [Loadbalancers/Inboundnatrules](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/loadBalancers/inboundNatRules) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Network/localNetworkGateways/.bicep/nested_rbac.bicep b/arm/Microsoft.Network/localNetworkGateways/.bicep/nested_rbac.bicep index c4af14a885..796eaf4f55 100644 --- a/arm/Microsoft.Network/localNetworkGateways/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Network/localNetworkGateways/.bicep/nested_rbac.bicep @@ -24,7 +24,7 @@ resource localNetworkGateway 'Microsoft.Network/localNetworkGateways@2021-02-01' name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(localNetworkGateway.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Network/localNetworkGateways/deploy.bicep b/arm/Microsoft.Network/localNetworkGateways/deploy.bicep index 1b8e72fb03..d427df77c5 100644 --- a/arm/Microsoft.Network/localNetworkGateways/deploy.bicep +++ b/arm/Microsoft.Network/localNetworkGateways/deploy.bicep @@ -65,7 +65,7 @@ resource localNetworkGateway 'Microsoft.Network/localNetworkGateways@2021-02-01' } } -resource localNetworkGateway_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource localNetworkGateway_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${localNetworkGateway.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Network/localNetworkGateways/readme.md b/arm/Microsoft.Network/localNetworkGateways/readme.md index 5521eae7c2..59b83613c6 100644 --- a/arm/Microsoft.Network/localNetworkGateways/readme.md +++ b/arm/Microsoft.Network/localNetworkGateways/readme.md @@ -6,8 +6,8 @@ This module deploys a local network gateway. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Network/localNetworkGateways` | 2021-02-01 | ## Parameters @@ -76,6 +76,6 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Localnetworkgateways](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/localNetworkGateways) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Network/natGateways/.bicep/nested_rbac.bicep b/arm/Microsoft.Network/natGateways/.bicep/nested_rbac.bicep index d7a1523571..80bfba5cfd 100644 --- a/arm/Microsoft.Network/natGateways/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Network/natGateways/.bicep/nested_rbac.bicep @@ -24,7 +24,7 @@ resource natGateway 'Microsoft.Network/natGateways@2021-02-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(natGateway.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Network/natGateways/.parameters/parameters.json b/arm/Microsoft.Network/natGateways/.parameters/parameters.json index 812644ca8a..8f0512a00c 100644 --- a/arm/Microsoft.Network/natGateways/.parameters/parameters.json +++ b/arm/Microsoft.Network/natGateways/.parameters/parameters.json @@ -24,13 +24,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsax001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.Network/natGateways/deploy.bicep b/arm/Microsoft.Network/natGateways/deploy.bicep index f05f4f3244..2dac24b1df 100644 --- a/arm/Microsoft.Network/natGateways/deploy.bicep +++ b/arm/Microsoft.Network/natGateways/deploy.bicep @@ -36,14 +36,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @allowed([ 'CanNotDelete' @@ -139,7 +139,7 @@ resource publicIP 'Microsoft.Network/publicIPAddresses@2021-02-01' = if (natGate } } -resource publicIP_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource publicIP_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${publicIP.name}-${lock}-lock' properties: { level: lock @@ -148,13 +148,13 @@ resource publicIP_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != scope: publicIP } -resource publicIP_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(workspaceId) || !empty(eventHubAuthorizationRuleId) || !empty(eventHubName)) { +resource publicIP_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { name: '${publicIP.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } @@ -174,7 +174,7 @@ resource natGateway 'Microsoft.Network/natGateways@2021-02-01' = { zones: zones } -resource natGateway_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource natGateway_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${natGateway.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Network/natGateways/readme.md b/arm/Microsoft.Network/natGateways/readme.md index c061da77fb..16e195294e 100644 --- a/arm/Microsoft.Network/natGateways/readme.md +++ b/arm/Microsoft.Network/natGateways/readme.md @@ -6,8 +6,8 @@ This module deploys a NAT gateway. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Network/natGateways` | 2021-02-01 | | `Microsoft.Network/publicIPAddresses` | 2021-02-01 | @@ -17,10 +17,11 @@ This module deploys a NAT gateway. | Parameter Name | Type | Default Value | Possible Values | Description | | :-- | :-- | :-- | :-- | :-- | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `idleTimeoutInMinutes` | int | `5` | | Optional. The idle timeout of the nat gateway. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | @@ -35,7 +36,6 @@ This module deploys a NAT gateway. | `publicIpPrefixes` | array | `[]` | | Optional. Existing Public IP Prefixes resource names to use for the NAT Gateway. | | `roleAssignments` | array | `[]` | | Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' | | `tags` | object | `{object}` | | Optional. Tags for the resource. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | | `zones` | array | `[]` | | Optional. A list of availability zones denoting the zone in which Nat Gateway should be deployed. | ### Parameter Usage: `roleAssignments` @@ -87,8 +87,8 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Natgateways](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/natGateways) - [Publicipaddresses](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/publicIPAddresses) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Network/networkSecurityGroups/.bicep/nested_rbac.bicep b/arm/Microsoft.Network/networkSecurityGroups/.bicep/nested_rbac.bicep index 4285b88504..700e0d6d2b 100644 --- a/arm/Microsoft.Network/networkSecurityGroups/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Network/networkSecurityGroups/.bicep/nested_rbac.bicep @@ -27,7 +27,7 @@ resource networkSecurityGroup 'Microsoft.Network/networkSecurityGroups@2021-02-0 name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(networkSecurityGroup.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Network/networkSecurityGroups/.parameters/parameters.json b/arm/Microsoft.Network/networkSecurityGroups/.parameters/parameters.json index 6ba6a214e2..5aafd0b957 100644 --- a/arm/Microsoft.Network/networkSecurityGroups/.parameters/parameters.json +++ b/arm/Microsoft.Network/networkSecurityGroups/.parameters/parameters.json @@ -83,13 +83,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsax001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.Network/networkSecurityGroups/deploy.bicep b/arm/Microsoft.Network/networkSecurityGroups/deploy.bicep index e9ade277c9..0082a6445d 100644 --- a/arm/Microsoft.Network/networkSecurityGroups/deploy.bicep +++ b/arm/Microsoft.Network/networkSecurityGroups/deploy.bicep @@ -15,14 +15,14 @@ param diagnosticStorageAccountId string = '' @maxValue(365) param diagnosticLogsRetentionInDays int = 365 -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @allowed([ 'CanNotDelete' @@ -93,7 +93,7 @@ resource networkSecurityGroup 'Microsoft.Network/networkSecurityGroups@2021-02-0 } } -resource networkSecurityGroup_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource networkSecurityGroup_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${networkSecurityGroup.name}-${lock}-lock' properties: { level: lock @@ -102,13 +102,13 @@ resource networkSecurityGroup_lock 'Microsoft.Authorization/locks@2016-09-01' = scope: networkSecurityGroup } -resource networkSecurityGroup_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(workspaceId) || !empty(eventHubAuthorizationRuleId) || !empty(eventHubName)) { +resource networkSecurityGroup_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { name: '${networkSecurityGroup.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null logs: diagnosticsLogs } scope: networkSecurityGroup diff --git a/arm/Microsoft.Network/networkSecurityGroups/readme.md b/arm/Microsoft.Network/networkSecurityGroups/readme.md index 7743507af8..e8a31ac9a4 100644 --- a/arm/Microsoft.Network/networkSecurityGroups/readme.md +++ b/arm/Microsoft.Network/networkSecurityGroups/readme.md @@ -6,8 +6,8 @@ This template deploys a network security group (NSG) with optional security rule | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Network/networkSecurityGroups` | 2021-02-01 | @@ -16,10 +16,11 @@ This template deploys a network security group (NSG) with optional security rule | Parameter Name | Type | Default Value | Possible Values | Description | | :-- | :-- | :-- | :-- | :-- | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | | `logsToEnable` | array | `[NetworkSecurityGroupEvent, NetworkSecurityGroupRuleCounter]` | `[NetworkSecurityGroupEvent, NetworkSecurityGroupRuleCounter]` | Optional. The name of logs that will be streamed. | @@ -27,7 +28,6 @@ This template deploys a network security group (NSG) with optional security rule | `networkSecurityGroupSecurityRules` | array | `[]` | | Optional. Array of Security Rules to deploy to the Network Security Group. When not provided, an NSG including only the built-in roles will be deployed. | | `roleAssignments` | array | `[]` | | Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' | | `tags` | object | `{object}` | | Optional. Tags of the NSG resource. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ### Parameter Usage: `networkSecurityGroupSecurityRules` @@ -158,7 +158,7 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Networksecuritygroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/networkSecurityGroups) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Network/networkWatchers/.bicep/nested_rbac.bicep b/arm/Microsoft.Network/networkWatchers/.bicep/nested_rbac.bicep index 62dd0c92cd..a69cf79289 100644 --- a/arm/Microsoft.Network/networkWatchers/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Network/networkWatchers/.bicep/nested_rbac.bicep @@ -24,7 +24,7 @@ resource networkWatcher 'Microsoft.Network/networkWatchers@2021-02-01' existing name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(networkWatcher.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Network/networkWatchers/deploy.bicep b/arm/Microsoft.Network/networkWatchers/deploy.bicep index ae1b5a7fd4..003ca34c4e 100644 --- a/arm/Microsoft.Network/networkWatchers/deploy.bicep +++ b/arm/Microsoft.Network/networkWatchers/deploy.bicep @@ -40,7 +40,7 @@ resource networkWatcher 'Microsoft.Network/networkWatchers@2021-02-01' = { properties: {} } -resource networkWatcher_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource networkWatcher_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${networkWatcher.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Network/networkWatchers/readme.md b/arm/Microsoft.Network/networkWatchers/readme.md index 2a9123d185..daf5e9a17b 100644 --- a/arm/Microsoft.Network/networkWatchers/readme.md +++ b/arm/Microsoft.Network/networkWatchers/readme.md @@ -6,8 +6,8 @@ This template deploys a network watcher. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Network/networkWatchers` | 2021-02-01 | | `Microsoft.Network/networkWatchers/connectionMonitors` | 2021-03-01 | | `Microsoft.Network/networkWatchers/flowLogs` | 2021-03-01 | @@ -75,8 +75,8 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Networkwatchers](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/networkWatchers) - [Networkwatchers/Connectionmonitors](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/networkWatchers/connectionMonitors) - [Networkwatchers/Flowlogs](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/networkWatchers/flowLogs) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Network/privateDnsZones/.bicep/nested_rbac.bicep b/arm/Microsoft.Network/privateDnsZones/.bicep/nested_rbac.bicep index 921291c400..9706c937b7 100644 --- a/arm/Microsoft.Network/privateDnsZones/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Network/privateDnsZones/.bicep/nested_rbac.bicep @@ -25,7 +25,7 @@ resource privateDnsZone 'Microsoft.Network/privateDnsZones@2018-09-01' existing name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(privateDnsZone.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Network/privateDnsZones/deploy.bicep b/arm/Microsoft.Network/privateDnsZones/deploy.bicep index 02d65d7ce1..366549354a 100644 --- a/arm/Microsoft.Network/privateDnsZones/deploy.bicep +++ b/arm/Microsoft.Network/privateDnsZones/deploy.bicep @@ -47,7 +47,7 @@ module privateDnsZone_virtualNetworkLinks 'virtualNetworkLinks/deploy.bicep' = [ } }] -resource privateDnsZone_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource privateDnsZone_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${privateDnsZone.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Network/privateDnsZones/readme.md b/arm/Microsoft.Network/privateDnsZones/readme.md index e61a41134b..2da8f59ac2 100644 --- a/arm/Microsoft.Network/privateDnsZones/readme.md +++ b/arm/Microsoft.Network/privateDnsZones/readme.md @@ -6,8 +6,8 @@ This template deploys a private DNS zone. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Network/privateDnsZones` | 2020-06-01 | | `Microsoft.Network/privateDnsZones/virtualNetworkLinks` | 2020-06-01 | @@ -72,7 +72,7 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Privatednszones](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2020-06-01/privateDnsZones) - [Privatednszones/Virtualnetworklinks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2020-06-01/privateDnsZones/virtualNetworkLinks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Network/privateEndpoints/.bicep/nested_rbac.bicep b/arm/Microsoft.Network/privateEndpoints/.bicep/nested_rbac.bicep index da73a45b85..63a851a101 100644 --- a/arm/Microsoft.Network/privateEndpoints/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Network/privateEndpoints/.bicep/nested_rbac.bicep @@ -24,7 +24,7 @@ resource privateEndpoint 'Microsoft.Network/privateEndpoints@2021-03-01' existin name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(privateEndpoint.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Network/privateEndpoints/deploy.bicep b/arm/Microsoft.Network/privateEndpoints/deploy.bicep index a171cb9816..c2db6a2abf 100644 --- a/arm/Microsoft.Network/privateEndpoints/deploy.bicep +++ b/arm/Microsoft.Network/privateEndpoints/deploy.bicep @@ -68,7 +68,7 @@ module privateEndpoint_privateDnsZoneGroups 'privateDnsZoneGroups/deploy.bicep' } }] -resource privateEndpoint_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource privateEndpoint_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${privateEndpoint.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Network/privateEndpoints/readme.md b/arm/Microsoft.Network/privateEndpoints/readme.md index 33e22b8c4c..8f176f2012 100644 --- a/arm/Microsoft.Network/privateEndpoints/readme.md +++ b/arm/Microsoft.Network/privateEndpoints/readme.md @@ -6,8 +6,8 @@ This template deploys a private endpoint for a generic service. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Network/privateEndpoints` | 2021-03-01 | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | 2021-03-01 | @@ -85,7 +85,7 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/privateEndpoints) - [Privateendpoints/Privatednszonegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/privateEndpoints/privateDnsZoneGroups) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Network/publicIPAddresses/.bicep/nested_rbac.bicep b/arm/Microsoft.Network/publicIPAddresses/.bicep/nested_rbac.bicep index c7de7eb565..16caa97465 100644 --- a/arm/Microsoft.Network/publicIPAddresses/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Network/publicIPAddresses/.bicep/nested_rbac.bicep @@ -28,7 +28,7 @@ resource publicIpAddress 'Microsoft.Network/publicIPAddresses@2021-02-01' existi name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(publicIpAddress.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Network/publicIPAddresses/.parameters/parameters.json b/arm/Microsoft.Network/publicIPAddresses/.parameters/parameters.json index 26498d1091..f16ede611d 100644 --- a/arm/Microsoft.Network/publicIPAddresses/.parameters/parameters.json +++ b/arm/Microsoft.Network/publicIPAddresses/.parameters/parameters.json @@ -27,13 +27,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsax001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.Network/publicIPAddresses/deploy.bicep b/arm/Microsoft.Network/publicIPAddresses/deploy.bicep index c1cd5a2e46..35fec83021 100644 --- a/arm/Microsoft.Network/publicIPAddresses/deploy.bicep +++ b/arm/Microsoft.Network/publicIPAddresses/deploy.bicep @@ -21,14 +21,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @allowed([ 'CanNotDelete' @@ -115,7 +115,7 @@ resource publicIpAddress 'Microsoft.Network/publicIPAddresses@2021-02-01' = { } } -resource publicIpAddress_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource publicIpAddress_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${publicIpAddress.name}-${lock}-lock' properties: { level: lock @@ -124,13 +124,13 @@ resource publicIpAddress_lock 'Microsoft.Authorization/locks@2016-09-01' = if (l scope: publicIpAddress } -resource publicIpAddress_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(workspaceId) || !empty(eventHubAuthorizationRuleId) || !empty(eventHubName)) { +resource publicIpAddress_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { name: '${publicIpAddress.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } diff --git a/arm/Microsoft.Network/publicIPAddresses/readme.md b/arm/Microsoft.Network/publicIPAddresses/readme.md index e1adf733a5..1c2cc79612 100644 --- a/arm/Microsoft.Network/publicIPAddresses/readme.md +++ b/arm/Microsoft.Network/publicIPAddresses/readme.md @@ -4,8 +4,8 @@ | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Network/publicIPAddresses` | 2021-02-01 | @@ -14,10 +14,11 @@ | Parameter Name | Type | Default Value | Possible Values | Description | | :-- | :-- | :-- | :-- | :-- | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | | `logsToEnable` | array | `[DDoSProtectionNotifications, DDoSMitigationFlowLogs, DDoSMitigationReports]` | `[DDoSProtectionNotifications, DDoSMitigationFlowLogs, DDoSMitigationReports]` | Optional. The name of logs that will be streamed. | @@ -29,7 +30,6 @@ | `skuName` | string | `Basic` | | Optional. Public IP Address sku Name | | `skuTier` | string | `Regional` | | Optional. Public IP Address pricing tier | | `tags` | object | `{object}` | | Optional. Tags of the resource. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ### Parameter Usage: `tags` @@ -80,7 +80,7 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Publicipaddresses](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/publicIPAddresses) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Network/publicIPPrefixes/.bicep/nested_rbac.bicep b/arm/Microsoft.Network/publicIPPrefixes/.bicep/nested_rbac.bicep index 925a0db08c..0d917e12fb 100644 --- a/arm/Microsoft.Network/publicIPPrefixes/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Network/publicIPPrefixes/.bicep/nested_rbac.bicep @@ -24,7 +24,7 @@ resource publicIpPrefix 'Microsoft.Network/publicIPPrefixes@2021-02-01' existing name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(publicIpPrefix.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Network/publicIPPrefixes/deploy.bicep b/arm/Microsoft.Network/publicIPPrefixes/deploy.bicep index 3b02f8aef7..305aa0bed5 100644 --- a/arm/Microsoft.Network/publicIPPrefixes/deploy.bicep +++ b/arm/Microsoft.Network/publicIPPrefixes/deploy.bicep @@ -45,7 +45,7 @@ resource publicIpPrefix 'Microsoft.Network/publicIPPrefixes@2021-02-01' = { } } -resource publicIpPrefix_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource publicIpPrefix_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${publicIpPrefix.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Network/publicIPPrefixes/readme.md b/arm/Microsoft.Network/publicIPPrefixes/readme.md index e9fa407663..ab0e357f3b 100644 --- a/arm/Microsoft.Network/publicIPPrefixes/readme.md +++ b/arm/Microsoft.Network/publicIPPrefixes/readme.md @@ -6,8 +6,8 @@ This template deploys a public IP prefix. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Network/publicIPPrefixes` | 2021-02-01 | ## Parameters @@ -71,6 +71,6 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Publicipprefixes](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/publicIPPrefixes) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Network/routeTables/.bicep/nested_rbac.bicep b/arm/Microsoft.Network/routeTables/.bicep/nested_rbac.bicep index d976cf899d..4bf2e9e2c3 100644 --- a/arm/Microsoft.Network/routeTables/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Network/routeTables/.bicep/nested_rbac.bicep @@ -25,7 +25,7 @@ resource routeTable 'Microsoft.Network/routeTables@2021-02-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(routeTable.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Network/routeTables/deploy.bicep b/arm/Microsoft.Network/routeTables/deploy.bicep index 523c26479a..96aa332be0 100644 --- a/arm/Microsoft.Network/routeTables/deploy.bicep +++ b/arm/Microsoft.Network/routeTables/deploy.bicep @@ -42,7 +42,7 @@ resource routeTable 'Microsoft.Network/routeTables@2021-02-01' = { } } -resource routeTable_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource routeTable_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${routeTable.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Network/routeTables/readme.md b/arm/Microsoft.Network/routeTables/readme.md index 28c5dd0651..10c50ebe95 100644 --- a/arm/Microsoft.Network/routeTables/readme.md +++ b/arm/Microsoft.Network/routeTables/readme.md @@ -6,8 +6,8 @@ This module deploys a user defined route table. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Network/routeTables` | 2021-02-01 | ## Parameters @@ -114,6 +114,6 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Routetables](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/routeTables) diff --git a/arm/Microsoft.Network/trafficmanagerprofiles/.bicep/nested_rbac.bicep b/arm/Microsoft.Network/trafficmanagerprofiles/.bicep/nested_rbac.bicep index 8af1a0fd87..22dfa67908 100644 --- a/arm/Microsoft.Network/trafficmanagerprofiles/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Network/trafficmanagerprofiles/.bicep/nested_rbac.bicep @@ -25,7 +25,7 @@ resource trafficmanagerprofile 'Microsoft.Network/trafficmanagerprofiles@2018-08 name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(trafficmanagerprofile.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Network/trafficmanagerprofiles/.parameters/parameters.json b/arm/Microsoft.Network/trafficmanagerprofiles/.parameters/parameters.json index 87184a6d1e..7aababf42d 100644 --- a/arm/Microsoft.Network/trafficmanagerprofiles/.parameters/parameters.json +++ b/arm/Microsoft.Network/trafficmanagerprofiles/.parameters/parameters.json @@ -24,13 +24,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsax001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.Network/trafficmanagerprofiles/deploy.bicep b/arm/Microsoft.Network/trafficmanagerprofiles/deploy.bicep index 940de98108..2e45ec0ef1 100644 --- a/arm/Microsoft.Network/trafficmanagerprofiles/deploy.bicep +++ b/arm/Microsoft.Network/trafficmanagerprofiles/deploy.bicep @@ -54,14 +54,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @allowed([ 'CanNotDelete' @@ -138,7 +138,7 @@ resource trafficManagerProfile 'Microsoft.Network/trafficmanagerprofiles@2018-08 } } -resource trafficManagerProfile_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource trafficManagerProfile_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${trafficManagerProfile.name}-${lock}-lock' properties: { level: lock @@ -147,13 +147,13 @@ resource trafficManagerProfile_lock 'Microsoft.Authorization/locks@2016-09-01' = scope: trafficManagerProfile } -resource trafficManagerProfile_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(workspaceId) || !empty(eventHubAuthorizationRuleId) || !empty(eventHubName)) { +resource trafficManagerProfile_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { name: '${trafficManagerProfile.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } diff --git a/arm/Microsoft.Network/trafficmanagerprofiles/readme.md b/arm/Microsoft.Network/trafficmanagerprofiles/readme.md index 8716783eed..8843e9d0cd 100644 --- a/arm/Microsoft.Network/trafficmanagerprofiles/readme.md +++ b/arm/Microsoft.Network/trafficmanagerprofiles/readme.md @@ -6,8 +6,8 @@ This module deploys a traffic manager profile. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Network/trafficmanagerprofiles` | 2018-08-01 | @@ -16,11 +16,12 @@ This module deploys a traffic manager profile. | Parameter Name | Type | Default Value | Possible Values | Description | | :-- | :-- | :-- | :-- | :-- | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `endpoints` | array | `[]` | | Optional. The list of endpoints in the Traffic Manager profile. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | | `logsToEnable` | array | `[ProbeHealthStatusEvents]` | `[ProbeHealthStatusEvents]` | Optional. The name of logs that will be streamed. | | `maxReturn` | int | `1` | | Optional. Maximum number of endpoints to be returned for MultiValue routing type. | @@ -34,7 +35,6 @@ This module deploys a traffic manager profile. | `trafficRoutingMethod` | string | `Performance` | `[Performance, Priority, Weighted, Geographic, MultiValue, Subnet]` | Optional. The traffic routing method of the Traffic Manager profile. | | `trafficViewEnrollmentStatus` | string | `Disabled` | `[Disabled, Enabled]` | Optional. Indicates whether Traffic View is 'Enabled' or 'Disabled' for the Traffic Manager profile. Null, indicates 'Disabled'. Enabling this feature will increase the cost of the Traffic Manage profile. | | `ttl` | int | `60` | | Optional. The DNS Time-To-Live (TTL), in seconds. This informs the local DNS resolvers and DNS clients how long to cache DNS responses provided by this Traffic Manager profile. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ### Parameter Usage: `monitorConfig` @@ -123,7 +123,7 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Trafficmanagerprofiles](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2018-08-01/trafficmanagerprofiles) diff --git a/arm/Microsoft.Network/virtualNetworkGateways/.bicep/nested_rbac.bicep b/arm/Microsoft.Network/virtualNetworkGateways/.bicep/nested_rbac.bicep index 675b29a6a7..ea6e435d0a 100644 --- a/arm/Microsoft.Network/virtualNetworkGateways/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Network/virtualNetworkGateways/.bicep/nested_rbac.bicep @@ -24,7 +24,7 @@ resource virtualNetworkGateway 'Microsoft.Network/virtualNetworkGateways@2021-02 name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(virtualNetworkGateway.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Network/virtualNetworkGateways/.parameters/expressRoute.parameters.json b/arm/Microsoft.Network/virtualNetworkGateways/.parameters/expressRoute.parameters.json index 467cf8b6a6..ed1cdd76a4 100644 --- a/arm/Microsoft.Network/virtualNetworkGateways/.parameters/expressRoute.parameters.json +++ b/arm/Microsoft.Network/virtualNetworkGateways/.parameters/expressRoute.parameters.json @@ -50,13 +50,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsax001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.Network/virtualNetworkGateways/.parameters/vpn.parameters.json b/arm/Microsoft.Network/virtualNetworkGateways/.parameters/vpn.parameters.json index 256635977d..51a9b2e354 100644 --- a/arm/Microsoft.Network/virtualNetworkGateways/.parameters/vpn.parameters.json +++ b/arm/Microsoft.Network/virtualNetworkGateways/.parameters/vpn.parameters.json @@ -46,13 +46,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsax001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.Network/virtualNetworkGateways/deploy.bicep b/arm/Microsoft.Network/virtualNetworkGateways/deploy.bicep index 6f8bd5a883..88ae4eaea8 100644 --- a/arm/Microsoft.Network/virtualNetworkGateways/deploy.bicep +++ b/arm/Microsoft.Network/virtualNetworkGateways/deploy.bicep @@ -77,14 +77,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'') param roleAssignments array = [] @@ -294,7 +294,7 @@ resource virtualGatewayPublicIP 'Microsoft.Network/publicIPAddresses@2021-02-01' }] @batchSize(1) -resource virtualGatewayPublicIP_lock 'Microsoft.Authorization/locks@2016-09-01' = [for (virtualGatewayPublicIpName, index) in virtualGatewayPipName_var: if (lock != 'NotSpecified') { +resource virtualGatewayPublicIP_lock 'Microsoft.Authorization/locks@2017-04-01' = [for (virtualGatewayPublicIpName, index) in virtualGatewayPipName_var: if (lock != 'NotSpecified') { name: '${virtualGatewayPublicIpName}-${lock}-lock' properties: { level: lock @@ -304,13 +304,13 @@ resource virtualGatewayPublicIP_lock 'Microsoft.Authorization/locks@2016-09-01' }] @batchSize(1) -resource virtualNetworkGatewayPublicIp_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = [for (virtualGatewayPublicIpName, index) in virtualGatewayPipName_var: if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource virtualNetworkGatewayPublicIp_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = [for (virtualGatewayPublicIpName, index) in virtualGatewayPipName_var: if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${virtualGatewayPublicIpName}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: publicIpDiagnosticsLogs } @@ -341,7 +341,7 @@ resource virtualNetworkGateway 'Microsoft.Network/virtualNetworkGateways@2021-02 ] } -resource virtualNetworkGateway_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource virtualNetworkGateway_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${virtualNetworkGateway.name}-${lock}-lock' properties: { level: lock @@ -350,13 +350,13 @@ resource virtualNetworkGateway_lock 'Microsoft.Authorization/locks@2016-09-01' = scope: virtualNetworkGateway } -resource virtualNetworkGateway_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(workspaceId) || !empty(eventHubAuthorizationRuleId) || !empty(eventHubName)) { +resource virtualNetworkGateway_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { name: '${virtualNetworkGateway.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: virtualNetworkGatewayDiagnosticsLogs } diff --git a/arm/Microsoft.Network/virtualNetworkGateways/readme.md b/arm/Microsoft.Network/virtualNetworkGateways/readme.md index 5f1946c045..8a1f1d7e4f 100644 --- a/arm/Microsoft.Network/virtualNetworkGateways/readme.md +++ b/arm/Microsoft.Network/virtualNetworkGateways/readme.md @@ -6,8 +6,8 @@ This module deploys a virtual network gateway. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Network/publicIPAddresses` | 2021-02-01 | | `Microsoft.Network/virtualNetworkGateways` | 2021-02-01 | @@ -21,12 +21,13 @@ This module deploys a virtual network gateway. | `clientRevokedCertThumbprint` | string | | | Optional. Thumbprint of the revoked certificate. This would revoke VPN client certificates matching this thumbprint from connecting to the VNet. | | `clientRootCertData` | string | | | Optional. Client root certificate data used to authenticate VPN clients. | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `domainNameLabel` | array | `[]` | | Optional. DNS name(s) of the Public IP resource(s). If you enabled active-active configuration, you need to provide 2 DNS names, if you want to use this feature. A region specific suffix will be appended to it, e.g.: your-DNS-name.westeurope.cloudapp.azure.com | | `enableBgp` | bool | `True` | | Optional. Value to specify if BGP is enabled or not | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `gatewayPipName` | array | `[]` | | Optional. Specifies the name of the Public IP used by the Virtual Network Gateway. If it's not provided, a '-pip' suffix will be appended to the gateway's name. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | @@ -43,7 +44,6 @@ This module deploys a virtual network gateway. | `vNetResourceId` | string | | | Required. Virtual Network resource ID | | `vpnClientAddressPoolPrefix` | string | | | Optional. The IP address range from which VPN clients will receive an IP address when connected. Range specified must not overlap with on-premise network. | | `vpnType` | string | `RouteBased` | `[PolicyBased, RouteBased]` | Required. Specifies the VPN type | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ### Parameter Usage: `subnets` @@ -126,8 +126,8 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Publicipaddresses](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/publicIPAddresses) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Virtualnetworkgateways](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/virtualNetworkGateways) diff --git a/arm/Microsoft.Network/virtualNetworks/.bicep/nested_rbac.bicep b/arm/Microsoft.Network/virtualNetworks/.bicep/nested_rbac.bicep index 1ee7998d15..eb79a9be0b 100644 --- a/arm/Microsoft.Network/virtualNetworks/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Network/virtualNetworks/.bicep/nested_rbac.bicep @@ -39,7 +39,7 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2021-03-01' existing name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(virtualNetwork.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Network/virtualNetworks/.parameters/parameters.json b/arm/Microsoft.Network/virtualNetworks/.parameters/parameters.json index bd2ad3ee69..24dc73a63a 100644 --- a/arm/Microsoft.Network/virtualNetworks/.parameters/parameters.json +++ b/arm/Microsoft.Network/virtualNetworks/.parameters/parameters.json @@ -64,13 +64,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsax001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.Network/virtualNetworks/.parameters/vnetPeering.parameters.json b/arm/Microsoft.Network/virtualNetworks/.parameters/vnetPeering.parameters.json index 7f286a5d3f..fd6f96df60 100644 --- a/arm/Microsoft.Network/virtualNetworks/.parameters/vnetPeering.parameters.json +++ b/arm/Microsoft.Network/virtualNetworks/.parameters/vnetPeering.parameters.json @@ -39,13 +39,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsax001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.Network/virtualNetworks/deploy.bicep b/arm/Microsoft.Network/virtualNetworks/deploy.bicep index 960f4fa88a..a8393f5d85 100644 --- a/arm/Microsoft.Network/virtualNetworks/deploy.bicep +++ b/arm/Microsoft.Network/virtualNetworks/deploy.bicep @@ -28,14 +28,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @allowed([ 'CanNotDelete' @@ -183,7 +183,7 @@ module virtualNetwork_peering_remote 'virtualNetworkPeerings/deploy.bicep' = [fo ] }] -resource virtualNetwork_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource virtualNetwork_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${virtualNetwork.name}-${lock}-lock' properties: { level: lock @@ -192,13 +192,13 @@ resource virtualNetwork_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lo scope: virtualNetwork } -resource appServiceEnvironment_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(workspaceId) || !empty(eventHubAuthorizationRuleId) || !empty(eventHubName)) { +resource appServiceEnvironment_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { name: '${virtualNetwork.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } diff --git a/arm/Microsoft.Network/virtualNetworks/readme.md b/arm/Microsoft.Network/virtualNetworks/readme.md index 5737b655a8..1631ef1365 100644 --- a/arm/Microsoft.Network/virtualNetworks/readme.md +++ b/arm/Microsoft.Network/virtualNetworks/readme.md @@ -6,8 +6,8 @@ This template deploys a virtual network (vNet). | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Network/virtualNetworks` | 2021-03-01 | | `Microsoft.Network/virtualNetworks/subnets` | 2021-03-01 | @@ -20,11 +20,12 @@ This template deploys a virtual network (vNet). | `addressPrefixes` | array | | | Required. An Array of 1 or more IP Address Prefixes for the Virtual Network. | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | | `ddosProtectionPlanId` | string | | | Optional. Resource ID of the DDoS protection plan to assign the VNET to. If it's left blank, DDoS protection will not be configured. If it's provided, the VNET created by this template will be attached to the referenced DDoS protection plan. The DDoS protection plan can exist in the same or in a different subscription. | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `dnsServers` | array | `[]` | | Optional. DNS Servers associated to the Virtual Network. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | | `logsToEnable` | array | `[VMProtectionAlerts]` | `[VMProtectionAlerts]` | Optional. The name of logs that will be streamed. | @@ -34,7 +35,6 @@ This template deploys a virtual network (vNet). | `subnets` | _[subnets](subnets/readme.md)_ array | | | Required. An Array of subnets to deploy to the Virual Network. | | `tags` | object | `{object}` | | Optional. Tags of the resource. | | `virtualNetworkPeerings` | _[virtualNetworkPeerings](virtualNetworkPeerings/readme.md)_ array | `[]` | | Optional. Virtual Network Peerings configurations | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ### Parameter Usage: `virtualNetworkPeerings` @@ -111,8 +111,8 @@ The network security group and route table resources must reside in the same res | Output Name | Type | Description | | :-- | :-- | :-- | -| `subnetNames` | array | | -| `subnetResourceIds` | array | | +| `subnetNames` | array | The names of the deployed subnets | +| `subnetResourceIds` | array | The resource IDs of the deployed subnets | | `virtualNetworkName` | string | The name of the virtual network | | `virtualNetworkResourceGroup` | string | The resource group the virtual network was deployed into | | `virtualNetworkResourceId` | string | The resource ID of the virtual network | @@ -120,8 +120,8 @@ The network security group and route table resources must reside in the same res ## Template references - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Virtualnetworks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/virtualNetworks) - [Virtualnetworks/Subnets](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/virtualNetworks/subnets) - [Virtualnetworks/Virtualnetworkpeerings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/virtualNetworks/virtualNetworkPeerings) diff --git a/arm/Microsoft.Network/virtualWans/.bicep/nested_rbac.bicep b/arm/Microsoft.Network/virtualWans/.bicep/nested_rbac.bicep index e8021da8ed..5fa4ad424d 100644 --- a/arm/Microsoft.Network/virtualWans/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Network/virtualWans/.bicep/nested_rbac.bicep @@ -24,7 +24,7 @@ resource virtualWan 'Microsoft.Network/virtualWans@2021-03-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(virtualWan.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Network/virtualWans/deploy.bicep b/arm/Microsoft.Network/virtualWans/deploy.bicep index d1c436a893..f29b91a82a 100644 --- a/arm/Microsoft.Network/virtualWans/deploy.bicep +++ b/arm/Microsoft.Network/virtualWans/deploy.bicep @@ -76,7 +76,7 @@ resource virtualWan 'Microsoft.Network/virtualWans@2021-03-01' = { } } -resource virtualWan_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource virtualWan_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${virtualWan.name}-${lock}-lock' properties: { level: lock @@ -96,7 +96,7 @@ resource virtualHub 'Microsoft.Network/virtualHubs@2021-03-01' = { } } -resource virtualHub_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource virtualHub_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${virtualHub.name}-${lock}-lock' properties: { level: lock @@ -127,7 +127,7 @@ resource vpnSite 'Microsoft.Network/vpnSites@2021-03-01' = { } } -resource vpnSite_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource vpnSite_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${vpnSite.name}-${lock}-lock' properties: { level: lock @@ -161,7 +161,7 @@ resource vpnGateway 'Microsoft.Network/vpnGateways@2021-03-01' = { } } -resource vpnGateway_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource vpnGateway_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${vpnGateway.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Network/virtualWans/readme.md b/arm/Microsoft.Network/virtualWans/readme.md index e5354fd5c8..57e87d1b73 100644 --- a/arm/Microsoft.Network/virtualWans/readme.md +++ b/arm/Microsoft.Network/virtualWans/readme.md @@ -6,8 +6,8 @@ This template deploys a virtual WAN. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Network/virtualHubs` | 2021-03-01 | | `Microsoft.Network/virtualWans` | 2021-03-01 | | `Microsoft.Network/vpnGateways` | 2021-03-01 | @@ -84,8 +84,8 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Virtualhubs](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/virtualHubs) - [Virtualwans](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/virtualWans) - [Vpngateways](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/vpnGateways) diff --git a/arm/Microsoft.OperationalInsights/workspaces/.bicep/nested_rbac.bicep b/arm/Microsoft.OperationalInsights/workspaces/.bicep/nested_rbac.bicep index 76f6b69035..86d7d80496 100644 --- a/arm/Microsoft.OperationalInsights/workspaces/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.OperationalInsights/workspaces/.bicep/nested_rbac.bicep @@ -29,7 +29,7 @@ resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2020-08 name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(logAnalyticsWorkspace.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.OperationalInsights/workspaces/.parameters/parameters.json b/arm/Microsoft.OperationalInsights/workspaces/.parameters/parameters.json index 6cc00e108f..a1b3b0323a 100644 --- a/arm/Microsoft.OperationalInsights/workspaces/.parameters/parameters.json +++ b/arm/Microsoft.OperationalInsights/workspaces/.parameters/parameters.json @@ -155,13 +155,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsax001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.OperationalInsights/workspaces/deploy.bicep b/arm/Microsoft.OperationalInsights/workspaces/deploy.bicep index fc1b69591a..adadecb186 100644 --- a/arm/Microsoft.OperationalInsights/workspaces/deploy.bicep +++ b/arm/Microsoft.OperationalInsights/workspaces/deploy.bicep @@ -63,13 +63,13 @@ param diagnosticLogsRetentionInDays int = 365 param diagnosticStorageAccountId string = '' @description('Optional. Resource ID of a log analytics workspace.') -param workspaceId string = '' +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @allowed([ 'CanNotDelete' @@ -151,13 +151,13 @@ resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2020-08 } } -resource logAnalyticsWorkspace_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource logAnalyticsWorkspace_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${logAnalyticsWorkspace.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } @@ -230,7 +230,7 @@ module logAnalyticsWorkspace_solutions '.bicep/nested_solutions.bicep' = [for (g } }] -resource logAnalyticsWorkspace_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource logAnalyticsWorkspace_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${logAnalyticsWorkspace.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.OperationalInsights/workspaces/readme.md b/arm/Microsoft.OperationalInsights/workspaces/readme.md index 32fdb1ab34..de22269371 100644 --- a/arm/Microsoft.OperationalInsights/workspaces/readme.md +++ b/arm/Microsoft.OperationalInsights/workspaces/readme.md @@ -6,8 +6,8 @@ This template deploys a log analytics workspace. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.OperationalInsights/workspaces` | 2020-08-01 | | `Microsoft.OperationalInsights/workspaces/dataSources` | 2020-08-01 | @@ -24,10 +24,11 @@ This template deploys a log analytics workspace. | `dailyQuotaGb` | int | `-1` | | Optional. The workspace daily quota for ingestion. | | `dataRetention` | int | `365` | | Required. Number of days data will be retained for | | `dataSources` | _[dataSources](dataSources/readme.md)_ array | `[]` | | Optional. LAW data sources to configure. | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of a log analytics workspace. | | `gallerySolutions` | array | `[]` | | Optional. LAW gallerySolutions from the gallery. | | `linkedServices` | _[linkedServices](linkedServices/readme.md)_ array | `[]` | | Optional. List of services to be linked. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | @@ -43,7 +44,6 @@ This template deploys a log analytics workspace. | `storageInsightsConfigs` | array | `[]` | | Optional. List of storage accounts to be read by the workspace. | | `tags` | object | `{object}` | | Optional. Tags of the resource. | | `useResourcePermissions` | bool | | | Optional. Set to 'true' to use resource or workspace permissions and 'false' (or leave empty) to require workspace permissions. | -| `workspaceId` | string | | | Optional. Resource ID of a log analytics workspace. | ### Parameter Usage: `gallerySolutions` @@ -130,8 +130,8 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Solutions](https://docs.microsoft.com/en-us/azure/templates/Microsoft.OperationsManagement/2015-11-01-preview/solutions) - [Workspaces](https://docs.microsoft.com/en-us/azure/templates/Microsoft.OperationalInsights/2020-08-01/workspaces) - [Workspaces/Datasources](https://docs.microsoft.com/en-us/azure/templates/Microsoft.OperationalInsights/2020-08-01/workspaces/dataSources) diff --git a/arm/Microsoft.OperationalInsights/workspaces/storageInsightConfigs/readme.md b/arm/Microsoft.OperationalInsights/workspaces/storageInsightConfigs/readme.md index 4bde3c81c3..6799c47f59 100644 --- a/arm/Microsoft.OperationalInsights/workspaces/storageInsightConfigs/readme.md +++ b/arm/Microsoft.OperationalInsights/workspaces/storageInsightConfigs/readme.md @@ -15,7 +15,7 @@ This template deploys a storage insights configuration for a Log Analytics works | `containers` | array | `[]` | | Optional. The names of the blob containers that the workspace should read. | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | | `logAnalyticsWorkspaceName` | string | | | Required. Name of the Log Analytics workspace. | -| `name` | string | `[last(split(parameters('storageAccountId'), '/'))]` | | Optional. The name of the storage insights config | +| `name` | string | `[format('{0}-stinsconfig', last(split(parameters('storageAccountId'), '/')))]` | | Optional. The name of the storage insights config | | `storageAccountId` | string | | | Required. The Azure Resource Manager ID of the storage account resource. | | `tables` | array | `[]` | | Optional. The names of the Azure tables that the workspace should read. | | `tags` | object | `{object}` | | Optional. Tags to configure in the resource. | diff --git a/arm/Microsoft.RecoveryServices/vaults/.bicep/nested_rbac.bicep b/arm/Microsoft.RecoveryServices/vaults/.bicep/nested_rbac.bicep index 54e601eab2..4b3dcbe5d9 100644 --- a/arm/Microsoft.RecoveryServices/vaults/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.RecoveryServices/vaults/.bicep/nested_rbac.bicep @@ -29,7 +29,7 @@ resource rsv 'Microsoft.RecoveryServices/vaults@2021-12-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(rsv.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.RecoveryServices/vaults/.parameters/parameters.json b/arm/Microsoft.RecoveryServices/vaults/.parameters/parameters.json index 8c350f0e84..a65c9ec78a 100644 --- a/arm/Microsoft.RecoveryServices/vaults/.parameters/parameters.json +++ b/arm/Microsoft.RecoveryServices/vaults/.parameters/parameters.json @@ -268,13 +268,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsax001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" }, "systemAssignedIdentity": { diff --git a/arm/Microsoft.RecoveryServices/vaults/deploy.bicep b/arm/Microsoft.RecoveryServices/vaults/deploy.bicep index 6181a968c7..eda7e8925a 100644 --- a/arm/Microsoft.RecoveryServices/vaults/deploy.bicep +++ b/arm/Microsoft.RecoveryServices/vaults/deploy.bicep @@ -28,14 +28,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'') param roleAssignments array = [] @@ -186,7 +186,7 @@ module rsv_backupConfig 'backupConfig/deploy.bicep' = if (!empty(backupConfig)) } } -resource rsv_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource rsv_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${rsv.name}-${lock}-lock' properties: { level: lock @@ -195,13 +195,13 @@ resource rsv_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotS scope: rsv } -resource rsv_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource rsv_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${rsv.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } diff --git a/arm/Microsoft.RecoveryServices/vaults/protectionContainers/readme.md b/arm/Microsoft.RecoveryServices/vaults/protectionContainers/readme.md index 82425cc183..e09c07a0fe 100644 --- a/arm/Microsoft.RecoveryServices/vaults/protectionContainers/readme.md +++ b/arm/Microsoft.RecoveryServices/vaults/protectionContainers/readme.md @@ -24,9 +24,9 @@ This module deploys a Protection Container for a Recovery Services Vault | Output Name | Type | Description | | :-- | :-- | :-- | -| `protectionContainerResourceId` | string | The resource ID of the Protection Container. | | `protectionContainerName` | string | The Name of the Protection Container. | | `protectionContainerResourceGroup` | string | The name of the Resource Group the Protection Container was created in. | +| `protectionContainerResourceId` | string | The resource ID of the Protection Container. | ## Template references diff --git a/arm/Microsoft.RecoveryServices/vaults/readme.md b/arm/Microsoft.RecoveryServices/vaults/readme.md index 9341155707..57e4fb1427 100644 --- a/arm/Microsoft.RecoveryServices/vaults/readme.md +++ b/arm/Microsoft.RecoveryServices/vaults/readme.md @@ -6,8 +6,8 @@ This module deploys a recovery service vault. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.RecoveryServices/vaults` | 2021-12-01 | | `Microsoft.RecoveryServices/vaults/backupconfig` | 2021-08-01 | @@ -23,10 +23,11 @@ This module deploys a recovery service vault. | `backupPolicies` | _[backupPolicies](backupPolicies/readme.md)_ array | `[]` | | Optional. List of all backup policies. | | `backupStorageConfig` | _[backupStorageConfig](backupStorageConfig/readme.md)_ object | `{object}` | | Optional. The storage configuration for the Azure Recovery Service Vault | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | | `logsToEnable` | array | `[AzureBackupReport, CoreAzureBackup, AddonAzureBackupJobs, AddonAzureBackupAlerts, AddonAzureBackupPolicy, AddonAzureBackupStorage, AddonAzureBackupProtectedInstance, AzureSiteRecoveryJobs, AzureSiteRecoveryEvents, AzureSiteRecoveryReplicatedItems, AzureSiteRecoveryReplicationStats, AzureSiteRecoveryRecoveryPoints, AzureSiteRecoveryReplicationDataUploadRate, AzureSiteRecoveryProtectedDiskDataChurn]` | `[AzureBackupReport, CoreAzureBackup, AddonAzureBackupJobs, AddonAzureBackupAlerts, AddonAzureBackupPolicy, AddonAzureBackupStorage, AddonAzureBackupProtectedInstance, AzureSiteRecoveryJobs, AzureSiteRecoveryEvents, AzureSiteRecoveryReplicatedItems, AzureSiteRecoveryReplicationStats, AzureSiteRecoveryRecoveryPoints, AzureSiteRecoveryReplicationDataUploadRate, AzureSiteRecoveryProtectedDiskDataChurn]` | Optional. The name of logs that will be streamed. | @@ -37,7 +38,6 @@ This module deploys a recovery service vault. | `systemAssignedIdentity` | bool | | | Optional. Enables system assigned managed identity on the resource. | | `tags` | object | `{object}` | | Optional. Tags of the Recovery Service Vault resource. | | `userAssignedIdentities` | object | `{object}` | | Optional. The ID(s) to assign to the resource. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ### Parameter Usage: `backupStorageConfig` @@ -355,9 +355,9 @@ You can specify multiple user assigned identities to a resource by providing add ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Vaults](https://docs.microsoft.com/en-us/azure/templates/Microsoft.RecoveryServices/2021-08-01/vaults) - [Vaults/Backupconfig](https://docs.microsoft.com/en-us/azure/templates/Microsoft.RecoveryServices/2021-08-01/vaults/backupconfig) - [Vaults/Backupfabrics/Protectioncontainers](https://docs.microsoft.com/en-us/azure/templates/Microsoft.RecoveryServices/2021-08-01/vaults/backupFabrics/protectionContainers) diff --git a/arm/Microsoft.Resources/deploymentScripts/deploy.bicep b/arm/Microsoft.Resources/deploymentScripts/deploy.bicep index ba6fe19fe7..564d61bf36 100644 --- a/arm/Microsoft.Resources/deploymentScripts/deploy.bicep +++ b/arm/Microsoft.Resources/deploymentScripts/deploy.bicep @@ -110,7 +110,7 @@ resource deploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = { } } -resource deploymentScript_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource deploymentScript_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${deploymentScript.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Resources/deploymentScripts/readme.md b/arm/Microsoft.Resources/deploymentScripts/readme.md index ca56f4269c..492305d269 100644 --- a/arm/Microsoft.Resources/deploymentScripts/readme.md +++ b/arm/Microsoft.Resources/deploymentScripts/readme.md @@ -6,7 +6,7 @@ This module deploys a deployment script. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Resources/deploymentScripts` | 2020-10-01 | ## Parameters @@ -78,5 +78,5 @@ This module requires a User Assigned Identity (MSI, managed service identity) to ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) - [Deploymentscripts](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Resources/2020-10-01/deploymentScripts) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) diff --git a/arm/Microsoft.Resources/resourceGroups/.bicep/nested_lock.bicep b/arm/Microsoft.Resources/resourceGroups/.bicep/nested_lock.bicep index a2f5c5c83f..776d6d2588 100644 --- a/arm/Microsoft.Resources/resourceGroups/.bicep/nested_lock.bicep +++ b/arm/Microsoft.Resources/resourceGroups/.bicep/nested_lock.bicep @@ -16,7 +16,7 @@ var lockNotes = { var lockName = empty(name) ? '${level}-lock' : name -resource lock 'Microsoft.Authorization/locks@2016-09-01' = if (level != 'NotSpecified') { +resource lock 'Microsoft.Authorization/locks@2017-04-01' = if (level != 'NotSpecified') { name: lockName properties: { level: level diff --git a/arm/Microsoft.Resources/resourceGroups/.bicep/nested_rbac.bicep b/arm/Microsoft.Resources/resourceGroups/.bicep/nested_rbac.bicep index 6fc4ae98bd..746874f92a 100644 --- a/arm/Microsoft.Resources/resourceGroups/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Resources/resourceGroups/.bicep/nested_rbac.bicep @@ -178,7 +178,7 @@ var builtInRoleNames = { 'Workbook Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b279062a-9be3-42a0-92ae-8b3cf002ec4d') } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(resourceGroupName, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Resources/resourceGroups/readme.md b/arm/Microsoft.Resources/resourceGroups/readme.md index 5e8efe34d3..640b7389b7 100644 --- a/arm/Microsoft.Resources/resourceGroups/readme.md +++ b/arm/Microsoft.Resources/resourceGroups/readme.md @@ -6,8 +6,8 @@ This module deploys a resource group. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Resources/resourceGroups` | 2019-05-01 | ## Parameters @@ -72,6 +72,6 @@ This module requires a User Assigned Identity (MSI, managed service identity) to ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Resourcegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Resources/2019-05-01/resourceGroups) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.ServiceBus/namespaces/.bicep/nested_privateEndpoints.bicep b/arm/Microsoft.ServiceBus/namespaces/.bicep/nested_privateEndpoints.bicep index 739c0bbb6c..d1381aa576 100644 --- a/arm/Microsoft.ServiceBus/namespaces/.bicep/nested_privateEndpoints.bicep +++ b/arm/Microsoft.ServiceBus/namespaces/.bicep/nested_privateEndpoints.bicep @@ -35,7 +35,7 @@ resource privateEndpoint_name 'Microsoft.Network/privateEndpoints@2021-05-01' = customDnsConfigs: privateEndpoint_var.customDnsConfigs } - resource privateEndpoint_name_default 'privateDnsZoneGroups@2020-05-01' = if (!empty(privateEndpoint_var.privateDnsZoneResourceIds)) { + resource privateEndpoint_name_default 'privateDnsZoneGroups@2021-05-01' = if (!empty(privateEndpoint_var.privateDnsZoneResourceIds)) { name: 'default' properties: { privateDnsZoneConfigs: [for j in range(0, length(privateEndpoint_var.privateDnsZoneResourceIds)): { diff --git a/arm/Microsoft.ServiceBus/namespaces/.bicep/nested_rbac.bicep b/arm/Microsoft.ServiceBus/namespaces/.bicep/nested_rbac.bicep index d34a35a841..be578a3643 100644 --- a/arm/Microsoft.ServiceBus/namespaces/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.ServiceBus/namespaces/.bicep/nested_rbac.bicep @@ -25,7 +25,7 @@ resource namespace 'Microsoft.ServiceBus/namespaces@2021-06-01-preview' existing name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(namespace.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.ServiceBus/namespaces/.parameters/parameters.json b/arm/Microsoft.ServiceBus/namespaces/.parameters/parameters.json index 7718ddc70a..808a2c5c28 100644 --- a/arm/Microsoft.ServiceBus/namespaces/.parameters/parameters.json +++ b/arm/Microsoft.ServiceBus/namespaces/.parameters/parameters.json @@ -103,13 +103,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsax001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" }, "systemAssignedIdentity": { diff --git a/arm/Microsoft.ServiceBus/namespaces/deploy.bicep b/arm/Microsoft.ServiceBus/namespaces/deploy.bicep index 092df0e6e6..0bfc27f840 100644 --- a/arm/Microsoft.ServiceBus/namespaces/deploy.bicep +++ b/arm/Microsoft.ServiceBus/namespaces/deploy.bicep @@ -48,14 +48,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @allowed([ 'CanNotDelete' @@ -234,7 +234,7 @@ module serviceBusNamespace_queues 'queues/deploy.bicep' = [for (queue, index) in } }] -resource serviceBusNamespace_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource serviceBusNamespace_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${serviceBusNamespace.name}-${lock}-lock' properties: { level: lock @@ -243,13 +243,13 @@ resource serviceBusNamespace_lock 'Microsoft.Authorization/locks@2016-09-01' = i scope: serviceBusNamespace } -resource serviceBusNamespace_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(workspaceId) || !empty(eventHubAuthorizationRuleId) || !empty(eventHubName)) { +resource serviceBusNamespace_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { name: '${serviceBusNamespace.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } @@ -284,8 +284,5 @@ output serviceBusNamespaceResourceGroup string = resourceGroup().name @description('The name of the deployed service bus namespace') output serviceBusNamespaceName string = serviceBusNamespace.name -@description('The connection string of the deployed service bus namespace') -output serviceBusConnectionString string = 'Endpoint=sb://${serviceBusNamespace.name}.servicebus.windows.net/;SharedAccessKeyName=${listkeys(resourceId('Microsoft.ServiceBus/namespaces/authorizationRules', serviceBusNamespace.name, 'RootManageSharedAccessKey'), '2017-04-01').primaryKey}' - @description('The principal ID of the system assigned identity.') output systemAssignedPrincipalId string = systemAssignedIdentity && contains(serviceBusNamespace.identity, 'principalId') ? serviceBusNamespace.identity.principalId : '' diff --git a/arm/Microsoft.ServiceBus/namespaces/queues/.bicep/nested_rbac.bicep b/arm/Microsoft.ServiceBus/namespaces/queues/.bicep/nested_rbac.bicep index 2114337790..e527921f3e 100644 --- a/arm/Microsoft.ServiceBus/namespaces/queues/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.ServiceBus/namespaces/queues/.bicep/nested_rbac.bicep @@ -25,7 +25,7 @@ resource queue 'Microsoft.ServiceBus/namespaces/queues@2021-06-01-preview' exist name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}' } -resource roleAssigment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssigment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(queue.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.ServiceBus/namespaces/queues/deploy.bicep b/arm/Microsoft.ServiceBus/namespaces/queues/deploy.bicep index a1b1575ded..4e6b08abce 100644 --- a/arm/Microsoft.ServiceBus/namespaces/queues/deploy.bicep +++ b/arm/Microsoft.ServiceBus/namespaces/queues/deploy.bicep @@ -121,7 +121,7 @@ module queue_authorizationRules 'authorizationRules/deploy.bicep' = [for (author } }] -resource queue_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource queue_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${queue.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.ServiceBus/namespaces/queues/readme.md b/arm/Microsoft.ServiceBus/namespaces/queues/readme.md index 3ff8c0f187..206c777941 100644 --- a/arm/Microsoft.ServiceBus/namespaces/queues/readme.md +++ b/arm/Microsoft.ServiceBus/namespaces/queues/readme.md @@ -6,8 +6,8 @@ This module deploys a queue for a service bus namespace. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.ServiceBus/namespaces/queues` | 2021-06-01-preview | | `Microsoft.ServiceBus/namespaces/queues/authorizationRules` | 2017-04-01 | @@ -66,7 +66,7 @@ This module deploys a queue for a service bus namespace. ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Namespaces/Queues](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2021-06-01-preview/namespaces/queues) - [Namespaces/Queues/Authorizationrules](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2017-04-01/namespaces/queues/authorizationRules) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.ServiceBus/namespaces/readme.md b/arm/Microsoft.ServiceBus/namespaces/readme.md index ff6f426f4a..5ae6ea0c82 100644 --- a/arm/Microsoft.ServiceBus/namespaces/readme.md +++ b/arm/Microsoft.ServiceBus/namespaces/readme.md @@ -6,11 +6,11 @@ This module deploys a service bus namespace resource. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Network/privateEndpoints` | 2021-05-01 | -| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | 2020-05-01 | +| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | 2021-05-01 | | `Microsoft.ServiceBus/namespaces` | 2021-06-01-preview | | `Microsoft.ServiceBus/namespaces/AuthorizationRules` | 2017-04-01 | | `Microsoft.ServiceBus/namespaces/disasterRecoveryConfigs` | 2017-04-01 | @@ -27,11 +27,12 @@ This module deploys a service bus namespace resource. | `authorizationRules` | _[authorizationRules](authorizationRules/readme.md)_ array | `[System.Collections.Hashtable]` | | Optional. Authorization Rules for the Service Bus namespace | | `baseTime` | string | `[utcNow('u')]` | | Generated. Do not provide a value! This date value is used to generate a SAS token to access the modules. | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `disasterRecoveryConfigs` | _[disasterRecoveryConfigs](disasterRecoveryConfigs/readme.md)_ object | `{object}` | | Optional. The disaster recovery configuration. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `ipFilterRules` | _[ipFilterRules](ipFilterRules/readme.md)_ array | `[]` | | Optional. IP Filter Rules for the Service Bus namespace | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | @@ -47,7 +48,6 @@ This module deploys a service bus namespace resource. | `tags` | object | `{object}` | | Optional. Tags of the resource. | | `userAssignedIdentities` | object | `{object}` | | Optional. The ID(s) to assign to the resource. | | `virtualNetworkRules` | _[virtualNetworkRules](virtualNetworkRules/readme.md)_ array | `[]` | | Optional. vNet Rules SubnetIds for the Service Bus namespace. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | | `zoneRedundant` | bool | | | Optional. Enabling this property creates a Premium Service Bus Namespace in regions supported availability zones. | ### Parameter Usage: `roleAssignments` @@ -142,7 +142,6 @@ You can specify multiple user assigned identities to a resource by providing add | Output Name | Type | Description | | :-- | :-- | :-- | -| `serviceBusConnectionString` | string | The connection string of the deployed service bus namespace | | `serviceBusNamespaceName` | string | The name of the deployed service bus namespace | | `serviceBusNamespaceResourceGroup` | string | The resource group of the deployed service bus namespace | | `serviceBusNamespaceResourceId` | string | The resource ID of the deployed service bus namespace | @@ -151,7 +150,7 @@ You can specify multiple user assigned identities to a resource by providing add ## Template references - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Namespaces](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2021-06-01-preview/namespaces) - [Namespaces/Authorizationrules](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2017-04-01/namespaces/AuthorizationRules) - [Namespaces/Disasterrecoveryconfigs](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2017-04-01/namespaces/disasterRecoveryConfigs) @@ -160,6 +159,6 @@ You can specify multiple user assigned identities to a resource by providing add - [Namespaces/Queues](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2021-06-01-preview/namespaces/queues) - [Namespaces/Queues/Authorizationrules](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2017-04-01/namespaces/queues/authorizationRules) - [Namespaces/Virtualnetworkrules](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2018-01-01-preview/namespaces/virtualnetworkrules) -- [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/privateEndpoints) -- [Privateendpoints/Privatednszonegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2020-05-01/privateEndpoints/privateDnsZoneGroups) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints) +- [Privateendpoints/Privatednszonegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints/privateDnsZoneGroups) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Sql/managedInstances/.bicep/nested_rbac.bicep b/arm/Microsoft.Sql/managedInstances/.bicep/nested_rbac.bicep index ef5901a113..a6285d10d5 100644 --- a/arm/Microsoft.Sql/managedInstances/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Sql/managedInstances/.bicep/nested_rbac.bicep @@ -25,7 +25,7 @@ resource managedInstance 'Microsoft.Sql/managedInstances@2020-08-01-preview' exi name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(managedInstance.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Sql/managedInstances/.parameters/parameters.json b/arm/Microsoft.Sql/managedInstances/.parameters/parameters.json index 5a75fc6897..78060154f3 100644 --- a/arm/Microsoft.Sql/managedInstances/.parameters/parameters.json +++ b/arm/Microsoft.Sql/managedInstances/.parameters/parameters.json @@ -131,13 +131,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsax001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.Sql/managedInstances/databases/deploy.bicep b/arm/Microsoft.Sql/managedInstances/databases/deploy.bicep index ecfeb9a223..b76e90c36b 100644 --- a/arm/Microsoft.Sql/managedInstances/databases/deploy.bicep +++ b/arm/Microsoft.Sql/managedInstances/databases/deploy.bicep @@ -52,14 +52,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @allowed([ 'CanNotDelete' @@ -132,7 +132,7 @@ resource database 'Microsoft.Sql/managedInstances/databases@2021-05-01-preview' } } -resource database_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource database_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${last(split(database.name, '/'))}-${lock}-lock' properties: { level: lock @@ -141,13 +141,13 @@ resource database_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != scope: database } -resource database_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource database_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${last(split(database.name, '/'))}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null logs: diagnosticsLogs } scope: database diff --git a/arm/Microsoft.Sql/managedInstances/databases/readme.md b/arm/Microsoft.Sql/managedInstances/databases/readme.md index 17c1d3199c..fb87356250 100644 --- a/arm/Microsoft.Sql/managedInstances/databases/readme.md +++ b/arm/Microsoft.Sql/managedInstances/databases/readme.md @@ -6,7 +6,7 @@ This template deploys a SQL Managed Instances Database. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Sql/managedInstances/databases` | 2021-05-01-preview | | `Microsoft.Sql/managedInstances/databases/backupLongTermRetentionPolicies` | 2021-02-01-preview | @@ -26,10 +26,11 @@ The SQL Managed Instance Database is deployed on a SQL Managed Instance. | `collation` | string | `SQL_Latin1_General_CP1_CI_AS` | | Optional. Collation of the managed instance database. | | `createMode` | string | `Default` | `[Default, RestoreExternalBackup, PointInTimeRestore, Recovery, RestoreLongTermRetentionBackup]` | Optional. Managed database create mode. PointInTimeRestore: Create a database by restoring a point in time backup of an existing database. SourceDatabaseName, SourceManagedInstanceName and PointInTime must be specified. RestoreExternalBackup: Create a database by restoring from external backup files. Collation, StorageContainerUri and StorageContainerSasToken must be specified. Recovery: Creates a database by restoring a geo-replicated backup. RecoverableDatabaseId must be specified as the recoverable database resource ID to restore. | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | | `logsToEnable` | array | `[SQLInsights, QueryStoreRuntimeStatistics, QueryStoreWaitStatistics, Errors]` | `[SQLInsights, QueryStoreRuntimeStatistics, QueryStoreWaitStatistics, Errors]` | Optional. The name of logs that will be streamed. | @@ -43,7 +44,6 @@ The SQL Managed Instance Database is deployed on a SQL Managed Instance. | `storageContainerSasToken` | string | | | Optional. Conditional. If createMode is RestoreExternalBackup, this value is required. Specifies the storage container sas token. | | `storageContainerUri` | string | | | Optional. Conditional. If createMode is RestoreExternalBackup, this value is required. Specifies the uri of the storage container where backups for this restore are stored. | | `tags` | object | `{object}` | | Optional. Tags of the resource. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ### Parameter Usage: `tags` @@ -72,8 +72,8 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Managedinstances/Databases](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-05-01-preview/managedInstances/databases) - [Managedinstances/Databases/Backuplongtermretentionpolicies](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-02-01-preview/managedInstances/databases/backupLongTermRetentionPolicies) - [Managedinstances/Databases/Backupshorttermretentionpolicies](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2017-03-01-preview/managedInstances/databases/backupShortTermRetentionPolicies) diff --git a/arm/Microsoft.Sql/managedInstances/deploy.bicep b/arm/Microsoft.Sql/managedInstances/deploy.bicep index 3e46a50932..2fd206b0e8 100644 --- a/arm/Microsoft.Sql/managedInstances/deploy.bicep +++ b/arm/Microsoft.Sql/managedInstances/deploy.bicep @@ -80,14 +80,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of a log analytics workspace.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @allowed([ 'CanNotDelete' @@ -212,7 +212,7 @@ resource managedInstance 'Microsoft.Sql/managedInstances@2021-05-01-preview' = { } } -resource managedInstance_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource managedInstance_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${managedInstance.name}-${lock}-lock' properties: { level: lock @@ -221,13 +221,13 @@ resource managedInstance_lock 'Microsoft.Authorization/locks@2016-09-01' = if (l scope: managedInstance } -resource managedInstance_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource managedInstance_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${managedInstance.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } @@ -253,8 +253,8 @@ module managedInstance_databases 'databases/deploy.bicep' = [for (database, inde createMode: contains(database, 'createMode') ? database.createMode : 'Default' diagnosticLogsRetentionInDays: contains(database, 'diagnosticLogsRetentionInDays') ? database.diagnosticLogsRetentionInDays : 365 diagnosticStorageAccountId: contains(database, 'diagnosticStorageAccountId') ? database.diagnosticStorageAccountId : '' - eventHubAuthorizationRuleId: contains(database, 'eventHubAuthorizationRuleId') ? database.eventHubAuthorizationRuleId : '' - eventHubName: contains(database, 'eventHubName') ? database.eventHubName : '' + diagnosticEventHubAuthorizationRuleId: contains(database, 'diagnosticEventHubAuthorizationRuleId') ? database.diagnosticEventHubAuthorizationRuleId : '' + diagnosticEventHubName: contains(database, 'diagnosticEventHubName') ? database.diagnosticEventHubName : '' location: contains(database, 'location') ? database.location : managedInstance.location lock: contains(database, 'lock') ? database.lock : lock longTermRetentionBackupResourceId: contains(database, 'longTermRetentionBackupResourceId') ? database.longTermRetentionBackupResourceId : '' @@ -265,7 +265,7 @@ module managedInstance_databases 'databases/deploy.bicep' = [for (database, inde storageContainerSasToken: contains(database, 'storageContainerSasToken') ? database.storageContainerSasToken : '' storageContainerUri: contains(database, 'storageContainerUri') ? database.storageContainerUri : '' tags: contains(database, 'tags') ? database.tags : {} - workspaceId: contains(database, 'workspaceId') ? database.workspaceId : '' + diagnosticWorkspaceId: contains(database, 'diagnosticWorkspaceId') ? database.diagnosticWorkspaceId : '' backupShortTermRetentionPoliciesObj: contains(database, 'backupShortTermRetentionPolicies') ? database.backupShortTermRetentionPolicies : {} backupLongTermRetentionPoliciesObj: contains(database, 'backupLongTermRetentionPolicies') ? database.backupLongTermRetentionPolicies : {} } diff --git a/arm/Microsoft.Sql/managedInstances/readme.md b/arm/Microsoft.Sql/managedInstances/readme.md index dedd857d3e..69c5096f17 100644 --- a/arm/Microsoft.Sql/managedInstances/readme.md +++ b/arm/Microsoft.Sql/managedInstances/readme.md @@ -6,8 +6,8 @@ This template deploys a SQL managed instance. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Sql/managedInstances` | 2021-05-01-preview | | `Microsoft.Sql/managedInstances/administrators` | 2021-02-01-preview | @@ -33,12 +33,13 @@ SQL Managed Instance is deployed on a virtual network. This network is required | `collation` | string | `SQL_Latin1_General_CP1_CI_AS` | | Optional. Collation of the managed instance. | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | | `databases` | _[databases](databases/readme.md)_ array | `[]` | | Optional. Databases to create in this server. | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `dnsZonePartner` | string | | | Optional. The resource ID of another managed instance whose DNS zone this managed instance will share after creation. | | `encryptionProtectorObj` | _[encryptionProtector](encryptionProtector/readme.md)_ object | `{object}` | | Optional. The encryption protection configuration | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `hardwareFamily` | string | `Gen5` | | Optional. If the service has different generations of hardware, for the same SKU, then that can be captured here. | | `instancePoolResourceId` | string | | | Optional. The resource ID of the instance pool this managed server belongs to. | | `keys` | _[keys](keys/readme.md)_ array | `[]` | | Optional. The keys to configure | @@ -66,7 +67,6 @@ SQL Managed Instance is deployed on a virtual network. This network is required | `userAssignedIdentities` | object | `{object}` | | Optional. The ID(s) to assign to the resource. | | `vCores` | int | `4` | | Optional. The number of vCores. Allowed values: 8, 16, 24, 32, 40, 64, 80. | | `vulnerabilityAssessmentsObj` | _[vulnerabilityAssessments](vulnerabilityAssessments/readme.md)_ object | `{object}` | | Optional. The vulnerability assessment configuration | -| `workspaceId` | string | | | Optional. Resource ID of a log analytics workspace. | ### Parameter Usage : `userAssignedIdentities` @@ -142,9 +142,8 @@ You can specify multiple user assigned identities to a resource by providing add ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Managedinstances](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-05-01-preview/managedInstances) - [Managedinstances/Administrators](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-02-01-preview/managedInstances/administrators) - [Managedinstances/Databases](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-05-01-preview/managedInstances/databases) @@ -154,3 +153,4 @@ You can specify multiple user assigned identities to a resource by providing add - [Managedinstances/Keys](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-05-01-preview/managedInstances/keys) - [Managedinstances/Securityalertpolicies](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2017-03-01-preview/managedInstances/securityAlertPolicies) - [Managedinstances/Vulnerabilityassessments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-02-01-preview/managedInstances/vulnerabilityAssessments) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Sql/servers/.bicep/nested_rbac.bicep b/arm/Microsoft.Sql/servers/.bicep/nested_rbac.bicep index ea9d14ecef..93a78da858 100644 --- a/arm/Microsoft.Sql/servers/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Sql/servers/.bicep/nested_rbac.bicep @@ -26,7 +26,7 @@ resource server 'Microsoft.Sql/servers@2020-02-02-preview' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(server.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Sql/servers/databases/deploy.bicep b/arm/Microsoft.Sql/servers/databases/deploy.bicep index 8d7f953ae7..9a0454d893 100644 --- a/arm/Microsoft.Sql/servers/databases/deploy.bicep +++ b/arm/Microsoft.Sql/servers/databases/deploy.bicep @@ -58,14 +58,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @description('Optional. The name of logs that will be streamed.') @allowed([ @@ -167,13 +167,13 @@ resource database 'Microsoft.Sql/servers/databases@2021-02-01-preview' = { } } -resource database_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource database_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${last(split(database.name, '/'))}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } diff --git a/arm/Microsoft.Sql/servers/databases/readme.md b/arm/Microsoft.Sql/servers/databases/readme.md index 4a993e8b41..328530202a 100644 --- a/arm/Microsoft.Sql/servers/databases/readme.md +++ b/arm/Microsoft.Sql/servers/databases/readme.md @@ -16,10 +16,11 @@ This module deploys an Azure SQL Server. | `autoPauseDelay` | string | | | Optional. Time in minutes after which database is automatically paused. | | `collation` | string | | | Optional. The collation of the database. | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `highAvailabilityReplicaCount` | int | | | Optional. The number of readonly secondary replicas associated with the database. | | `isLedgerOn` | bool | | | Optional. Whether or not this database is a ledger database, which means all tables in the database are ledger tables. Note: the value of this property cannot be changed after the database has been created. | | `licenseType` | string | | | Optional. The license type to apply for this database. | @@ -37,7 +38,6 @@ This module deploys an Azure SQL Server. | `skuName` | string | | | Required. The name of the SKU. | | `tags` | object | `{object}` | | Optional. Tags of the resource. | | `tier` | string | | | Optional. The tier or edition of the particular SKU. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | | `zoneRedundant` | bool | | | Optional. Whether or not this database is zone redundant. | ### Parameter Usage: `tags` diff --git a/arm/Microsoft.Sql/servers/deploy.bicep b/arm/Microsoft.Sql/servers/deploy.bicep index ce7fc91b11..9b32d7818c 100644 --- a/arm/Microsoft.Sql/servers/deploy.bicep +++ b/arm/Microsoft.Sql/servers/deploy.bicep @@ -67,7 +67,7 @@ resource server 'Microsoft.Sql/servers@2021-05-01-preview' = { } } -resource server_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource server_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${server.name}-${lock}-lock' properties: { level: lock @@ -97,8 +97,8 @@ module server_databases 'databases/deploy.bicep' = [for (database, index) in dat autoPauseDelay: contains(database, 'autoPauseDelay') ? database.autoPauseDelay : '' diagnosticLogsRetentionInDays: contains(database, 'diagnosticLogsRetentionInDays') ? database.diagnosticLogsRetentionInDays : 365 diagnosticStorageAccountId: contains(database, 'diagnosticStorageAccountId') ? database.diagnosticStorageAccountId : '' - eventHubAuthorizationRuleId: contains(database, 'eventHubAuthorizationRuleId') ? database.eventHubAuthorizationRuleId : '' - eventHubName: contains(database, 'eventHubName') ? database.eventHubName : '' + diagnosticEventHubAuthorizationRuleId: contains(database, 'diagnosticEventHubAuthorizationRuleId') ? database.diagnosticEventHubAuthorizationRuleId : '' + diagnosticEventHubName: contains(database, 'diagnosticEventHubName') ? database.diagnosticEventHubName : '' isLedgerOn: contains(database, 'isLedgerOn') ? database.isLedgerOn : false location: contains(database, 'location') ? database.location : server.location logsToEnable: contains(database, 'logsToEnable') ? database.logsToEnable : [] @@ -111,7 +111,7 @@ module server_databases 'databases/deploy.bicep' = [for (database, index) in dat requestedBackupStorageRedundancy: contains(database, 'requestedBackupStorageRedundancy') ? database.requestedBackupStorageRedundancy : '' sampleName: contains(database, 'sampleName') ? database.sampleName : '' tags: contains(database, 'tags') ? database.tags : {} - workspaceId: contains(database, 'workspaceId') ? database.workspaceId : '' + diagnosticWorkspaceId: contains(database, 'diagnosticWorkspaceId') ? database.diagnosticWorkspaceId : '' zoneRedundant: contains(database, 'zoneRedundant') ? database.zoneRedundant : false } }] diff --git a/arm/Microsoft.Sql/servers/firewallRules/readme.md b/arm/Microsoft.Sql/servers/firewallRules/readme.md index 2ed62c149c..9850b4de65 100644 --- a/arm/Microsoft.Sql/servers/firewallRules/readme.md +++ b/arm/Microsoft.Sql/servers/firewallRules/readme.md @@ -22,9 +22,9 @@ This module deploys an SQL Server Firewall rule. | Output Name | Type | Description | | :-- | :-- | :-- | -| `databaseResourceId` | string | The resource ID of the deployed firewall rule | | `databaseName` | string | The name of the deployed firewall rule | | `databaseResourceGroup` | string | The resourceGroup of the deployed firewall rule | +| `databaseResourceId` | string | The resource ID of the deployed firewall rule | ## Template references diff --git a/arm/Microsoft.Sql/servers/readme.md b/arm/Microsoft.Sql/servers/readme.md index a11a2cb394..649dd85a41 100644 --- a/arm/Microsoft.Sql/servers/readme.md +++ b/arm/Microsoft.Sql/servers/readme.md @@ -6,8 +6,8 @@ This module deploys a SQL server. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Sql/servers` | 2021-05-01-preview | | `Microsoft.Sql/servers/databases` | 2021-02-01-preview | @@ -95,9 +95,9 @@ You can specify multiple user assigned identities to a resource by providing add ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Servers](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-05-01-preview/servers) - [Servers/Databases](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-02-01-preview/servers/databases) - [Servers/Firewallrules](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-05-01-preview/servers/firewallRules) diff --git a/arm/Microsoft.Sql/servers/securityAlertPolicies/readme.md b/arm/Microsoft.Sql/servers/securityAlertPolicies/readme.md index 87c40b7fa9..b3ad674ffa 100644 --- a/arm/Microsoft.Sql/servers/securityAlertPolicies/readme.md +++ b/arm/Microsoft.Sql/servers/securityAlertPolicies/readme.md @@ -27,9 +27,9 @@ This module deploys an SQL Server Security Alert Policy. | Output Name | Type | Description | | :-- | :-- | :-- | -| `databaseResourceId` | string | The resource ID of the deployed security alert policy | | `databaseName` | string | The name of the deployed security alert policy | | `databaseResourceGroup` | string | The resourceGroup of the deployed security alert policy | +| `databaseResourceId` | string | The resource ID of the deployed security alert policy | ## Template references diff --git a/arm/Microsoft.Storage/storageAccounts/.bicep/nested_rbac.bicep b/arm/Microsoft.Storage/storageAccounts/.bicep/nested_rbac.bicep index 4c89ddb7a2..e611b0f42b 100644 --- a/arm/Microsoft.Storage/storageAccounts/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Storage/storageAccounts/.bicep/nested_rbac.bicep @@ -49,7 +49,7 @@ resource storageAccount 'Microsoft.Storage/storageAccounts@2021-06-01' existing name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(storageAccount.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Storage/storageAccounts/.parameters/parameters.json b/arm/Microsoft.Storage/storageAccounts/.parameters/parameters.json index 3a35acf016..71b50994fc 100644 --- a/arm/Microsoft.Storage/storageAccounts/.parameters/parameters.json +++ b/arm/Microsoft.Storage/storageAccounts/.parameters/parameters.json @@ -132,13 +132,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsax001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.Storage/storageAccounts/blobServices/containers/.bicep/nested_rbac.bicep b/arm/Microsoft.Storage/storageAccounts/blobServices/containers/.bicep/nested_rbac.bicep index ec0dd38e62..3db79286a8 100644 --- a/arm/Microsoft.Storage/storageAccounts/blobServices/containers/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Storage/storageAccounts/blobServices/containers/.bicep/nested_rbac.bicep @@ -40,7 +40,7 @@ resource container 'Microsoft.Storage/storageAccounts/blobServices/containers@20 name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}/${split(resourceId, '/')[12]}' } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(container.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Storage/storageAccounts/blobServices/containers/readme.md b/arm/Microsoft.Storage/storageAccounts/blobServices/containers/readme.md index ec183fd71e..20926def1a 100644 --- a/arm/Microsoft.Storage/storageAccounts/blobServices/containers/readme.md +++ b/arm/Microsoft.Storage/storageAccounts/blobServices/containers/readme.md @@ -6,7 +6,7 @@ This module deployes a blob container | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Storage/storageAccounts/blobServices/containers` | 2019-06-01 | | `Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies` | 2019-06-01 | @@ -55,6 +55,6 @@ This module deployes a blob container ## Template references -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Storageaccounts/Blobservices/Containers](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2019-06-01/storageAccounts/blobServices/containers) - [Storageaccounts/Blobservices/Containers/Immutabilitypolicies](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2019-06-01/storageAccounts/blobServices/containers/immutabilityPolicies) diff --git a/arm/Microsoft.Storage/storageAccounts/blobServices/deploy.bicep b/arm/Microsoft.Storage/storageAccounts/blobServices/deploy.bicep index 38973f1598..be1a7aeef8 100644 --- a/arm/Microsoft.Storage/storageAccounts/blobServices/deploy.bicep +++ b/arm/Microsoft.Storage/storageAccounts/blobServices/deploy.bicep @@ -26,13 +26,13 @@ param diagnosticLogsRetentionInDays int = 365 param diagnosticStorageAccountId string = '' @description('Optional. Resource ID of a log analytics workspace.') -param workspaceId string = '' +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @description('Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered') param cuaId string = '' @@ -97,13 +97,13 @@ resource blobServices 'Microsoft.Storage/storageAccounts/blobServices@2021-06-01 } } -resource blobServices_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource blobServices_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${blobServices.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } diff --git a/arm/Microsoft.Storage/storageAccounts/blobServices/readme.md b/arm/Microsoft.Storage/storageAccounts/blobServices/readme.md index d553636eb1..f28400bb7c 100644 --- a/arm/Microsoft.Storage/storageAccounts/blobServices/readme.md +++ b/arm/Microsoft.Storage/storageAccounts/blobServices/readme.md @@ -6,7 +6,7 @@ This module can be used to deploy a blob service into a storage account. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Storage/storageAccounts/blobServices` | 2021-06-01 | | `Microsoft.Storage/storageAccounts/blobServices/containers` | 2019-06-01 | @@ -21,15 +21,15 @@ This module can be used to deploy a blob service into a storage account. | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | | `deleteRetentionPolicy` | bool | `True` | | Optional. Indicates whether DeleteRetentionPolicy is enabled for the Blob service. | | `deleteRetentionPolicyDays` | int | `7` | | Optional. Indicates the number of days that the deleted blob should be retained. The minimum specified value can be 1 and the maximum value can be 365. | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of a log analytics workspace. | | `logsToEnable` | array | `[StorageRead, StorageWrite, StorageDelete]` | `[StorageRead, StorageWrite, StorageDelete]` | Optional. The name of logs that will be streamed. | | `metricsToEnable` | array | `[Transaction]` | `[Transaction]` | Optional. The name of metrics that will be streamed. | | `name` | string | `default` | | Optional. The name of the blob service | | `storageAccountName` | string | | | Required. Name of the Storage Account. | -| `workspaceId` | string | | | Optional. Resource ID of a log analytics workspace. | ## Outputs @@ -42,8 +42,8 @@ This module can be used to deploy a blob service into a storage account. ## Template references -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Storageaccounts/Blobservices](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-06-01/storageAccounts/blobServices) - [Storageaccounts/Blobservices/Containers](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2019-06-01/storageAccounts/blobServices/containers) - [Storageaccounts/Blobservices/Containers/Immutabilitypolicies](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2019-06-01/storageAccounts/blobServices/containers/immutabilityPolicies) diff --git a/arm/Microsoft.Storage/storageAccounts/deploy.bicep b/arm/Microsoft.Storage/storageAccounts/deploy.bicep index 21d50045f9..f689827bd1 100644 --- a/arm/Microsoft.Storage/storageAccounts/deploy.bicep +++ b/arm/Microsoft.Storage/storageAccounts/deploy.bicep @@ -93,14 +93,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of a log analytics workspace.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @allowed([ 'CanNotDelete' @@ -196,19 +196,19 @@ resource storageAccount 'Microsoft.Storage/storageAccounts@2021-06-01' = { properties: saProperties } -resource storageAccount_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource storageAccount_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${storageAccount.name}-diagnosticSettings' properties: { storageAccountId: empty(diagnosticStorageAccountId) ? null : diagnosticStorageAccountId - workspaceId: empty(workspaceId) ? null : workspaceId - eventHubAuthorizationRuleId: empty(eventHubAuthorizationRuleId) ? null : eventHubAuthorizationRuleId - eventHubName: empty(eventHubName) ? null : eventHubName + workspaceId: empty(diagnosticWorkspaceId) ? null : diagnosticWorkspaceId + eventHubAuthorizationRuleId: empty(diagnosticEventHubAuthorizationRuleId) ? null : diagnosticEventHubAuthorizationRuleId + eventHubName: empty(diagnosticEventHubName) ? null : diagnosticEventHubName metrics: diagnosticsMetrics } scope: storageAccount } -resource storageAccount_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource storageAccount_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${storageAccount.name}-${lock}-lock' properties: { level: lock @@ -256,11 +256,11 @@ module storageAccount_blobServices 'blobServices/deploy.bicep' = if (!empty(blob deleteRetentionPolicyDays: contains(blobServices, 'deleteRetentionPolicyDays') ? blobServices.deleteRetentionPolicyDays : 7 diagnosticLogsRetentionInDays: contains(blobServices, 'diagnosticLogsRetentionInDays') ? blobServices.diagnosticLogsRetentionInDays : 365 diagnosticStorageAccountId: contains(blobServices, 'diagnosticStorageAccountId') ? blobServices.diagnosticStorageAccountId : '' - eventHubAuthorizationRuleId: contains(blobServices, 'eventHubAuthorizationRuleId') ? blobServices.eventHubAuthorizationRuleId : '' - eventHubName: contains(blobServices, 'eventHubName') ? blobServices.eventHubName : '' + diagnosticEventHubAuthorizationRuleId: contains(blobServices, 'diagnosticEventHubAuthorizationRuleId') ? blobServices.diagnosticEventHubAuthorizationRuleId : '' + diagnosticEventHubName: contains(blobServices, 'diagnosticEventHubName') ? blobServices.diagnosticEventHubName : '' logsToEnable: contains(blobServices, 'logsToEnable') ? blobServices.logsToEnable : [] metricsToEnable: contains(blobServices, 'metricsToEnable') ? blobServices.metricsToEnable : [] - workspaceId: contains(blobServices, 'workspaceId') ? blobServices.workspaceId : '' + diagnosticWorkspaceId: contains(blobServices, 'diagnosticWorkspaceId') ? blobServices.diagnosticWorkspaceId : '' } } @@ -271,8 +271,8 @@ module storageAccount_fileServices 'fileServices/deploy.bicep' = if (!empty(file storageAccountName: storageAccount.name diagnosticLogsRetentionInDays: contains(fileServices, 'diagnosticLogsRetentionInDays') ? fileServices.diagnosticLogsRetentionInDays : 365 diagnosticStorageAccountId: contains(fileServices, 'diagnosticStorageAccountId') ? fileServices.diagnosticStorageAccountId : '' - eventHubAuthorizationRuleId: contains(fileServices, 'eventHubAuthorizationRuleId') ? fileServices.eventHubAuthorizationRuleId : '' - eventHubName: contains(fileServices, 'eventHubName') ? fileServices.eventHubName : '' + diagnosticEventHubAuthorizationRuleId: contains(fileServices, 'diagnosticEventHubAuthorizationRuleId') ? fileServices.diagnosticEventHubAuthorizationRuleId : '' + diagnosticEventHubName: contains(fileServices, 'diagnosticEventHubName') ? fileServices.diagnosticEventHubName : '' logsToEnable: contains(fileServices, 'logsToEnable') ? fileServices.logsToEnable : [] metricsToEnable: contains(fileServices, 'metricsToEnable') ? fileServices.metricsToEnable : [] protocolSettings: contains(fileServices, 'protocolSettings') ? fileServices.protocolSettings : {} @@ -281,7 +281,7 @@ module storageAccount_fileServices 'fileServices/deploy.bicep' = if (!empty(file days: 7 } shares: contains(fileServices, 'shares') ? fileServices.shares : [] - workspaceId: contains(fileServices, 'workspaceId') ? fileServices.workspaceId : '' + diagnosticWorkspaceId: contains(fileServices, 'diagnosticWorkspaceId') ? fileServices.diagnosticWorkspaceId : '' } } @@ -292,12 +292,12 @@ module storageAccount_queueServices 'queueServices/deploy.bicep' = if (!empty(qu storageAccountName: storageAccount.name diagnosticLogsRetentionInDays: contains(queueServices, 'diagnosticLogsRetentionInDays') ? queueServices.diagnosticLogsRetentionInDays : 365 diagnosticStorageAccountId: contains(queueServices, 'diagnosticStorageAccountId') ? queueServices.diagnosticStorageAccountId : '' - eventHubAuthorizationRuleId: contains(queueServices, 'eventHubAuthorizationRuleId') ? queueServices.eventHubAuthorizationRuleId : '' - eventHubName: contains(queueServices, 'eventHubName') ? queueServices.eventHubName : '' + diagnosticEventHubAuthorizationRuleId: contains(queueServices, 'diagnosticEventHubAuthorizationRuleId') ? queueServices.diagnosticEventHubAuthorizationRuleId : '' + diagnosticEventHubName: contains(queueServices, 'diagnosticEventHubName') ? queueServices.diagnosticEventHubName : '' logsToEnable: contains(queueServices, 'logsToEnable') ? queueServices.logsToEnable : [] metricsToEnable: contains(queueServices, 'metricsToEnable') ? queueServices.metricsToEnable : [] queues: contains(queueServices, 'queues') ? queueServices.queues : [] - workspaceId: contains(queueServices, 'workspaceId') ? queueServices.workspaceId : '' + diagnosticWorkspaceId: contains(queueServices, 'diagnosticWorkspaceId') ? queueServices.diagnosticWorkspaceId : '' } } @@ -308,12 +308,12 @@ module storageAccount_tableServices 'tableServices/deploy.bicep' = if (!empty(ta storageAccountName: storageAccount.name diagnosticLogsRetentionInDays: contains(tableServices, 'diagnosticLogsRetentionInDays') ? tableServices.diagnosticLogsRetentionInDays : 365 diagnosticStorageAccountId: contains(tableServices, 'diagnosticStorageAccountId') ? tableServices.diagnosticStorageAccountId : '' - eventHubAuthorizationRuleId: contains(tableServices, 'eventHubAuthorizationRuleId') ? tableServices.eventHubAuthorizationRuleId : '' - eventHubName: contains(tableServices, 'eventHubName') ? tableServices.eventHubName : '' + diagnosticEventHubAuthorizationRuleId: contains(tableServices, 'diagnosticEventHubAuthorizationRuleId') ? tableServices.diagnosticEventHubAuthorizationRuleId : '' + diagnosticEventHubName: contains(tableServices, 'diagnosticEventHubName') ? tableServices.diagnosticEventHubName : '' logsToEnable: contains(tableServices, 'logsToEnable') ? tableServices.logsToEnable : [] metricsToEnable: contains(tableServices, 'metricsToEnable') ? tableServices.metricsToEnable : [] tables: contains(tableServices, 'tables') ? tableServices.tables : [] - workspaceId: contains(tableServices, 'workspaceId') ? tableServices.workspaceId : '' + diagnosticWorkspaceId: contains(tableServices, 'diagnosticWorkspaceId') ? tableServices.diagnosticWorkspaceId : '' } } diff --git a/arm/Microsoft.Storage/storageAccounts/fileServices/deploy.bicep b/arm/Microsoft.Storage/storageAccounts/fileServices/deploy.bicep index d48624aa19..4dbfb97fcf 100644 --- a/arm/Microsoft.Storage/storageAccounts/fileServices/deploy.bicep +++ b/arm/Microsoft.Storage/storageAccounts/fileServices/deploy.bicep @@ -23,13 +23,13 @@ param diagnosticLogsRetentionInDays int = 365 param diagnosticStorageAccountId string = '' @description('Optional. Resource ID of a log analytics workspace.') -param workspaceId string = '' +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @description('Optional. File shares to create.') param shares array = [] @@ -94,13 +94,13 @@ resource fileServices 'Microsoft.Storage/storageAccounts/fileServices@2021-04-01 } } -resource fileServices_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource fileServices_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${fileServices.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } diff --git a/arm/Microsoft.Storage/storageAccounts/fileServices/readme.md b/arm/Microsoft.Storage/storageAccounts/fileServices/readme.md index 76e0c64f21..1ae193c4e9 100644 --- a/arm/Microsoft.Storage/storageAccounts/fileServices/readme.md +++ b/arm/Microsoft.Storage/storageAccounts/fileServices/readme.md @@ -6,7 +6,7 @@ This module can be used to deploy a file share service into a storage account. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Storage/storageAccounts/fileServices` | 2021-04-01 | | `Microsoft.Storage/storageAccounts/fileServices/shares` | 2019-06-01 | @@ -16,10 +16,11 @@ This module can be used to deploy a file share service into a storage account. | Parameter Name | Type | Default Value | Possible Values | Description | | :-- | :-- | :-- | :-- | :-- | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of a log analytics workspace. | | `logsToEnable` | array | `[StorageRead, StorageWrite, StorageDelete]` | `[StorageRead, StorageWrite, StorageDelete]` | Optional. The name of logs that will be streamed. | | `metricsToEnable` | array | `[Transaction]` | `[Transaction]` | Optional. The name of metrics that will be streamed. | | `name` | string | `default` | | Optional. The name of the file service | @@ -27,7 +28,6 @@ This module can be used to deploy a file share service into a storage account. | `shareDeleteRetentionPolicy` | object | `{object}` | | Optional. The service properties for soft delete. | | `shares` | _[shares](shares/readme.md)_ array | `[]` | | Optional. File shares to create. | | `storageAccountName` | string | | | Required. Name of the Storage Account. | -| `workspaceId` | string | | | Optional. Resource ID of a log analytics workspace. | ## Outputs @@ -39,7 +39,7 @@ This module can be used to deploy a file share service into a storage account. ## Template references -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Storageaccounts/Fileservices](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-04-01/storageAccounts/fileServices) - [Storageaccounts/Fileservices/Shares](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2019-06-01/storageAccounts/fileServices/shares) diff --git a/arm/Microsoft.Storage/storageAccounts/fileServices/shares/.bicep/nested_rbac.bicep b/arm/Microsoft.Storage/storageAccounts/fileServices/shares/.bicep/nested_rbac.bicep index 5600d96b54..6a91451e29 100644 --- a/arm/Microsoft.Storage/storageAccounts/fileServices/shares/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Storage/storageAccounts/fileServices/shares/.bicep/nested_rbac.bicep @@ -49,7 +49,7 @@ resource fileShare 'Microsoft.Storage/storageAccounts/fileServices/shares@2019-0 name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}/${split(resourceId, '/')[12]}' } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(fileShare.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Storage/storageAccounts/fileServices/shares/readme.md b/arm/Microsoft.Storage/storageAccounts/fileServices/shares/readme.md index bd76d94986..a56c46f324 100644 --- a/arm/Microsoft.Storage/storageAccounts/fileServices/shares/readme.md +++ b/arm/Microsoft.Storage/storageAccounts/fileServices/shares/readme.md @@ -6,7 +6,7 @@ This module deploys a storage account file share. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Storage/storageAccounts/fileServices/shares` | 2019-06-01 | ## Parameters @@ -52,5 +52,5 @@ This module deploys a storage account file share. ## Template references -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Storageaccounts/Fileservices/Shares](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2019-06-01/storageAccounts/fileServices/shares) diff --git a/arm/Microsoft.Storage/storageAccounts/queueServices/deploy.bicep b/arm/Microsoft.Storage/storageAccounts/queueServices/deploy.bicep index 5a7ba6cb5c..021d9a6ee9 100644 --- a/arm/Microsoft.Storage/storageAccounts/queueServices/deploy.bicep +++ b/arm/Microsoft.Storage/storageAccounts/queueServices/deploy.bicep @@ -17,13 +17,13 @@ param diagnosticLogsRetentionInDays int = 365 param diagnosticStorageAccountId string = '' @description('Optional. Resource ID of a log analytics workspace.') -param workspaceId string = '' +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @description('Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered') param cuaId string = '' @@ -82,13 +82,13 @@ resource queueServices 'Microsoft.Storage/storageAccounts/queueServices@2021-04- properties: {} } -resource queueServices_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource queueServices_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${queueServices.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } diff --git a/arm/Microsoft.Storage/storageAccounts/queueServices/queues/.bicep/nested_rbac.bicep b/arm/Microsoft.Storage/storageAccounts/queueServices/queues/.bicep/nested_rbac.bicep index 4f5c422930..fd1dfa435e 100644 --- a/arm/Microsoft.Storage/storageAccounts/queueServices/queues/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Storage/storageAccounts/queueServices/queues/.bicep/nested_rbac.bicep @@ -46,7 +46,7 @@ resource queue 'Microsoft.Storage/storageAccounts/queueServices/queues@2019-06-0 name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}/${split(resourceId, '/')[12]}' } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(queue.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Storage/storageAccounts/queueServices/queues/readme.md b/arm/Microsoft.Storage/storageAccounts/queueServices/queues/readme.md index 0664c92dc1..e23a57ebf3 100644 --- a/arm/Microsoft.Storage/storageAccounts/queueServices/queues/readme.md +++ b/arm/Microsoft.Storage/storageAccounts/queueServices/queues/readme.md @@ -6,7 +6,7 @@ This module deployes a storage account queue | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Storage/storageAccounts/queueServices/queues` | 2019-06-01 | ## Parameters @@ -52,5 +52,5 @@ This module deployes a storage account queue ## Template references -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Storageaccounts/Queueservices/Queues](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2019-06-01/storageAccounts/queueServices/queues) diff --git a/arm/Microsoft.Storage/storageAccounts/queueServices/readme.md b/arm/Microsoft.Storage/storageAccounts/queueServices/readme.md index 32afcf82d4..02db74800b 100644 --- a/arm/Microsoft.Storage/storageAccounts/queueServices/readme.md +++ b/arm/Microsoft.Storage/storageAccounts/queueServices/readme.md @@ -6,7 +6,7 @@ This module can be used to deploy a file share service into a storage account. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Storage/storageAccounts/queueServices` | 2021-04-01 | | `Microsoft.Storage/storageAccounts/queueServices/queues` | 2019-06-01 | @@ -16,16 +16,16 @@ This module can be used to deploy a file share service into a storage account. | Parameter Name | Type | Default Value | Possible Values | Description | | :-- | :-- | :-- | :-- | :-- | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of a log analytics workspace. | | `logsToEnable` | array | `[StorageRead, StorageWrite, StorageDelete]` | `[StorageRead, StorageWrite, StorageDelete]` | Optional. The name of logs that will be streamed. | | `metricsToEnable` | array | `[Transaction]` | `[Transaction]` | Optional. The name of metrics that will be streamed. | | `name` | string | `default` | | Optional. The name of the queue service | | `queues` | _[queues](queues/readme.md)_ array | `[]` | | Optional. Queues to create. | | `storageAccountName` | string | | | Required. Name of the Storage Account. | -| `workspaceId` | string | | | Optional. Resource ID of a log analytics workspace. | ## Outputs @@ -38,7 +38,7 @@ This module can be used to deploy a file share service into a storage account. ## Template references -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Storageaccounts/Queueservices](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-04-01/storageAccounts/queueServices) - [Storageaccounts/Queueservices/Queues](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2019-06-01/storageAccounts/queueServices/queues) diff --git a/arm/Microsoft.Storage/storageAccounts/readme.md b/arm/Microsoft.Storage/storageAccounts/readme.md index 187e9a0628..13693b0fe7 100644 --- a/arm/Microsoft.Storage/storageAccounts/readme.md +++ b/arm/Microsoft.Storage/storageAccounts/readme.md @@ -6,8 +6,8 @@ This module is used to deploy a storage account, with the ability to deploy 1 or | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Network/privateEndpoints` | 2021-05-01 | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | 2021-02-01 | @@ -32,11 +32,12 @@ This module is used to deploy a storage account, with the ability to deploy 1 or | `basetime` | string | `[utcNow('u')]` | | Generated. Do not provide a value! This date value is used to generate a SAS token to access the modules. | | `blobServices` | _[blobServices](blobServices/readme.md)_ object | `{object}` | | Optional. Blob service and containers to deploy | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `enableHierarchicalNamespace` | bool | | | Optional. If true, enables Hierarchical Namespace for the storage account | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `fileServices` | _[fileServices](fileServices/readme.md)_ object | `{object}` | | Optional. File service and shares to deploy | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | @@ -56,7 +57,6 @@ This module is used to deploy a storage account, with the ability to deploy 1 or | `tags` | object | `{object}` | | Optional. Tags of the resource. | | `userAssignedIdentities` | object | `{object}` | | Optional. The ID(s) to assign to the resource. | | `vNetId` | string | | | Optional. Virtual Network Identifier used to create a service endpoint. | -| `workspaceId` | string | | | Optional. Resource ID of a log analytics workspace. | ### Parameter Usage: `roleAssignments` @@ -180,10 +180,11 @@ The hierarchical namespace of the storage account (see parameter `enableHierarch ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/privateEndpoints) +- [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) +- [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints) - [Privateendpoints/Privatednszonegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/privateEndpoints/privateDnsZoneGroups) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Storageaccounts](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-06-01/storageAccounts) - [Storageaccounts/Blobservices](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-06-01/storageAccounts/blobServices) - [Storageaccounts/Blobservices/Containers](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2019-06-01/storageAccounts/blobServices/containers) diff --git a/arm/Microsoft.Storage/storageAccounts/tableServices/deploy.bicep b/arm/Microsoft.Storage/storageAccounts/tableServices/deploy.bicep index bd8d531e66..a7ec57af23 100644 --- a/arm/Microsoft.Storage/storageAccounts/tableServices/deploy.bicep +++ b/arm/Microsoft.Storage/storageAccounts/tableServices/deploy.bicep @@ -17,13 +17,13 @@ param diagnosticLogsRetentionInDays int = 365 param diagnosticStorageAccountId string = '' @description('Optional. Resource ID of a log analytics workspace.') -param workspaceId string = '' +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @description('Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered') param cuaId string = '' @@ -82,13 +82,13 @@ resource tableServices 'Microsoft.Storage/storageAccounts/tableServices@2021-04- properties: {} } -resource tableServices_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource tableServices_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${tableServices.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } diff --git a/arm/Microsoft.Storage/storageAccounts/tableServices/readme.md b/arm/Microsoft.Storage/storageAccounts/tableServices/readme.md index 499eea50a0..e2406550d6 100644 --- a/arm/Microsoft.Storage/storageAccounts/tableServices/readme.md +++ b/arm/Microsoft.Storage/storageAccounts/tableServices/readme.md @@ -15,16 +15,16 @@ This module deploys a storage account table service | Parameter Name | Type | Default Value | Possible Values | Description | | :-- | :-- | :-- | :-- | :-- | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of a log analytics workspace. | | `logsToEnable` | array | `[StorageRead, StorageWrite, StorageDelete]` | `[StorageRead, StorageWrite, StorageDelete]` | Optional. The name of logs that will be streamed. | | `metricsToEnable` | array | `[Transaction]` | `[Transaction]` | Optional. The name of metrics that will be streamed. | | `name` | string | `default` | | Optional. The name of the table service | | `storageAccountName` | string | | | Required. Name of the Storage Account. | | `tables` | _[tables](tables/readme.md)_ array | `[]` | | Optional. tables to create. | -| `workspaceId` | string | | | Optional. Resource ID of a log analytics workspace. | ## Outputs diff --git a/arm/Microsoft.Synapse/privateLinkHubs/.bicep/nested_rbac.bicep b/arm/Microsoft.Synapse/privateLinkHubs/.bicep/nested_rbac.bicep index 0c750fea26..07993ec01d 100644 --- a/arm/Microsoft.Synapse/privateLinkHubs/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Synapse/privateLinkHubs/.bicep/nested_rbac.bicep @@ -22,7 +22,7 @@ resource privateLinkHub 'Microsoft.Synapse/privateLinkHubs@2021-06-01' existing name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(privateLinkHub.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Synapse/privateLinkHubs/deploy.bicep b/arm/Microsoft.Synapse/privateLinkHubs/deploy.bicep index 1605f04c7b..c67c5a85d1 100644 --- a/arm/Microsoft.Synapse/privateLinkHubs/deploy.bicep +++ b/arm/Microsoft.Synapse/privateLinkHubs/deploy.bicep @@ -28,7 +28,7 @@ resource privateLinkHub 'Microsoft.Synapse/privateLinkHubs@2021-06-01' = { } // Resource Lock -resource privateLinkHub_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource privateLinkHub_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${privateLinkHub.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Synapse/privateLinkHubs/readme.md b/arm/Microsoft.Synapse/privateLinkHubs/readme.md index 71b1a5494c..b343edf101 100644 --- a/arm/Microsoft.Synapse/privateLinkHubs/readme.md +++ b/arm/Microsoft.Synapse/privateLinkHubs/readme.md @@ -6,8 +6,8 @@ This module deploys Synapse PrivateLinkHubs. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Network/privateEndpoints` | 2021-03-01 | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | 2021-03-01 | | `Microsoft.Synapse/privateLinkHubs` | 2021-06-01 | @@ -108,8 +108,8 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/privateEndpoints) - [Privateendpoints/Privatednszonegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/privateEndpoints/privateDnsZoneGroups) - [Privatelinkhubs](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Synapse/2021-06-01/privateLinkHubs) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.VirtualMachineImages/imageTemplates/.bicep/nested_rbac.bicep b/arm/Microsoft.VirtualMachineImages/imageTemplates/.bicep/nested_rbac.bicep index 0f8d11053d..f0e4261703 100644 --- a/arm/Microsoft.VirtualMachineImages/imageTemplates/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.VirtualMachineImages/imageTemplates/.bicep/nested_rbac.bicep @@ -22,7 +22,7 @@ resource imageTemplate 'Microsoft.VirtualMachineImages/imageTemplates@2020-02-14 name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(imageTemplate.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.VirtualMachineImages/imageTemplates/deploy.bicep b/arm/Microsoft.VirtualMachineImages/imageTemplates/deploy.bicep index c1bf55f285..cd5552ce0a 100644 --- a/arm/Microsoft.VirtualMachineImages/imageTemplates/deploy.bicep +++ b/arm/Microsoft.VirtualMachineImages/imageTemplates/deploy.bicep @@ -148,7 +148,7 @@ resource imageTemplate 'Microsoft.VirtualMachineImages/imageTemplates@2020-02-14 } } -resource imageTemplate_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource imageTemplate_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${imageTemplate.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.VirtualMachineImages/imageTemplates/readme.md b/arm/Microsoft.VirtualMachineImages/imageTemplates/readme.md index e3d402878d..772d52e2f1 100644 --- a/arm/Microsoft.VirtualMachineImages/imageTemplates/readme.md +++ b/arm/Microsoft.VirtualMachineImages/imageTemplates/readme.md @@ -6,8 +6,8 @@ This module deploys an image template that can be consumed by the Azure Image Bu | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.VirtualMachineImages/imageTemplates` | 2020-02-14 | ## Parameters @@ -118,6 +118,6 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Define resources with Bicep and ARM templates](https://docs.microsoft.com/en-us/azure/templates) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Web/connections/.bicep/nested_rbac.bicep b/arm/Microsoft.Web/connections/.bicep/nested_rbac.bicep index 03e9c55213..e4f4db74c6 100644 --- a/arm/Microsoft.Web/connections/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Web/connections/.bicep/nested_rbac.bicep @@ -24,7 +24,7 @@ resource connection 'Microsoft.Web/connections@2016-06-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(connection.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Web/connections/deploy.bicep b/arm/Microsoft.Web/connections/deploy.bicep index 2dc6d4f27b..c0f7d7f930 100644 --- a/arm/Microsoft.Web/connections/deploy.bicep +++ b/arm/Microsoft.Web/connections/deploy.bicep @@ -75,7 +75,7 @@ resource connection 'Microsoft.Web/connections@2016-06-01' = { } } -resource connection_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource connection_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${connection.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Web/connections/readme.md b/arm/Microsoft.Web/connections/readme.md index 4f36d31dc6..f79acfc63f 100644 --- a/arm/Microsoft.Web/connections/readme.md +++ b/arm/Microsoft.Web/connections/readme.md @@ -6,8 +6,8 @@ This module deploys an Azure API connection. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Web/connections` | 2016-06-01 | ## Parameters @@ -131,6 +131,6 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Connections](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Web/2016-06-01/connections) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Web/hostingEnvironments/.bicep/nested_rbac.bicep b/arm/Microsoft.Web/hostingEnvironments/.bicep/nested_rbac.bicep index aaa4a50830..6931680286 100644 --- a/arm/Microsoft.Web/hostingEnvironments/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Web/hostingEnvironments/.bicep/nested_rbac.bicep @@ -23,7 +23,7 @@ resource appServiceEnvironment 'Microsoft.Web/hostingEnvironments@2021-02-01' ex name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(appServiceEnvironment.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Web/hostingEnvironments/.parameters/parameters.json b/arm/Microsoft.Web/hostingEnvironments/.parameters/parameters.json index 976cafd33f..a097890714 100644 --- a/arm/Microsoft.Web/hostingEnvironments/.parameters/parameters.json +++ b/arm/Microsoft.Web/hostingEnvironments/.parameters/parameters.json @@ -24,13 +24,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsax001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.Web/hostingEnvironments/deploy.bicep b/arm/Microsoft.Web/hostingEnvironments/deploy.bicep index 3da610f4d2..01f986b77e 100644 --- a/arm/Microsoft.Web/hostingEnvironments/deploy.bicep +++ b/arm/Microsoft.Web/hostingEnvironments/deploy.bicep @@ -78,14 +78,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @allowed([ 'CanNotDelete' @@ -157,7 +157,7 @@ resource appServiceEnvironment 'Microsoft.Web/hostingEnvironments@2021-02-01' = } } -resource appServiceEnvironment_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource appServiceEnvironment_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${appServiceEnvironment.name}-${lock}-lock' properties: { level: lock @@ -166,13 +166,13 @@ resource appServiceEnvironment_lock 'Microsoft.Authorization/locks@2016-09-01' = scope: appServiceEnvironment } -resource appServiceEnvironment_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(workspaceId) || !empty(eventHubAuthorizationRuleId) || !empty(eventHubName)) { +resource appServiceEnvironment_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { name: '${appServiceEnvironment.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null logs: diagnosticsLogs } scope: appServiceEnvironment diff --git a/arm/Microsoft.Web/hostingEnvironments/readme.md b/arm/Microsoft.Web/hostingEnvironments/readme.md index 40d9106ac7..c64de59ad2 100644 --- a/arm/Microsoft.Web/hostingEnvironments/readme.md +++ b/arm/Microsoft.Web/hostingEnvironments/readme.md @@ -6,8 +6,8 @@ This module deploys an app service environment. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Web/hostingEnvironments` | 2021-02-01 | @@ -18,12 +18,13 @@ This module deploys an app service environment. | `apiManagementAccountId` | string | | | Optional. API Management Account associated with the App Service Environment. | | `clusterSettings` | array | `[]` | | Optional. Custom settings for changing the behavior of the App Service Environment | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `dnsSuffix` | string | | | Optional. DNS suffix of the App Service Environment. | | `dynamicCacheEnabled` | bool | | | Optional. True/false indicating whether the App Service Environment is suspended. The environment can be suspended e.g. when the management endpoint is no longer available(most likely because NSG blocked the incoming traffic). | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `frontEndScaleFactor` | int | `15` | | Optional. Scale factor for frontends. | | `hasLinuxWorkers` | bool | | | Optional. Flag that displays whether an ASE has linux workers or not | | `internalLoadBalancingMode` | string | `None` | `[None, Web, Publishing]` | Optional. Specifies which endpoints to serve internally in the Virtual Network for the App Service Environment. - None, Web, Publishing, Web,Publishing | @@ -42,7 +43,6 @@ This module deploys an app service environment. | `tags` | object | `{object}` | | Optional. Resource tags. | | `userWhitelistedIpRanges` | array | `[]` | | Optional. User added ip ranges to whitelist on ASE db - string | | `workerPools` | array | `[]` | | Optional. Description of worker pools with worker size IDs, VM sizes, and number of workers in each pool.. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ### Parameter Usage: `roleAssignments` @@ -141,7 +141,7 @@ workerPools can have two properties workerSize and workerCount: ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) - [Hostingenvironments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Web/2021-02-01/hostingEnvironments) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Web/serverfarms/.bicep/nested_rbac.bicep b/arm/Microsoft.Web/serverfarms/.bicep/nested_rbac.bicep index fa51e27883..e9946e9743 100644 --- a/arm/Microsoft.Web/serverfarms/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Web/serverfarms/.bicep/nested_rbac.bicep @@ -26,7 +26,7 @@ resource appServicePlan 'Microsoft.Web/serverfarms@2021-02-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(appServicePlan.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Web/serverfarms/deploy.bicep b/arm/Microsoft.Web/serverfarms/deploy.bicep index adb0fae658..9807621112 100644 --- a/arm/Microsoft.Web/serverfarms/deploy.bicep +++ b/arm/Microsoft.Web/serverfarms/deploy.bicep @@ -82,7 +82,7 @@ resource appServicePlan 'Microsoft.Web/serverfarms@2021-02-01' = { } } -resource appServicePlan_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource appServicePlan_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${appServicePlan.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Web/serverfarms/readme.md b/arm/Microsoft.Web/serverfarms/readme.md index 9583fc961d..0b53e446b0 100644 --- a/arm/Microsoft.Web/serverfarms/readme.md +++ b/arm/Microsoft.Web/serverfarms/readme.md @@ -6,8 +6,8 @@ This module deploys an app service plan. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Web/serverfarms` | 2021-02-01 | ## Parameters @@ -92,6 +92,6 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Serverfarms](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Web/2021-02-01/serverfarms) diff --git a/arm/Microsoft.Web/sites/.bicep/nested_components.bicep b/arm/Microsoft.Web/sites/.bicep/nested_components.bicep index e3379a0a2e..5bec3c7561 100644 --- a/arm/Microsoft.Web/sites/.bicep/nested_components.bicep +++ b/arm/Microsoft.Web/sites/.bicep/nested_components.bicep @@ -15,7 +15,7 @@ param appInsightsType string = 'web' param appInsightsRequestSource string = 'rest' @description('Required. Resource ID of the log analytics workspace which the data will be ingested to. This property is required to create an application with this API version. Applications from older versions will not have this property.') -param workspaceResourceId string +param workspaceResourceId string @description('Optional. The network access type for accessing Application Insights ingestion. - Enabled or Disabled.') @allowed([ @@ -48,7 +48,6 @@ param lock string = 'NotSpecified' @description('Optional. Tags of the resource.') param tags object = {} - resource appInsights 'Microsoft.Insights/components@2020-02-02' = { name: name location: location @@ -57,13 +56,13 @@ resource appInsights 'Microsoft.Insights/components@2020-02-02' = { properties: { Application_Type: appInsightsType Request_Source: appInsightsRequestSource - WorkspaceResourceId: workspaceResourceId + WorkspaceResourceId: workspaceResourceId publicNetworkAccessForIngestion: appInsightsPublicNetworkAccessForIngestion publicNetworkAccessForQuery: appInsightsPublicNetworkAccessForQuery } } -resource appInsights_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource appInsights_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${appInsights.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Web/sites/.bicep/nested_rbac.bicep b/arm/Microsoft.Web/sites/.bicep/nested_rbac.bicep index 5b9bb3498f..759726e64a 100644 --- a/arm/Microsoft.Web/sites/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Web/sites/.bicep/nested_rbac.bicep @@ -24,7 +24,7 @@ resource app 'Microsoft.Web/sites@2020-12-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(app.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Web/sites/.bicep/nested_serverfarms.bicep b/arm/Microsoft.Web/sites/.bicep/nested_serverfarms.bicep index 7d300d6b0f..f2b861b3fc 100644 --- a/arm/Microsoft.Web/sites/.bicep/nested_serverfarms.bicep +++ b/arm/Microsoft.Web/sites/.bicep/nested_serverfarms.bicep @@ -69,7 +69,7 @@ resource appServicePlan 'Microsoft.Web/serverfarms@2021-02-01' = { } } -resource appServicePlan_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource appServicePlan_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${appServicePlan.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Web/sites/.parameters/fa.parameters.json b/arm/Microsoft.Web/sites/.parameters/fa.parameters.json index 18d6f55af5..7699d8158a 100644 --- a/arm/Microsoft.Web/sites/.parameters/fa.parameters.json +++ b/arm/Microsoft.Web/sites/.parameters/fa.parameters.json @@ -57,13 +57,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsax001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.Web/sites/.parameters/wa.parameters.json b/arm/Microsoft.Web/sites/.parameters/wa.parameters.json index 57d0ab576a..88f93feb67 100644 --- a/arm/Microsoft.Web/sites/.parameters/wa.parameters.json +++ b/arm/Microsoft.Web/sites/.parameters/wa.parameters.json @@ -63,13 +63,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsax001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.Web/sites/deploy.bicep b/arm/Microsoft.Web/sites/deploy.bicep index aff99edc77..54e080eae8 100644 --- a/arm/Microsoft.Web/sites/deploy.bicep +++ b/arm/Microsoft.Web/sites/deploy.bicep @@ -87,13 +87,13 @@ param diagnosticLogsRetentionInDays int = 365 param diagnosticStorageAccountId string = '' @description('Optional. Resource ID of log analytics workspace.') -param workspaceId string = '' +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the event hub namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @description('Optional. The name of logs that will be streamed.') @allowed([ @@ -216,7 +216,7 @@ module app_appsettings 'config/deploy.bicep' = { } } -resource app_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource app_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${app.name}-${lock}-lock' properties: { level: lock @@ -225,13 +225,13 @@ resource app_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotS scope: app } -resource app_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(workspaceId) || !empty(eventHubAuthorizationRuleId) || !empty(eventHubName)) { +resource app_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { name: '${app.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } diff --git a/arm/Microsoft.Web/sites/readme.md b/arm/Microsoft.Web/sites/readme.md index 0b20f3f1de..70b25f0c69 100644 --- a/arm/Microsoft.Web/sites/readme.md +++ b/arm/Microsoft.Web/sites/readme.md @@ -6,8 +6,8 @@ This module deploys a web or function app. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2017-04-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/components` | 2020-02-02 | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Network/privateEndpoints` | 2021-03-01 | @@ -27,17 +27,18 @@ This module deploys a web or function app. | `appServicePlanObject` | object | `{object}` | | Optional. Required if no appServicePlanId is provided to deploy a new app service plan. | | `clientAffinityEnabled` | bool | `True` | | Optional. If client affinity is enabled. | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered. | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the event hub namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of log analytics workspace. | | `functionsExtensionVersion` | string | `~3` | | Optional. Version if the function extension. | | `functionsWorkerRuntime` | string | | `[dotnet, node, python, java, powershell, ]` | Optional. Runtime of the function worker. | | `httpsOnly` | bool | `True` | | Optional. Configures a site to accept only HTTPS requests. Issues redirect for HTTP requests. | | `kind` | string | | `[functionapp, app]` | Required. Type of site to deploy. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all Resources. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | -| `logsToEnable` | array | `[AppServiceHTTPLogs, AppServiceConsoleLogs, AppServiceAppLogs, AppServiceFileAuditLogs, AppServiceAuditLogs]` | `[AppServiceHTTPLogs, AppServiceConsoleLogs, AppServiceAppLogs, AppServiceFileAuditLogs, AppServiceAuditLogs]` | Optional. The name of logs that will be streamed. | +| `logsToEnable` | array | `[if(equals(parameters('kind'), 'functionapp'), createArray('FunctionAppLogs'), createArray('AppServiceHTTPLogs', 'AppServiceConsoleLogs', 'AppServiceAppLogs', 'AppServiceFileAuditLogs', 'AppServiceAuditLogs'))]` | `[AppServiceHTTPLogs, AppServiceConsoleLogs, AppServiceAppLogs, AppServiceFileAuditLogs, AppServiceAuditLogs, FunctionAppLogs]` | Optional. The name of logs that will be streamed. | | `metricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | Optional. The name of metrics that will be streamed. | | `name` | string | | | Required. Name of the site. | | `privateEndpoints` | array | `[]` | | Optional. Configuration details for private endpoints. | @@ -47,7 +48,6 @@ This module deploys a web or function app. | `systemAssignedIdentity` | bool | | | Optional. Enables system assigned managed identity on the resource. | | `tags` | object | `{object}` | | Optional. Tags of the resource. | | `userAssignedIdentities` | object | `{object}` | | Optional. The ID(s) to assign to the resource. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics workspace. | ### Parameter Usage: `privateEndpoints` @@ -184,12 +184,12 @@ You can specify multiple user assigned identities to a resource by providing add ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- ['sites/config' Parent Documentation](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Web/sites) - [Components](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2020-02-02/components) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/privateEndpoints) - [Privateendpoints/Privatednszonegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/privateEndpoints/privateDnsZoneGroups) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Serverfarms](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Web/2021-02-01/serverfarms) - [Sites](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Web/2020-12-01/sites) -- ['sites/config' Parent Documentation](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Web/sites) diff --git a/constructs/Microsoft.Authorization/roleAssignments-multiRolesMultiPrincipals/readme.md b/constructs/Microsoft.Authorization/roleAssignments-multiRolesMultiPrincipals/readme.md index d5c6528d78..e9096a4992 100644 --- a/constructs/Microsoft.Authorization/roleAssignments-multiRolesMultiPrincipals/readme.md +++ b/constructs/Microsoft.Authorization/roleAssignments-multiRolesMultiPrincipals/readme.md @@ -6,7 +6,7 @@ This module deploys Role Assignments. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | ## Parameters @@ -102,4 +102,4 @@ This module can be deployed both at management group, subscription or resource g ## Template references -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/constructs/Microsoft.Management/managementGroup-structure/deploy.json b/constructs/Microsoft.Management/managementGroup-structure/deploy.json index 5832ab1421..25f84a5dc9 100644 --- a/constructs/Microsoft.Management/managementGroup-structure/deploy.json +++ b/constructs/Microsoft.Management/managementGroup-structure/deploy.json @@ -191,7 +191,7 @@ { "type": "Microsoft.Management/managementGroups", "comments": "Fake deployment, used to specify a non-existent dependency. Never deployed", - "apiVersion": "2020-05-01", + "apiVersion": "2021-04-01", "scope": "/", "name": "noop", "condition": false, @@ -238,7 +238,7 @@ ], "type": "Microsoft.Management/managementGroups", - "apiVersion": "2020-05-01", + "apiVersion": "2021-04-01", "scope": "/", "name": "[parameters('mgStructure')[copyIndex('mgLoop')].name]", "properties": { @@ -366,7 +366,7 @@ "resources": [ { "type": "Microsoft.Management/managementGroups/providers/roleAssignments", - "apiVersion": "2020-04-01-preview", + "apiVersion": "2021-04-01-preview", "name": "[ concat( parameters('MGName'), diff --git a/constructs/Microsoft.Management/managementGroup-structure/readme.md b/constructs/Microsoft.Management/managementGroup-structure/readme.md index 8656a49d88..f643efe439 100644 --- a/constructs/Microsoft.Management/managementGroup-structure/readme.md +++ b/constructs/Microsoft.Management/managementGroup-structure/readme.md @@ -11,7 +11,7 @@ This module has some known **limitations**: |Resource Type|ApiVersion| |:--|:--| -|`Microsoft.Management/managementGroups`|2020-05-01| +|`Microsoft.Management/managementGroups`|2021-04-01| |`Microsoft.Resources/deployments`|2020-06-01| ## Parameters @@ -124,4 +124,4 @@ This template is using a **Tenant level deployment**, meaning the user/principal ## Additional resources - [Management group](https://docs.microsoft.com/en-us/azure/governance/management-groups/) -- [Template reference](https://docs.microsoft.com/en-us/azure/templates/microsoft.management/managementgroups) +- [Managementgroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Management/2021-04-01/managementGroups) diff --git a/docs/wiki/ModulesDesign.md b/docs/wiki/ModulesDesign.md index 5b9875b05e..851bcf04e6 100644 --- a/docs/wiki/ModulesDesign.md +++ b/docs/wiki/ModulesDesign.md @@ -146,7 +146,7 @@ The locks extension can be added as a `resource` to the resource template direct @description('Optional. Specify the type of lock.') param lock string = 'NotSpecified' -resource _lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource _lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${.name}-${lock}-lock' properties: { level: lock @@ -206,7 +206,7 @@ resource '/@.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName @@ -229,14 +229,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @description('Optional. The name of logs that will be streamed.') @allowed([ @@ -273,13 +273,13 @@ var diagnosticsMetrics = [for metric in metricsToEnable: { } }] -resource _diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(workspaceId) || !empty(eventHubAuthorizationRuleId) || !empty(eventHubName)) { +resource _diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { name: '${.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs }