From 3598f58939b248f6da8d750e19bd66a0f50b8434 Mon Sep 17 00:00:00 2001 From: Rainer Halanek Date: Thu, 13 Jan 2022 12:52:49 +0100 Subject: [PATCH 1/9] standardize files --- .../servers/.bicep/nested_rbac.bicep | 2 +- .../servers/.parameters/parameters.json | 6 +- .../servers/deploy.bicep | 22 +++--- .../servers/readme.md | 16 ++--- .../service/.bicep/nested_rbac.bicep | 2 +- .../service/.parameters/max.parameters.json | 6 +- .../service/apiVersionSets/deploy.bicep | 4 +- .../service/apiVersionSets/readme.md | 4 +- .../service/apis/deploy.bicep | 4 +- .../service/apis/policies/deploy.bicep | 6 +- .../service/apis/policies/readme.md | 4 +- .../service/apis/readme.md | 8 +-- .../service/authorizationServers/deploy.bicep | 4 +- .../service/authorizationServers/readme.md | 4 +- .../service/backends/deploy.bicep | 4 +- .../service/backends/readme.md | 4 +- .../service/caches/deploy.bicep | 4 +- .../service/caches/readme.md | 4 +- .../service/deploy.bicep | 24 +++---- .../service/identityProviders/deploy.bicep | 4 +- .../service/identityProviders/readme.md | 4 +- .../service/namedValues/deploy.bicep | 4 +- .../service/namedValues/readme.md | 4 +- .../service/policies/deploy.bicep | 4 +- .../service/policies/readme.md | 4 +- .../service/portalsettings/deploy.bicep | 4 +- .../service/portalsettings/readme.md | 2 +- .../service/products/apis/deploy.bicep | 4 +- .../service/products/apis/readme.md | 4 +- .../service/products/deploy.bicep | 4 +- .../service/products/groups/deploy.bicep | 4 +- .../service/products/groups/readme.md | 4 +- .../service/products/readme.md | 12 ++-- arm/Microsoft.ApiManagement/service/readme.md | 72 +++++++++---------- .../service/subscriptions/deploy.bicep | 4 +- .../service/subscriptions/readme.md | 4 +- .../.bicep/nested_policyAssignments_mg.bicep | 2 +- .../.bicep/nested_policyAssignments_rg.bicep | 2 +- .../.bicep/nested_policyAssignments_sub.bicep | 2 +- .../policyAssignments/readme.md | 4 +- .../roleAssignments/readme.md | 6 +- .../accounts/deploy.bicep | 4 +- arm/Microsoft.Automanage/accounts/readme.md | 3 +- .../.bicep/nested_rbac.bicep | 2 +- .../.parameters/parameters.json | 6 +- .../automationAccounts/deploy.bicep | 22 +++--- .../automationAccounts/readme.md | 16 ++--- .../batchAccounts/.parameters/parameters.json | 6 +- .../batchAccounts/deploy.bicep | 22 +++--- arm/Microsoft.Batch/batchAccounts/readme.md | 10 +-- .../accounts/.bicep/nested_rbac.bicep | 2 +- .../accounts/.parameters/parameters.json | 6 +- .../accounts/deploy.bicep | 22 +++--- .../accounts/readme.md | 16 ++--- .../availabilitySets/.bicep/nested_rbac.bicep | 2 +- .../availabilitySets/deploy.bicep | 2 +- .../availabilitySets/readme.md | 8 +-- .../.bicep/nested_rbac.bicep | 2 +- .../diskEncryptionSets/readme.md | 4 +- .../galleries/.bicep/nested_rbac.bicep | 2 +- arm/Microsoft.Compute/galleries/deploy.bicep | 2 +- .../galleries/images/.bicep/nested_rbac.bicep | 2 +- .../galleries/images/readme.md | 4 +- arm/Microsoft.Compute/galleries/readme.md | 8 +-- .../images/.bicep/nested_rbac.bicep | 2 +- arm/Microsoft.Compute/images/readme.md | 4 +- .../.bicep/nested_rbac.bicep | 2 +- .../proximityPlacementGroups/deploy.bicep | 2 +- .../proximityPlacementGroups/readme.md | 8 +-- .../.bicep/nested_rbac.bicep | 2 +- .../.parameters/linux.parameters.json | 6 +- .../.parameters/windows.parameters.json | 6 +- .../virtualMachineScaleSets/deploy.bicep | 35 ++++----- .../extensions/readme.md | 2 +- .../virtualMachineScaleSets/readme.md | 17 ++--- .../.bicep/nested_networkInterface.bicep | 20 +++--- ...ted_networkInterface_publicIPAddress.bicep | 14 ++-- ...etworkInterface_publicIPAddress_rbac.bicep | 2 +- .../.bicep/nested_networkInterface_rbac.bicep | 2 +- .../virtualMachines/.bicep/nested_rbac.bicep | 2 +- .../.parameters/linux.parameters.json | 6 +- .../.parameters/windows.parameters.json | 6 +- .../virtualMachines/deploy.bicep | 31 ++++---- .../virtualMachines/readme.md | 11 +-- .../containerGroups/deploy.bicep | 2 +- .../containerGroups/readme.md | 4 +- .../registries/.bicep/nested_rbac.bicep | 2 +- .../registries/.parameters/parameters.json | 6 +- .../registries/deploy.bicep | 22 +++--- .../registries/readme.md | 16 ++--- .../managedClusters/.bicep/nested_rbac.bicep | 2 +- .../.parameters/azure.parameters.json | 6 +- .../.parameters/kubenet.parameters.json | 6 +- .../managedClusters/deploy.bicep | 43 +++++------ .../managedClusters/readme.md | 15 ++-- .../factories/.bicep/nested_rbac.bicep | 2 +- .../factories/.parameters/parameters.json | 6 +- .../factories/deploy.bicep | 22 +++--- arm/Microsoft.DataFactory/factories/readme.md | 16 ++--- .../workspaces/.bicep/nested_rbac.bicep | 2 +- .../workspaces/.parameters/parameters.json | 6 +- .../workspaces/deploy.bicep | 22 +++--- arm/Microsoft.Databricks/workspaces/readme.md | 16 ++--- .../.bicep/nested_rbac.bicep | 2 +- .../.parameters/parameters.json | 6 +- .../applicationgroups/deploy.bicep | 20 +++--- .../applicationgroups/readme.md | 14 ++-- .../hostpools/.bicep/nested_rbac.bicep | 2 +- .../hostpools/.parameters/parameters.json | 6 +- .../hostpools/deploy.bicep | 22 +++--- .../hostpools/readme.md | 16 ++--- .../workspaces/.bicep/nested_rbac.bicep | 2 +- .../workspaces/.parameters/parameters.json | 6 +- .../workspaces/deploy.bicep | 22 +++--- .../workspaces/readme.md | 16 ++--- .../databaseAccounts/.bicep/nested_rbac.bicep | 2 +- .../.parameters/mongodb.parameters.json | 6 +- .../.parameters/plain.parameters.json | 6 +- .../.parameters/sqldb.parameters.json | 6 +- .../databaseAccounts/deploy.bicep | 20 +++--- .../databaseAccounts/readme.md | 14 ++-- .../topics/.bicep/nested_rbac.bicep | 2 +- .../topics/.parameters/parameters.json | 6 +- arm/Microsoft.EventGrid/topics/deploy.bicep | 22 +++--- arm/Microsoft.EventGrid/topics/readme.md | 16 ++--- .../namespaces/.bicep/nested_rbac.bicep | 2 +- .../namespaces/.parameters/parameters.json | 6 +- .../namespaces/deploy.bicep | 28 +++----- .../eventhubs/.bicep/nested_rbac.bicep | 2 +- .../namespaces/eventhubs/deploy.bicep | 2 +- .../namespaces/eventhubs/readme.md | 8 +-- arm/Microsoft.EventHub/namespaces/readme.md | 20 +++--- .../healthBots/.bicep/nested_rbac.bicep | 2 +- .../healthBots/deploy.bicep | 2 +- arm/Microsoft.HealthBot/healthBots/readme.md | 8 +-- .../actionGroups/.bicep/nested_rbac.bicep | 2 +- arm/Microsoft.Insights/actionGroups/readme.md | 4 +- .../.bicep/nested_rbac.bicep | 2 +- .../activityLogAlerts/readme.md | 4 +- .../components/.bicep/nested_rbac.bicep | 2 +- arm/Microsoft.Insights/components/readme.md | 4 +- .../.parameters/parameters.json | 6 +- .../diagnosticSettings/deploy.bicep | 20 +++--- .../diagnosticSettings/readme.md | 6 +- .../metricAlerts/.bicep/nested_rbac.bicep | 2 +- arm/Microsoft.Insights/metricAlerts/readme.md | 4 +- .../.bicep/nested_rbac.bicep | 2 +- .../privateLinkScopes/deploy.bicep | 2 +- .../privateLinkScopes/readme.md | 12 ++-- .../.bicep/nested_rbac.bicep | 2 +- .../scheduledQueryRules/readme.md | 4 +- .../vaults/.bicep/nested_rbac.bicep | 2 +- .../vaults/.parameters/parameters.json | 6 +- arm/Microsoft.KeyVault/vaults/deploy.bicep | 22 +++--- .../vaults/keys/.bicep/nested_rbac.bicep | 2 +- arm/Microsoft.KeyVault/vaults/keys/readme.md | 4 +- arm/Microsoft.KeyVault/vaults/readme.md | 16 ++--- .../vaults/secrets/.bicep/nested_rbac.bicep | 2 +- .../vaults/secrets/readme.md | 4 +- .../workflows/.bicep/nested_rbac.bicep | 2 +- .../workflows/.parameters/parameters.json | 6 +- arm/Microsoft.Logic/workflows/deploy.bicep | 22 +++--- arm/Microsoft.Logic/workflows/readme.md | 14 ++-- .../workspaces/.bicep/nested_rbac.bicep | 2 +- .../workspaces/.parameters/parameters.json | 6 +- .../workspaces/deploy.bicep | 22 +++--- .../workspaces/readme.md | 16 ++--- .../.bicep/nested_rbac.bicep | 2 +- .../userAssignedIdentities/deploy.bicep | 2 +- .../userAssignedIdentities/readme.md | 8 +-- .../managementGroups/.bicep/nested_rbac.bicep | 2 +- .../managementGroups/readme.md | 4 +- .../netAppAccounts/.bicep/nested_rbac.bicep | 2 +- .../capacityPools/.bicep/nested_rbac.bicep | 2 +- .../netAppAccounts/capacityPools/readme.md | 4 +- .../volumes/.bicep/nested_rbac.bicep | 2 +- .../capacityPools/volumes/readme.md | 4 +- .../netAppAccounts/deploy.bicep | 2 +- arm/Microsoft.NetApp/netAppAccounts/readme.md | 8 +-- .../.bicep/nested_rbac.bicep | 2 +- .../.parameters/parameters.json | 6 +- .../applicationGateways/deploy.bicep | 26 +++---- .../applicationGateways/readme.md | 16 ++--- .../.bicep/nested_rbac.bicep | 2 +- .../applicationSecurityGroups/deploy.bicep | 2 +- .../applicationSecurityGroups/readme.md | 8 +-- .../azureFirewalls/.bicep/nested_rbac.bicep | 2 +- .../.parameters/parameters.json | 6 +- .../azureFirewalls/deploy.bicep | 30 ++++---- .../azureFirewalls/readme.md | 18 ++--- .../.bicep/nested_publicIPAddress.bicep | 20 +++--- .../.bicep/nested_publicIPAddress_rbac.bicep | 2 +- .../bastionHosts/.bicep/nested_rbac.bicep | 2 +- .../bastionHosts/.parameters/parameters.json | 6 +- .../bastionHosts/deploy.bicep | 28 ++++---- arm/Microsoft.Network/bastionHosts/readme.md | 14 ++-- .../connections/deploy.bicep | 2 +- arm/Microsoft.Network/connections/readme.md | 4 +- .../.bicep/nested_rbac.bicep | 2 +- .../ddosProtectionPlans/deploy.bicep | 2 +- .../ddosProtectionPlans/readme.md | 8 +-- .../.bicep/nested_rbac.bicep | 2 +- .../.parameters/parameters.json | 6 +- .../expressRouteCircuits/deploy.bicep | 22 +++--- .../expressRouteCircuits/readme.md | 14 ++-- .../firewallPolicies/readme.md | 4 +- .../firewallPolicies/ruleGroups/readme.md | 2 +- .../ipGroups/.bicep/nested_rbac.bicep | 2 +- arm/Microsoft.Network/ipGroups/deploy.bicep | 2 +- arm/Microsoft.Network/ipGroups/readme.md | 8 +-- .../loadBalancers/.bicep/nested_rbac.bicep | 2 +- .../loadBalancers/.parameters/parameters.json | 6 +- .../backendAddressPools/readme.md | 2 +- .../loadBalancers/deploy.bicep | 22 +++--- .../loadBalancers/inboundNatRules/readme.md | 2 +- arm/Microsoft.Network/loadBalancers/readme.md | 18 ++--- .../.bicep/nested_rbac.bicep | 2 +- .../localNetworkGateways/deploy.bicep | 2 +- .../localNetworkGateways/readme.md | 8 +-- .../natGateways/.bicep/nested_rbac.bicep | 2 +- .../natGateways/.parameters/parameters.json | 6 +- .../natGateways/deploy.bicep | 24 +++---- arm/Microsoft.Network/natGateways/readme.md | 14 ++-- .../.bicep/nested_rbac.bicep | 2 +- .../.parameters/parameters.json | 6 +- .../networkSecurityGroups/deploy.bicep | 22 +++--- .../networkSecurityGroups/readme.md | 14 ++-- .../networkWatchers/.bicep/nested_rbac.bicep | 2 +- .../networkWatchers/deploy.bicep | 2 +- .../networkWatchers/readme.md | 8 +-- .../privateDnsZones/.bicep/nested_rbac.bicep | 2 +- .../privateDnsZones/deploy.bicep | 2 +- .../privateDnsZones/readme.md | 8 +-- .../privateEndpoints/.bicep/nested_rbac.bicep | 2 +- .../privateEndpoints/deploy.bicep | 2 +- .../privateEndpoints/readme.md | 8 +-- .../.bicep/nested_rbac.bicep | 2 +- .../.parameters/parameters.json | 6 +- .../publicIPAddresses/deploy.bicep | 22 +++--- .../publicIPAddresses/readme.md | 14 ++-- .../publicIPPrefixes/.bicep/nested_rbac.bicep | 2 +- .../publicIPPrefixes/deploy.bicep | 2 +- .../publicIPPrefixes/readme.md | 8 +-- .../routeTables/.bicep/nested_rbac.bicep | 2 +- .../routeTables/deploy.bicep | 2 +- arm/Microsoft.Network/routeTables/readme.md | 8 +-- .../.bicep/nested_rbac.bicep | 2 +- .../.parameters/parameters.json | 6 +- .../trafficmanagerprofiles/deploy.bicep | 22 +++--- .../trafficmanagerprofiles/readme.md | 14 ++-- .../.bicep/nested_rbac.bicep | 2 +- .../.parameters/expressRoute.parameters.json | 6 +- .../.parameters/vpn.parameters.json | 6 +- .../virtualNetworkGateways/deploy.bicep | 32 ++++----- .../virtualNetworkGateways/readme.md | 14 ++-- .../virtualNetworks/.bicep/nested_rbac.bicep | 2 +- .../.parameters/parameters.json | 6 +- .../.parameters/vnetPeering.parameters.json | 6 +- .../virtualNetworks/deploy.bicep | 22 +++--- .../virtualNetworks/readme.md | 18 ++--- .../virtualWans/.bicep/nested_rbac.bicep | 2 +- .../virtualWans/deploy.bicep | 8 +-- arm/Microsoft.Network/virtualWans/readme.md | 8 +-- .../workspaces/.bicep/nested_rbac.bicep | 2 +- .../workspaces/.parameters/parameters.json | 6 +- .../workspaces/deploy.bicep | 20 +++--- .../workspaces/readme.md | 14 ++-- .../storageInsightConfigs/readme.md | 2 +- .../vaults/.bicep/nested_rbac.bicep | 2 +- .../vaults/.parameters/parameters.json | 6 +- .../vaults/deploy.bicep | 22 +++--- .../vaults/protectionContainers/readme.md | 2 +- .../vaults/readme.md | 14 ++-- .../deploymentScripts/deploy.bicep | 2 +- .../deploymentScripts/readme.md | 4 +- .../resourceGroups/.bicep/nested_lock.bicep | 2 +- .../resourceGroups/.bicep/nested_rbac.bicep | 2 +- .../resourceGroups/readme.md | 8 +-- .../namespaces/.bicep/nested_rbac.bicep | 2 +- .../namespaces/.parameters/parameters.json | 6 +- .../namespaces/deploy.bicep | 25 +++---- .../queues/.bicep/nested_rbac.bicep | 2 +- .../namespaces/queues/deploy.bicep | 2 +- .../namespaces/queues/readme.md | 8 +-- arm/Microsoft.ServiceBus/namespaces/readme.md | 19 +++-- .../managedInstances/.bicep/nested_rbac.bicep | 2 +- .../.parameters/parameters.json | 6 +- .../managedInstances/databases/deploy.bicep | 22 +++--- .../managedInstances/databases/readme.md | 10 +-- .../managedInstances/deploy.bicep | 28 ++++---- arm/Microsoft.Sql/managedInstances/readme.md | 14 ++-- .../servers/.bicep/nested_rbac.bicep | 2 +- .../servers/databases/deploy.bicep | 20 +++--- arm/Microsoft.Sql/servers/databases/readme.md | 6 +- arm/Microsoft.Sql/servers/deploy.bicep | 8 +-- .../servers/firewallRules/readme.md | 2 +- arm/Microsoft.Sql/servers/readme.md | 8 +-- .../servers/securityAlertPolicies/readme.md | 2 +- .../storageAccounts/.bicep/nested_rbac.bicep | 2 +- .../.parameters/parameters.json | 6 +- .../containers/.bicep/nested_rbac.bicep | 2 +- .../blobServices/containers/readme.md | 4 +- .../storageAccounts/blobServices/deploy.bicep | 18 ++--- .../storageAccounts/blobServices/readme.md | 10 +-- .../storageAccounts/deploy.bicep | 46 ++++++------ .../storageAccounts/fileServices/deploy.bicep | 18 ++--- .../storageAccounts/fileServices/readme.md | 10 +-- .../shares/.bicep/nested_rbac.bicep | 2 +- .../fileServices/shares/readme.md | 4 +- .../queueServices/deploy.bicep | 18 ++--- .../queues/.bicep/nested_rbac.bicep | 2 +- .../queueServices/queues/readme.md | 4 +- .../storageAccounts/queueServices/readme.md | 10 +-- .../storageAccounts/readme.md | 17 ++--- .../tableServices/deploy.bicep | 18 ++--- .../storageAccounts/tableServices/readme.md | 6 +- .../privateLinkHubs/.bicep/nested_rbac.bicep | 2 +- .../privateLinkHubs/deploy.bicep | 2 +- .../privateLinkHubs/readme.md | 8 +-- .../imageTemplates/.bicep/nested_rbac.bicep | 2 +- .../imageTemplates/deploy.bicep | 2 +- .../imageTemplates/readme.md | 8 +-- .../connections/.bicep/nested_rbac.bicep | 2 +- arm/Microsoft.Web/connections/deploy.bicep | 2 +- arm/Microsoft.Web/connections/readme.md | 8 +-- .../.bicep/nested_rbac.bicep | 2 +- .../.parameters/parameters.json | 6 +- .../hostingEnvironments/deploy.bicep | 22 +++--- .../hostingEnvironments/readme.md | 14 ++-- .../serverfarms/.bicep/nested_rbac.bicep | 2 +- arm/Microsoft.Web/serverfarms/deploy.bicep | 2 +- arm/Microsoft.Web/serverfarms/readme.md | 8 +-- .../sites/.bicep/nested_components.bicep | 7 +- .../sites/.bicep/nested_rbac.bicep | 2 +- .../sites/.bicep/nested_serverfarms.bicep | 2 +- .../sites/.parameters/fa.parameters.json | 6 +- .../sites/.parameters/wa.parameters.json | 6 +- arm/Microsoft.Web/sites/deploy.bicep | 20 +++--- arm/Microsoft.Web/sites/readme.md | 18 ++--- .../readme.md | 4 +- .../managementGroup-structure/deploy.json | 2 +- docs/wiki/ModulesDesign.md | 24 +++---- 342 files changed, 1414 insertions(+), 1413 deletions(-) diff --git a/arm/Microsoft.AnalysisServices/servers/.bicep/nested_rbac.bicep b/arm/Microsoft.AnalysisServices/servers/.bicep/nested_rbac.bicep index 7056ee0f78..5187be04b7 100644 --- a/arm/Microsoft.AnalysisServices/servers/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.AnalysisServices/servers/.bicep/nested_rbac.bicep @@ -22,7 +22,7 @@ resource server 'Microsoft.AnalysisServices/servers@2017-08-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(server.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.AnalysisServices/servers/.parameters/parameters.json b/arm/Microsoft.AnalysisServices/servers/.parameters/parameters.json index 793bf2b62f..624b885c36 100644 --- a/arm/Microsoft.AnalysisServices/servers/.parameters/parameters.json +++ b/arm/Microsoft.AnalysisServices/servers/.parameters/parameters.json @@ -24,13 +24,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.AnalysisServices/servers/deploy.bicep b/arm/Microsoft.AnalysisServices/servers/deploy.bicep index e115076004..312334c2d8 100644 --- a/arm/Microsoft.AnalysisServices/servers/deploy.bicep +++ b/arm/Microsoft.AnalysisServices/servers/deploy.bicep @@ -30,14 +30,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @allowed([ 'CanNotDelete' @@ -111,7 +111,7 @@ resource server 'Microsoft.AnalysisServices/servers@2017-08-01' = { } } -resource server_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource server_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${server.name}-${lock}-lock' properties: { level: lock @@ -120,13 +120,13 @@ resource server_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'N scope: server } -resource server_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource server_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${server.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } diff --git a/arm/Microsoft.AnalysisServices/servers/readme.md b/arm/Microsoft.AnalysisServices/servers/readme.md index 5712fa2635..3ef1a5a69f 100644 --- a/arm/Microsoft.AnalysisServices/servers/readme.md +++ b/arm/Microsoft.AnalysisServices/servers/readme.md @@ -7,8 +7,8 @@ This module deploys an analysis service server. | Resource Type | API Version | | :-- | :-- | | `Microsoft.AnalysisServices/servers` | 2017-08-01 | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | ### Resource dependency @@ -22,10 +22,11 @@ The following resources are required to be able to deploy this resource. | Parameter Name | Type | Default Value | Possible Values | Description | | :-- | :-- | :-- | :-- | :-- | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `firewallSettings` | object | `{object}` | | Optional. The inbound firewall rules to define on the server. If not specified, firewall is disabled. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all Resources. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | @@ -36,7 +37,6 @@ The following resources are required to be able to deploy this resource. | `skuCapacity` | int | `1` | | Optional. The total number of query replica scale-out instances. | | `skuName` | string | `S0` | | Optional. The sku name of the Azure Analysis Services server to create. | | `tags` | object | `{object}` | | Optional. Tags of the resource. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ### Parameter Usage: `tags` @@ -87,7 +87,7 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Servers](https://docs.microsoft.com/en-us/azure/templates/Microsoft.AnalysisServices/2017-08-01/servers) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) +- [Servers](https://docs.microsoft.com/en-us/azure/templates/Microsoft.AnalysisServices/2017-08-01/servers) diff --git a/arm/Microsoft.ApiManagement/service/.bicep/nested_rbac.bicep b/arm/Microsoft.ApiManagement/service/.bicep/nested_rbac.bicep index a1ed2db6ab..2d8ca81f35 100644 --- a/arm/Microsoft.ApiManagement/service/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.ApiManagement/service/.bicep/nested_rbac.bicep @@ -25,7 +25,7 @@ resource service 'Microsoft.ApiManagement/service@2020-12-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(service.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.ApiManagement/service/.parameters/max.parameters.json b/arm/Microsoft.ApiManagement/service/.parameters/max.parameters.json index 99a6c65e80..8aa694f799 100644 --- a/arm/Microsoft.ApiManagement/service/.parameters/max.parameters.json +++ b/arm/Microsoft.ApiManagement/service/.parameters/max.parameters.json @@ -164,13 +164,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.ApiManagement/service/apiVersionSets/deploy.bicep b/arm/Microsoft.ApiManagement/service/apiVersionSets/deploy.bicep index 2aac7bb207..9cd80c64a0 100644 --- a/arm/Microsoft.ApiManagement/service/apiVersionSets/deploy.bicep +++ b/arm/Microsoft.ApiManagement/service/apiVersionSets/deploy.bicep @@ -15,11 +15,11 @@ module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { params: {} } -resource service 'Microsoft.ApiManagement/service@2021-04-01-preview' existing = { +resource service 'Microsoft.ApiManagement/service@2021-08-01' existing = { name: apiManagementServiceName } -resource apiVersionSet 'Microsoft.ApiManagement/service/apiVersionSets@2020-06-01-preview' = { +resource apiVersionSet 'Microsoft.ApiManagement/service/apiVersionSets@2021-08-01' = { name: name parent: service properties: properties diff --git a/arm/Microsoft.ApiManagement/service/apiVersionSets/readme.md b/arm/Microsoft.ApiManagement/service/apiVersionSets/readme.md index 28f4e3ab5d..d945c9e91f 100644 --- a/arm/Microsoft.ApiManagement/service/apiVersionSets/readme.md +++ b/arm/Microsoft.ApiManagement/service/apiVersionSets/readme.md @@ -6,7 +6,7 @@ This module deploys API Management Service APIs Version Set. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.ApiManagement/service/apiVersionSets` | 2020-06-01-preview | +| `Microsoft.ApiManagement/service/apiVersionSets` | 2021-08-01 | ## Parameters @@ -27,4 +27,4 @@ This module deploys API Management Service APIs Version Set. ## Template references -- [Service/Apiversionsets](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-06-01-preview/service/apiVersionSets) +- [Service/Apiversionsets](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/apiVersionSets) diff --git a/arm/Microsoft.ApiManagement/service/apis/deploy.bicep b/arm/Microsoft.ApiManagement/service/apis/deploy.bicep index 36fb8968f9..d21f2a9b0c 100644 --- a/arm/Microsoft.ApiManagement/service/apis/deploy.bicep +++ b/arm/Microsoft.ApiManagement/service/apis/deploy.bicep @@ -99,11 +99,11 @@ module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { params: {} } -resource service 'Microsoft.ApiManagement/service@2021-04-01-preview' existing = { +resource service 'Microsoft.ApiManagement/service@2021-08-01' existing = { name: apiManagementServiceName } -resource api 'Microsoft.ApiManagement/service/apis@2020-06-01-preview' = { +resource api 'Microsoft.ApiManagement/service/apis@2021-08-01' = { name: name parent: service properties: { diff --git a/arm/Microsoft.ApiManagement/service/apis/policies/deploy.bicep b/arm/Microsoft.ApiManagement/service/apis/policies/deploy.bicep index 78428c8bbf..e435a91976 100644 --- a/arm/Microsoft.ApiManagement/service/apis/policies/deploy.bicep +++ b/arm/Microsoft.ApiManagement/service/apis/policies/deploy.bicep @@ -27,15 +27,15 @@ module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { params: {} } -resource service 'Microsoft.ApiManagement/service@2021-04-01-preview' existing = { +resource service 'Microsoft.ApiManagement/service@2021-08-01' existing = { name: apiManagementServiceName - resource api 'apis@2020-06-01-preview' existing = { + resource api 'apis@2021-08-01' existing = { name: apiName } } -resource policy 'Microsoft.ApiManagement/service/apis/policies@2020-06-01-preview' = { +resource policy 'Microsoft.ApiManagement/service/apis/policies@2021-08-01' = { name: name parent: service::api properties: { diff --git a/arm/Microsoft.ApiManagement/service/apis/policies/readme.md b/arm/Microsoft.ApiManagement/service/apis/policies/readme.md index ac5d624b03..49ec350e8c 100644 --- a/arm/Microsoft.ApiManagement/service/apis/policies/readme.md +++ b/arm/Microsoft.ApiManagement/service/apis/policies/readme.md @@ -6,7 +6,7 @@ This module deploys API Management Service APIs policies. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.ApiManagement/service/apis/policies` | 2020-06-01-preview | +| `Microsoft.ApiManagement/service/apis/policies` | 2021-08-01 | ## Parameters @@ -29,4 +29,4 @@ This module deploys API Management Service APIs policies. ## Template references -- [Service/Apis/Policies](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-06-01-preview/service/apis/policies) +- [Service/Apis/Policies](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/apis/policies) diff --git a/arm/Microsoft.ApiManagement/service/apis/readme.md b/arm/Microsoft.ApiManagement/service/apis/readme.md index 2bdad2dc22..1650c52887 100644 --- a/arm/Microsoft.ApiManagement/service/apis/readme.md +++ b/arm/Microsoft.ApiManagement/service/apis/readme.md @@ -6,8 +6,8 @@ This module deploys API Management Service APIs. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.ApiManagement/service/apis` | 2020-06-01-preview | -| `Microsoft.ApiManagement/service/apis/policies` | 2020-06-01-preview | +| `Microsoft.ApiManagement/service/apis` | 2021-08-01 | +| `Microsoft.ApiManagement/service/apis/policies` | 2021-08-01 | ### Resource dependency @@ -71,5 +71,5 @@ The following resources are required to be able to deploy this resource. ## Template references -- [Service/Apis](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-06-01-preview/service/apis) -- [Service/Apis/Policies](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-06-01-preview/service/apis/policies) +- [Service/Apis](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/apis) +- [Service/Apis/Policies](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/apis/policies) diff --git a/arm/Microsoft.ApiManagement/service/authorizationServers/deploy.bicep b/arm/Microsoft.ApiManagement/service/authorizationServers/deploy.bicep index caeca8d351..aab8579631 100644 --- a/arm/Microsoft.ApiManagement/service/authorizationServers/deploy.bicep +++ b/arm/Microsoft.ApiManagement/service/authorizationServers/deploy.bicep @@ -70,11 +70,11 @@ module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { params: {} } -resource service 'Microsoft.ApiManagement/service@2021-04-01-preview' existing = { +resource service 'Microsoft.ApiManagement/service@2021-08-01' existing = { name: apiManagementServiceName } -resource authorizationServer 'Microsoft.ApiManagement/service/authorizationServers@2020-06-01-preview' = { +resource authorizationServer 'Microsoft.ApiManagement/service/authorizationServers@2021-08-01' = { name: name parent: service properties: { diff --git a/arm/Microsoft.ApiManagement/service/authorizationServers/readme.md b/arm/Microsoft.ApiManagement/service/authorizationServers/readme.md index 0fd31e7eba..92f269c74c 100644 --- a/arm/Microsoft.ApiManagement/service/authorizationServers/readme.md +++ b/arm/Microsoft.ApiManagement/service/authorizationServers/readme.md @@ -6,7 +6,7 @@ This module deploys API Management Service Authorization Servers. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.ApiManagement/service/authorizationServers` | 2020-06-01-preview | +| `Microsoft.ApiManagement/service/authorizationServers` | 2021-08-01 | ### Resource dependency @@ -47,4 +47,4 @@ The following resources are required to be able to deploy this resource. ## Template references -- [Service/Authorizationservers](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-06-01-preview/service/authorizationServers) +- [Service/Authorizationservers](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/authorizationServers) diff --git a/arm/Microsoft.ApiManagement/service/backends/deploy.bicep b/arm/Microsoft.ApiManagement/service/backends/deploy.bicep index e5c1034f0e..f10995efdc 100644 --- a/arm/Microsoft.ApiManagement/service/backends/deploy.bicep +++ b/arm/Microsoft.ApiManagement/service/backends/deploy.bicep @@ -42,11 +42,11 @@ module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { params: {} } -resource service 'Microsoft.ApiManagement/service@2021-04-01-preview' existing = { +resource service 'Microsoft.ApiManagement/service@2021-08-01' existing = { name: apiManagementServiceName } -resource backend 'Microsoft.ApiManagement/service/backends@2020-06-01-preview' = { +resource backend 'Microsoft.ApiManagement/service/backends@2021-08-01' = { name: name parent: service properties: { diff --git a/arm/Microsoft.ApiManagement/service/backends/readme.md b/arm/Microsoft.ApiManagement/service/backends/readme.md index eaa4fa2a6b..60afde975a 100644 --- a/arm/Microsoft.ApiManagement/service/backends/readme.md +++ b/arm/Microsoft.ApiManagement/service/backends/readme.md @@ -6,7 +6,7 @@ This module deploys API Management Service Backends. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.ApiManagement/service/backends` | 2020-06-01-preview | +| `Microsoft.ApiManagement/service/backends` | 2021-08-01 | ### Resource dependency @@ -128,4 +128,4 @@ The following resources are required to be able to deploy this resource. ## Template references -- [Service/Backends](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-06-01-preview/service/backends) +- [Service/Backends](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/backends) diff --git a/arm/Microsoft.ApiManagement/service/caches/deploy.bicep b/arm/Microsoft.ApiManagement/service/caches/deploy.bicep index 8e12e3598c..6e7328ae67 100644 --- a/arm/Microsoft.ApiManagement/service/caches/deploy.bicep +++ b/arm/Microsoft.ApiManagement/service/caches/deploy.bicep @@ -24,11 +24,11 @@ module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { params: {} } -resource service 'Microsoft.ApiManagement/service@2021-04-01-preview' existing = { +resource service 'Microsoft.ApiManagement/service@2021-08-01' existing = { name: apiManagementServiceName } -resource cache 'Microsoft.ApiManagement/service/caches@2020-06-01-preview' = { +resource cache 'Microsoft.ApiManagement/service/caches@2021-08-01' = { name: name parent: service properties: { diff --git a/arm/Microsoft.ApiManagement/service/caches/readme.md b/arm/Microsoft.ApiManagement/service/caches/readme.md index e9c380964b..29903f89b7 100644 --- a/arm/Microsoft.ApiManagement/service/caches/readme.md +++ b/arm/Microsoft.ApiManagement/service/caches/readme.md @@ -6,7 +6,7 @@ This module deploys an API Management Service Cache. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.ApiManagement/service/caches` | 2020-06-01-preview | +| `Microsoft.ApiManagement/service/caches` | 2021-08-01 | ### Resource dependency @@ -36,4 +36,4 @@ The following resources are required to be able to deploy this resource. ## Template references -- [Service/Caches](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-06-01-preview/service/caches) +- [Service/Caches](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/caches) diff --git a/arm/Microsoft.ApiManagement/service/deploy.bicep b/arm/Microsoft.ApiManagement/service/deploy.bicep index 3a1016ae6f..b7ede99f90 100644 --- a/arm/Microsoft.ApiManagement/service/deploy.bicep +++ b/arm/Microsoft.ApiManagement/service/deploy.bicep @@ -28,11 +28,11 @@ param disableGateway bool = false @description('Optional. Property only meant to be used for Consumption SKU Service. This enforces a client certificate to be presented on each request to the gateway. This also enables the ability to authenticate the certificate in the policy on the gateway.') param enableClientCertificate bool = false -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @description('Optional. Custom hostname configuration of the API Management service.') param hostnameConfigurations array = [] @@ -103,8 +103,8 @@ param tags object = {} ]) param virtualNetworkType string = 'None' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' @description('Optional. A list of availability zones denoting where the resource needs to come from.') param zones array = [] @@ -181,7 +181,7 @@ module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { params: {} } -resource apiManagementService 'Microsoft.ApiManagement/service@2020-12-01' = { +resource apiManagementService 'Microsoft.ApiManagement/service@2021-08-01' = { name: name location: location tags: tags @@ -396,7 +396,7 @@ module subscriptions_resource 'subscriptions/deploy.bicep' = [for (subscription, } }] -resource apiManagementService_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource apiManagementService_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${apiManagementService.name}-${lock}-lock' properties: { level: lock @@ -405,13 +405,13 @@ resource apiManagementService_lock 'Microsoft.Authorization/locks@2016-09-01' = scope: apiManagementService } -resource apiManagementService_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(workspaceId) || !empty(eventHubAuthorizationRuleId) || !empty(eventHubName)) { +resource apiManagementService_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { name: '${apiManagementService.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } diff --git a/arm/Microsoft.ApiManagement/service/identityProviders/deploy.bicep b/arm/Microsoft.ApiManagement/service/identityProviders/deploy.bicep index 778b653bc4..9cd37e5f2e 100644 --- a/arm/Microsoft.ApiManagement/service/identityProviders/deploy.bicep +++ b/arm/Microsoft.ApiManagement/service/identityProviders/deploy.bicep @@ -56,11 +56,11 @@ module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { params: {} } -resource service 'Microsoft.ApiManagement/service@2021-04-01-preview' existing = { +resource service 'Microsoft.ApiManagement/service@2021-08-01' existing = { name: apiManagementServiceName } -resource identityProvider 'Microsoft.ApiManagement/service/identityProviders@2020-06-01-preview' = if (enableIdentityProviders) { +resource identityProvider 'Microsoft.ApiManagement/service/identityProviders@2021-08-01' = if (enableIdentityProviders) { name: name parent: service properties: { diff --git a/arm/Microsoft.ApiManagement/service/identityProviders/readme.md b/arm/Microsoft.ApiManagement/service/identityProviders/readme.md index 77c57af372..1ff0d0ada5 100644 --- a/arm/Microsoft.ApiManagement/service/identityProviders/readme.md +++ b/arm/Microsoft.ApiManagement/service/identityProviders/readme.md @@ -6,7 +6,7 @@ This module deploys API Management Service Identity Provider. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.ApiManagement/service/identityProviders` | 2020-06-01-preview | +| `Microsoft.ApiManagement/service/identityProviders` | 2021-08-01 | ## Parameters @@ -37,4 +37,4 @@ This module deploys API Management Service Identity Provider. ## Template references -- [Service/Identityproviders](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-06-01-preview/service/identityProviders) +- [Service/Identityproviders](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/identityProviders) diff --git a/arm/Microsoft.ApiManagement/service/namedValues/deploy.bicep b/arm/Microsoft.ApiManagement/service/namedValues/deploy.bicep index 73dbdf9be8..7ac51b1365 100644 --- a/arm/Microsoft.ApiManagement/service/namedValues/deploy.bicep +++ b/arm/Microsoft.ApiManagement/service/namedValues/deploy.bicep @@ -29,11 +29,11 @@ module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { params: {} } -resource service 'Microsoft.ApiManagement/service@2021-04-01-preview' existing = { +resource service 'Microsoft.ApiManagement/service@2021-08-01' existing = { name: apiManagementServiceName } -resource namedValue 'Microsoft.ApiManagement/service/namedValues@2020-06-01-preview' = { +resource namedValue 'Microsoft.ApiManagement/service/namedValues@2021-08-01' = { name: name parent: service properties: { diff --git a/arm/Microsoft.ApiManagement/service/namedValues/readme.md b/arm/Microsoft.ApiManagement/service/namedValues/readme.md index a2ac2606fb..23895a82f0 100644 --- a/arm/Microsoft.ApiManagement/service/namedValues/readme.md +++ b/arm/Microsoft.ApiManagement/service/namedValues/readme.md @@ -6,7 +6,7 @@ This module deploys API Management Service Named Values. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.ApiManagement/service/namedValues` | 2020-06-01-preview | +| `Microsoft.ApiManagement/service/namedValues` | 2021-08-01 | ### Resource dependency @@ -48,4 +48,4 @@ The following resources are required to be able to deploy this resource. ## Template references -- [Service/Namedvalues](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-06-01-preview/service/namedValues) +- [Service/Namedvalues](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/namedValues) diff --git a/arm/Microsoft.ApiManagement/service/policies/deploy.bicep b/arm/Microsoft.ApiManagement/service/policies/deploy.bicep index 497721cbda..ebebcd144d 100644 --- a/arm/Microsoft.ApiManagement/service/policies/deploy.bicep +++ b/arm/Microsoft.ApiManagement/service/policies/deploy.bicep @@ -24,11 +24,11 @@ module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { params: {} } -resource service 'Microsoft.ApiManagement/service@2021-04-01-preview' existing = { +resource service 'Microsoft.ApiManagement/service@2021-08-01' existing = { name: apiManagementServiceName } -resource policy 'Microsoft.ApiManagement/service/policies@2020-06-01-preview' = { +resource policy 'Microsoft.ApiManagement/service/policies@2021-08-01' = { name: name parent: service properties: { diff --git a/arm/Microsoft.ApiManagement/service/policies/readme.md b/arm/Microsoft.ApiManagement/service/policies/readme.md index 0f0eea93ea..9f7c2ac389 100644 --- a/arm/Microsoft.ApiManagement/service/policies/readme.md +++ b/arm/Microsoft.ApiManagement/service/policies/readme.md @@ -6,7 +6,7 @@ This module deploys API Management Service Policy. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.ApiManagement/service/policies` | 2020-06-01-preview | +| `Microsoft.ApiManagement/service/policies` | 2021-08-01 | ## Parameters @@ -28,4 +28,4 @@ This module deploys API Management Service Policy. ## Template references -- [Service/Policies](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-06-01-preview/service/policies) +- [Service/Policies](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/policies) diff --git a/arm/Microsoft.ApiManagement/service/portalsettings/deploy.bicep b/arm/Microsoft.ApiManagement/service/portalsettings/deploy.bicep index bf47b791b3..da385b7dc2 100644 --- a/arm/Microsoft.ApiManagement/service/portalsettings/deploy.bicep +++ b/arm/Microsoft.ApiManagement/service/portalsettings/deploy.bicep @@ -20,11 +20,11 @@ module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { params: {} } -resource service 'Microsoft.ApiManagement/service@2021-04-01-preview' existing = { +resource service 'Microsoft.ApiManagement/service@2021-08-01' existing = { name: apiManagementServiceName } -resource portalSetting 'Microsoft.ApiManagement/service/portalsettings@2019-12-01' = if (!empty(properties)) { +resource portalSetting 'Microsoft.ApiManagement/service/portalsettings@2021-08-01' = if (!empty(properties)) { name: any(name) parent: service properties: properties diff --git a/arm/Microsoft.ApiManagement/service/portalsettings/readme.md b/arm/Microsoft.ApiManagement/service/portalsettings/readme.md index f6fb9eb86e..a1e6fa0659 100644 --- a/arm/Microsoft.ApiManagement/service/portalsettings/readme.md +++ b/arm/Microsoft.ApiManagement/service/portalsettings/readme.md @@ -6,7 +6,7 @@ This module deploys API Management Service Portal Setting. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.ApiManagement/service/portalsettings` | 2019-12-01 | +| `Microsoft.ApiManagement/service/portalsettings` | 2021-08-01 | ## Parameters diff --git a/arm/Microsoft.ApiManagement/service/products/apis/deploy.bicep b/arm/Microsoft.ApiManagement/service/products/apis/deploy.bicep index 7999f11be1..41beac09f7 100644 --- a/arm/Microsoft.ApiManagement/service/products/apis/deploy.bicep +++ b/arm/Microsoft.ApiManagement/service/products/apis/deploy.bicep @@ -15,7 +15,7 @@ module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { params: {} } -resource service 'Microsoft.ApiManagement/service@2021-04-01-preview' existing = { +resource service 'Microsoft.ApiManagement/service@2021-08-01' existing = { name: apiManagementServiceName resource product 'products@2021-04-01-preview' existing = { @@ -23,7 +23,7 @@ resource service 'Microsoft.ApiManagement/service@2021-04-01-preview' existing = } } -resource api 'Microsoft.ApiManagement/service/products/apis@2020-06-01-preview' = { +resource api 'Microsoft.ApiManagement/service/products/apis@2021-08-01' = { name: name parent: service::product } diff --git a/arm/Microsoft.ApiManagement/service/products/apis/readme.md b/arm/Microsoft.ApiManagement/service/products/apis/readme.md index 23144493f4..6e53faecf2 100644 --- a/arm/Microsoft.ApiManagement/service/products/apis/readme.md +++ b/arm/Microsoft.ApiManagement/service/products/apis/readme.md @@ -6,7 +6,7 @@ This module deploys API Management Service Product APIs. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.ApiManagement/service/products/apis` | 2020-06-01-preview | +| `Microsoft.ApiManagement/service/products/apis` | 2021-08-01 | ## Parameters @@ -27,4 +27,4 @@ This module deploys API Management Service Product APIs. ## Template references -- [Service/Products/Apis](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-06-01-preview/service/products/apis) +- [Service/Products/Apis](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/products/apis) diff --git a/arm/Microsoft.ApiManagement/service/products/deploy.bicep b/arm/Microsoft.ApiManagement/service/products/deploy.bicep index c54ce33c82..317351f5b0 100644 --- a/arm/Microsoft.ApiManagement/service/products/deploy.bicep +++ b/arm/Microsoft.ApiManagement/service/products/deploy.bicep @@ -36,11 +36,11 @@ module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { params: {} } -resource service 'Microsoft.ApiManagement/service@2021-04-01-preview' existing = { +resource service 'Microsoft.ApiManagement/service@2021-08-01' existing = { name: apiManagementServiceName } -resource product 'Microsoft.ApiManagement/service/products@2020-06-01-preview' = { +resource product 'Microsoft.ApiManagement/service/products@2021-08-01' = { name: name parent: service properties: { diff --git a/arm/Microsoft.ApiManagement/service/products/groups/deploy.bicep b/arm/Microsoft.ApiManagement/service/products/groups/deploy.bicep index 37d1ddc071..8a61338bef 100644 --- a/arm/Microsoft.ApiManagement/service/products/groups/deploy.bicep +++ b/arm/Microsoft.ApiManagement/service/products/groups/deploy.bicep @@ -15,7 +15,7 @@ module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { params: {} } -resource service 'Microsoft.ApiManagement/service@2021-04-01-preview' existing = { +resource service 'Microsoft.ApiManagement/service@2021-08-01' existing = { name: apiManagementServiceName resource product 'products@2021-04-01-preview' existing = { @@ -23,7 +23,7 @@ resource service 'Microsoft.ApiManagement/service@2021-04-01-preview' existing = } } -resource group 'Microsoft.ApiManagement/service/products/groups@2020-06-01-preview' = { +resource group 'Microsoft.ApiManagement/service/products/groups@2021-08-01' = { name: name parent: service::product } diff --git a/arm/Microsoft.ApiManagement/service/products/groups/readme.md b/arm/Microsoft.ApiManagement/service/products/groups/readme.md index a568fbe3c7..247b3edd54 100644 --- a/arm/Microsoft.ApiManagement/service/products/groups/readme.md +++ b/arm/Microsoft.ApiManagement/service/products/groups/readme.md @@ -6,7 +6,7 @@ This module deploys API Management Service Product Groups. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.ApiManagement/service/products/groups` | 2020-06-01-preview | +| `Microsoft.ApiManagement/service/products/groups` | 2021-08-01 | ## Parameters @@ -27,4 +27,4 @@ This module deploys API Management Service Product Groups. ## Template references -- [Service/Products/Groups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-06-01-preview/service/products/groups) +- [Service/Products/Groups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/products/groups) diff --git a/arm/Microsoft.ApiManagement/service/products/readme.md b/arm/Microsoft.ApiManagement/service/products/readme.md index 3cc6a639ba..d2c6a186b5 100644 --- a/arm/Microsoft.ApiManagement/service/products/readme.md +++ b/arm/Microsoft.ApiManagement/service/products/readme.md @@ -6,9 +6,9 @@ This module deploys API Management Service Products. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.ApiManagement/service/products` | 2020-06-01-preview | -| `Microsoft.ApiManagement/service/products/apis` | 2020-06-01-preview | -| `Microsoft.ApiManagement/service/products/groups` | 2020-06-01-preview | +| `Microsoft.ApiManagement/service/products` | 2021-08-01 | +| `Microsoft.ApiManagement/service/products/apis` | 2021-08-01 | +| `Microsoft.ApiManagement/service/products/groups` | 2021-08-01 | ### Resource dependency @@ -44,6 +44,6 @@ The following resources are required to be able to deploy this resource. ## Template references -- [Service/Products](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-06-01-preview/service/products) -- [Service/Products/Apis](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-06-01-preview/service/products/apis) -- [Service/Products/Groups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-06-01-preview/service/products/groups) +- [Service/Products](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/products) +- [Service/Products/Apis](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/products/apis) +- [Service/Products/Groups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/products/groups) diff --git a/arm/Microsoft.ApiManagement/service/readme.md b/arm/Microsoft.ApiManagement/service/readme.md index 36768ae46d..162b8be42d 100644 --- a/arm/Microsoft.ApiManagement/service/readme.md +++ b/arm/Microsoft.ApiManagement/service/readme.md @@ -6,23 +6,23 @@ This module deploys an API management service. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.ApiManagement/service` | 2020-12-01 | -| `Microsoft.ApiManagement/service/apis` | 2020-06-01-preview | -| `Microsoft.ApiManagement/service/apis/policies` | 2020-06-01-preview | -| `Microsoft.ApiManagement/service/apiVersionSets` | 2020-06-01-preview | -| `Microsoft.ApiManagement/service/authorizationServers` | 2020-06-01-preview | -| `Microsoft.ApiManagement/service/backends` | 2020-06-01-preview | -| `Microsoft.ApiManagement/service/caches` | 2020-06-01-preview | -| `Microsoft.ApiManagement/service/identityProviders` | 2020-06-01-preview | -| `Microsoft.ApiManagement/service/namedValues` | 2020-06-01-preview | -| `Microsoft.ApiManagement/service/policies` | 2020-06-01-preview | -| `Microsoft.ApiManagement/service/portalsettings` | 2019-12-01 | -| `Microsoft.ApiManagement/service/products` | 2020-06-01-preview | -| `Microsoft.ApiManagement/service/products/apis` | 2020-06-01-preview | -| `Microsoft.ApiManagement/service/products/groups` | 2020-06-01-preview | -| `Microsoft.ApiManagement/service/subscriptions` | 2020-06-01-preview | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.ApiManagement/service` | 2021-08-01 | +| `Microsoft.ApiManagement/service/apis` | 2021-08-01 | +| `Microsoft.ApiManagement/service/apis/policies` | 2021-08-01 | +| `Microsoft.ApiManagement/service/apiVersionSets` | 2021-08-01 | +| `Microsoft.ApiManagement/service/authorizationServers` | 2021-08-01 | +| `Microsoft.ApiManagement/service/backends` | 2021-08-01 | +| `Microsoft.ApiManagement/service/caches` | 2021-08-01 | +| `Microsoft.ApiManagement/service/identityProviders` | 2021-08-01 | +| `Microsoft.ApiManagement/service/namedValues` | 2021-08-01 | +| `Microsoft.ApiManagement/service/policies` | 2021-08-01 | +| `Microsoft.ApiManagement/service/portalsettings` | 2021-08-01 | +| `Microsoft.ApiManagement/service/products` | 2021-08-01 | +| `Microsoft.ApiManagement/service/products/apis` | 2021-08-01 | +| `Microsoft.ApiManagement/service/products/groups` | 2021-08-01 | +| `Microsoft.ApiManagement/service/subscriptions` | 2021-08-01 | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | ## Parameters @@ -38,12 +38,13 @@ This module deploys an API management service. | `certificates` | array | `[]` | | Optional. List of Certificates that need to be installed in the API Management service. Max supported certificates that can be installed is 10. | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | | `customProperties` | object | `{object}` | | Optional. Custom properties of the API Management service. | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `disableGateway` | bool | | | Optional. Property only valid for an API Management service deployed in multiple locations. This can be used to disable the gateway in master region. | | `enableClientCertificate` | bool | | | Optional. Property only meant to be used for Consumption SKU Service. This enforces a client certificate to be presented on each request to the gateway. This also enables the ability to authenticate the certificate in the policy on the gateway. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `hostnameConfigurations` | array | `[]` | | Optional. Custom hostname configuration of the API Management service. | | `identityProviders` | _[identityProviders](identityProviders/readme.md)_ array | `[]` | | Optional. Identity providers. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all Resources. | @@ -70,7 +71,6 @@ This module deploys an API management service. | `tags` | object | `{object}` | | Optional. Tags of the resource. | | `userAssignedIdentities` | object | `{object}` | | Optional. The ID(s) to assign to the resource. | | `virtualNetworkType` | string | `None` | `[None, External, Internal]` | Optional. The type of VPN in which API Management service needs to be configured in. None (Default Value) means the API Management service is not part of any Virtual Network, External means the API Management deployment is set up inside a Virtual Network having an internet Facing Endpoint, and Internal means that API Management deployment is setup inside a Virtual Network having an Intranet Facing Endpoint only. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | | `zones` | array | `[]` | | Optional. A list of availability zones denoting where the resource needs to come from. | ### Parameter Usage: `roleAssignments` @@ -153,19 +153,19 @@ You can specify multiple user assigned identities to a resource by providing add - ['service/portalsettings' Parent Documentation](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/service) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) -- [Service](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-12-01/service) -- [Service/Apis](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-06-01-preview/service/apis) -- [Service/Apis/Policies](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-06-01-preview/service/apis/policies) -- [Service/Apiversionsets](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-06-01-preview/service/apiVersionSets) -- [Service/Authorizationservers](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-06-01-preview/service/authorizationServers) -- [Service/Backends](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-06-01-preview/service/backends) -- [Service/Caches](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-06-01-preview/service/caches) -- [Service/Identityproviders](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-06-01-preview/service/identityProviders) -- [Service/Namedvalues](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-06-01-preview/service/namedValues) -- [Service/Policies](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-06-01-preview/service/policies) -- [Service/Products](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-06-01-preview/service/products) -- [Service/Products/Apis](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-06-01-preview/service/products/apis) -- [Service/Products/Groups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-06-01-preview/service/products/groups) -- [Service/Subscriptions](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-06-01-preview/service/subscriptions) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) +- [Service](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service) +- [Service/Apis](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/apis) +- [Service/Apis/Policies](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/apis/policies) +- [Service/Apiversionsets](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/apiVersionSets) +- [Service/Authorizationservers](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/authorizationServers) +- [Service/Backends](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/backends) +- [Service/Caches](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/caches) +- [Service/Identityproviders](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/identityProviders) +- [Service/Namedvalues](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/namedValues) +- [Service/Policies](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/policies) +- [Service/Products](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/products) +- [Service/Products/Apis](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/products/apis) +- [Service/Products/Groups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/products/groups) +- [Service/Subscriptions](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/subscriptions) diff --git a/arm/Microsoft.ApiManagement/service/subscriptions/deploy.bicep b/arm/Microsoft.ApiManagement/service/subscriptions/deploy.bicep index 8d719350b5..47fed49e8d 100644 --- a/arm/Microsoft.ApiManagement/service/subscriptions/deploy.bicep +++ b/arm/Microsoft.ApiManagement/service/subscriptions/deploy.bicep @@ -30,11 +30,11 @@ module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { params: {} } -resource service 'Microsoft.ApiManagement/service@2021-04-01-preview' existing = { +resource service 'Microsoft.ApiManagement/service@2021-08-01' existing = { name: apiManagementServiceName } -resource subscription 'Microsoft.ApiManagement/service/subscriptions@2020-06-01-preview' = { +resource subscription 'Microsoft.ApiManagement/service/subscriptions@2021-08-01' = { name: name parent: service properties: { diff --git a/arm/Microsoft.ApiManagement/service/subscriptions/readme.md b/arm/Microsoft.ApiManagement/service/subscriptions/readme.md index eeae901ec6..cd86527a4f 100644 --- a/arm/Microsoft.ApiManagement/service/subscriptions/readme.md +++ b/arm/Microsoft.ApiManagement/service/subscriptions/readme.md @@ -6,7 +6,7 @@ This module deploys API Management Subscriptions. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.ApiManagement/service/subscriptions` | 2020-06-01-preview | +| `Microsoft.ApiManagement/service/subscriptions` | 2021-08-01 | ### Resource dependency @@ -38,4 +38,4 @@ The following resources are required to be able to deploy this resource. ## Template references -- [Service/Subscriptions](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2020-06-01-preview/service/subscriptions) +- [Service/Subscriptions](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/subscriptions) diff --git a/arm/Microsoft.Authorization/policyAssignments/.bicep/nested_policyAssignments_mg.bicep b/arm/Microsoft.Authorization/policyAssignments/.bicep/nested_policyAssignments_mg.bicep index 926ec3a71c..bf89f8048d 100644 --- a/arm/Microsoft.Authorization/policyAssignments/.bicep/nested_policyAssignments_mg.bicep +++ b/arm/Microsoft.Authorization/policyAssignments/.bicep/nested_policyAssignments_mg.bicep @@ -72,7 +72,7 @@ resource policyAssignment 'Microsoft.Authorization/policyAssignments@2021-06-01' identity: identity_var } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for roleDefinitionId in roleDefinitionIds: if (!empty(roleDefinitionIds) && identity != 'None') { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for roleDefinitionId in roleDefinitionIds: if (!empty(roleDefinitionIds) && identity != 'None') { name: guid(managementGroupId, roleDefinitionId, location, name) properties: { roleDefinitionId: roleDefinitionId diff --git a/arm/Microsoft.Authorization/policyAssignments/.bicep/nested_policyAssignments_rg.bicep b/arm/Microsoft.Authorization/policyAssignments/.bicep/nested_policyAssignments_rg.bicep index 5d91063b93..b71054156d 100644 --- a/arm/Microsoft.Authorization/policyAssignments/.bicep/nested_policyAssignments_rg.bicep +++ b/arm/Microsoft.Authorization/policyAssignments/.bicep/nested_policyAssignments_rg.bicep @@ -75,7 +75,7 @@ resource policyAssignment 'Microsoft.Authorization/policyAssignments@2021-06-01' identity: identity_var } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for roleDefinitionId in roleDefinitionIds: if (!empty(roleDefinitionIds) && identity != 'None') { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for roleDefinitionId in roleDefinitionIds: if (!empty(roleDefinitionIds) && identity != 'None') { name: guid(subscriptionId, resourceGroupName, roleDefinitionId, location, name) properties: { roleDefinitionId: roleDefinitionId diff --git a/arm/Microsoft.Authorization/policyAssignments/.bicep/nested_policyAssignments_sub.bicep b/arm/Microsoft.Authorization/policyAssignments/.bicep/nested_policyAssignments_sub.bicep index 4b7d583dc3..d1ff81664a 100644 --- a/arm/Microsoft.Authorization/policyAssignments/.bicep/nested_policyAssignments_sub.bicep +++ b/arm/Microsoft.Authorization/policyAssignments/.bicep/nested_policyAssignments_sub.bicep @@ -72,7 +72,7 @@ resource policyAssignment 'Microsoft.Authorization/policyAssignments@2021-06-01' identity: identity_var } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for roleDefinitionId in roleDefinitionIds: if (!empty(roleDefinitionIds) && identity != 'None') { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for roleDefinitionId in roleDefinitionIds: if (!empty(roleDefinitionIds) && identity != 'None') { name: guid(subscriptionId, roleDefinitionId, location, name) properties: { roleDefinitionId: roleDefinitionId diff --git a/arm/Microsoft.Authorization/policyAssignments/readme.md b/arm/Microsoft.Authorization/policyAssignments/readme.md index 2d892371bf..9186cc3142 100644 --- a/arm/Microsoft.Authorization/policyAssignments/readme.md +++ b/arm/Microsoft.Authorization/policyAssignments/readme.md @@ -5,7 +5,7 @@ | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/policyAssignments` | 2021-06-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | ## Parameters @@ -75,4 +75,4 @@ To deploy resource to a Resource Group, provide the `subscriptionId` and `resour ## Template references - [Policyassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-06-01/policyAssignments) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Authorization/roleAssignments/readme.md b/arm/Microsoft.Authorization/roleAssignments/readme.md index 85d6286130..4aea529f47 100644 --- a/arm/Microsoft.Authorization/roleAssignments/readme.md +++ b/arm/Microsoft.Authorization/roleAssignments/readme.md @@ -14,12 +14,12 @@ This module deploys Role Assignments. | :-- | :-- | :-- | :-- | :-- | | `condition` | string | | | Optional. The conditions on the role assignment. This limits the resources it can be assigned to | | `conditionVersion` | string | `2.0` | `[2.0]` | Optional. Version of the condition. Currently accepted value is "2.0" | -| `delegatedManagedIdentityResourceId` | string | | | Optional. ID of the delegated managed identity resource | +| `delegatedManagedIdentityResourceId` | string | | | Optional. Id of the delegated managed identity resource | | `description` | string | | | Optional. Description of role assignment | | `location` | string | `[deployment().location]` | | Optional. Location for all resources. | | `managementGroupId` | string | | | Optional. Group ID of the Management Group to assign the RBAC role to. If no Subscription is provided, the module deploys at management group level, therefore assigns the provided RBAC role to the management group. | | `principalId` | string | | | Required. The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity) | -| `principalType` | string | '' | `[ServicePrincipal, Group, User, ForeignGroup, Device, ]` | Optional. The principal type of the assigned principal ID. | +| `principalType` | string | | `[ServicePrincipal, Group, User, ForeignGroup, Device, ]` | Optional. The principal type of the assigned principal ID. | | `resourceGroupName` | string | | | Optional. Name of the Resource Group to assign the RBAC role to. If no Resource Group name is provided, and Subscription ID is provided, the module deploys at subscription level, therefore assigns the provided RBAC role to the subscription. | | `roleDefinitionIdOrName` | string | | | Required. You can provide either the display name of the role definition, or it's fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' | | `subscriptionId` | string | | | Optional. Subscription ID of the subscription to assign the RBAC role to. If no Resource Group name is provided, the module deploys at subscription level, therefore assigns the provided RBAC role to the subscription. | @@ -75,4 +75,4 @@ This module can be deployed at the management group, subscription or resource gr ## Template references -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-08-01-preview/roleAssignments) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Automanage/accounts/deploy.bicep b/arm/Microsoft.Automanage/accounts/deploy.bicep index a03fa62b1e..804388736e 100644 --- a/arm/Microsoft.Automanage/accounts/deploy.bicep +++ b/arm/Microsoft.Automanage/accounts/deploy.bicep @@ -42,7 +42,7 @@ module autoManageAccount '.bicep/nested_autoManageAccount.bicep' = { } } -resource autoManageAccount_permissions_contributor 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = { +resource autoManageAccount_permissions_contributor 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = { name: guid(autoManageAccountResourceGroupName, name, contributor) properties: { roleDefinitionId: contributor @@ -51,7 +51,7 @@ resource autoManageAccount_permissions_contributor 'Microsoft.Authorization/role } } -resource autoManageAccount_permissions_resourcePolicyContributor 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = { +resource autoManageAccount_permissions_resourcePolicyContributor 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = { name: guid(autoManageAccountResourceGroupName, name, resourcePolicyContributor) properties: { roleDefinitionId: resourcePolicyContributor diff --git a/arm/Microsoft.Automanage/accounts/readme.md b/arm/Microsoft.Automanage/accounts/readme.md index c6f108b5cf..8c98e2d856 100644 --- a/arm/Microsoft.Automanage/accounts/readme.md +++ b/arm/Microsoft.Automanage/accounts/readme.md @@ -6,7 +6,7 @@ This module deploys an Automanage account and associates VM with it. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Automanage/accounts` | 2020-06-30-preview | | `Microsoft.Compute/virtualMachines/providers/configurationProfileAssignments` | 2020-06-30-preview | @@ -33,3 +33,4 @@ This module deploys an Automanage account and associates VM with it. ## Template references - [Define resources with Bicep and ARM templates](https://docs.microsoft.com/en-us/azure/templates) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Automation/automationAccounts/.bicep/nested_rbac.bicep b/arm/Microsoft.Automation/automationAccounts/.bicep/nested_rbac.bicep index e3fc0d678b..777f9d3bdb 100644 --- a/arm/Microsoft.Automation/automationAccounts/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Automation/automationAccounts/.bicep/nested_rbac.bicep @@ -26,7 +26,7 @@ resource automationAccount 'Microsoft.Automation/automationAccounts@2020-01-13-p name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(automationAccount.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Automation/automationAccounts/.parameters/parameters.json b/arm/Microsoft.Automation/automationAccounts/.parameters/parameters.json index 6f6d051c8e..02453bacd6 100644 --- a/arm/Microsoft.Automation/automationAccounts/.parameters/parameters.json +++ b/arm/Microsoft.Automation/automationAccounts/.parameters/parameters.json @@ -179,13 +179,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.Automation/automationAccounts/deploy.bicep b/arm/Microsoft.Automation/automationAccounts/deploy.bicep index 129545abfb..9475b11329 100644 --- a/arm/Microsoft.Automation/automationAccounts/deploy.bicep +++ b/arm/Microsoft.Automation/automationAccounts/deploy.bicep @@ -46,14 +46,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @description('Optional. Enables system assigned managed identity on the resource.') param systemAssignedIdentity bool = false @@ -287,7 +287,7 @@ module automationAccount_softwareUpdateConfigurations 'softwareUpdateConfigurati ] }] -resource automationAccount_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource automationAccount_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${automationAccount.name}-AutoAccount-${lock}-lock' properties: { level: lock @@ -296,13 +296,13 @@ resource automationAccount_lock 'Microsoft.Authorization/locks@2016-09-01' = if scope: automationAccount } -resource automationAccount_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource automationAccount_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${automationAccount.name}-AutoAccount-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } diff --git a/arm/Microsoft.Automation/automationAccounts/readme.md b/arm/Microsoft.Automation/automationAccounts/readme.md index dde5a5471d..5b18f63cff 100644 --- a/arm/Microsoft.Automation/automationAccounts/readme.md +++ b/arm/Microsoft.Automation/automationAccounts/readme.md @@ -6,8 +6,8 @@ This module deploys an Azure Automation Account. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Automation/automationAccounts` | 2020-01-13-preview | | `Microsoft.Automation/automationAccounts/jobSchedules` | 2020-01-13-preview | | `Microsoft.Automation/automationAccounts/modules` | 2020-01-13-preview | @@ -26,10 +26,11 @@ This module deploys an Azure Automation Account. | Parameter Name | Type | Default Value | Possible Values | Description | | :-- | :-- | :-- | :-- | :-- | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered. | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `gallerySolutions` | array | `[]` | | Optional. List of gallerySolutions to be created in the linked log analytics workspace | | `jobSchedules` | _[jobSchedules](jobSchedules/readme.md)_ array | `[]` | | Optional. List of jobSchedules to be created in the automation account. | | `linkedWorkspaceId` | string | | | Optional. ID of the log analytics workspace to be linked to the deployed automation account. | @@ -49,7 +50,6 @@ This module deploys an Azure Automation Account. | `tags` | object | `{object}` | | Optional. Tags of the Automation Account resource. | | `userAssignedIdentities` | object | `{object}` | | Optional. The ID(s) to assign to the resource. | | `variables` | _[variables](variables/readme.md)_ array | `[]` | | Optional. List of variables to be created in the automation account. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ### Parameter Usage: `privateEndpoints` @@ -150,8 +150,6 @@ You can specify multiple user assigned identities to a resource by providing add ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Automationaccounts](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Automation/2020-01-13-preview/automationAccounts) - [Automationaccounts/Jobschedules](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Automation/2020-01-13-preview/automationAccounts/jobSchedules) - [Automationaccounts/Modules](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Automation/2020-01-13-preview/automationAccounts/modules) @@ -160,7 +158,9 @@ You can specify multiple user assigned identities to a resource by providing add - [Automationaccounts/Softwareupdateconfigurations](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Automation/2019-06-01/automationAccounts/softwareUpdateConfigurations) - [Automationaccounts/Variables](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Automation/2020-01-13-preview/automationAccounts/variables) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) - [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/privateEndpoints) - [Privateendpoints/Privatednszonegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/privateEndpoints/privateDnsZoneGroups) -- [Workspaces/Linkedservices](https://docs.microsoft.com/en-us/azure/templates/Microsoft.OperationalInsights/2020-03-01-preview/workspaces/linkedServices) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Solutions](https://docs.microsoft.com/en-us/azure/templates/Microsoft.OperationsManagement/2015-11-01-preview/solutions) +- [Workspaces/Linkedservices](https://docs.microsoft.com/en-us/azure/templates/Microsoft.OperationalInsights/2020-03-01-preview/workspaces/linkedServices) diff --git a/arm/Microsoft.Batch/batchAccounts/.parameters/parameters.json b/arm/Microsoft.Batch/batchAccounts/.parameters/parameters.json index 76345bc5e7..825a4f3487 100644 --- a/arm/Microsoft.Batch/batchAccounts/.parameters/parameters.json +++ b/arm/Microsoft.Batch/batchAccounts/.parameters/parameters.json @@ -11,13 +11,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.Batch/batchAccounts/deploy.bicep b/arm/Microsoft.Batch/batchAccounts/deploy.bicep index fa5473dcff..ebb82d1d19 100644 --- a/arm/Microsoft.Batch/batchAccounts/deploy.bicep +++ b/arm/Microsoft.Batch/batchAccounts/deploy.bicep @@ -12,14 +12,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @allowed([ 'CanNotDelete' @@ -82,7 +82,7 @@ resource batchAccount 'Microsoft.Batch/batchAccounts@2020-09-01' = { properties: {} } -resource batchAccount_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource batchAccount_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${batchAccount.name}-${lock}-lock' properties: { level: lock @@ -91,13 +91,13 @@ resource batchAccount_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock scope: batchAccount } -resource batchAccount_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource batchAccount_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${batchAccount.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } diff --git a/arm/Microsoft.Batch/batchAccounts/readme.md b/arm/Microsoft.Batch/batchAccounts/readme.md index 2826f2f295..e8110071a9 100644 --- a/arm/Microsoft.Batch/batchAccounts/readme.md +++ b/arm/Microsoft.Batch/batchAccounts/readme.md @@ -4,7 +4,7 @@ | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | +| `Microsoft.Authorization/locks` | 2020-05-01 | | `Microsoft.Batch/batchAccounts` | 2020-09-01 | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | @@ -13,17 +13,17 @@ | Parameter Name | Type | Default Value | Possible Values | Description | | :-- | :-- | :-- | :-- | :-- | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all Resources. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | | `logsToEnable` | array | `[ServiceLog]` | `[ServiceLog]` | Optional. The name of logs that will be streamed. | | `metricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | Optional. The name of metrics that will be streamed. | | `name` | string | | | Required. Name of the Azure Batch | | `tags` | object | `{object}` | | Optional. Tags of the resource. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ### Parameter Usage: `tags` @@ -52,6 +52,6 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) - [Batchaccounts](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Batch/2020-09-01/batchAccounts) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) diff --git a/arm/Microsoft.CognitiveServices/accounts/.bicep/nested_rbac.bicep b/arm/Microsoft.CognitiveServices/accounts/.bicep/nested_rbac.bicep index ea7010c59c..fa64b26cba 100644 --- a/arm/Microsoft.CognitiveServices/accounts/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.CognitiveServices/accounts/.bicep/nested_rbac.bicep @@ -39,7 +39,7 @@ resource account 'Microsoft.CognitiveServices/accounts@2017-04-18' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(account.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.CognitiveServices/accounts/.parameters/parameters.json b/arm/Microsoft.CognitiveServices/accounts/.parameters/parameters.json index 95e624f030..11eaf061d1 100644 --- a/arm/Microsoft.CognitiveServices/accounts/.parameters/parameters.json +++ b/arm/Microsoft.CognitiveServices/accounts/.parameters/parameters.json @@ -38,13 +38,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.CognitiveServices/accounts/deploy.bicep b/arm/Microsoft.CognitiveServices/accounts/deploy.bicep index 372ea25cb7..c2761c7109 100644 --- a/arm/Microsoft.CognitiveServices/accounts/deploy.bicep +++ b/arm/Microsoft.CognitiveServices/accounts/deploy.bicep @@ -61,14 +61,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @description('Optional. Subdomain name used for token-based authentication. Required if \'networkAcls\' are set.') param customSubDomainName string = '' @@ -180,7 +180,7 @@ resource cognitiveServices 'Microsoft.CognitiveServices/accounts@2017-04-18' = { } } -resource cognitiveServices_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource cognitiveServices_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${cognitiveServices.name}-${lock}-lock' properties: { level: lock @@ -189,13 +189,13 @@ resource cognitiveServices_lock 'Microsoft.Authorization/locks@2016-09-01' = if scope: cognitiveServices } -resource cognitiveServices_diagnosticSettingName 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = { +resource cognitiveServices_diagnosticSettingName 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${cognitiveServices.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } diff --git a/arm/Microsoft.CognitiveServices/accounts/readme.md b/arm/Microsoft.CognitiveServices/accounts/readme.md index 39266f085c..e7c7d1f82a 100644 --- a/arm/Microsoft.CognitiveServices/accounts/readme.md +++ b/arm/Microsoft.CognitiveServices/accounts/readme.md @@ -6,8 +6,8 @@ This module deploys different kinds of cognitive services resources | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.CognitiveServices/accounts` | 2017-04-18 | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Network/privateEndpoints` | 2021-05-01 | @@ -19,10 +19,11 @@ This module deploys different kinds of cognitive services resources | :-- | :-- | :-- | :-- | :-- | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | | `customSubDomainName` | string | | | Optional. Subdomain name used for token-based authentication. Required if 'networkAcls' are set. | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `kind` | string | | `[AnomalyDetector, Bing.Autosuggest.v7, Bing.CustomSearch, Bing.EntitySearch, Bing.Search.v7, Bing.SpellCheck.v7, CognitiveServices, ComputerVision, ContentModerator, CustomVision.Prediction, CustomVision.Training, Face, FormRecognizer, ImmersiveReader, Internal.AllInOne, LUIS, LUIS.Authoring, Personalizer, QnAMaker, SpeechServices, TextAnalytics, TextTranslation]` | Required. Kind of the Cognitive Services. Use 'Get-AzCognitiveServicesAccountSku' to determine a valid combinations of 'kind' and 'sku' for your Azure region. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all Resources. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | @@ -37,7 +38,6 @@ This module deploys different kinds of cognitive services resources | `systemAssignedIdentity` | bool | | | Optional. Enables system assigned managed identity on the resource. | | `tags` | object | `{object}` | | Optional. Tags of the resource. | | `userAssignedIdentities` | object | `{object}` | | Optional. The ID(s) to assign to the resource. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ### Parameter Usage: `privateEndpoints` @@ -202,7 +202,7 @@ You can specify multiple user assigned identities to a resource by providing add - [Accounts](https://docs.microsoft.com/en-us/azure/templates/Microsoft.CognitiveServices/2017-04-18/accounts) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/privateEndpoints) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints) - [Privateendpoints/Privatednszonegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/privateEndpoints/privateDnsZoneGroups) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Compute/availabilitySets/.bicep/nested_rbac.bicep b/arm/Microsoft.Compute/availabilitySets/.bicep/nested_rbac.bicep index cd69291972..028ee46c65 100644 --- a/arm/Microsoft.Compute/availabilitySets/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Compute/availabilitySets/.bicep/nested_rbac.bicep @@ -30,7 +30,7 @@ resource availabilitySet 'Microsoft.Compute/availabilitySets@2021-04-01' existin name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(availabilitySet.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Compute/availabilitySets/deploy.bicep b/arm/Microsoft.Compute/availabilitySets/deploy.bicep index 687c53f292..a56225846a 100644 --- a/arm/Microsoft.Compute/availabilitySets/deploy.bicep +++ b/arm/Microsoft.Compute/availabilitySets/deploy.bicep @@ -52,7 +52,7 @@ resource availabilitySet 'Microsoft.Compute/availabilitySets@2021-04-01' = { } } -resource availabilitySet_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource availabilitySet_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${availabilitySet.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Compute/availabilitySets/readme.md b/arm/Microsoft.Compute/availabilitySets/readme.md index 406434f7e9..ceedd94101 100644 --- a/arm/Microsoft.Compute/availabilitySets/readme.md +++ b/arm/Microsoft.Compute/availabilitySets/readme.md @@ -6,8 +6,8 @@ This template deploys an availability set | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Compute/availabilitySets` | 2021-04-01 | ## Parameters @@ -74,6 +74,6 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Availabilitysets](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Compute/2021-04-01/availabilitySets) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Compute/diskEncryptionSets/.bicep/nested_rbac.bicep b/arm/Microsoft.Compute/diskEncryptionSets/.bicep/nested_rbac.bicep index 08aafffc1f..8528dbddad 100644 --- a/arm/Microsoft.Compute/diskEncryptionSets/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Compute/diskEncryptionSets/.bicep/nested_rbac.bicep @@ -28,7 +28,7 @@ resource diskEncryptionSet 'Microsoft.Compute/diskEncryptionSets@2020-12-01' exi name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(diskEncryptionSet.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Compute/diskEncryptionSets/readme.md b/arm/Microsoft.Compute/diskEncryptionSets/readme.md index e656a38f7a..564d13bf55 100644 --- a/arm/Microsoft.Compute/diskEncryptionSets/readme.md +++ b/arm/Microsoft.Compute/diskEncryptionSets/readme.md @@ -6,7 +6,7 @@ This template deploys a disk encryption set. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Compute/diskEncryptionSets` | 2021-04-01 | | `Microsoft.KeyVault/vaults/accessPolicies` | 2021-06-01-preview | @@ -76,5 +76,5 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references - [Diskencryptionsets](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Compute/2021-04-01/diskEncryptionSets) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Vaults/Accesspolicies](https://docs.microsoft.com/en-us/azure/templates/Microsoft.KeyVault/2021-06-01-preview/vaults/accessPolicies) diff --git a/arm/Microsoft.Compute/galleries/.bicep/nested_rbac.bicep b/arm/Microsoft.Compute/galleries/.bicep/nested_rbac.bicep index 4d4229022f..18ddea9d6e 100644 --- a/arm/Microsoft.Compute/galleries/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Compute/galleries/.bicep/nested_rbac.bicep @@ -24,7 +24,7 @@ resource gallery 'Microsoft.Compute/galleries@2020-09-30' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(gallery.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Compute/galleries/deploy.bicep b/arm/Microsoft.Compute/galleries/deploy.bicep index fa4d9e153f..e2ace83fc3 100644 --- a/arm/Microsoft.Compute/galleries/deploy.bicep +++ b/arm/Microsoft.Compute/galleries/deploy.bicep @@ -43,7 +43,7 @@ resource gallery 'Microsoft.Compute/galleries@2020-09-30' = { } } -resource gallery_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource gallery_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${gallery.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Compute/galleries/images/.bicep/nested_rbac.bicep b/arm/Microsoft.Compute/galleries/images/.bicep/nested_rbac.bicep index 69963ace28..537bc8351f 100644 --- a/arm/Microsoft.Compute/galleries/images/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Compute/galleries/images/.bicep/nested_rbac.bicep @@ -26,7 +26,7 @@ resource galleryImage 'Microsoft.Compute/galleries/images@2020-09-30' existing = name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}' } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(galleryImage.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Compute/galleries/images/readme.md b/arm/Microsoft.Compute/galleries/images/readme.md index 4833596125..9cddb56a9c 100644 --- a/arm/Microsoft.Compute/galleries/images/readme.md +++ b/arm/Microsoft.Compute/galleries/images/readme.md @@ -6,7 +6,7 @@ This module deploys an Image Definition in a Shared Image Gallery. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Compute/galleries/images` | 2020-09-30 | ## Parameters @@ -88,5 +88,5 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Galleries/Images](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Compute/2020-09-30/galleries/images) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Compute/galleries/readme.md b/arm/Microsoft.Compute/galleries/readme.md index f6ba72ccf3..b390a1a7b7 100644 --- a/arm/Microsoft.Compute/galleries/readme.md +++ b/arm/Microsoft.Compute/galleries/readme.md @@ -6,8 +6,8 @@ This module deploys an Azure compute gallery (formerly known as shared image gal | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Compute/galleries` | 2020-09-30 | | `Microsoft.Compute/galleries/images` | 2020-09-30 | @@ -73,7 +73,7 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Galleries](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Compute/2020-09-30/galleries) - [Galleries/Images](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Compute/2020-09-30/galleries/images) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Compute/images/.bicep/nested_rbac.bicep b/arm/Microsoft.Compute/images/.bicep/nested_rbac.bicep index 3d2047d90d..aa3a3fa030 100644 --- a/arm/Microsoft.Compute/images/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Compute/images/.bicep/nested_rbac.bicep @@ -26,7 +26,7 @@ resource image 'Microsoft.Compute/images@2021-04-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(image.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Compute/images/readme.md b/arm/Microsoft.Compute/images/readme.md index 281408871f..87adf5b488 100644 --- a/arm/Microsoft.Compute/images/readme.md +++ b/arm/Microsoft.Compute/images/readme.md @@ -6,7 +6,7 @@ This module deploys a compute image. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Compute/images` | 2021-04-01 | ## Parameters @@ -74,5 +74,5 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Images](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Compute/2021-04-01/images) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Compute/proximityPlacementGroups/.bicep/nested_rbac.bicep b/arm/Microsoft.Compute/proximityPlacementGroups/.bicep/nested_rbac.bicep index 044d27fba1..b4f7f380f7 100644 --- a/arm/Microsoft.Compute/proximityPlacementGroups/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Compute/proximityPlacementGroups/.bicep/nested_rbac.bicep @@ -28,7 +28,7 @@ resource proximityPlacementGroup 'Microsoft.Compute/proximityPlacementGroups@202 name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(proximityPlacementGroup.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Compute/proximityPlacementGroups/deploy.bicep b/arm/Microsoft.Compute/proximityPlacementGroups/deploy.bicep index 152fa60727..45872a39d5 100644 --- a/arm/Microsoft.Compute/proximityPlacementGroups/deploy.bicep +++ b/arm/Microsoft.Compute/proximityPlacementGroups/deploy.bicep @@ -42,7 +42,7 @@ resource proximityPlacementGroup 'Microsoft.Compute/proximityPlacementGroups@202 } } -resource proximityPlacementGroup_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource proximityPlacementGroup_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${proximityPlacementGroup.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Compute/proximityPlacementGroups/readme.md b/arm/Microsoft.Compute/proximityPlacementGroups/readme.md index 1174bfa2a2..bd3ca412ee 100644 --- a/arm/Microsoft.Compute/proximityPlacementGroups/readme.md +++ b/arm/Microsoft.Compute/proximityPlacementGroups/readme.md @@ -6,8 +6,8 @@ This template deploys a proximity placement group. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Compute/proximityPlacementGroups` | 2021-04-01 | ## Parameters @@ -71,6 +71,6 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) - [Proximityplacementgroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Compute/2021-04-01/proximityPlacementGroups) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Compute/virtualMachineScaleSets/.bicep/nested_rbac.bicep b/arm/Microsoft.Compute/virtualMachineScaleSets/.bicep/nested_rbac.bicep index 2ed8626ec1..6648bea369 100644 --- a/arm/Microsoft.Compute/virtualMachineScaleSets/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Compute/virtualMachineScaleSets/.bicep/nested_rbac.bicep @@ -29,7 +29,7 @@ resource vmss 'Microsoft.Compute/virtualMachineScaleSets@2021-04-01' existing = name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(vmss.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Compute/virtualMachineScaleSets/.parameters/linux.parameters.json b/arm/Microsoft.Compute/virtualMachineScaleSets/.parameters/linux.parameters.json index 6ca806d437..b829b040df 100644 --- a/arm/Microsoft.Compute/virtualMachineScaleSets/.parameters/linux.parameters.json +++ b/arm/Microsoft.Compute/virtualMachineScaleSets/.parameters/linux.parameters.json @@ -126,13 +126,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" }, "extensionMonitoringAgentConfig": { diff --git a/arm/Microsoft.Compute/virtualMachineScaleSets/.parameters/windows.parameters.json b/arm/Microsoft.Compute/virtualMachineScaleSets/.parameters/windows.parameters.json index 36313da733..12c52507fd 100644 --- a/arm/Microsoft.Compute/virtualMachineScaleSets/.parameters/windows.parameters.json +++ b/arm/Microsoft.Compute/virtualMachineScaleSets/.parameters/windows.parameters.json @@ -97,13 +97,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" }, "extensionAntiMalwareConfig": { diff --git a/arm/Microsoft.Compute/virtualMachineScaleSets/deploy.bicep b/arm/Microsoft.Compute/virtualMachineScaleSets/deploy.bicep index 6b4f7f5d5c..ce34cf8c91 100644 --- a/arm/Microsoft.Compute/virtualMachineScaleSets/deploy.bicep +++ b/arm/Microsoft.Compute/virtualMachineScaleSets/deploy.bicep @@ -93,6 +93,9 @@ param extensionMonitoringAgentConfig object = { enabled: false } +@description('Optional. Resource ID of the monitoring log analytics workspace.') +param monitoringWorkspaceId string = '' + @description('Optional. The configuration for the [Dependency Agent] extension. Must at least contain the ["enabled": true] property to be executed') param extensionDependencyAgentConfig object = { enabled: false @@ -133,14 +136,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @allowed([ 'CanNotDelete' @@ -477,9 +480,9 @@ module vmss_microsoftAntiMalwareExtension 'extensions/deploy.bicep' = if (extens } } -resource vmss_logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2021-06-01' existing = if (!empty(workspaceId)) { - name: last(split(workspaceId, '/')) - scope: resourceGroup(split(workspaceId, '/')[2], split(workspaceId, '/')[4]) +resource vmss_logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2021-06-01' existing = if (!empty(monitoringWorkspaceId)) { + name: last(split(monitoringWorkspaceId, '/')) + scope: resourceGroup(split(monitoringWorkspaceId, '/')[2], split(monitoringWorkspaceId, '/')[4]) } module vmss_microsoftMonitoringAgentExtension 'extensions/deploy.bicep' = if (extensionMonitoringAgentConfig.enabled) { @@ -493,10 +496,10 @@ module vmss_microsoftMonitoringAgentExtension 'extensions/deploy.bicep' = if (ex autoUpgradeMinorVersion: contains(extensionMonitoringAgentConfig, 'autoUpgradeMinorVersion') ? extensionMonitoringAgentConfig.autoUpgradeMinorVersion : true enableAutomaticUpgrade: contains(extensionMonitoringAgentConfig, 'enableAutomaticUpgrade') ? extensionMonitoringAgentConfig.enableAutomaticUpgrade : false settings: { - workspaceId: !empty(workspaceId) ? reference(vmss_logAnalyticsWorkspace.id, vmss_logAnalyticsWorkspace.apiVersion).customerId : '' + workspaceId: !empty(monitoringWorkspaceId) ? reference(vmss_logAnalyticsWorkspace.id, vmss_logAnalyticsWorkspace.apiVersion).customerId : '' } protectedSettings: { - workspaceKey: !empty(workspaceId) ? vmss_logAnalyticsWorkspace.listKeys().primarySharedKey : '' + workspaceKey: !empty(monitoringWorkspaceId) ? vmss_logAnalyticsWorkspace.listKeys().primarySharedKey : '' } } } @@ -581,7 +584,7 @@ module vmss_diskEncryptionExtension 'extensions/deploy.bicep' = if (extensionDis ] } -resource vmss_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource vmss_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${vmss.name}-${lock}-lock' properties: { level: lock @@ -590,13 +593,13 @@ resource vmss_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'Not scope: vmss } -resource vmss_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource vmss_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${vmss.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics } scope: vmss diff --git a/arm/Microsoft.Compute/virtualMachineScaleSets/extensions/readme.md b/arm/Microsoft.Compute/virtualMachineScaleSets/extensions/readme.md index 49762c337c..ca786a0c28 100644 --- a/arm/Microsoft.Compute/virtualMachineScaleSets/extensions/readme.md +++ b/arm/Microsoft.Compute/virtualMachineScaleSets/extensions/readme.md @@ -31,7 +31,7 @@ This module deploys a virtual machine scale set extension. | :-- | :-- | :-- | | `extensionName` | string | The name of the extension | | `extensionResourceGroup` | string | The name of the Resource Group the extension was created in. | -| `extensionResourceId` | string | The resource ID of the extension | +| `extensionResourceId` | string | The ResourceId of the extension | ## Template references diff --git a/arm/Microsoft.Compute/virtualMachineScaleSets/readme.md b/arm/Microsoft.Compute/virtualMachineScaleSets/readme.md index b6c47d8e92..7fd3b799dd 100644 --- a/arm/Microsoft.Compute/virtualMachineScaleSets/readme.md +++ b/arm/Microsoft.Compute/virtualMachineScaleSets/readme.md @@ -6,8 +6,8 @@ This module deploys a virtual machine scale set. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Compute/proximityPlacementGroups` | 2021-04-01 | | `Microsoft.Compute/virtualMachineScaleSets` | 2021-04-01 | | `Microsoft.Compute/virtualMachineScaleSets/extensions` | 2021-07-01 | @@ -34,8 +34,11 @@ The following resources are required to be able to deploy this resource. | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | | `customData` | string | | | Optional. Custom data associated to the VM, this value will be automatically converted into base64 to account for the expected VM format. | | `dataDisks` | array | `[]` | | Optional. Specifies the data disks. | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `disableAutomaticRollback` | bool | | | Optional. Whether OS image rollback feature should be disabled. | | `disablePasswordAuthentication` | bool | | | Optional. Specifies whether password authentication should be disabled. | | `doNotRunExtensionsOnOverprovisionedVMs` | bool | | | Optional. When Overprovision is enabled, extensions are launched only on the requested number of VMs which are finally kept. This property will hence ensure that the extensions do not run on the extra overprovisioned VMs. | @@ -43,8 +46,6 @@ The following resources are required to be able to deploy this resource. | `enableAutomaticUpdates` | bool | `True` | | Optional. Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning. | | `enableEvictionPolicy` | bool | | | Optional. Specifies the eviction policy for the low priority virtual machine. Will result in 'Deallocate' eviction policy. | | `enableServerSideEncryption` | bool | | | Optional. Specifies if Windows VM disks should be encrypted with Server-side encryption + Customer managed Key. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `extensionAntiMalwareConfig` | object | `{object}` | | Optional. The configuration for the [Anti Malware] extension. Must at least contain the ["enabled": true] property to be executed | | `extensionCustomScriptConfig` | object | `{object}` | | Optional. The configuration for the [Custom Script] extension. Must at least contain the ["enabled": true] property to be executed | | `extensionDependencyAgentConfig` | object | `{object}` | | Optional. The configuration for the [Dependency Agent] extension. Must at least contain the ["enabled": true] property to be executed | @@ -64,6 +65,7 @@ The following resources are required to be able to deploy this resource. | `maxUnhealthyInstancePercent` | int | `20` | | Optional. The maximum percentage of the total virtual machine instances in the scale set that can be simultaneously unhealthy, either as a result of being upgraded, or by being found in an unhealthy state by the virtual machine health checks before the rolling upgrade aborts. This constraint will be checked prior to starting any batch | | `maxUnhealthyUpgradedInstancePercent` | int | `20` | | Optional. The maximum percentage of the total virtual machine instances in the scale set that can be simultaneously unhealthy, either as a result of being upgraded, or by being found in an unhealthy state by the virtual machine health checks before the rolling upgrade aborts. This constraint will be checked prior to starting any batch. | | `metricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | Optional. The name of metrics that will be streamed. | +| `monitoringWorkspaceId` | string | | | Optional. Resource ID of the monitoring log analytics workspace. | | `name` | string | | | Required. Name of the VMSS. | | `nicConfigurations` | array | `[]` | | Required. Configures NICs and PIPs. | | `osDisk` | object | | | Required. Specifies the OS disk. | @@ -93,7 +95,6 @@ The following resources are required to be able to deploy this resource. | `vmNamePrefix` | string | `vmssvm` | | Optional. Specifies the computer name prefix for all of the virtual machines in the scale set. | | `vmPriority` | string | `Regular` | `[Regular, Low, Spot]` | Optional. Specifies the priority for the virtual machine. | | `winRM` | object | `{object}` | | Optional. Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. - WinRMConfiguration object. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | | `zoneBalance` | bool | | | Optional. Whether to force strictly even Virtual Machine distribution cross x-zones in case there is zone outage. | #### Marketplace images @@ -422,9 +423,9 @@ You can specify multiple user assigned identities to a resource by providing add ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) - [Proximityplacementgroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Compute/2021-04-01/proximityPlacementGroups) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Virtualmachinescalesets](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Compute/2021-04-01/virtualMachineScaleSets) - [Virtualmachinescalesets/Extensions](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Compute/2021-07-01/virtualMachineScaleSets/extensions) -- [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) diff --git a/arm/Microsoft.Compute/virtualMachines/.bicep/nested_networkInterface.bicep b/arm/Microsoft.Compute/virtualMachines/.bicep/nested_networkInterface.bicep index 9ee9a5af2e..9a379fb2fb 100644 --- a/arm/Microsoft.Compute/virtualMachines/.bicep/nested_networkInterface.bicep +++ b/arm/Microsoft.Compute/virtualMachines/.bicep/nested_networkInterface.bicep @@ -10,9 +10,9 @@ param ipConfigurationArray array param lock string param diagnosticStorageAccountId string param diagnosticLogsRetentionInDays int -param workspaceId string -param eventHubAuthorizationRuleId string -param eventHubName string +param diagnosticWorkspaceId string +param diagnosticEventHubAuthorizationRuleId string +param diagnosticEventHubName string param pipMetricsToEnable array param pipLogsToEnable array param metricsToEnable array @@ -47,9 +47,9 @@ module networkInterface_publicIPConfigurations 'nested_networkInterface_publicIP location: location diagnosticStorageAccountId: diagnosticStorageAccountId diagnosticLogsRetentionInDays: diagnosticLogsRetentionInDays - workspaceId: workspaceId - eventHubAuthorizationRuleId: eventHubAuthorizationRuleId - eventHubName: eventHubName + diagnosticWorkspaceId: diagnosticWorkspaceId + diagnosticEventHubAuthorizationRuleId: diagnosticEventHubAuthorizationRuleId + diagnosticEventHubName: diagnosticEventHubName metricsToEnable: pipMetricsToEnable logsToEnable: pipLogsToEnable lock: lock @@ -94,13 +94,13 @@ resource networkInterface_lock 'Microsoft.Authorization/locks@2017-04-01' = if ( scope: networkInterface } -resource networkInterface_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource networkInterface_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${networkInterface.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics } scope: networkInterface diff --git a/arm/Microsoft.Compute/virtualMachines/.bicep/nested_networkInterface_publicIPAddress.bicep b/arm/Microsoft.Compute/virtualMachines/.bicep/nested_networkInterface_publicIPAddress.bicep index 19fa8f08e3..d523fb1a4d 100644 --- a/arm/Microsoft.Compute/virtualMachines/.bicep/nested_networkInterface_publicIPAddress.bicep +++ b/arm/Microsoft.Compute/virtualMachines/.bicep/nested_networkInterface_publicIPAddress.bicep @@ -6,9 +6,9 @@ param skuTier string param location string param diagnosticStorageAccountId string param diagnosticLogsRetentionInDays int -param workspaceId string -param eventHubAuthorizationRuleId string -param eventHubName string +param diagnosticWorkspaceId string +param diagnosticEventHubAuthorizationRuleId string +param diagnosticEventHubName string param metricsToEnable array param logsToEnable array param lock string @@ -61,13 +61,13 @@ resource publicIpAddress_lock 'Microsoft.Authorization/locks@2017-04-01' = if (l scope: publicIpAddress } -resource publicIpAddress_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource publicIpAddress_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${publicIpAddress.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } diff --git a/arm/Microsoft.Compute/virtualMachines/.bicep/nested_networkInterface_publicIPAddress_rbac.bicep b/arm/Microsoft.Compute/virtualMachines/.bicep/nested_networkInterface_publicIPAddress_rbac.bicep index 5168799fb6..f2d02c5cbb 100644 --- a/arm/Microsoft.Compute/virtualMachines/.bicep/nested_networkInterface_publicIPAddress_rbac.bicep +++ b/arm/Microsoft.Compute/virtualMachines/.bicep/nested_networkInterface_publicIPAddress_rbac.bicep @@ -30,7 +30,7 @@ resource publicIpAddress 'Microsoft.Network/publicIPAddresses@2021-03-01' existi name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(publicIpAddress.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Compute/virtualMachines/.bicep/nested_networkInterface_rbac.bicep b/arm/Microsoft.Compute/virtualMachines/.bicep/nested_networkInterface_rbac.bicep index b05abf98b9..01a40acca0 100644 --- a/arm/Microsoft.Compute/virtualMachines/.bicep/nested_networkInterface_rbac.bicep +++ b/arm/Microsoft.Compute/virtualMachines/.bicep/nested_networkInterface_rbac.bicep @@ -30,7 +30,7 @@ resource networkInterface 'Microsoft.Network/networkInterfaces@2021-03-01' exist name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(networkInterface.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Compute/virtualMachines/.bicep/nested_rbac.bicep b/arm/Microsoft.Compute/virtualMachines/.bicep/nested_rbac.bicep index 3e3e7db2f2..ef06824409 100644 --- a/arm/Microsoft.Compute/virtualMachines/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Compute/virtualMachines/.bicep/nested_rbac.bicep @@ -30,7 +30,7 @@ resource virtualMachine 'Microsoft.Compute/virtualMachines@2021-07-01' existing name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(virtualMachine.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Compute/virtualMachines/.parameters/linux.parameters.json b/arm/Microsoft.Compute/virtualMachines/.parameters/linux.parameters.json index 043cae89a6..1edbcc62f2 100644 --- a/arm/Microsoft.Compute/virtualMachines/.parameters/linux.parameters.json +++ b/arm/Microsoft.Compute/virtualMachines/.parameters/linux.parameters.json @@ -106,13 +106,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" }, "extensionMonitoringAgentConfig": { diff --git a/arm/Microsoft.Compute/virtualMachines/.parameters/windows.parameters.json b/arm/Microsoft.Compute/virtualMachines/.parameters/windows.parameters.json index 9567c9d797..98ff75d5fe 100644 --- a/arm/Microsoft.Compute/virtualMachines/.parameters/windows.parameters.json +++ b/arm/Microsoft.Compute/virtualMachines/.parameters/windows.parameters.json @@ -95,13 +95,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" }, "systemAssignedIdentity": { diff --git a/arm/Microsoft.Compute/virtualMachines/deploy.bicep b/arm/Microsoft.Compute/virtualMachines/deploy.bicep index 06ebfb7661..271b0729ce 100644 --- a/arm/Microsoft.Compute/virtualMachines/deploy.bicep +++ b/arm/Microsoft.Compute/virtualMachines/deploy.bicep @@ -162,6 +162,9 @@ param extensionMonitoringAgentConfig object = { enabled: false } +@description('Optional. Resource ID of the monitoring log analytics workspace.') +param monitoringWorkspaceId string = '' + @description('Optional. The configuration for the [Dependency Agent] extension. Must at least contain the ["enabled": true] property to be executed') param extensionDependencyAgentConfig object = { enabled: false @@ -200,14 +203,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @allowed([ 'CanNotDelete' @@ -317,9 +320,9 @@ module virtualMachine_nic '.bicep/nested_networkInterface.bicep' = [for (nicConf lock: lock diagnosticStorageAccountId: diagnosticStorageAccountId diagnosticLogsRetentionInDays: diagnosticLogsRetentionInDays - workspaceId: workspaceId - eventHubAuthorizationRuleId: eventHubAuthorizationRuleId - eventHubName: eventHubName + diagnosticWorkspaceId: diagnosticWorkspaceId + diagnosticEventHubAuthorizationRuleId: diagnosticEventHubAuthorizationRuleId + diagnosticEventHubName: diagnosticEventHubName metricsToEnable: nicMetricsToEnable pipMetricsToEnable: pipMetricsToEnable pipLogsToEnable: pipLogsToEnable @@ -436,9 +439,9 @@ module vm_microsoftAntiMalwareExtension 'extensions/deploy.bicep' = if (extensio } } -resource vm_logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2021-06-01' existing = if (!empty(workspaceId)) { - name: last(split(workspaceId, '/')) - scope: resourceGroup(split(workspaceId, '/')[2], split(workspaceId, '/')[4]) +resource vm_logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2021-06-01' existing = if (!empty(monitoringWorkspaceId)) { + name: last(split(monitoringWorkspaceId, '/')) + scope: resourceGroup(split(monitoringWorkspaceId, '/')[2], split(monitoringWorkspaceId, '/')[4]) } module vm_microsoftMonitoringAgentExtension 'extensions/deploy.bicep' = if (extensionMonitoringAgentConfig.enabled) { @@ -452,10 +455,10 @@ module vm_microsoftMonitoringAgentExtension 'extensions/deploy.bicep' = if (exte autoUpgradeMinorVersion: contains(extensionMonitoringAgentConfig, 'autoUpgradeMinorVersion') ? extensionMonitoringAgentConfig.autoUpgradeMinorVersion : true enableAutomaticUpgrade: contains(extensionMonitoringAgentConfig, 'enableAutomaticUpgrade') ? extensionMonitoringAgentConfig.enableAutomaticUpgrade : false settings: { - workspaceId: !empty(workspaceId) ? reference(vm_logAnalyticsWorkspace.id, vm_logAnalyticsWorkspace.apiVersion).customerId : '' + workspaceId: !empty(monitoringWorkspaceId) ? reference(vm_logAnalyticsWorkspace.id, vm_logAnalyticsWorkspace.apiVersion).customerId : '' } protectedSettings: { - workspaceKey: !empty(workspaceId) ? vm_logAnalyticsWorkspace.listKeys().primarySharedKey : '' + workspaceKey: !empty(monitoringWorkspaceId) ? vm_logAnalyticsWorkspace.listKeys().primarySharedKey : '' } } } diff --git a/arm/Microsoft.Compute/virtualMachines/readme.md b/arm/Microsoft.Compute/virtualMachines/readme.md index cc5c50b98e..3de2d18d09 100644 --- a/arm/Microsoft.Compute/virtualMachines/readme.md +++ b/arm/Microsoft.Compute/virtualMachines/readme.md @@ -7,7 +7,7 @@ This module deploys one Virtual Machine with one or multiple nics and optionally | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | 2017-04-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Compute/virtualMachines` | 2021-07-01 | | `Microsoft.Compute/virtualMachines/extensions` | 2021-07-01 | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | @@ -36,14 +36,15 @@ This module deploys one Virtual Machine with one or multiple nics and optionally | `customData` | string | | | Optional. Custom data associated to the VM, this value will be automatically converted into base64 to account for the expected VM format. | | `dataDisks` | array | `[]` | | Optional. Specifies the data disks. | | `dedicatedHostId` | string | | | Optional. Specifies resource ID about the dedicated host that the virtual machine resides in. | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `disablePasswordAuthentication` | bool | | | Optional. Specifies whether password authentication should be disabled. | | `enableAutomaticUpdates` | bool | `True` | | Optional. Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning. | | `enableEvictionPolicy` | bool | | | Optional. Specifies the eviction policy for the low priority virtual machine. Will result in 'Deallocate' eviction policy. | | `enableServerSideEncryption` | bool | | | Optional. Specifies if Windows VM disks should be encrypted with Server-side encryption + Customer managed Key. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `extensionAntiMalwareConfig` | object | `{object}` | | Optional. The configuration for the [Anti Malware] extension. Must at least contain the ["enabled": true] property to be executed | | `extensionCustomScriptConfig` | object | `{object}` | | Optional. The configuration for the [Custom Script] extension. Must at least contain the ["enabled": true] property to be executed | | `extensionDependencyAgentConfig` | object | `{object}` | | Optional. The configuration for the [Dependency Agent] extension. Must at least contain the ["enabled": true] property to be executed | @@ -58,6 +59,7 @@ This module deploys one Virtual Machine with one or multiple nics and optionally | `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | | `maxPriceForLowPriorityVm` | string | | | Optional. Specifies the maximum price you are willing to pay for a low priority VM/VMSS. This price is in US Dollars. | +| `monitoringWorkspaceId` | string | | | Optional. Resource ID of the monitoring log analytics workspace. | | `name` | string | `[take(toLower(uniqueString(resourceGroup().name)), 10)]` | | Optional. The name of the virtual machine to be created. You should use a unique prefix to reduce name collisions in Active Directory. If no value is provided, a 10 character long unique string will be generated based on the Resource Group's name. | | `nicConfigurations` | array | | | Required. Configures NICs and PIPs. | | `nicMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | Optional. The name of metrics that will be streamed. | @@ -81,7 +83,6 @@ This module deploys one Virtual Machine with one or multiple nics and optionally | `vmPriority` | string | `Regular` | `[Regular, Low, Spot]` | Optional. Specifies the priority for the virtual machine. | | `vmSize` | string | `Standard_D2s_v3` | | Optional. Specifies the size for the VMs | | `winRM` | object | `{object}` | | Optional. Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. - WinRMConfiguration object. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ### Parameter Usage: `imageReference` @@ -519,7 +520,7 @@ You can specify multiple user assigned identities to a resource by providing add - [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Networkinterfaces](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/networkInterfaces) - [Publicipaddresses](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/publicIPAddresses) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Vaults/Backupfabrics/Protectioncontainers/Protecteditems](https://docs.microsoft.com/en-us/azure/templates/Microsoft.RecoveryServices/2021-06-01/vaults/backupFabrics/protectionContainers/protectedItems) - [Virtualmachines](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Compute/2021-07-01/virtualMachines) - [Virtualmachines/Extensions](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Compute/2021-07-01/virtualMachines/extensions) diff --git a/arm/Microsoft.ContainerInstance/containerGroups/deploy.bicep b/arm/Microsoft.ContainerInstance/containerGroups/deploy.bicep index 2f351a5e80..f4d50532f7 100644 --- a/arm/Microsoft.ContainerInstance/containerGroups/deploy.bicep +++ b/arm/Microsoft.ContainerInstance/containerGroups/deploy.bicep @@ -104,7 +104,7 @@ resource containergroup 'Microsoft.ContainerInstance/containerGroups@2021-03-01' } } -resource containergroup_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource containergroup_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${containergroup.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.ContainerInstance/containerGroups/readme.md b/arm/Microsoft.ContainerInstance/containerGroups/readme.md index 2265083bd4..b89da6b404 100644 --- a/arm/Microsoft.ContainerInstance/containerGroups/readme.md +++ b/arm/Microsoft.ContainerInstance/containerGroups/readme.md @@ -8,7 +8,7 @@ The top-level resource in Azure Container Instances is the container group. A co | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | +| `Microsoft.Authorization/locks` | 2020-05-01 | | `Microsoft.ContainerInstance/containerGroups` | 2021-03-01 | ## Parameters @@ -90,5 +90,5 @@ You can specify multiple user assigned identities to a resource by providing add ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) - [Containergroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ContainerInstance/2021-03-01/containerGroups) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) diff --git a/arm/Microsoft.ContainerRegistry/registries/.bicep/nested_rbac.bicep b/arm/Microsoft.ContainerRegistry/registries/.bicep/nested_rbac.bicep index 8be6bbe8a0..a89f40e9cc 100644 --- a/arm/Microsoft.ContainerRegistry/registries/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.ContainerRegistry/registries/.bicep/nested_rbac.bicep @@ -31,7 +31,7 @@ resource registry 'Microsoft.ContainerRegistry/registries@2020-11-01-preview' ex name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(registry.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.ContainerRegistry/registries/.parameters/parameters.json b/arm/Microsoft.ContainerRegistry/registries/.parameters/parameters.json index 1f9e3dffae..ebeb498716 100644 --- a/arm/Microsoft.ContainerRegistry/registries/.parameters/parameters.json +++ b/arm/Microsoft.ContainerRegistry/registries/.parameters/parameters.json @@ -24,13 +24,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" }, "systemAssignedIdentity": { diff --git a/arm/Microsoft.ContainerRegistry/registries/deploy.bicep b/arm/Microsoft.ContainerRegistry/registries/deploy.bicep index 79c92684e2..d72a7a01dd 100644 --- a/arm/Microsoft.ContainerRegistry/registries/deploy.bicep +++ b/arm/Microsoft.ContainerRegistry/registries/deploy.bicep @@ -90,14 +90,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' var diagnosticsLogs = [for log in logsToEnable: { category: log @@ -159,7 +159,7 @@ resource registry 'Microsoft.ContainerRegistry/registries@2020-11-01-preview' = } } -resource registry_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource registry_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${registry.name}-${lock}-lock' properties: { level: lock @@ -168,13 +168,13 @@ resource registry_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != scope: registry } -resource registry_diagnosticSettingName 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource registry_diagnosticSettingName 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${registry.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } diff --git a/arm/Microsoft.ContainerRegistry/registries/readme.md b/arm/Microsoft.ContainerRegistry/registries/readme.md index 6be9b75c05..38a155c3ec 100644 --- a/arm/Microsoft.ContainerRegistry/registries/readme.md +++ b/arm/Microsoft.ContainerRegistry/registries/readme.md @@ -6,8 +6,8 @@ Azure Container Registry is a managed, private Docker registry service based on | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.ContainerRegistry/registries` | 2020-11-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Network/privateEndpoints` | 2021-02-01 | @@ -21,10 +21,11 @@ Azure Container Registry is a managed, private Docker registry service based on | `acrSku` | string | `Basic` | `[Basic, Standard, Premium]` | Optional. Tier of your Azure container registry. | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | | `dataEndpointEnabled` | bool | | | Optional. Enable a single data endpoint per region for serving data. Not relevant in case of disabled public access. | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | | `logsToEnable` | array | `[ContainerRegistryRepositoryEvents, ContainerRegistryLoginEvents]` | `[ContainerRegistryRepositoryEvents, ContainerRegistryLoginEvents]` | Optional. The name of logs that will be streamed. | @@ -41,7 +42,6 @@ Azure Container Registry is a managed, private Docker registry service based on | `tags` | object | `{object}` | | Optional. Tags of the resource. | | `trustPolicyStatus` | string | | | Optional. The value that indicates whether the policy is enabled or not. | | `userAssignedIdentities` | object | `{object}` | | Optional. The ID(s) to assign to the resource. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ### Parameter Usage: `roleAssignments` @@ -158,9 +158,9 @@ You can specify multiple user assigned identities to a resource by providing add ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) -- [Registries](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ContainerRegistry/2020-11-01-preview/registries) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) - [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/privateEndpoints) - [Privateendpoints/Privatednszonegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/privateEndpoints/privateDnsZoneGroups) +- [Registries](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ContainerRegistry/2020-11-01-preview/registries) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.ContainerService/managedClusters/.bicep/nested_rbac.bicep b/arm/Microsoft.ContainerService/managedClusters/.bicep/nested_rbac.bicep index e1d30cd82b..79db5f959b 100644 --- a/arm/Microsoft.ContainerService/managedClusters/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.ContainerService/managedClusters/.bicep/nested_rbac.bicep @@ -29,7 +29,7 @@ resource managedCluster 'Microsoft.ContainerService/managedClusters@2021-07-01' name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(managedCluster.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.ContainerService/managedClusters/.parameters/azure.parameters.json b/arm/Microsoft.ContainerService/managedClusters/.parameters/azure.parameters.json index 82b26db678..9ff78afd2a 100644 --- a/arm/Microsoft.ContainerService/managedClusters/.parameters/azure.parameters.json +++ b/arm/Microsoft.ContainerService/managedClusters/.parameters/azure.parameters.json @@ -101,13 +101,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" }, "systemAssignedIdentity": { diff --git a/arm/Microsoft.ContainerService/managedClusters/.parameters/kubenet.parameters.json b/arm/Microsoft.ContainerService/managedClusters/.parameters/kubenet.parameters.json index b85a89237f..0393c24fda 100644 --- a/arm/Microsoft.ContainerService/managedClusters/.parameters/kubenet.parameters.json +++ b/arm/Microsoft.ContainerService/managedClusters/.parameters/kubenet.parameters.json @@ -98,13 +98,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" }, "userAssignedIdentities": { diff --git a/arm/Microsoft.ContainerService/managedClusters/deploy.bicep b/arm/Microsoft.ContainerService/managedClusters/deploy.bicep index 76dc1d8dab..1f0cc0d760 100644 --- a/arm/Microsoft.ContainerService/managedClusters/deploy.bicep +++ b/arm/Microsoft.ContainerService/managedClusters/deploy.bicep @@ -152,17 +152,20 @@ param autoScalerProfileMaxGracefulTerminationSec string = '600' @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' @description('Optional. Specifies whether the OMS agent is enabled.') param omsAgentEnabled bool = true -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the monitoring log analytics workspace.') +param monitoringWorkspaceId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' + +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @description('Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely.') @minValue(0) @@ -279,9 +282,9 @@ resource managedCluster 'Microsoft.ContainerService/managedClusters@2021-07-01' enabled: httpApplicationRoutingEnabled } omsagent: { - enabled: (omsAgentEnabled && (!empty(workspaceId))) + enabled: (omsAgentEnabled && (!empty(monitoringWorkspaceId))) config: { - logAnalyticsWorkspaceResourceID: ((!empty(workspaceId)) ? workspaceId : null) + logAnalyticsWorkspaceResourceID: ((!empty(monitoringWorkspaceId)) ? monitoringWorkspaceId : null) } } aciConnectorLinux: { @@ -348,23 +351,23 @@ module managedCluster_agentPools 'agentPools/deploy.bicep' = [for (agentPool, in enableFIPS: contains(agentPool, 'enableFIPS') ? agentPool.enableFIPS : false enableNodePublicIP: contains(agentPool, 'enableNodePublicIP') ? agentPool.enableNodePublicIP : false enableUltraSSD: contains(agentPool, 'enableUltraSSD') ? agentPool.enableUltraSSD : false - gpuInstanceProfile: contains(agentPool, 'gpuInstanceProfile') ? agentPool.gpuInstanceProfile: '' + gpuInstanceProfile: contains(agentPool, 'gpuInstanceProfile') ? agentPool.gpuInstanceProfile : '' kubeletDiskType: contains(agentPool, 'kubeletDiskType') ? agentPool.kubeletDiskType : '' maxCount: contains(agentPool, 'maxCount') ? agentPool.maxCount : -1 maxPods: contains(agentPool, 'maxPods') ? agentPool.maxPods : -1 minCount: contains(agentPool, 'minCount') ? agentPool.minCount : -1 - mode: contains(agentPool, 'mode') ? agentPool.mode: '' + mode: contains(agentPool, 'mode') ? agentPool.mode : '' nodeLabels: contains(agentPool, 'nodeLabels') ? agentPool.nodeLabels : {} - nodePublicIpPrefixId: contains(agentPool, 'nodePublicIpPrefixId') ? agentPool.nodePublicIpPrefixId: '' + nodePublicIpPrefixId: contains(agentPool, 'nodePublicIpPrefixId') ? agentPool.nodePublicIpPrefixId : '' nodeTaints: contains(agentPool, 'nodeTaints') ? agentPool.nodeTaints : [] - orchestratorVersion: contains(agentPool, 'orchestratorVersion') ? agentPool.orchestratorVersion: '' - osDiskSizeGB: contains(agentPool, 'osDiskSizeGB') ? agentPool.osDiskSizeGB: -1 - osDiskType: contains(agentPool, 'osDiskType') ? agentPool.osDiskType: '' + orchestratorVersion: contains(agentPool, 'orchestratorVersion') ? agentPool.orchestratorVersion : '' + osDiskSizeGB: contains(agentPool, 'osDiskSizeGB') ? agentPool.osDiskSizeGB : -1 + osDiskType: contains(agentPool, 'osDiskType') ? agentPool.osDiskType : '' osSku: contains(agentPool, 'osSku') ? agentPool.osSku : '' osType: contains(agentPool, 'osType') ? agentPool.osType : 'Linux' podSubnetId: contains(agentPool, 'podSubnetId') ? agentPool.podSubnetId : '' proximityPlacementGroupId: contains(agentPool, 'proximityPlacementGroupId') ? agentPool.proximityPlacementGroupId : '' - scaleDownMode: contains(agentPool, 'scaleDownMode') ? agentPool.scaleDownMode: 'Delete' + scaleDownMode: contains(agentPool, 'scaleDownMode') ? agentPool.scaleDownMode : 'Delete' scaleSetEvictionPolicy: contains(agentPool, 'scaleSetEvictionPolicy') ? agentPool.scaleSetEvictionPolicy : 'Delete' scaleSetPriority: contains(agentPool, 'scaleSetPriority') ? agentPool.scaleSetPriority : '' spotMaxPrice: contains(agentPool, 'spotMaxPrice') ? agentPool.spotMaxPrice : -1 @@ -377,7 +380,7 @@ module managedCluster_agentPools 'agentPools/deploy.bicep' = [for (agentPool, in } }] -resource managedCluster_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource managedCluster_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${managedCluster.name}-${lock}-lock' properties: { level: lock @@ -386,13 +389,13 @@ resource managedCluster_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lo scope: managedCluster } -resource managedCluster_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource managedCluster_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${managedCluster.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } diff --git a/arm/Microsoft.ContainerService/managedClusters/readme.md b/arm/Microsoft.ContainerService/managedClusters/readme.md index ab3d640bff..891b2e207e 100644 --- a/arm/Microsoft.ContainerService/managedClusters/readme.md +++ b/arm/Microsoft.ContainerService/managedClusters/readme.md @@ -6,8 +6,8 @@ This module deploys Azure Kubernetes Cluster (AKS). | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.ContainerService/managedClusters` | 2021-07-01 | | `Microsoft.ContainerService/managedClusters/agentPools` | 2021-08-01 | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | @@ -51,10 +51,11 @@ This module deploys Azure Kubernetes Cluster (AKS). | `azurePolicyEnabled` | bool | `True` | | Optional. Specifies whether the azurepolicy add-on is enabled or not. | | `azurePolicyVersion` | string | `v2` | | Optional. Specifies the azure policy version to use. | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `httpApplicationRoutingEnabled` | bool | | | Optional. Specifies whether the httpApplicationRouting add-on is enabled or not. | | `kubeDashboardEnabled` | bool | | | Optional. Specifies whether the kubeDashboard add-on is enabled or not. | | `location` | string | `[resourceGroup().location]` | | Optional. Specifies the location of AKS cluster. It picks up Resource Group's location by default. | @@ -62,6 +63,7 @@ This module deploys Azure Kubernetes Cluster (AKS). | `logsToEnable` | array | `[kube-apiserver, kube-audit, kube-controller-manager, kube-scheduler, cluster-autoscaler]` | `[kube-apiserver, kube-audit, kube-controller-manager, kube-scheduler, cluster-autoscaler]` | Optional. The name of logs that will be streamed. | | `managedOutboundIPCount` | int | | | Optional. Outbound IP Count for the Load balancer. | | `metricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | Optional. The name of metrics that will be streamed. | +| `monitoringWorkspaceId` | string | | | Optional. Resource ID of the monitoring log analytics workspace. | | `name` | string | | | Required. Specifies the name of the AKS cluster. | | `nodeResourceGroup` | string | `[format('{0}_aks_{1}_nodes', resourceGroup().name, parameters('name'))]` | | Optional. Name of the resource group containing agent pool nodes. | | `omsAgentEnabled` | bool | `True` | | Optional. Specifies whether the OMS agent is enabled. | @@ -70,7 +72,6 @@ This module deploys Azure Kubernetes Cluster (AKS). | `systemAssignedIdentity` | bool | | | Optional. Enables system assigned managed identity on the resource. | | `tags` | object | `{object}` | | Optional. Tags of the resource. | | `userAssignedIdentities` | object | `{object}` | | Optional. The ID(s) to assign to the resource. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ### Parameter Usage: `roleAssignments` @@ -207,7 +208,7 @@ You can specify multiple user assigned identities to a resource by providing add ## Template references - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) - [Managedclusters](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ContainerService/2021-07-01/managedClusters) - [Managedclusters/Agentpools](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ContainerService/2021-08-01/managedClusters/agentPools) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.DataFactory/factories/.bicep/nested_rbac.bicep b/arm/Microsoft.DataFactory/factories/.bicep/nested_rbac.bicep index 757fb3b7e1..b9a0076ab8 100644 --- a/arm/Microsoft.DataFactory/factories/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.DataFactory/factories/.bicep/nested_rbac.bicep @@ -23,7 +23,7 @@ resource dataFactory 'Microsoft.DataFactory/factories@2018-06-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(dataFactory.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.DataFactory/factories/.parameters/parameters.json b/arm/Microsoft.DataFactory/factories/.parameters/parameters.json index 71ef5afd30..b2ded4ee7c 100644 --- a/arm/Microsoft.DataFactory/factories/.parameters/parameters.json +++ b/arm/Microsoft.DataFactory/factories/.parameters/parameters.json @@ -42,13 +42,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" }, "systemAssignedIdentity": { diff --git a/arm/Microsoft.DataFactory/factories/deploy.bicep b/arm/Microsoft.DataFactory/factories/deploy.bicep index e29e0a1be6..674ec6d802 100644 --- a/arm/Microsoft.DataFactory/factories/deploy.bicep +++ b/arm/Microsoft.DataFactory/factories/deploy.bicep @@ -42,14 +42,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @allowed([ 'CanNotDelete' @@ -170,7 +170,7 @@ module dataFactory_integrationRuntime 'integrationRuntime/deploy.bicep' = if (!e ] } -resource dataFactory_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource dataFactory_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${dataFactory.name}-${lock}-lock' properties: { level: lock @@ -179,13 +179,13 @@ resource dataFactory_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock scope: dataFactory } -resource dataFactory_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId))) { +resource dataFactory_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${dataFactory.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } diff --git a/arm/Microsoft.DataFactory/factories/readme.md b/arm/Microsoft.DataFactory/factories/readme.md index 83383f0d5e..95a8be5be8 100644 --- a/arm/Microsoft.DataFactory/factories/readme.md +++ b/arm/Microsoft.DataFactory/factories/readme.md @@ -4,8 +4,8 @@ | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.DataFactory/factories` | 2018-06-01 | | `Microsoft.DataFactory/factories/integrationRuntimes` | 2018-06-01 | | `Microsoft.DataFactory/factories/managedVirtualNetworks` | 2018-06-01 | @@ -16,10 +16,11 @@ | Parameter Name | Type | Default Value | Possible Values | Description | | :-- | :-- | :-- | :-- | :-- | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `gitAccountName` | string | | | Optional. The account name. | | `gitCollaborationBranch` | string | `main` | | Optional. The collaboration branch name. Default is 'main'. | | `gitConfigureLater` | bool | `True` | | Optional. Boolean to define whether or not to configure git during template deployment. | @@ -39,7 +40,6 @@ | `systemAssignedIdentity` | bool | | | Optional. Enables system assigned managed identity on the resource. | | `tags` | object | `{object}` | | Optional. Tags of the resource. | | `userAssignedIdentities` | object | `{object}` | | Optional. The ID(s) to assign to the resource. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ### Parameter Usage: `roleAssignments` @@ -104,9 +104,9 @@ You can specify multiple user assigned identities to a resource by providing add ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) - [Factories](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DataFactory/2018-06-01/factories) - [Factories/Integrationruntimes](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DataFactory/2018-06-01/factories/integrationRuntimes) - [Factories/Managedvirtualnetworks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DataFactory/2018-06-01/factories/managedVirtualNetworks) -- [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Databricks/workspaces/.bicep/nested_rbac.bicep b/arm/Microsoft.Databricks/workspaces/.bicep/nested_rbac.bicep index 6769e5b7bf..fb6f95154b 100644 --- a/arm/Microsoft.Databricks/workspaces/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Databricks/workspaces/.bicep/nested_rbac.bicep @@ -24,7 +24,7 @@ resource workspace 'Microsoft.Databricks/workspaces@2018-04-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(workspace.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Databricks/workspaces/.parameters/parameters.json b/arm/Microsoft.Databricks/workspaces/.parameters/parameters.json index 3381dd45f0..e5815f3674 100644 --- a/arm/Microsoft.Databricks/workspaces/.parameters/parameters.json +++ b/arm/Microsoft.Databricks/workspaces/.parameters/parameters.json @@ -21,13 +21,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.Databricks/workspaces/deploy.bicep b/arm/Microsoft.Databricks/workspaces/deploy.bicep index 8eaab5bb4d..7d6c2d6679 100644 --- a/arm/Microsoft.Databricks/workspaces/deploy.bicep +++ b/arm/Microsoft.Databricks/workspaces/deploy.bicep @@ -29,14 +29,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @allowed([ 'CanNotDelete' @@ -108,7 +108,7 @@ resource workspace 'Microsoft.Databricks/workspaces@2018-04-01' = { } } -resource workspace_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource workspace_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${workspace.name}-${lock}-lock' properties: { level: lock @@ -117,13 +117,13 @@ resource workspace_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != scope: workspace } -resource workspace_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource workspace_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${workspace.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null logs: diagnosticsLogs } scope: workspace diff --git a/arm/Microsoft.Databricks/workspaces/readme.md b/arm/Microsoft.Databricks/workspaces/readme.md index 5c0d3c35c1..81b8323fe5 100644 --- a/arm/Microsoft.Databricks/workspaces/readme.md +++ b/arm/Microsoft.Databricks/workspaces/readme.md @@ -4,8 +4,8 @@ | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Databricks/workspaces` | 2018-04-01 | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | @@ -14,10 +14,11 @@ | Parameter Name | Type | Default Value | Possible Values | Description | | :-- | :-- | :-- | :-- | :-- | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all Resources. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | | `logsToEnable` | array | `[dbfs, clusters, accounts, jobs, notebook, ssh, workspace, secrets, sqlPermissions, instancePools]` | `[dbfs, clusters, accounts, jobs, notebook, ssh, workspace, secrets, sqlPermissions, instancePools]` | Optional. The name of logs that will be streamed. | @@ -26,7 +27,6 @@ | `pricingTier` | string | `premium` | `[trial, standard, premium]` | Optional. The pricing tier of workspace | | `roleAssignments` | array | `[]` | | Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or it's fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | `tags` | object | `{object}` | | Optional. Tags of the resource. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | | `workspaceParameters` | object | `{object}` | | Optional. The workspace's custom parameters. | ### Parameter Usage: `roleAssignments` @@ -111,7 +111,7 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) -- [Workspaces](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Databricks/2018-04-01/workspaces) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) +- [Workspaces](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Databricks/2018-04-01/workspaces) diff --git a/arm/Microsoft.DesktopVirtualization/applicationgroups/.bicep/nested_rbac.bicep b/arm/Microsoft.DesktopVirtualization/applicationgroups/.bicep/nested_rbac.bicep index f47f307b2d..cb0e1d3d09 100644 --- a/arm/Microsoft.DesktopVirtualization/applicationgroups/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.DesktopVirtualization/applicationgroups/.bicep/nested_rbac.bicep @@ -30,7 +30,7 @@ resource appGroup 'Microsoft.DesktopVirtualization/applicationgroups@2021-07-12' name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(appGroup.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.DesktopVirtualization/applicationgroups/.parameters/parameters.json b/arm/Microsoft.DesktopVirtualization/applicationgroups/.parameters/parameters.json index c0c2e3058a..4cf63437e8 100644 --- a/arm/Microsoft.DesktopVirtualization/applicationgroups/.parameters/parameters.json +++ b/arm/Microsoft.DesktopVirtualization/applicationgroups/.parameters/parameters.json @@ -56,13 +56,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.DesktopVirtualization/applicationgroups/deploy.bicep b/arm/Microsoft.DesktopVirtualization/applicationgroups/deploy.bicep index 93d21124b5..0029da911a 100644 --- a/arm/Microsoft.DesktopVirtualization/applicationgroups/deploy.bicep +++ b/arm/Microsoft.DesktopVirtualization/applicationgroups/deploy.bicep @@ -33,13 +33,13 @@ param diagnosticLogsRetentionInDays int = 365 param diagnosticStorageAccountId string = '' @sys.description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +param diagnosticWorkspaceId string = '' -@sys.description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@sys.description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@sys.description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@sys.description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @allowed([ 'CanNotDelete' @@ -100,7 +100,7 @@ resource appGroup 'Microsoft.DesktopVirtualization/applicationgroups@2021-07-12' } } -resource appGroup_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource appGroup_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${appGroup.name}-${lock}-lock' properties: { level: lock @@ -109,13 +109,13 @@ resource appGroup_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != scope: appGroup } -resource appGroup_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource appGroup_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${appGroup.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null logs: diagnosticsLogs } scope: appGroup diff --git a/arm/Microsoft.DesktopVirtualization/applicationgroups/readme.md b/arm/Microsoft.DesktopVirtualization/applicationgroups/readme.md index 710564a7a6..37d1de521e 100644 --- a/arm/Microsoft.DesktopVirtualization/applicationgroups/readme.md +++ b/arm/Microsoft.DesktopVirtualization/applicationgroups/readme.md @@ -6,8 +6,8 @@ This module deploys an Azure virtual desktop application group. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.DesktopVirtualization/applicationGroups` | 2021-07-12 | | `Microsoft.DesktopVirtualization/applicationGroups/applications` | 2021-07-12 | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | @@ -20,10 +20,11 @@ This module deploys an Azure virtual desktop application group. | `applications` | _[applications](applications/readme.md)_ array | `[]` | | Optional. List of applications to be created in the Application Group. | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | | `description` | string | | | Optional. The description of the Application Group to be created. | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of log analytics. | | `friendlyName` | string | | | Optional. The friendly name of the Application Group to be created. | | `hostpoolName` | string | | | Required. Name of the Host Pool to be linked to this Application Group. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | @@ -32,7 +33,6 @@ This module deploys an Azure virtual desktop application group. | `name` | string | | | Required. Name of the Application Group to create this application in. | | `roleAssignments` | array | `[]` | | Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or it's fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' | | `tags` | object | `{object}` | | Optional. Tags of the resource. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ### Parameter Usage: `roleAssignments` @@ -83,8 +83,8 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Applicationgroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DesktopVirtualization/2021-07-12/applicationGroups) - [Applicationgroups/Applications](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DesktopVirtualization/2021-07-12/applicationGroups/applications) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.DesktopVirtualization/hostpools/.bicep/nested_rbac.bicep b/arm/Microsoft.DesktopVirtualization/hostpools/.bicep/nested_rbac.bicep index 29fad856db..92fa484242 100644 --- a/arm/Microsoft.DesktopVirtualization/hostpools/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.DesktopVirtualization/hostpools/.bicep/nested_rbac.bicep @@ -31,7 +31,7 @@ resource hostPool 'Microsoft.DesktopVirtualization/hostpools@2021-07-12' existin name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(hostPool.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.DesktopVirtualization/hostpools/.parameters/parameters.json b/arm/Microsoft.DesktopVirtualization/hostpools/.parameters/parameters.json index f964afca05..e304923854 100644 --- a/arm/Microsoft.DesktopVirtualization/hostpools/.parameters/parameters.json +++ b/arm/Microsoft.DesktopVirtualization/hostpools/.parameters/parameters.json @@ -67,13 +67,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.DesktopVirtualization/hostpools/deploy.bicep b/arm/Microsoft.DesktopVirtualization/hostpools/deploy.bicep index a7bcd81d7d..509b2cacb8 100644 --- a/arm/Microsoft.DesktopVirtualization/hostpools/deploy.bicep +++ b/arm/Microsoft.DesktopVirtualization/hostpools/deploy.bicep @@ -60,14 +60,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @allowed([ 'CanNotDelete' @@ -159,7 +159,7 @@ resource hostPool 'Microsoft.DesktopVirtualization/hostpools@2021-07-12' = { } } -resource hostPool_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource hostPool_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${hostPool.name}-${lock}-lock' properties: { level: lock @@ -168,13 +168,13 @@ resource hostPool_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != scope: hostPool } -resource hostPool_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource hostPool_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${hostPool.name}-diagnosticsetting' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null logs: diagnosticsLogs } scope: hostPool diff --git a/arm/Microsoft.DesktopVirtualization/hostpools/readme.md b/arm/Microsoft.DesktopVirtualization/hostpools/readme.md index 39df7e0c41..76a72dbbde 100644 --- a/arm/Microsoft.DesktopVirtualization/hostpools/readme.md +++ b/arm/Microsoft.DesktopVirtualization/hostpools/readme.md @@ -6,8 +6,8 @@ This module deploys an Azure virtual desktop host pool. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.DesktopVirtualization/hostPools` | 2021-07-12 | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | @@ -18,10 +18,11 @@ This module deploys an Azure virtual desktop host pool. | `baseTime` | string | `[utcNow('u')]` | | Generated. Do not provide a value! This date value is used to generate a registration token. | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | | `customRdpProperty` | string | `audiocapturemode:i:1;audiomode:i:0;drivestoredirect:s:;redirectclipboard:i:1;redirectcomports:i:1;redirectprinters:i:1;redirectsmartcards:i:1;screen mode id:i:2;` | | Optional. Host Pool RDP properties | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `hostpoolDescription` | string | | | Optional. The description of the Host Pool to be created. | | `hostpoolFriendlyName` | string | | | Optional. The friendly name of the Host Pool to be created. | | `hostpoolType` | string | `Pooled` | `[Personal, Pooled]` | Optional. Set this parameter to Personal if you would like to enable Persistent Desktop experience. Defaults to Pooled. | @@ -40,7 +41,6 @@ This module deploys an Azure virtual desktop host pool. | `validationEnviroment` | bool | | | Optional. Whether to use validation enviroment. When set to true, the Host Pool will be deployed in a validation 'ring' (environment) that receives all the new features (might be less stable). Ddefaults to false that stands for the stable, production-ready environment. | | `validationEnvironment` | bool | | | Optional. Validation host pool allows you to test service changes before they are deployed to production. | | `vmTemplate` | object | `{object}` | | Optional. The necessary information for adding more VMs to this Host Pool. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ### Parameter Usage: `roleAssignments` @@ -126,7 +126,7 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) -- [Hostpools](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DesktopVirtualization/2021-07-12/hostPools) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) +- [Hostpools](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DesktopVirtualization/2021-07-12/hostPools) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.DesktopVirtualization/workspaces/.bicep/nested_rbac.bicep b/arm/Microsoft.DesktopVirtualization/workspaces/.bicep/nested_rbac.bicep index 73bbe1886e..c91e776c66 100644 --- a/arm/Microsoft.DesktopVirtualization/workspaces/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.DesktopVirtualization/workspaces/.bicep/nested_rbac.bicep @@ -27,7 +27,7 @@ resource workspace 'Microsoft.DesktopVirtualization/workspaces@2021-07-12' exist name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(workspace.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.DesktopVirtualization/workspaces/.parameters/parameters.json b/arm/Microsoft.DesktopVirtualization/workspaces/.parameters/parameters.json index f2caa1ecf4..4dc172df9d 100644 --- a/arm/Microsoft.DesktopVirtualization/workspaces/.parameters/parameters.json +++ b/arm/Microsoft.DesktopVirtualization/workspaces/.parameters/parameters.json @@ -35,13 +35,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.DesktopVirtualization/workspaces/deploy.bicep b/arm/Microsoft.DesktopVirtualization/workspaces/deploy.bicep index 2efcacae42..2393ec0787 100644 --- a/arm/Microsoft.DesktopVirtualization/workspaces/deploy.bicep +++ b/arm/Microsoft.DesktopVirtualization/workspaces/deploy.bicep @@ -21,14 +21,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @allowed([ 'CanNotDelete' @@ -86,7 +86,7 @@ resource workspace 'Microsoft.DesktopVirtualization/workspaces@2021-07-12' = { } } -resource workspace_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource workspace_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${workspace.name}-${lock}-lock' properties: { level: lock @@ -95,13 +95,13 @@ resource workspace_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != scope: workspace } -resource workspace_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource workspace_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${workspace.name}-diagnosticsetting' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null logs: diagnosticsLogs } scope: workspace diff --git a/arm/Microsoft.DesktopVirtualization/workspaces/readme.md b/arm/Microsoft.DesktopVirtualization/workspaces/readme.md index cd0d5c132e..79c0e0522e 100644 --- a/arm/Microsoft.DesktopVirtualization/workspaces/readme.md +++ b/arm/Microsoft.DesktopVirtualization/workspaces/readme.md @@ -6,8 +6,8 @@ This module deploys an Azure virtual desktop workspace. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.DesktopVirtualization/workspaces` | 2021-07-12 | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | @@ -17,10 +17,11 @@ This module deploys an Azure virtual desktop workspace. | :-- | :-- | :-- | :-- | :-- | | `appGroupResourceIds` | array | `[]` | | Required. Resource IDs fo the existing Application groups this workspace will group together. | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | | `logsToEnable` | array | `[Checkpoint, Error, Management, Feed]` | `[Checkpoint, Error, Management, Feed]` | Optional. The name of logs that will be streamed. | @@ -29,7 +30,6 @@ This module deploys an Azure virtual desktop workspace. | `tags` | object | `{object}` | | Optional. Tags of the resource. | | `workspaceDescription` | string | | | Optional. The description of the Workspace to be created. | | `workspaceFriendlyName` | string | | | Optional. The friendly name of the Workspace to be created. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ### Parameter Usage: `roleAssignments` @@ -81,7 +81,7 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) -- [Workspaces](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DesktopVirtualization/2021-07-12/workspaces) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) +- [Workspaces](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DesktopVirtualization/2021-07-12/workspaces) diff --git a/arm/Microsoft.DocumentDB/databaseAccounts/.bicep/nested_rbac.bicep b/arm/Microsoft.DocumentDB/databaseAccounts/.bicep/nested_rbac.bicep index d4945f77d3..36b073bf90 100644 --- a/arm/Microsoft.DocumentDB/databaseAccounts/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.DocumentDB/databaseAccounts/.bicep/nested_rbac.bicep @@ -26,7 +26,7 @@ resource databaseAccount 'Microsoft.DocumentDB/databaseAccounts@2021-06-15' exis name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(databaseAccount.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.DocumentDB/databaseAccounts/.parameters/mongodb.parameters.json b/arm/Microsoft.DocumentDB/databaseAccounts/.parameters/mongodb.parameters.json index 2f68bda6e0..d9dfbd5b4d 100644 --- a/arm/Microsoft.DocumentDB/databaseAccounts/.parameters/mongodb.parameters.json +++ b/arm/Microsoft.DocumentDB/databaseAccounts/.parameters/mongodb.parameters.json @@ -224,13 +224,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" }, "systemAssignedIdentity": { diff --git a/arm/Microsoft.DocumentDB/databaseAccounts/.parameters/plain.parameters.json b/arm/Microsoft.DocumentDB/databaseAccounts/.parameters/plain.parameters.json index 79cf3c64a0..00f4ac78de 100644 --- a/arm/Microsoft.DocumentDB/databaseAccounts/.parameters/plain.parameters.json +++ b/arm/Microsoft.DocumentDB/databaseAccounts/.parameters/plain.parameters.json @@ -35,13 +35,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.DocumentDB/databaseAccounts/.parameters/sqldb.parameters.json b/arm/Microsoft.DocumentDB/databaseAccounts/.parameters/sqldb.parameters.json index c6960ae4ec..b60cb14ce2 100644 --- a/arm/Microsoft.DocumentDB/databaseAccounts/.parameters/sqldb.parameters.json +++ b/arm/Microsoft.DocumentDB/databaseAccounts/.parameters/sqldb.parameters.json @@ -58,13 +58,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" }, "userAssignedIdentities": { diff --git a/arm/Microsoft.DocumentDB/databaseAccounts/deploy.bicep b/arm/Microsoft.DocumentDB/databaseAccounts/deploy.bicep index ab28a99347..9980e04f1e 100644 --- a/arm/Microsoft.DocumentDB/databaseAccounts/deploy.bicep +++ b/arm/Microsoft.DocumentDB/databaseAccounts/deploy.bicep @@ -82,13 +82,13 @@ param diagnosticLogsRetentionInDays int = 365 param diagnosticStorageAccountId string = '' @description('Optional. Resource ID of the log analytics workspace.') -param workspaceId string = '' +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @description('Optional. The name of logs that will be streamed.') @allowed([ @@ -206,7 +206,7 @@ resource databaseAccount 'Microsoft.DocumentDB/databaseAccounts@2021-06-15' = { properties: databaseAccount_properties } -resource databaseAccount_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource databaseAccount_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${databaseAccount.name}-${lock}-lock' properties: { level: lock @@ -215,13 +215,13 @@ resource databaseAccount_lock 'Microsoft.Authorization/locks@2016-09-01' = if (l scope: databaseAccount } -resource databaseAccount_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource databaseAccount_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${databaseAccount.name}-diagnosticsetting' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } diff --git a/arm/Microsoft.DocumentDB/databaseAccounts/readme.md b/arm/Microsoft.DocumentDB/databaseAccounts/readme.md index e97f6d1183..0ea0255580 100644 --- a/arm/Microsoft.DocumentDB/databaseAccounts/readme.md +++ b/arm/Microsoft.DocumentDB/databaseAccounts/readme.md @@ -6,8 +6,8 @@ This module deploys a DocumentDB database account and its child resources. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.DocumentDB/databaseAccounts` | 2021-06-15 | | `Microsoft.DocumentDB/databaseAccounts/mongodbDatabases` | 2021-07-01-preview | | `Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/collections` | 2021-07-01-preview | @@ -23,10 +23,11 @@ This module deploys a DocumentDB database account and its child resources. | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | | `databaseAccountOfferType` | string | `Standard` | `[Standard]` | Optional. The offer type for the Cosmos DB database account. | | `defaultConsistencyLevel` | string | `Session` | `[Eventual, ConsistentPrefix, Session, BoundedStaleness, Strong]` | Optional. The default consistency level of the Cosmos DB account. | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the log analytics workspace. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | | `locations` | array | | | Required. Locations enabled for the Cosmos DB account. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | @@ -42,7 +43,6 @@ This module deploys a DocumentDB database account and its child resources. | `systemAssignedIdentity` | bool | | | Optional. Enables system assigned managed identity on the resource. | | `tags` | object | `{object}` | | Optional. Tags of the Database Account resource. | | `userAssignedIdentities` | object | `{object}` | | Optional. The ID(s) to assign to the resource. | -| `workspaceId` | string | | | Optional. Resource ID of the log analytics workspace. | ### Parameter Usage: `roleAssignments` @@ -210,11 +210,11 @@ You can specify multiple user assigned identities to a resource by providing add ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Databaseaccounts](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DocumentDB/2021-06-15/databaseAccounts) - [Databaseaccounts/Mongodbdatabases](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DocumentDB/2021-07-01-preview/databaseAccounts/mongodbDatabases) - [Databaseaccounts/Mongodbdatabases/Collections](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DocumentDB/2021-07-01-preview/databaseAccounts/mongodbDatabases/collections) - [Databaseaccounts/Sqldatabases](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DocumentDB/2021-06-15/databaseAccounts/sqlDatabases) - [Databaseaccounts/Sqldatabases/Containers](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DocumentDB/2021-07-01-preview/databaseAccounts/sqlDatabases/containers) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.EventGrid/topics/.bicep/nested_rbac.bicep b/arm/Microsoft.EventGrid/topics/.bicep/nested_rbac.bicep index fdbbfa67b0..59b68eba65 100644 --- a/arm/Microsoft.EventGrid/topics/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.EventGrid/topics/.bicep/nested_rbac.bicep @@ -24,7 +24,7 @@ resource eventGrid 'Microsoft.EventGrid/topics@2020-06-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(eventGrid.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.EventGrid/topics/.parameters/parameters.json b/arm/Microsoft.EventGrid/topics/.parameters/parameters.json index ab4941a2e5..ad485425ed 100644 --- a/arm/Microsoft.EventGrid/topics/.parameters/parameters.json +++ b/arm/Microsoft.EventGrid/topics/.parameters/parameters.json @@ -21,13 +21,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.EventGrid/topics/deploy.bicep b/arm/Microsoft.EventGrid/topics/deploy.bicep index 675eef42a4..c172d0d23a 100644 --- a/arm/Microsoft.EventGrid/topics/deploy.bicep +++ b/arm/Microsoft.EventGrid/topics/deploy.bicep @@ -18,14 +18,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @description('Optional. Configuration Details for private endpoints.') param privateEndpoints array = [] @@ -99,7 +99,7 @@ resource eventGrid 'Microsoft.EventGrid/topics@2020-06-01' = { } } -resource eventGrid_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource eventGrid_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${eventGrid.name}-${lock}-lock' properties: { level: lock @@ -108,13 +108,13 @@ resource eventGrid_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != scope: eventGrid } -resource eventGrid_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource eventGrid_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${eventGrid.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } diff --git a/arm/Microsoft.EventGrid/topics/readme.md b/arm/Microsoft.EventGrid/topics/readme.md index 9d9611da7e..744a284b89 100644 --- a/arm/Microsoft.EventGrid/topics/readme.md +++ b/arm/Microsoft.EventGrid/topics/readme.md @@ -6,8 +6,8 @@ This module deploys an event grid topic. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.EventGrid/topics` | 2020-06-01 | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Network/privateEndpoints` | 2021-05-01 | @@ -18,10 +18,11 @@ This module deploys an event grid topic. | Parameter Name | Type | Default Value | Possible Values | Description | | :-- | :-- | :-- | :-- | :-- | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `inboundIpRules` | array | `[]` | | Optional. Array of IPs to whitelist. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all Resources. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | @@ -32,7 +33,6 @@ This module deploys an event grid topic. | `publicNetworkAccess` | string | `Enabled` | | Optional. Determines if traffic is allowed over public network. | | `roleAssignments` | array | `[]` | | Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' | | `tags` | object | `{object}` | | Optional. Tags of the resource. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ### Parameter Usage: `privateEndpoints` @@ -120,8 +120,8 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/privateEndpoints) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints) - [Privateendpoints/Privatednszonegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/privateEndpoints/privateDnsZoneGroups) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Topics](https://docs.microsoft.com/en-us/azure/templates/Microsoft.EventGrid/2020-06-01/topics) diff --git a/arm/Microsoft.EventHub/namespaces/.bicep/nested_rbac.bicep b/arm/Microsoft.EventHub/namespaces/.bicep/nested_rbac.bicep index 8d1462e8ad..21a1919228 100644 --- a/arm/Microsoft.EventHub/namespaces/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.EventHub/namespaces/.bicep/nested_rbac.bicep @@ -27,7 +27,7 @@ resource eventHubNamespace 'Microsoft.EventHub/namespaces@2017-04-01' existing = name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(eventHubNamespace.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.EventHub/namespaces/.parameters/parameters.json b/arm/Microsoft.EventHub/namespaces/.parameters/parameters.json index c793abacf5..25afdc5e12 100644 --- a/arm/Microsoft.EventHub/namespaces/.parameters/parameters.json +++ b/arm/Microsoft.EventHub/namespaces/.parameters/parameters.json @@ -90,13 +90,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" }, "systemAssignedIdentity": { diff --git a/arm/Microsoft.EventHub/namespaces/deploy.bicep b/arm/Microsoft.EventHub/namespaces/deploy.bicep index 92dbfc1775..6b3278cd56 100644 --- a/arm/Microsoft.EventHub/namespaces/deploy.bicep +++ b/arm/Microsoft.EventHub/namespaces/deploy.bicep @@ -57,14 +57,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @allowed([ 'CanNotDelete' @@ -192,7 +192,7 @@ resource eventHubNamespace 'Microsoft.EventHub/namespaces@2021-06-01-preview' = } } -resource eventHubNamespace_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource eventHubNamespace_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${eventHubNamespace.name}-${lock}-lock' properties: { level: lock @@ -201,13 +201,13 @@ resource eventHubNamespace_lock 'Microsoft.Authorization/locks@2016-09-01' = if scope: eventHubNamespace } -resource eventHubNamespace_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId))) { +resource eventHubNamespace_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${eventHubNamespace.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } @@ -295,11 +295,5 @@ output namespaceResourceId string = eventHubNamespace.id @description('The resource group where the namespace is deployed.') output namespaceResourceGroup string = resourceGroup().name -@description('The connection string to the namespace.') -output namespaceConnectionString string = listkeys(authRuleResourceId, '2017-04-01').primaryConnectionString - -@description('The shared access policy primary key.') -output sharedAccessPolicyPrimaryKey string = listkeys(authRuleResourceId, '2017-04-01').primaryKey - @description('The principal ID of the system assigned identity.') output systemAssignedPrincipalId string = systemAssignedIdentity && contains(eventHubNamespace.identity, 'principalId') ? eventHubNamespace.identity.principalId : '' diff --git a/arm/Microsoft.EventHub/namespaces/eventhubs/.bicep/nested_rbac.bicep b/arm/Microsoft.EventHub/namespaces/eventhubs/.bicep/nested_rbac.bicep index ee1c74bec4..e9cc6a9f5a 100644 --- a/arm/Microsoft.EventHub/namespaces/eventhubs/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.EventHub/namespaces/eventhubs/.bicep/nested_rbac.bicep @@ -25,7 +25,7 @@ resource eventHub 'Microsoft.EventHub/namespaces/eventhubs@2021-06-01-preview' e name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}}' } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(split(resourceId, '/')[0], split(resourceId, '/')[1], principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.EventHub/namespaces/eventhubs/deploy.bicep b/arm/Microsoft.EventHub/namespaces/eventhubs/deploy.bicep index 43bc7ac446..cd166d3dc7 100644 --- a/arm/Microsoft.EventHub/namespaces/eventhubs/deploy.bicep +++ b/arm/Microsoft.EventHub/namespaces/eventhubs/deploy.bicep @@ -137,7 +137,7 @@ resource eventHub 'Microsoft.EventHub/namespaces/eventhubs@2021-06-01-preview' = properties: captureDescriptionEnabled ? eventHubPropertiesWithCapture : eventHubPropertiesSimple } -resource eventHub_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource eventHub_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${eventHub.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.EventHub/namespaces/eventhubs/readme.md b/arm/Microsoft.EventHub/namespaces/eventhubs/readme.md index 992c932666..b5bdeafc3c 100644 --- a/arm/Microsoft.EventHub/namespaces/eventhubs/readme.md +++ b/arm/Microsoft.EventHub/namespaces/eventhubs/readme.md @@ -6,8 +6,8 @@ This module deploys an Event Hub. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.EventHub/namespaces/eventhubs` | 2021-06-01-preview | | `Microsoft.EventHub/namespaces/eventhubs/authorizationRules` | 2021-06-01-preview | | `Microsoft.EventHub/namespaces/eventhubs/consumergroups` | 2021-06-01-preview | @@ -69,8 +69,8 @@ This module deploys an Event Hub. ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) - [Namespaces/Eventhubs](https://docs.microsoft.com/en-us/azure/templates/Microsoft.EventHub/2021-06-01-preview/namespaces/eventhubs) - [Namespaces/Eventhubs/Authorizationrules](https://docs.microsoft.com/en-us/azure/templates/Microsoft.EventHub/2021-06-01-preview/namespaces/eventhubs/authorizationRules) - [Namespaces/Eventhubs/Consumergroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.EventHub/2021-06-01-preview/namespaces/eventhubs/consumergroups) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.EventHub/namespaces/readme.md b/arm/Microsoft.EventHub/namespaces/readme.md index 167327cc51..1155a3441a 100644 --- a/arm/Microsoft.EventHub/namespaces/readme.md +++ b/arm/Microsoft.EventHub/namespaces/readme.md @@ -6,8 +6,8 @@ This module deploys an event hub namespace. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.EventHub/namespaces` | 2021-06-01-preview | | `Microsoft.EventHub/namespaces/authorizationRules` | 2017-04-01 | | `Microsoft.EventHub/namespaces/disasterRecoveryConfigs` | 2017-04-01 | @@ -25,11 +25,12 @@ This module deploys an event hub namespace. | `authorizationRules` | _[authorizationRules](authorizationRules/readme.md)_ array | `[System.Collections.Hashtable]` | | Optional. Authorization Rules for the Event Hub namespace | | `baseTime` | string | `[utcNow('u')]` | | Generated. Do not provide a value! This date value is used to generate a SAS token to access the modules. | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `disasterRecoveryConfig` | object | `{object}` | | Optional. The disaster recovery config for this namespace | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `eventHubs` | _[eventHubs](eventHubs/readme.md)_ array | `[]` | | Optional. The event hubs to deploy into this namespace | | `isAutoInflateEnabled` | bool | | | Optional. Switch to enable the Auto Inflate feature of Event Hub. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | @@ -47,7 +48,6 @@ This module deploys an event hub namespace. | `tags` | object | `{object}` | | Optional. Tags of the resource. | | `userAssignedIdentities` | object | `{object}` | | Optional. The ID(s) to assign to the resource. | | `vNetId` | string | | | Optional. Virtual Network ID to lock down the Event Hub. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | | `zoneRedundant` | bool | | | Optional. Switch to make the Event Hub Namespace zone redundant. | ### Parameter Usage: `privateEndpoints` @@ -143,22 +143,20 @@ You can specify multiple user assigned identities to a resource by providing add | Output Name | Type | Description | | :-- | :-- | :-- | | `namespace` | string | The name of the eventspace. | -| `namespaceConnectionString` | string | The connection string to the namespace. | | `namespaceResourceGroup` | string | The resource group where the namespace is deployed. | | `namespaceResourceId` | string | The resource ID of the eventspace. | -| `sharedAccessPolicyPrimaryKey` | string | The shared access policy primary key. | | `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) - [Namespaces](https://docs.microsoft.com/en-us/azure/templates/Microsoft.EventHub/2021-06-01-preview/namespaces) - [Namespaces/Authorizationrules](https://docs.microsoft.com/en-us/azure/templates/Microsoft.EventHub/2017-04-01/namespaces/authorizationRules) - [Namespaces/Disasterrecoveryconfigs](https://docs.microsoft.com/en-us/azure/templates/Microsoft.EventHub/2017-04-01/namespaces/disasterRecoveryConfigs) - [Namespaces/Eventhubs](https://docs.microsoft.com/en-us/azure/templates/Microsoft.EventHub/2021-06-01-preview/namespaces/eventhubs) - [Namespaces/Eventhubs/Authorizationrules](https://docs.microsoft.com/en-us/azure/templates/Microsoft.EventHub/2021-06-01-preview/namespaces/eventhubs/authorizationRules) - [Namespaces/Eventhubs/Consumergroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.EventHub/2021-06-01-preview/namespaces/eventhubs/consumergroups) -- [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) - [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/privateEndpoints) -- [Privateendpoints/Privatednszonegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2020-05-01/privateEndpoints/privateDnsZoneGroups) +- [Privateendpoints/Privatednszonegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/privateEndpoints/privateDnsZoneGroups) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.HealthBot/healthBots/.bicep/nested_rbac.bicep b/arm/Microsoft.HealthBot/healthBots/.bicep/nested_rbac.bicep index 82b46f0934..6d9805b9cf 100644 --- a/arm/Microsoft.HealthBot/healthBots/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.HealthBot/healthBots/.bicep/nested_rbac.bicep @@ -22,7 +22,7 @@ resource healthBot 'Microsoft.HealthBot/healthBots@2021-06-10' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(healthBot.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.HealthBot/healthBots/deploy.bicep b/arm/Microsoft.HealthBot/healthBots/deploy.bicep index 1fa1b1170c..a2a19915a9 100644 --- a/arm/Microsoft.HealthBot/healthBots/deploy.bicep +++ b/arm/Microsoft.HealthBot/healthBots/deploy.bicep @@ -39,7 +39,7 @@ resource azureHealthBot 'Microsoft.HealthBot/healthBots@2020-12-08' = { properties: {} } -resource azureHealthBot_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource azureHealthBot_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${azureHealthBot.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.HealthBot/healthBots/readme.md b/arm/Microsoft.HealthBot/healthBots/readme.md index 60f5b17dbb..8ab04a5920 100644 --- a/arm/Microsoft.HealthBot/healthBots/readme.md +++ b/arm/Microsoft.HealthBot/healthBots/readme.md @@ -6,8 +6,8 @@ This module deploys an Azure Health Bot. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.HealthBot/healthBots` | 2020-12-08 | ## Parameters @@ -72,5 +72,5 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references - [Define resources with Bicep and ARM templates](https://docs.microsoft.com/en-us/azure/templates) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Insights/actionGroups/.bicep/nested_rbac.bicep b/arm/Microsoft.Insights/actionGroups/.bicep/nested_rbac.bicep index 7cecafd606..4f06a27f69 100644 --- a/arm/Microsoft.Insights/actionGroups/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Insights/actionGroups/.bicep/nested_rbac.bicep @@ -23,7 +23,7 @@ resource actionGroup 'microsoft.insights/actionGroups@2019-06-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(actionGroup.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Insights/actionGroups/readme.md b/arm/Microsoft.Insights/actionGroups/readme.md index 41d78a614b..a301e71892 100644 --- a/arm/Microsoft.Insights/actionGroups/readme.md +++ b/arm/Microsoft.Insights/actionGroups/readme.md @@ -6,7 +6,7 @@ This module deploys an Action Group. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `microsoft.insights/actionGroups` | 2019-06-01 | ## Parameters @@ -124,5 +124,5 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Actiongroups](https://docs.microsoft.com/en-us/azure/templates/microsoft.insights/2019-06-01/actionGroups) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Insights/activityLogAlerts/.bicep/nested_rbac.bicep b/arm/Microsoft.Insights/activityLogAlerts/.bicep/nested_rbac.bicep index f6fb000ea4..ade3b2a850 100644 --- a/arm/Microsoft.Insights/activityLogAlerts/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Insights/activityLogAlerts/.bicep/nested_rbac.bicep @@ -23,7 +23,7 @@ resource activityLogAlert 'Microsoft.Insights/activityLogAlerts@2020-10-01' exis name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(activityLogAlert.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Insights/activityLogAlerts/readme.md b/arm/Microsoft.Insights/activityLogAlerts/readme.md index af77147d35..ffcfad8963 100644 --- a/arm/Microsoft.Insights/activityLogAlerts/readme.md +++ b/arm/Microsoft.Insights/activityLogAlerts/readme.md @@ -6,7 +6,7 @@ This module deploys an Alert based on Activity Log. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/activityLogAlerts` | 2020-10-01 | ## Parameters @@ -178,5 +178,5 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Activitylogalerts](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2020-10-01/activityLogAlerts) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Insights/components/.bicep/nested_rbac.bicep b/arm/Microsoft.Insights/components/.bicep/nested_rbac.bicep index 2072a48725..3c4de64b82 100644 --- a/arm/Microsoft.Insights/components/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Insights/components/.bicep/nested_rbac.bicep @@ -26,7 +26,7 @@ resource appInsights 'Microsoft.Insights/components@2020-02-02' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(appInsights.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Insights/components/readme.md b/arm/Microsoft.Insights/components/readme.md index 94c53c7d69..191215ecfa 100644 --- a/arm/Microsoft.Insights/components/readme.md +++ b/arm/Microsoft.Insights/components/readme.md @@ -4,7 +4,7 @@ | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/components` | 2020-02-02 | ## Parameters @@ -72,5 +72,5 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Components](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2020-02-02/components) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Insights/diagnosticSettings/.parameters/parameters.json b/arm/Microsoft.Insights/diagnosticSettings/.parameters/parameters.json index 113c405602..ef6caf62db 100644 --- a/arm/Microsoft.Insights/diagnosticSettings/.parameters/parameters.json +++ b/arm/Microsoft.Insights/diagnosticSettings/.parameters/parameters.json @@ -11,13 +11,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.Insights/diagnosticSettings/deploy.bicep b/arm/Microsoft.Insights/diagnosticSettings/deploy.bicep index 1eba4001ab..f6f196b51b 100644 --- a/arm/Microsoft.Insights/diagnosticSettings/deploy.bicep +++ b/arm/Microsoft.Insights/diagnosticSettings/deploy.bicep @@ -13,14 +13,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @description('Optional. The name of logs that will be streamed.') @allowed([ @@ -57,10 +57,10 @@ resource diagnosticSetting 'Microsoft.Insights/diagnosticSettings@2021-05-01-pre name: name properties: { storageAccountId: (empty(diagnosticStorageAccountId) ? null : diagnosticStorageAccountId) - workspaceId: (empty(workspaceId) ? null : workspaceId) - eventHubAuthorizationRuleId: (empty(eventHubAuthorizationRuleId) ? null : eventHubAuthorizationRuleId) - eventHubName: (empty(eventHubName) ? null : eventHubName) - logs: ((empty(diagnosticStorageAccountId) && empty(workspaceId) && empty(eventHubAuthorizationRuleId) && empty(eventHubName)) ? null : diagnosticsLogs) + workspaceId: (empty(diagnosticWorkspaceId) ? null : diagnosticWorkspaceId) + eventHubAuthorizationRuleId: (empty(diagnosticEventHubAuthorizationRuleId) ? null : diagnosticEventHubAuthorizationRuleId) + eventHubName: (empty(diagnosticEventHubName) ? null : diagnosticEventHubName) + logs: ((empty(diagnosticStorageAccountId) && empty(diagnosticWorkspaceId) && empty(diagnosticEventHubAuthorizationRuleId) && empty(diagnosticEventHubName)) ? null : diagnosticsLogs) } } diff --git a/arm/Microsoft.Insights/diagnosticSettings/readme.md b/arm/Microsoft.Insights/diagnosticSettings/readme.md index f15df9bae4..9939c4d2fa 100644 --- a/arm/Microsoft.Insights/diagnosticSettings/readme.md +++ b/arm/Microsoft.Insights/diagnosticSettings/readme.md @@ -12,13 +12,13 @@ This module deploys a subscription wide export of the activity log. | Parameter Name | Type | Default Value | Possible Values | Description | | :-- | :-- | :-- | :-- | :-- | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `logsToEnable` | array | `[Administrative, Security, ServiceHealth, Alert, Recommendation, Policy, Autoscale, ResourceHealth]` | `[Administrative, Security, ServiceHealth, Alert, Recommendation, Policy, Autoscale, ResourceHealth]` | Optional. The name of logs that will be streamed. | | `name` | string | `[format('{0}-ActivityLog', uniqueString(subscription().id))]` | | Optional. Name of the ActivityLog diagnostic settings. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ## Outputs diff --git a/arm/Microsoft.Insights/metricAlerts/.bicep/nested_rbac.bicep b/arm/Microsoft.Insights/metricAlerts/.bicep/nested_rbac.bicep index 4e898950dc..aecb16deec 100644 --- a/arm/Microsoft.Insights/metricAlerts/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Insights/metricAlerts/.bicep/nested_rbac.bicep @@ -26,7 +26,7 @@ resource metricAlert 'Microsoft.Insights/metricAlerts@2018-03-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(metricAlert.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Insights/metricAlerts/readme.md b/arm/Microsoft.Insights/metricAlerts/readme.md index ae17d9552d..8861c251bc 100644 --- a/arm/Microsoft.Insights/metricAlerts/readme.md +++ b/arm/Microsoft.Insights/metricAlerts/readme.md @@ -6,7 +6,7 @@ This module deploys an alert based on metrics. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/metricAlerts` | 2018-03-01 | ## Parameters @@ -168,5 +168,5 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Metricalerts](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2018-03-01/metricAlerts) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Insights/privateLinkScopes/.bicep/nested_rbac.bicep b/arm/Microsoft.Insights/privateLinkScopes/.bicep/nested_rbac.bicep index 5456c1418e..479082e698 100644 --- a/arm/Microsoft.Insights/privateLinkScopes/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Insights/privateLinkScopes/.bicep/nested_rbac.bicep @@ -22,7 +22,7 @@ resource privateLinkScope 'Microsoft.Insights/privateLinkScopes@2019-10-17-previ name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(privateLinkScope.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Insights/privateLinkScopes/deploy.bicep b/arm/Microsoft.Insights/privateLinkScopes/deploy.bicep index da84b93f41..40257b19af 100644 --- a/arm/Microsoft.Insights/privateLinkScopes/deploy.bicep +++ b/arm/Microsoft.Insights/privateLinkScopes/deploy.bicep @@ -49,7 +49,7 @@ module privateLinkScope_scopedResource 'scopedResources/deploy.bicep' = [for (sc } }] -resource privateLinkScope_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource privateLinkScope_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${privateLinkScope.name}-${lock}-lock' scope: privateLinkScope properties: { diff --git a/arm/Microsoft.Insights/privateLinkScopes/readme.md b/arm/Microsoft.Insights/privateLinkScopes/readme.md index c3d3f830f9..f1c931899a 100644 --- a/arm/Microsoft.Insights/privateLinkScopes/readme.md +++ b/arm/Microsoft.Insights/privateLinkScopes/readme.md @@ -6,8 +6,8 @@ This module deploys an Azure Monitor Private Link Scope. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `microsoft.insights/privateLinkScopes` | 2019-10-17-preview | | `Microsoft.Insights/privateLinkScopes/scopedResources` | 2021-07-01-preview | | `Microsoft.Network/privateEndpoints` | 2021-03-01 | @@ -111,9 +111,9 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/privateEndpoints) +- [Privateendpoints/Privatednszonegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/privateEndpoints/privateDnsZoneGroups) - [Privatelinkscopes](https://docs.microsoft.com/en-us/azure/templates/microsoft.insights/2019-10-17-preview/privateLinkScopes) - [Privatelinkscopes/Scopedresources](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-07-01-preview/privateLinkScopes/scopedResources) -- [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/privateEndpoints) -- [Privateendpoints/Privatednszonegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2020-05-01/privateEndpoints/privateDnsZoneGroups) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Insights/scheduledQueryRules/.bicep/nested_rbac.bicep b/arm/Microsoft.Insights/scheduledQueryRules/.bicep/nested_rbac.bicep index 8e61a960a2..b7c9097a8f 100644 --- a/arm/Microsoft.Insights/scheduledQueryRules/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Insights/scheduledQueryRules/.bicep/nested_rbac.bicep @@ -24,7 +24,7 @@ resource queryAlert 'microsoft.insights/scheduledQueryRules@2018-04-16' existing name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(queryAlert.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Insights/scheduledQueryRules/readme.md b/arm/Microsoft.Insights/scheduledQueryRules/readme.md index 965235b49e..f9ae5440d7 100644 --- a/arm/Microsoft.Insights/scheduledQueryRules/readme.md +++ b/arm/Microsoft.Insights/scheduledQueryRules/readme.md @@ -6,7 +6,7 @@ This module deploys a scheduled query rule. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/scheduledQueryRules` | 2021-02-01-preview | ## Parameters @@ -82,5 +82,5 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Scheduledqueryrules](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-02-01-preview/scheduledQueryRules) diff --git a/arm/Microsoft.KeyVault/vaults/.bicep/nested_rbac.bicep b/arm/Microsoft.KeyVault/vaults/.bicep/nested_rbac.bicep index b888a741df..2af08d0837 100644 --- a/arm/Microsoft.KeyVault/vaults/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.KeyVault/vaults/.bicep/nested_rbac.bicep @@ -33,7 +33,7 @@ resource keyVault 'Microsoft.KeyVault/vaults@2019-09-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(keyVault.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.KeyVault/vaults/.parameters/parameters.json b/arm/Microsoft.KeyVault/vaults/.parameters/parameters.json index 66f042ed63..69c5161038 100644 --- a/arm/Microsoft.KeyVault/vaults/.parameters/parameters.json +++ b/arm/Microsoft.KeyVault/vaults/.parameters/parameters.json @@ -92,13 +92,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.KeyVault/vaults/deploy.bicep b/arm/Microsoft.KeyVault/vaults/deploy.bicep index 3a29ec6dd7..edb5a7c833 100644 --- a/arm/Microsoft.KeyVault/vaults/deploy.bicep +++ b/arm/Microsoft.KeyVault/vaults/deploy.bicep @@ -71,14 +71,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @allowed([ 'CanNotDelete' @@ -187,7 +187,7 @@ resource keyVault 'Microsoft.KeyVault/vaults@2019-09-01' = { } } -resource keyVault_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource keyVault_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${keyVault.name}-${lock}-lock' properties: { level: lock @@ -196,13 +196,13 @@ resource keyVault_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != scope: keyVault } -resource keyVault_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource keyVault_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${name_var}-diagnosticSettingName' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } diff --git a/arm/Microsoft.KeyVault/vaults/keys/.bicep/nested_rbac.bicep b/arm/Microsoft.KeyVault/vaults/keys/.bicep/nested_rbac.bicep index 0b991d1c64..2a1cbd9313 100644 --- a/arm/Microsoft.KeyVault/vaults/keys/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.KeyVault/vaults/keys/.bicep/nested_rbac.bicep @@ -30,7 +30,7 @@ resource key 'Microsoft.KeyVault/vaults/keys@2021-06-01-preview' existing = { name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}' } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(key.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.KeyVault/vaults/keys/readme.md b/arm/Microsoft.KeyVault/vaults/keys/readme.md index c12ac3ddfe..8ff11b72b4 100644 --- a/arm/Microsoft.KeyVault/vaults/keys/readme.md +++ b/arm/Microsoft.KeyVault/vaults/keys/readme.md @@ -6,7 +6,7 @@ This module deploys a key vault key. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.KeyVault/vaults/keys` | 2019-09-01 | ## Parameters @@ -75,5 +75,5 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Vaults/Keys](https://docs.microsoft.com/en-us/azure/templates/Microsoft.KeyVault/2019-09-01/vaults/keys) diff --git a/arm/Microsoft.KeyVault/vaults/readme.md b/arm/Microsoft.KeyVault/vaults/readme.md index fff57bff3e..6a96d0eabb 100644 --- a/arm/Microsoft.KeyVault/vaults/readme.md +++ b/arm/Microsoft.KeyVault/vaults/readme.md @@ -6,8 +6,8 @@ This module deploys a key vault and it's child resources. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.KeyVault/vaults` | 2019-09-01 | | `Microsoft.KeyVault/vaults/accessPolicies` | 2021-06-01-preview | @@ -24,16 +24,17 @@ This module deploys a key vault and it's child resources. | `baseTime` | string | `[utcNow('u')]` | | Generated. Do not provide a value! This date value is used to generate a SAS token to access the modules. | | `createMode` | string | `default` | | Optional. The vault's create mode to indicate whether the vault need to be recovered or not. - recover or default. | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `enablePurgeProtection` | bool | | | Optional. Provide 'true' to enable Key Vault's purge protection feature. | | `enableRbacAuthorization` | bool | | | Optional. Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored (warning: this is a preview feature). When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC. | | `enableSoftDelete` | bool | `True` | | Optional. Switch to enable/disable Key Vault's soft delete feature. | | `enableVaultForDeployment` | bool | `True` | `[True, False]` | Optional. Specifies if the vault is enabled for deployment by script or compute | | `enableVaultForDiskEncryption` | bool | `True` | `[True, False]` | Optional. Specifies if the azure platform has access to the vault for enabling disk encryption scenarios. | | `enableVaultForTemplateDeployment` | bool | `True` | `[True, False]` | Optional. Specifies if the vault is enabled for a template deployment | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `keys` | _[keys](keys/readme.md)_ array | `[]` | | Optional. All keys to create | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | @@ -48,7 +49,6 @@ This module deploys a key vault and it's child resources. | `tags` | object | `{object}` | | Optional. Resource tags. | | `vaultSku` | string | `premium` | `[premium, standard]` | Optional. Specifies the SKU for the vault | | `vNetId` | string | | | Optional. Virtual Network resource identifier, if networkAcls is passed, this value must be passed as well | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ### Parameter Usage: `roleAssignments` @@ -187,10 +187,10 @@ To use Private Endpoint the following dependencies must be deployed: ## Template references - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/privateEndpoints) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints) - [Privateendpoints/Privatednszonegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/privateEndpoints/privateDnsZoneGroups) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Vaults](https://docs.microsoft.com/en-us/azure/templates/Microsoft.KeyVault/2019-09-01/vaults) - [Vaults/Accesspolicies](https://docs.microsoft.com/en-us/azure/templates/Microsoft.KeyVault/2021-06-01-preview/vaults/accessPolicies) - [Vaults/Keys](https://docs.microsoft.com/en-us/azure/templates/Microsoft.KeyVault/2019-09-01/vaults/keys) diff --git a/arm/Microsoft.KeyVault/vaults/secrets/.bicep/nested_rbac.bicep b/arm/Microsoft.KeyVault/vaults/secrets/.bicep/nested_rbac.bicep index ad6f84eca9..e73c709635 100644 --- a/arm/Microsoft.KeyVault/vaults/secrets/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.KeyVault/vaults/secrets/.bicep/nested_rbac.bicep @@ -29,7 +29,7 @@ resource secret 'Microsoft.KeyVault/vaults/secrets@2021-06-01-preview' existing name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}' } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(secret.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.KeyVault/vaults/secrets/readme.md b/arm/Microsoft.KeyVault/vaults/secrets/readme.md index c9ef73a1f7..013d22d710 100644 --- a/arm/Microsoft.KeyVault/vaults/secrets/readme.md +++ b/arm/Microsoft.KeyVault/vaults/secrets/readme.md @@ -6,7 +6,7 @@ This module deploys a key vault secret. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.KeyVault/vaults/secrets` | 2019-09-01 | ## Parameters @@ -73,5 +73,5 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Vaults/Secrets](https://docs.microsoft.com/en-us/azure/templates/Microsoft.KeyVault/2019-09-01/vaults/secrets) diff --git a/arm/Microsoft.Logic/workflows/.bicep/nested_rbac.bicep b/arm/Microsoft.Logic/workflows/.bicep/nested_rbac.bicep index 125dd3a7df..9a4e712fd9 100644 --- a/arm/Microsoft.Logic/workflows/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Logic/workflows/.bicep/nested_rbac.bicep @@ -25,7 +25,7 @@ resource logicApp 'Microsoft.Logic/workflows@2019-05-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(logicApp.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Logic/workflows/.parameters/parameters.json b/arm/Microsoft.Logic/workflows/.parameters/parameters.json index a7db93dbbf..69facde186 100644 --- a/arm/Microsoft.Logic/workflows/.parameters/parameters.json +++ b/arm/Microsoft.Logic/workflows/.parameters/parameters.json @@ -59,13 +59,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" }, "systemAssignedIdentity": { diff --git a/arm/Microsoft.Logic/workflows/deploy.bicep b/arm/Microsoft.Logic/workflows/deploy.bicep index 5a013abc5d..a936fad736 100644 --- a/arm/Microsoft.Logic/workflows/deploy.bicep +++ b/arm/Microsoft.Logic/workflows/deploy.bicep @@ -39,14 +39,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @allowed([ 'CanNotDelete' @@ -180,7 +180,7 @@ resource logicApp 'Microsoft.Logic/workflows@2019-05-01' = { } } -resource logicApp_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource logicApp_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${logicApp.name}-${lock}-lock' properties: { level: lock @@ -189,13 +189,13 @@ resource logicApp_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != scope: logicApp } -resource logicApp_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(workspaceId) || !empty(eventHubAuthorizationRuleId) || !empty(eventHubName)) { +resource logicApp_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { name: '${logicApp.name}-diagnosticsetting' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } diff --git a/arm/Microsoft.Logic/workflows/readme.md b/arm/Microsoft.Logic/workflows/readme.md index 2fba538994..277f8e8843 100644 --- a/arm/Microsoft.Logic/workflows/readme.md +++ b/arm/Microsoft.Logic/workflows/readme.md @@ -6,8 +6,8 @@ This module deploys a Logic App resource. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Logic/workflows` | 2019-05-01 | @@ -20,10 +20,11 @@ This module deploys a Logic App resource. | `contentsAccessControlConfiguration` | object | `{object}` | | Optional. The access control configuration for accessing workflow run contents. | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered. | | `definitionParameters` | object | `{object}` | | Optional. Parameters for the definition template. | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `integrationAccount` | object | `{object}` | | Optional. The integration account. | | `integrationServiceEnvironment` | object | `{object}` | | Optional. The integration service environment. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | @@ -45,7 +46,6 @@ This module deploys a Logic App resource. | `workflowParameters` | object | `{object}` | | Optional. The definitions for one or more parameters that pass the values to use at your logic app's runtime. | | `workflowStaticResults` | object | `{object}` | | Optional. The definitions for one or more static results returned by actions as mock outputs when static results are enabled on those actions. In each action definition, the runtimeConfiguration.staticResult.name attribute references the corresponding definition inside staticResults. | | `workflowTriggers` | object | `{object}` | | Optional. The definitions for one or more triggers that instantiate your workflow. You can define more than one trigger, but only with the Workflow Definition Language, not visually through the Logic Apps Designer. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ### Parameter Usage `AccessControlConfiguration` @@ -162,7 +162,7 @@ You can specify multiple user assigned identities to a resource by providing add ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Workflows](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Logic/2019-05-01/workflows) diff --git a/arm/Microsoft.MachineLearningServices/workspaces/.bicep/nested_rbac.bicep b/arm/Microsoft.MachineLearningServices/workspaces/.bicep/nested_rbac.bicep index 733f81957c..1ec6025c2c 100644 --- a/arm/Microsoft.MachineLearningServices/workspaces/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.MachineLearningServices/workspaces/.bicep/nested_rbac.bicep @@ -23,7 +23,7 @@ resource workspace 'Microsoft.MachineLearningServices/workspaces@2021-04-01' exi name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(workspace.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.MachineLearningServices/workspaces/.parameters/parameters.json b/arm/Microsoft.MachineLearningServices/workspaces/.parameters/parameters.json index 7b9698db76..421b0221c8 100644 --- a/arm/Microsoft.MachineLearningServices/workspaces/.parameters/parameters.json +++ b/arm/Microsoft.MachineLearningServices/workspaces/.parameters/parameters.json @@ -33,13 +33,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" }, "systemAssignedIdentity": { diff --git a/arm/Microsoft.MachineLearningServices/workspaces/deploy.bicep b/arm/Microsoft.MachineLearningServices/workspaces/deploy.bicep index 83d9c59d34..c08cd03896 100644 --- a/arm/Microsoft.MachineLearningServices/workspaces/deploy.bicep +++ b/arm/Microsoft.MachineLearningServices/workspaces/deploy.bicep @@ -60,14 +60,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @description('Optional. The name of logs that will be streamed.') @allowed([ @@ -143,7 +143,7 @@ resource workspace 'Microsoft.MachineLearningServices/workspaces@2021-04-01' = { } } -resource workspace_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource workspace_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${workspace.name}-${lock}-lock' properties: { level: lock @@ -152,13 +152,13 @@ resource workspace_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != scope: workspace } -resource workspace_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource workspace_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } diff --git a/arm/Microsoft.MachineLearningServices/workspaces/readme.md b/arm/Microsoft.MachineLearningServices/workspaces/readme.md index 1611babfda..2fbb2bb006 100644 --- a/arm/Microsoft.MachineLearningServices/workspaces/readme.md +++ b/arm/Microsoft.MachineLearningServices/workspaces/readme.md @@ -6,8 +6,8 @@ This module deploys a Machine Learning Services Workspace. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.MachineLearningServices/workspaces` | 2021-04-01 | | `Microsoft.Network/privateEndpoints` | 2021-05-01 | @@ -23,10 +23,11 @@ This module deploys a Machine Learning Services Workspace. | `associatedKeyVaultResourceId` | string | | | Required. The resource ID of the associated Key Vault. | | `associatedStorageAccountResourceId` | string | | | Required. The resource ID of the associated Storage Account. | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `hbiWorkspace` | bool | | | Optional. The flag to signal HBI data in the workspace and reduce diagnostic data collected by the service. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | @@ -38,7 +39,6 @@ This module deploys a Machine Learning Services Workspace. | `sku` | string | | `[Basic, Enterprise]` | Required. Specifies the sku, also referred as 'edition' of the Azure Machine Learning workspace. | | `systemAssignedIdentity` | bool | | | Optional. Enables system assigned managed identity on the resource. | | `tags` | object | `{object}` | | Optional. Resource tags. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ### Parameter Usage: `roleAssignments` @@ -127,8 +127,8 @@ To use Private Endpoint the following dependencies must be deployed: ## Template references - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/privateEndpoints) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints) - [Privateendpoints/Privatednszonegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/privateEndpoints/privateDnsZoneGroups) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Workspaces](https://docs.microsoft.com/en-us/azure/templates/Microsoft.MachineLearningServices/2021-04-01/workspaces) diff --git a/arm/Microsoft.ManagedIdentity/userAssignedIdentities/.bicep/nested_rbac.bicep b/arm/Microsoft.ManagedIdentity/userAssignedIdentities/.bicep/nested_rbac.bicep index f05120c681..ae2197082e 100644 --- a/arm/Microsoft.ManagedIdentity/userAssignedIdentities/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.ManagedIdentity/userAssignedIdentities/.bicep/nested_rbac.bicep @@ -24,7 +24,7 @@ resource userMsi 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' e name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(userMsi.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.ManagedIdentity/userAssignedIdentities/deploy.bicep b/arm/Microsoft.ManagedIdentity/userAssignedIdentities/deploy.bicep index 390f39cdd8..1f5de06d1d 100644 --- a/arm/Microsoft.ManagedIdentity/userAssignedIdentities/deploy.bicep +++ b/arm/Microsoft.ManagedIdentity/userAssignedIdentities/deploy.bicep @@ -32,7 +32,7 @@ resource userMsi 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = tags: tags } -resource userMsi_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource userMsi_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${userMsi.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.ManagedIdentity/userAssignedIdentities/readme.md b/arm/Microsoft.ManagedIdentity/userAssignedIdentities/readme.md index 04ce8c6e6a..9fbc462fb0 100644 --- a/arm/Microsoft.ManagedIdentity/userAssignedIdentities/readme.md +++ b/arm/Microsoft.ManagedIdentity/userAssignedIdentities/readme.md @@ -6,8 +6,8 @@ This module deploys a user assigned identity. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.ManagedIdentity/userAssignedIdentities` | 2018-11-30 | ## Parameters @@ -71,6 +71,6 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Userassignedidentities](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ManagedIdentity/2018-11-30/userAssignedIdentities) diff --git a/arm/Microsoft.Management/managementGroups/.bicep/nested_rbac.bicep b/arm/Microsoft.Management/managementGroups/.bicep/nested_rbac.bicep index 4ebbe9cfd0..a1b14cfd9e 100644 --- a/arm/Microsoft.Management/managementGroups/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Management/managementGroups/.bicep/nested_rbac.bicep @@ -288,7 +288,7 @@ var builtInRoleNames = { 'Azure Maps Contributor': '/providers/Microsoft.Authorization/roleDefinitions/dba33070-676a-4fb0-87fa-064dc56ff7fb' } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(resourceName, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Management/managementGroups/readme.md b/arm/Microsoft.Management/managementGroups/readme.md index 302eb0526c..75055c0aa5 100644 --- a/arm/Microsoft.Management/managementGroups/readme.md +++ b/arm/Microsoft.Management/managementGroups/readme.md @@ -11,7 +11,7 @@ This module has some known **limitations**: | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Management/managementGroups` | 2021-04-01 | ## Parameters @@ -72,5 +72,5 @@ New-AzRoleAssignment -ObjectId $PrincipalID -Scope "/providers/Microsoft.Managem ## Template references -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Managementgroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Management/2021-04-01/managementGroups) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.NetApp/netAppAccounts/.bicep/nested_rbac.bicep b/arm/Microsoft.NetApp/netAppAccounts/.bicep/nested_rbac.bicep index 448744f6b2..99adf87f9c 100644 --- a/arm/Microsoft.NetApp/netAppAccounts/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.NetApp/netAppAccounts/.bicep/nested_rbac.bicep @@ -22,7 +22,7 @@ resource netAppAccount 'Microsoft.NetApp/netAppAccounts@2021-04-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(netAppAccount.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.NetApp/netAppAccounts/capacityPools/.bicep/nested_rbac.bicep b/arm/Microsoft.NetApp/netAppAccounts/capacityPools/.bicep/nested_rbac.bicep index e2c7c2b474..cc35a1f3d9 100644 --- a/arm/Microsoft.NetApp/netAppAccounts/capacityPools/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.NetApp/netAppAccounts/capacityPools/.bicep/nested_rbac.bicep @@ -22,7 +22,7 @@ resource capacityPool 'Microsoft.NetApp/netAppAccounts/capacityPools@2021-04-01' name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}' } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(capacityPool.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.NetApp/netAppAccounts/capacityPools/readme.md b/arm/Microsoft.NetApp/netAppAccounts/capacityPools/readme.md index 0412fed2b8..cb94472a45 100644 --- a/arm/Microsoft.NetApp/netAppAccounts/capacityPools/readme.md +++ b/arm/Microsoft.NetApp/netAppAccounts/capacityPools/readme.md @@ -6,7 +6,7 @@ This template deploys capacity pools in an Azure NetApp Files. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.NetApp/netAppAccounts/capacityPools` | 2021-06-01 | | `Microsoft.NetApp/netAppAccounts/capacityPools/volumes` | 2021-06-01 | @@ -75,6 +75,6 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Netappaccounts/Capacitypools](https://docs.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2021-06-01/netAppAccounts/capacityPools) - [Netappaccounts/Capacitypools/Volumes](https://docs.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2021-06-01/netAppAccounts/capacityPools/volumes) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/.bicep/nested_rbac.bicep b/arm/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/.bicep/nested_rbac.bicep index 1952f9ecfb..b7caad5b4c 100644 --- a/arm/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/.bicep/nested_rbac.bicep @@ -22,7 +22,7 @@ resource volume 'Microsoft.NetApp/netAppAccounts/capacityPools/volumes@2021-04-0 name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}/${split(resourceId, '/')[12]}' } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(volume.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/readme.md b/arm/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/readme.md index 7219c4b966..099a99e1ee 100644 --- a/arm/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/readme.md +++ b/arm/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/readme.md @@ -6,7 +6,7 @@ This template deploys volumes in a capacity pool of an Azure NetApp files. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.NetApp/netAppAccounts/capacityPools/volumes` | 2021-06-01 | ## Parameters @@ -58,5 +58,5 @@ This template deploys volumes in a capacity pool of an Azure NetApp files. ## Template references -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Netappaccounts/Capacitypools/Volumes](https://docs.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2021-06-01/netAppAccounts/capacityPools/volumes) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.NetApp/netAppAccounts/deploy.bicep b/arm/Microsoft.NetApp/netAppAccounts/deploy.bicep index 7d8b99ed9d..935ae973c9 100644 --- a/arm/Microsoft.NetApp/netAppAccounts/deploy.bicep +++ b/arm/Microsoft.NetApp/netAppAccounts/deploy.bicep @@ -68,7 +68,7 @@ resource netAppAccount 'Microsoft.NetApp/netAppAccounts@2021-04-01' = { } } -resource netAppAccount_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource netAppAccount_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${netAppAccount.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.NetApp/netAppAccounts/readme.md b/arm/Microsoft.NetApp/netAppAccounts/readme.md index 277c527037..e021dc65ee 100644 --- a/arm/Microsoft.NetApp/netAppAccounts/readme.md +++ b/arm/Microsoft.NetApp/netAppAccounts/readme.md @@ -6,8 +6,8 @@ This template deploys Azure NetApp Files. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.NetApp/netAppAccounts` | 2021-04-01 | | `Microsoft.NetApp/netAppAccounts/capacityPools` | 2021-06-01 | | `Microsoft.NetApp/netAppAccounts/capacityPools/volumes` | 2021-06-01 | @@ -79,8 +79,8 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) - [Netappaccounts](https://docs.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2021-04-01/netAppAccounts) - [Netappaccounts/Capacitypools](https://docs.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2021-06-01/netAppAccounts/capacityPools) - [Netappaccounts/Capacitypools/Volumes](https://docs.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2021-06-01/netAppAccounts/capacityPools/volumes) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Network/applicationGateways/.bicep/nested_rbac.bicep b/arm/Microsoft.Network/applicationGateways/.bicep/nested_rbac.bicep index d56361f5c0..53e506ee6c 100644 --- a/arm/Microsoft.Network/applicationGateways/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Network/applicationGateways/.bicep/nested_rbac.bicep @@ -30,7 +30,7 @@ resource applicationGateway 'Microsoft.Network/applicationGateways@2021-02-01' e name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(applicationGateway.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Network/applicationGateways/.parameters/parameters.json b/arm/Microsoft.Network/applicationGateways/.parameters/parameters.json index 8a4e78409b..848b39c88e 100644 --- a/arm/Microsoft.Network/applicationGateways/.parameters/parameters.json +++ b/arm/Microsoft.Network/applicationGateways/.parameters/parameters.json @@ -148,13 +148,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.Network/applicationGateways/deploy.bicep b/arm/Microsoft.Network/applicationGateways/deploy.bicep index ddde05e285..e263363d6d 100644 --- a/arm/Microsoft.Network/applicationGateways/deploy.bicep +++ b/arm/Microsoft.Network/applicationGateways/deploy.bicep @@ -86,14 +86,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @allowed([ 'CanNotDelete' @@ -391,7 +391,7 @@ resource applicationGateway 'Microsoft.Network/applicationGateways@2021-03-01' = dependsOn: [] } -resource applicationGateway_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource applicationGateway_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${applicationGateway.name}-${lock}-lock' properties: { level: lock @@ -400,15 +400,15 @@ resource applicationGateway_lock 'Microsoft.Authorization/locks@2016-09-01' = if scope: applicationGateway } -resource applicationGateway_diagnosticSettingName 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(workspaceId) || !empty(eventHubAuthorizationRuleId) || !empty(eventHubName)) { +resource applicationGateway_diagnosticSettingName 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { name: '${applicationGateway.name}-diagnosticSettings' properties: { storageAccountId: empty(diagnosticStorageAccountId) ? null : diagnosticStorageAccountId - workspaceId: empty(workspaceId) ? null : workspaceId - eventHubAuthorizationRuleId: empty(eventHubAuthorizationRuleId) ? null : eventHubAuthorizationRuleId - eventHubName: empty(eventHubName) ? null : eventHubName - metrics: empty(diagnosticStorageAccountId) && empty(workspaceId) && empty(eventHubAuthorizationRuleId) && empty(eventHubName) ? null : diagnosticsMetrics - logs: empty(diagnosticStorageAccountId) && empty(workspaceId) && empty(eventHubAuthorizationRuleId) && empty(eventHubName) ? null : diagnosticsLogs + workspaceId: empty(diagnosticWorkspaceId) ? null : diagnosticWorkspaceId + eventHubAuthorizationRuleId: empty(diagnosticEventHubAuthorizationRuleId) ? null : diagnosticEventHubAuthorizationRuleId + eventHubName: empty(diagnosticEventHubName) ? null : diagnosticEventHubName + metrics: empty(diagnosticStorageAccountId) && empty(diagnosticWorkspaceId) && empty(diagnosticEventHubAuthorizationRuleId) && empty(diagnosticEventHubName) ? null : diagnosticsMetrics + logs: empty(diagnosticStorageAccountId) && empty(diagnosticWorkspaceId) && empty(diagnosticEventHubAuthorizationRuleId) && empty(diagnosticEventHubName) ? null : diagnosticsLogs } scope: applicationGateway } diff --git a/arm/Microsoft.Network/applicationGateways/readme.md b/arm/Microsoft.Network/applicationGateways/readme.md index 99588cff19..b9b502f13e 100644 --- a/arm/Microsoft.Network/applicationGateways/readme.md +++ b/arm/Microsoft.Network/applicationGateways/readme.md @@ -6,8 +6,8 @@ This template deploys an application gateway. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Network/applicationGateways` | 2021-03-01 | @@ -19,10 +19,11 @@ This template deploys an application gateway. | `backendPools` | array | | | Required. The backend pools to be configured. | | `capacity` | int | `2` | | Optional. The number of Application instances to be configured. | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered. | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `frontendHttpListeners` | array | `[]` | | Required. The frontend http listeners to be configured. | | `frontendHttpRedirects` | array | `[]` | | Optional. The http redirects to be configured. Each redirect will route http traffic to a predefined frontEnd HTTPS listener. | | `frontendHttpsListeners` | array | `[]` | | Required. The frontend HTTPS listeners to be configured. | @@ -47,7 +48,6 @@ This template deploys an application gateway. | `vNetName` | string | | | Required. The name of the Virtual Network where the Application Gateway will be deployed. | | `vNetResourceGroup` | string | `[resourceGroup().name]` | | Optional. The name of the Virtual Network Resource Group where the Application Gateway will be deployed. | | `vNetSubscriptionId` | string | `[subscription().subscriptionId]` | | Optional. The Subscription ID of the Virtual Network where the Application Gateway will be deployed. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ### Parameter Usage: `backendPools` @@ -241,7 +241,7 @@ You can specify multiple user assigned identities to a resource by providing add ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) -- [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) - [Applicationgateways](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/applicationGateways) +- [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Network/applicationSecurityGroups/.bicep/nested_rbac.bicep b/arm/Microsoft.Network/applicationSecurityGroups/.bicep/nested_rbac.bicep index 06790c16a9..c7196c15d2 100644 --- a/arm/Microsoft.Network/applicationSecurityGroups/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Network/applicationSecurityGroups/.bicep/nested_rbac.bicep @@ -29,7 +29,7 @@ resource applicationSecurityGroup 'Microsoft.Network/applicationSecurityGroups@2 name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(applicationSecurityGroup.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Network/applicationSecurityGroups/deploy.bicep b/arm/Microsoft.Network/applicationSecurityGroups/deploy.bicep index 6f8dfe041c..b0131790fe 100644 --- a/arm/Microsoft.Network/applicationSecurityGroups/deploy.bicep +++ b/arm/Microsoft.Network/applicationSecurityGroups/deploy.bicep @@ -33,7 +33,7 @@ resource applicationSecurityGroup 'Microsoft.Network/applicationSecurityGroups@2 properties: {} } -resource applicationSecurityGroup_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource applicationSecurityGroup_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${applicationSecurityGroup.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Network/applicationSecurityGroups/readme.md b/arm/Microsoft.Network/applicationSecurityGroups/readme.md index 34b10c0c3e..f55dea12fc 100644 --- a/arm/Microsoft.Network/applicationSecurityGroups/readme.md +++ b/arm/Microsoft.Network/applicationSecurityGroups/readme.md @@ -6,8 +6,8 @@ This module deploys an application security group. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Network/applicationSecurityGroups` | 2021-02-01 | ## Parameters @@ -70,6 +70,6 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Applicationsecuritygroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/applicationSecurityGroups) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Network/azureFirewalls/.bicep/nested_rbac.bicep b/arm/Microsoft.Network/azureFirewalls/.bicep/nested_rbac.bicep index fa9f4c56df..aea4610a17 100644 --- a/arm/Microsoft.Network/azureFirewalls/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Network/azureFirewalls/.bicep/nested_rbac.bicep @@ -29,7 +29,7 @@ resource azureFirewall 'Microsoft.Network/azureFirewalls@2021-02-01' existing = name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(azureFirewall.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Network/azureFirewalls/.parameters/parameters.json b/arm/Microsoft.Network/azureFirewalls/.parameters/parameters.json index 5edd072121..34f3dce1f6 100644 --- a/arm/Microsoft.Network/azureFirewalls/.parameters/parameters.json +++ b/arm/Microsoft.Network/azureFirewalls/.parameters/parameters.json @@ -116,13 +116,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.Network/azureFirewalls/deploy.bicep b/arm/Microsoft.Network/azureFirewalls/deploy.bicep index 180bac43ab..239e31c7a4 100644 --- a/arm/Microsoft.Network/azureFirewalls/deploy.bicep +++ b/arm/Microsoft.Network/azureFirewalls/deploy.bicep @@ -40,18 +40,18 @@ param publicIPPrefixId string = '' param diagnosticStorageAccountId string = '' @description('Optional. Log Analytics workspace resource identifier') -param workspaceId string = '' +param diagnosticWorkspaceId string = '' @description('Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely.') @minValue(0) @maxValue(365) param diagnosticLogsRetentionInDays int = 365 -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @description('Optional. Location for all resources.') param location string = resourceGroup().location @@ -166,7 +166,7 @@ resource azureFirewallPip 'Microsoft.Network/publicIPAddresses@2021-02-01' = { } } -resource azureFirewallPip_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource azureFirewallPip_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${azureFirewallPip.name}-${lock}-lock' properties: { level: lock @@ -175,13 +175,13 @@ resource azureFirewallPip_lock 'Microsoft.Authorization/locks@2016-09-01' = if ( scope: azureFirewallPip } -resource azureFirewallPip_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(workspaceId) || !empty(eventHubAuthorizationRuleId) || !empty(eventHubName)) { +resource azureFirewallPip_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { name: '${azureFirewallPip.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogsPublicIp } @@ -221,7 +221,7 @@ resource azureFirewall 'Microsoft.Network/azureFirewalls@2021-03-01' = { } } -resource azureFirewall_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource azureFirewall_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${azureFirewall.name}-${lock}-lock' properties: { level: lock @@ -230,13 +230,13 @@ resource azureFirewall_lock 'Microsoft.Authorization/locks@2016-09-01' = if (loc scope: azureFirewall } -resource azureFirewall_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(workspaceId) || !empty(eventHubAuthorizationRuleId) || !empty(eventHubName)) { +resource azureFirewall_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { name: '${azureFirewall.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogsAzureFirewall } diff --git a/arm/Microsoft.Network/azureFirewalls/readme.md b/arm/Microsoft.Network/azureFirewalls/readme.md index 4e03e4cc3b..f7ad866b01 100644 --- a/arm/Microsoft.Network/azureFirewalls/readme.md +++ b/arm/Microsoft.Network/azureFirewalls/readme.md @@ -6,8 +6,8 @@ This module deploys a firewall. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Network/azureFirewalls` | 2021-03-01 | | `Microsoft.Network/publicIPAddresses` | 2021-02-01 | @@ -22,11 +22,12 @@ This module deploys a firewall. | `azureSkuName` | string | `AZFW_VNet` | `[AZFW_VNet, AZFW_Hub]` | Optional. Name of an Azure Firewall SKU. | | `azureSkuTier` | string | `Standard` | `[Standard, Premium]` | Optional. Tier of an Azure Firewall. | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Diagnostic Storage Account resource identifier | +| `diagnosticWorkspaceId` | string | | | Optional. Log Analytics workspace resource identifier | | `enableDnsProxy` | bool | | | Optional. Enable the preview feature for DNS proxy. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `firewallLogsToEnable` | array | `[AzureFirewallApplicationRule, AzureFirewallNetworkRule, AzureFirewallDnsProxy]` | `[AzureFirewallApplicationRule, AzureFirewallNetworkRule, AzureFirewallDnsProxy]` | Optional. The name of firewall logs that will be streamed. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | @@ -37,9 +38,8 @@ This module deploys a firewall. | `publicIPLogsToEnable` | array | `[DDoSProtectionNotifications, DDoSMitigationReports, DDoSMitigationFlowLogs]` | `[DDoSProtectionNotifications, DDoSMitigationReports, DDoSMitigationFlowLogs]` | Optional. The name of public IP logs that will be streamed. | | `publicIPPrefixId` | string | | | Optional. Resource ID of the Public IP Prefix object. This is only needed if you want your Public IPs created in a PIP Prefix. | | `roleAssignments` | array | `[]` | | Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' | -| `tags` | object | `{object}` | | Optional. Tags of the Automation Account resource. | +| `tags` | object | `{object}` | | Optional. Tags of the Azure Firewall resource. | | `vNetId` | string | | | Required. Shared services Virtual Network resource ID | -| `workspaceId` | string | | | Optional. Log Analytics workspace resource identifier | ### Parameter Usage: `roleAssignments` @@ -100,8 +100,8 @@ The `networkRuleCollections` parameter accepts a JSON Array of AzureFirewallNetw ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) -- [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) - [Azurefirewalls](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/azureFirewalls) +- [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) - [Publicipaddresses](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/publicIPAddresses) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Network/bastionHosts/.bicep/nested_publicIPAddress.bicep b/arm/Microsoft.Network/bastionHosts/.bicep/nested_publicIPAddress.bicep index cdc4b29312..e9eab376c4 100644 --- a/arm/Microsoft.Network/bastionHosts/.bicep/nested_publicIPAddress.bicep +++ b/arm/Microsoft.Network/bastionHosts/.bicep/nested_publicIPAddress.bicep @@ -22,13 +22,13 @@ param diagnosticLogsRetentionInDays int = 365 param diagnosticStorageAccountId string = '' @description('Optional. Resource identifier of log analytics.') -param workspaceId string = '' +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @allowed([ 'CanNotDelete' @@ -107,7 +107,7 @@ resource publicIpAddress 'Microsoft.Network/publicIPAddresses@2021-02-01' = { } } -resource publicIpAddress_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource publicIpAddress_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${publicIpAddress.name}-${lock}-lock' properties: { level: lock @@ -116,13 +116,13 @@ resource publicIpAddress_lock 'Microsoft.Authorization/locks@2016-09-01' = if (l scope: publicIpAddress } -resource publicIpAddress_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(workspaceId) || !empty(eventHubAuthorizationRuleId) || !empty(eventHubName)) { +resource publicIpAddress_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { name: '${publicIpAddress.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } diff --git a/arm/Microsoft.Network/bastionHosts/.bicep/nested_publicIPAddress_rbac.bicep b/arm/Microsoft.Network/bastionHosts/.bicep/nested_publicIPAddress_rbac.bicep index 5168799fb6..f2d02c5cbb 100644 --- a/arm/Microsoft.Network/bastionHosts/.bicep/nested_publicIPAddress_rbac.bicep +++ b/arm/Microsoft.Network/bastionHosts/.bicep/nested_publicIPAddress_rbac.bicep @@ -30,7 +30,7 @@ resource publicIpAddress 'Microsoft.Network/publicIPAddresses@2021-03-01' existi name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(publicIpAddress.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Network/bastionHosts/.bicep/nested_rbac.bicep b/arm/Microsoft.Network/bastionHosts/.bicep/nested_rbac.bicep index 5d4c85f4dc..2b74a32883 100644 --- a/arm/Microsoft.Network/bastionHosts/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Network/bastionHosts/.bicep/nested_rbac.bicep @@ -29,7 +29,7 @@ resource azureBastion 'Microsoft.Network/bastionHosts@2021-02-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(azureBastion.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Network/bastionHosts/.parameters/parameters.json b/arm/Microsoft.Network/bastionHosts/.parameters/parameters.json index 8e1bde3407..5f5f562744 100644 --- a/arm/Microsoft.Network/bastionHosts/.parameters/parameters.json +++ b/arm/Microsoft.Network/bastionHosts/.parameters/parameters.json @@ -27,13 +27,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.Network/bastionHosts/deploy.bicep b/arm/Microsoft.Network/bastionHosts/deploy.bicep index a4943e0a38..81a939c943 100644 --- a/arm/Microsoft.Network/bastionHosts/deploy.bicep +++ b/arm/Microsoft.Network/bastionHosts/deploy.bicep @@ -21,14 +21,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @allowed([ 'CanNotDelete' @@ -100,9 +100,9 @@ module publicIPAddress '.bicep/nested_publicIPAddress.bicep' = if (empty(publicI location: location diagnosticStorageAccountId: diagnosticStorageAccountId diagnosticLogsRetentionInDays: diagnosticLogsRetentionInDays - workspaceId: workspaceId - eventHubAuthorizationRuleId: eventHubAuthorizationRuleId - eventHubName: eventHubName + diagnosticWorkspaceId: diagnosticWorkspaceId + diagnosticEventHubAuthorizationRuleId: diagnosticEventHubAuthorizationRuleId + diagnosticEventHubName: diagnosticEventHubName lock: lock tags: tags } @@ -129,7 +129,7 @@ resource azureBastion 'Microsoft.Network/bastionHosts@2021-02-01' = { } } -resource azureBastion_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource azureBastion_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${azureBastion.name}-${lock}-lock' properties: { level: lock @@ -138,13 +138,13 @@ resource azureBastion_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock scope: azureBastion } -resource azureBastion_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(workspaceId) || !empty(eventHubAuthorizationRuleId) || !empty(eventHubName)) { +resource azureBastion_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { name: '${azureBastion.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null logs: diagnosticsLogs } scope: azureBastion diff --git a/arm/Microsoft.Network/bastionHosts/readme.md b/arm/Microsoft.Network/bastionHosts/readme.md index 321d607b33..8b9ae1616b 100644 --- a/arm/Microsoft.Network/bastionHosts/readme.md +++ b/arm/Microsoft.Network/bastionHosts/readme.md @@ -6,8 +6,8 @@ This module deploys a bastion host. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Network/bastionHosts` | 2021-02-01 | | `Microsoft.Network/publicIPAddresses` | 2021-02-01 | @@ -17,10 +17,11 @@ This module deploys a bastion host. | Parameter Name | Type | Default Value | Possible Values | Description | | :-- | :-- | :-- | :-- | :-- | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | | `logsToEnable` | array | `[BastionAuditLogs]` | `[BastionAuditLogs]` | Optional. Optional. The name of bastion logs that will be streamed. | @@ -30,7 +31,6 @@ This module deploys a bastion host. | `roleAssignments` | array | `[]` | | Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' | | `tags` | object | `{object}` | | Optional. Tags of the resource. | | `vNetId` | string | | | Required. Shared services Virtual Network resource identifier | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ### Parameter Usage: `tags` @@ -83,6 +83,6 @@ Tag names and tag values can be provided as needed. A tag can be left without a - [Bastionhosts](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/bastionHosts) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) - [Publicipaddresses](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/publicIPAddresses) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Network/connections/deploy.bicep b/arm/Microsoft.Network/connections/deploy.bicep index 25f33df51b..acd5848a5e 100644 --- a/arm/Microsoft.Network/connections/deploy.bicep +++ b/arm/Microsoft.Network/connections/deploy.bicep @@ -113,7 +113,7 @@ resource connection 'Microsoft.Network/connections@2021-02-01' = { } } -resource connection_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource connection_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${connection.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Network/connections/readme.md b/arm/Microsoft.Network/connections/readme.md index 024b116e84..99d1197086 100644 --- a/arm/Microsoft.Network/connections/readme.md +++ b/arm/Microsoft.Network/connections/readme.md @@ -6,7 +6,7 @@ This template deploys a virtual network gateway connection. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | +| `Microsoft.Authorization/locks` | 2020-05-01 | | `Microsoft.Network/connections` | 2021-02-01 | ## Parameters @@ -92,5 +92,5 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) - [Connections](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/connections) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) diff --git a/arm/Microsoft.Network/ddosProtectionPlans/.bicep/nested_rbac.bicep b/arm/Microsoft.Network/ddosProtectionPlans/.bicep/nested_rbac.bicep index 84ed798023..c4c999b454 100644 --- a/arm/Microsoft.Network/ddosProtectionPlans/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Network/ddosProtectionPlans/.bicep/nested_rbac.bicep @@ -24,7 +24,7 @@ resource ddosProtectionPlan 'Microsoft.Network/ddosProtectionPlans@2021-02-01' e name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(ddosProtectionPlan.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Network/ddosProtectionPlans/deploy.bicep b/arm/Microsoft.Network/ddosProtectionPlans/deploy.bicep index e966c8771c..adc3f2a93e 100644 --- a/arm/Microsoft.Network/ddosProtectionPlans/deploy.bicep +++ b/arm/Microsoft.Network/ddosProtectionPlans/deploy.bicep @@ -34,7 +34,7 @@ resource ddosProtectionPlan 'Microsoft.Network/ddosProtectionPlans@2021-02-01' = properties: {} } -resource ddosProtectionPlan_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource ddosProtectionPlan_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${ddosProtectionPlan.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Network/ddosProtectionPlans/readme.md b/arm/Microsoft.Network/ddosProtectionPlans/readme.md index 4e2eaff543..0085d8cfb9 100644 --- a/arm/Microsoft.Network/ddosProtectionPlans/readme.md +++ b/arm/Microsoft.Network/ddosProtectionPlans/readme.md @@ -6,8 +6,8 @@ This template deploys a DDoS protection plan. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Network/ddosProtectionPlans` | 2021-02-01 | ## Parameters @@ -70,6 +70,6 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Ddosprotectionplans](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/ddosProtectionPlans) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Network/expressRouteCircuits/.bicep/nested_rbac.bicep b/arm/Microsoft.Network/expressRouteCircuits/.bicep/nested_rbac.bicep index a46b4fa36f..92bb469fc2 100644 --- a/arm/Microsoft.Network/expressRouteCircuits/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Network/expressRouteCircuits/.bicep/nested_rbac.bicep @@ -24,7 +24,7 @@ resource expressRouteCircuits 'Microsoft.Network/expressRouteCircuits@2021-02-01 name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(expressRouteCircuits.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Network/expressRouteCircuits/.parameters/parameters.json b/arm/Microsoft.Network/expressRouteCircuits/.parameters/parameters.json index 1500ebac3a..f3dc66eea5 100644 --- a/arm/Microsoft.Network/expressRouteCircuits/.parameters/parameters.json +++ b/arm/Microsoft.Network/expressRouteCircuits/.parameters/parameters.json @@ -36,13 +36,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.Network/expressRouteCircuits/deploy.bicep b/arm/Microsoft.Network/expressRouteCircuits/deploy.bicep index bb06f8dac6..24b8d0dc9c 100644 --- a/arm/Microsoft.Network/expressRouteCircuits/deploy.bicep +++ b/arm/Microsoft.Network/expressRouteCircuits/deploy.bicep @@ -65,14 +65,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @allowed([ 'CanNotDelete' @@ -164,7 +164,7 @@ resource expressRouteCircuits 'Microsoft.Network/expressRouteCircuits@2021-02-01 } } -resource expressRouteCircuits_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource expressRouteCircuits_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${expressRouteCircuits.name}-${lock}-lock' properties: { level: lock @@ -173,13 +173,13 @@ resource expressRouteCircuits_lock 'Microsoft.Authorization/locks@2016-09-01' = scope: expressRouteCircuits } -resource expressRouteCircuits_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(workspaceId) || !empty(eventHubAuthorizationRuleId) || !empty(eventHubName)) { +resource expressRouteCircuits_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { name: '${expressRouteCircuits.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } diff --git a/arm/Microsoft.Network/expressRouteCircuits/readme.md b/arm/Microsoft.Network/expressRouteCircuits/readme.md index c8cf70a542..ca8569dff5 100644 --- a/arm/Microsoft.Network/expressRouteCircuits/readme.md +++ b/arm/Microsoft.Network/expressRouteCircuits/readme.md @@ -6,8 +6,8 @@ This template deploys an express route circuit. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Network/expressRouteCircuits` | 2021-02-01 | @@ -17,10 +17,11 @@ This template deploys an express route circuit. | :-- | :-- | :-- | :-- | :-- | | `bandwidthInMbps` | int | | | Required. This is the bandwidth in Mbps of the circuit being created. It must exactly match one of the available bandwidth offers List ExpressRoute Service Providers API call. | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | | `logsToEnable` | array | `[PeeringRouteLog]` | `[PeeringRouteLog]` | Optional. The name of logs that will be streamed. | @@ -39,7 +40,6 @@ This template deploys an express route circuit. | `skuTier` | string | `Standard` | `[Local, Standard, Premium]` | Required. Chosen SKU Tier of ExpressRoute circuit. Choose from Local, Premium or Standard SKU tiers. | | `tags` | object | `{object}` | | Optional. Tags of the resource. | | `vlanId` | int | | | Optional. Specifies the identifier that is used to identify the customer. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ### Parameter Usage: `roleAssignments` @@ -91,7 +91,7 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) - [Expressroutecircuits](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/expressRouteCircuits) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Network/firewallPolicies/readme.md b/arm/Microsoft.Network/firewallPolicies/readme.md index b73761e0e2..b02b680e6c 100644 --- a/arm/Microsoft.Network/firewallPolicies/readme.md +++ b/arm/Microsoft.Network/firewallPolicies/readme.md @@ -21,7 +21,7 @@ This module deploys Network Firewall Policies. | `defaultWorkspaceId` | string | | | Optional. Default Log Analytics Resource ID for Firewall Policy Insights. | | `enableProxy` | bool | | | Optional. Enable DNS Proxy on Firewalls attached to the Firewall Policy. | | `fqdns` | array | `[]` | | Optional. List of FQDNs for the ThreatIntel Allowlist. | -| `insightsIsEnabled ` | bool | | | Optional. A flag to indicate if the insights are enabled on the policy. | +| `insightsIsEnabled` | bool | | | Optional. A flag to indicate if the insights are enabled on the policy. | | `ipAddresses` | array | `[]` | | Optional. List of IP addresses for the ThreatIntel Allowlist. | | `keyVaultSecretId` | string | | | Optional. Secret Id of (base-64 encoded unencrypted pfx) Secret or Certificate object stored in KeyVault. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | @@ -81,6 +81,6 @@ You can specify multiple user assigned identities to a resource by providing add ## Template references +- ['firewallPolicies/ruleGroups' Parent Documentation](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/firewallPolicies) - [Firewallpolicies](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/firewallPolicies) - [Firewallpolicies/Rulecollectiongroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/firewallPolicies/ruleCollectionGroups) -- [Firewallpolicies/Rulegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2020-04-01/firewallPolicies/ruleGroups) diff --git a/arm/Microsoft.Network/firewallPolicies/ruleGroups/readme.md b/arm/Microsoft.Network/firewallPolicies/ruleGroups/readme.md index 24cdf44aa1..348848102d 100644 --- a/arm/Microsoft.Network/firewallPolicies/ruleGroups/readme.md +++ b/arm/Microsoft.Network/firewallPolicies/ruleGroups/readme.md @@ -43,4 +43,4 @@ For remaining properties, see [FirewallPolicyRule objects](https://docs.microsof ## Template references -- [Firewallpolicies/Rulegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2020-04-01/firewallPolicies/ruleGroups) +- ['firewallPolicies/ruleGroups' Parent Documentation](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/firewallPolicies) diff --git a/arm/Microsoft.Network/ipGroups/.bicep/nested_rbac.bicep b/arm/Microsoft.Network/ipGroups/.bicep/nested_rbac.bicep index 390546aced..b42fa91373 100644 --- a/arm/Microsoft.Network/ipGroups/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Network/ipGroups/.bicep/nested_rbac.bicep @@ -24,7 +24,7 @@ resource ipGroup 'Microsoft.Network/ipGroups@2021-02-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(ipGroup.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Network/ipGroups/deploy.bicep b/arm/Microsoft.Network/ipGroups/deploy.bicep index 8b768638f0..4af958bc57 100644 --- a/arm/Microsoft.Network/ipGroups/deploy.bicep +++ b/arm/Microsoft.Network/ipGroups/deploy.bicep @@ -39,7 +39,7 @@ resource ipGroup 'Microsoft.Network/ipGroups@2021-02-01' = { } } -resource ipGroup_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource ipGroup_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${ipGroup.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Network/ipGroups/readme.md b/arm/Microsoft.Network/ipGroups/readme.md index 5f025ae87d..6144e7c385 100644 --- a/arm/Microsoft.Network/ipGroups/readme.md +++ b/arm/Microsoft.Network/ipGroups/readme.md @@ -6,8 +6,8 @@ This module deploys an IP group. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Network/ipGroups` | 2021-02-01 | ## Parameters @@ -71,6 +71,6 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Ipgroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/ipGroups) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Network/loadBalancers/.bicep/nested_rbac.bicep b/arm/Microsoft.Network/loadBalancers/.bicep/nested_rbac.bicep index 6bce9a3753..b9960c3ff9 100644 --- a/arm/Microsoft.Network/loadBalancers/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Network/loadBalancers/.bicep/nested_rbac.bicep @@ -28,7 +28,7 @@ resource loadBalancer 'Microsoft.Network/loadBalancers@2021-02-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(loadBalancer.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Network/loadBalancers/.parameters/parameters.json b/arm/Microsoft.Network/loadBalancers/.parameters/parameters.json index 7055c7629f..9f19a4e963 100644 --- a/arm/Microsoft.Network/loadBalancers/.parameters/parameters.json +++ b/arm/Microsoft.Network/loadBalancers/.parameters/parameters.json @@ -115,13 +115,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.Network/loadBalancers/backendAddressPools/readme.md b/arm/Microsoft.Network/loadBalancers/backendAddressPools/readme.md index 92a854508f..3f5c874f0d 100644 --- a/arm/Microsoft.Network/loadBalancers/backendAddressPools/readme.md +++ b/arm/Microsoft.Network/loadBalancers/backendAddressPools/readme.md @@ -28,4 +28,4 @@ This module deploys load balancer backend address pools. ## Template references -- [Loadbalancers/Backendaddresspools](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/loadBalancers/backendAddressPools) +- [Loadbalancers/Backendaddresspools](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/loadBalancers/backendAddressPools) diff --git a/arm/Microsoft.Network/loadBalancers/deploy.bicep b/arm/Microsoft.Network/loadBalancers/deploy.bicep index bec72843ea..45c31e4edc 100644 --- a/arm/Microsoft.Network/loadBalancers/deploy.bicep +++ b/arm/Microsoft.Network/loadBalancers/deploy.bicep @@ -32,14 +32,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @allowed([ 'CanNotDelete' @@ -207,7 +207,7 @@ module loadBalancer_inboundNATRules 'inboundNatRules/deploy.bicep' = [for (inbou ] }] -resource loadBalancer_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource loadBalancer_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${loadBalancer.name}-${lock}-lock' properties: { level: lock @@ -216,13 +216,13 @@ resource loadBalancer_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock scope: loadBalancer } -resource loadBalancer_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(workspaceId) || !empty(eventHubAuthorizationRuleId) || !empty(eventHubName)) { +resource loadBalancer_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { name: '${loadBalancer.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics } scope: loadBalancer diff --git a/arm/Microsoft.Network/loadBalancers/inboundNatRules/readme.md b/arm/Microsoft.Network/loadBalancers/inboundNatRules/readme.md index e011695b7b..c33987048e 100644 --- a/arm/Microsoft.Network/loadBalancers/inboundNatRules/readme.md +++ b/arm/Microsoft.Network/loadBalancers/inboundNatRules/readme.md @@ -36,4 +36,4 @@ This module deploys load balancers inbound NAT rules. ## Template references -- [Loadbalancers/Inboundnatrules](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/loadBalancers/inboundNatRules) +- [Loadbalancers/Inboundnatrules](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/loadBalancers/inboundNatRules) diff --git a/arm/Microsoft.Network/loadBalancers/readme.md b/arm/Microsoft.Network/loadBalancers/readme.md index 76be954c28..199b526467 100644 --- a/arm/Microsoft.Network/loadBalancers/readme.md +++ b/arm/Microsoft.Network/loadBalancers/readme.md @@ -6,8 +6,8 @@ This module deploys a load balancer. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Network/loadBalancers` | 2021-02-01 | | `Microsoft.Network/loadBalancers/backendAddressPools` | 2021-05-01 | @@ -19,10 +19,11 @@ This module deploys a load balancer. | :-- | :-- | :-- | :-- | :-- | | `backendAddressPools` | _[backendAddressPools](backendAddressPools/readme.md)_ array | `[]` | | Optional. Collection of backend address pools used by a load balancer. | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `frontendIPConfigurations` | array | | | Required. Array of objects containing all frontend IP configurations | | `inboundNatRules` | _[inboundNatRules](inboundNatRules/readme.md)_ array | `[]` | | Optional. Collection of inbound NAT Rules used by a load balancer. Defining inbound NAT rules on your load balancer is mutually exclusive with defining an inbound NAT pool. Inbound NAT pools are referenced from virtual machine scale sets. NICs that are associated with individual virtual machines cannot reference an Inbound NAT pool. They have to reference individual inbound NAT rules. | | `loadBalancerSku` | string | `Standard` | `[Basic, Standard]` | Optional. Name of a load balancer SKU. | @@ -35,7 +36,6 @@ This module deploys a load balancer. | `probes` | array | `[]` | | Optional. Array of objects containing all probes, these are references in the load balancing rules | | `roleAssignments` | array | `[]` | | Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' | | `tags` | object | `{object}` | | Optional. Tags of the resource. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ### Parameter Usage: `frontendIPConfigurations` @@ -218,7 +218,7 @@ Tag names and tag values can be provided as needed. A tag can be left without a - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) - [Loadbalancers](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/loadBalancers) -- [Loadbalancers/Backendaddresspools](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/loadBalancers/backendAddressPools) -- [Loadbalancers/Inboundnatrules](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/loadBalancers/inboundNatRules) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Loadbalancers/Backendaddresspools](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/loadBalancers/backendAddressPools) +- [Loadbalancers/Inboundnatrules](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/loadBalancers/inboundNatRules) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Network/localNetworkGateways/.bicep/nested_rbac.bicep b/arm/Microsoft.Network/localNetworkGateways/.bicep/nested_rbac.bicep index c4af14a885..796eaf4f55 100644 --- a/arm/Microsoft.Network/localNetworkGateways/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Network/localNetworkGateways/.bicep/nested_rbac.bicep @@ -24,7 +24,7 @@ resource localNetworkGateway 'Microsoft.Network/localNetworkGateways@2021-02-01' name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(localNetworkGateway.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Network/localNetworkGateways/deploy.bicep b/arm/Microsoft.Network/localNetworkGateways/deploy.bicep index 1b8e72fb03..9974e9cb79 100644 --- a/arm/Microsoft.Network/localNetworkGateways/deploy.bicep +++ b/arm/Microsoft.Network/localNetworkGateways/deploy.bicep @@ -65,7 +65,7 @@ resource localNetworkGateway 'Microsoft.Network/localNetworkGateways@2021-02-01' } } -resource localNetworkGateway_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource localNetworkGateway_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${localNetworkGateway.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Network/localNetworkGateways/readme.md b/arm/Microsoft.Network/localNetworkGateways/readme.md index 5521eae7c2..efae226523 100644 --- a/arm/Microsoft.Network/localNetworkGateways/readme.md +++ b/arm/Microsoft.Network/localNetworkGateways/readme.md @@ -6,8 +6,8 @@ This module deploys a local network gateway. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Network/localNetworkGateways` | 2021-02-01 | ## Parameters @@ -76,6 +76,6 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Localnetworkgateways](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/localNetworkGateways) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Network/natGateways/.bicep/nested_rbac.bicep b/arm/Microsoft.Network/natGateways/.bicep/nested_rbac.bicep index d7a1523571..80bfba5cfd 100644 --- a/arm/Microsoft.Network/natGateways/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Network/natGateways/.bicep/nested_rbac.bicep @@ -24,7 +24,7 @@ resource natGateway 'Microsoft.Network/natGateways@2021-02-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(natGateway.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Network/natGateways/.parameters/parameters.json b/arm/Microsoft.Network/natGateways/.parameters/parameters.json index 07dfc531df..8f938dfd60 100644 --- a/arm/Microsoft.Network/natGateways/.parameters/parameters.json +++ b/arm/Microsoft.Network/natGateways/.parameters/parameters.json @@ -24,13 +24,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.Network/natGateways/deploy.bicep b/arm/Microsoft.Network/natGateways/deploy.bicep index f05f4f3244..e724f17c65 100644 --- a/arm/Microsoft.Network/natGateways/deploy.bicep +++ b/arm/Microsoft.Network/natGateways/deploy.bicep @@ -36,14 +36,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @allowed([ 'CanNotDelete' @@ -139,7 +139,7 @@ resource publicIP 'Microsoft.Network/publicIPAddresses@2021-02-01' = if (natGate } } -resource publicIP_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource publicIP_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${publicIP.name}-${lock}-lock' properties: { level: lock @@ -148,13 +148,13 @@ resource publicIP_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != scope: publicIP } -resource publicIP_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(workspaceId) || !empty(eventHubAuthorizationRuleId) || !empty(eventHubName)) { +resource publicIP_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { name: '${publicIP.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } @@ -174,7 +174,7 @@ resource natGateway 'Microsoft.Network/natGateways@2021-02-01' = { zones: zones } -resource natGateway_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource natGateway_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${natGateway.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Network/natGateways/readme.md b/arm/Microsoft.Network/natGateways/readme.md index c061da77fb..9c9a85a916 100644 --- a/arm/Microsoft.Network/natGateways/readme.md +++ b/arm/Microsoft.Network/natGateways/readme.md @@ -6,8 +6,8 @@ This module deploys a NAT gateway. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Network/natGateways` | 2021-02-01 | | `Microsoft.Network/publicIPAddresses` | 2021-02-01 | @@ -17,10 +17,11 @@ This module deploys a NAT gateway. | Parameter Name | Type | Default Value | Possible Values | Description | | :-- | :-- | :-- | :-- | :-- | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `idleTimeoutInMinutes` | int | `5` | | Optional. The idle timeout of the nat gateway. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | @@ -35,7 +36,6 @@ This module deploys a NAT gateway. | `publicIpPrefixes` | array | `[]` | | Optional. Existing Public IP Prefixes resource names to use for the NAT Gateway. | | `roleAssignments` | array | `[]` | | Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' | | `tags` | object | `{object}` | | Optional. Tags for the resource. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | | `zones` | array | `[]` | | Optional. A list of availability zones denoting the zone in which Nat Gateway should be deployed. | ### Parameter Usage: `roleAssignments` @@ -87,8 +87,8 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) - [Natgateways](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/natGateways) - [Publicipaddresses](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/publicIPAddresses) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Network/networkSecurityGroups/.bicep/nested_rbac.bicep b/arm/Microsoft.Network/networkSecurityGroups/.bicep/nested_rbac.bicep index 4285b88504..700e0d6d2b 100644 --- a/arm/Microsoft.Network/networkSecurityGroups/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Network/networkSecurityGroups/.bicep/nested_rbac.bicep @@ -27,7 +27,7 @@ resource networkSecurityGroup 'Microsoft.Network/networkSecurityGroups@2021-02-0 name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(networkSecurityGroup.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Network/networkSecurityGroups/.parameters/parameters.json b/arm/Microsoft.Network/networkSecurityGroups/.parameters/parameters.json index 5d6c180cb6..c331654c1c 100644 --- a/arm/Microsoft.Network/networkSecurityGroups/.parameters/parameters.json +++ b/arm/Microsoft.Network/networkSecurityGroups/.parameters/parameters.json @@ -83,13 +83,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.Network/networkSecurityGroups/deploy.bicep b/arm/Microsoft.Network/networkSecurityGroups/deploy.bicep index e9ade277c9..a6da336731 100644 --- a/arm/Microsoft.Network/networkSecurityGroups/deploy.bicep +++ b/arm/Microsoft.Network/networkSecurityGroups/deploy.bicep @@ -15,14 +15,14 @@ param diagnosticStorageAccountId string = '' @maxValue(365) param diagnosticLogsRetentionInDays int = 365 -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @allowed([ 'CanNotDelete' @@ -93,7 +93,7 @@ resource networkSecurityGroup 'Microsoft.Network/networkSecurityGroups@2021-02-0 } } -resource networkSecurityGroup_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource networkSecurityGroup_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${networkSecurityGroup.name}-${lock}-lock' properties: { level: lock @@ -102,13 +102,13 @@ resource networkSecurityGroup_lock 'Microsoft.Authorization/locks@2016-09-01' = scope: networkSecurityGroup } -resource networkSecurityGroup_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(workspaceId) || !empty(eventHubAuthorizationRuleId) || !empty(eventHubName)) { +resource networkSecurityGroup_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { name: '${networkSecurityGroup.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null logs: diagnosticsLogs } scope: networkSecurityGroup diff --git a/arm/Microsoft.Network/networkSecurityGroups/readme.md b/arm/Microsoft.Network/networkSecurityGroups/readme.md index 7743507af8..d4cd9b88f0 100644 --- a/arm/Microsoft.Network/networkSecurityGroups/readme.md +++ b/arm/Microsoft.Network/networkSecurityGroups/readme.md @@ -6,8 +6,8 @@ This template deploys a network security group (NSG) with optional security rule | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Network/networkSecurityGroups` | 2021-02-01 | @@ -16,10 +16,11 @@ This template deploys a network security group (NSG) with optional security rule | Parameter Name | Type | Default Value | Possible Values | Description | | :-- | :-- | :-- | :-- | :-- | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | | `logsToEnable` | array | `[NetworkSecurityGroupEvent, NetworkSecurityGroupRuleCounter]` | `[NetworkSecurityGroupEvent, NetworkSecurityGroupRuleCounter]` | Optional. The name of logs that will be streamed. | @@ -27,7 +28,6 @@ This template deploys a network security group (NSG) with optional security rule | `networkSecurityGroupSecurityRules` | array | `[]` | | Optional. Array of Security Rules to deploy to the Network Security Group. When not provided, an NSG including only the built-in roles will be deployed. | | `roleAssignments` | array | `[]` | | Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' | | `tags` | object | `{object}` | | Optional. Tags of the NSG resource. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ### Parameter Usage: `networkSecurityGroupSecurityRules` @@ -158,7 +158,7 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) - [Networksecuritygroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/networkSecurityGroups) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Network/networkWatchers/.bicep/nested_rbac.bicep b/arm/Microsoft.Network/networkWatchers/.bicep/nested_rbac.bicep index 62dd0c92cd..a69cf79289 100644 --- a/arm/Microsoft.Network/networkWatchers/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Network/networkWatchers/.bicep/nested_rbac.bicep @@ -24,7 +24,7 @@ resource networkWatcher 'Microsoft.Network/networkWatchers@2021-02-01' existing name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(networkWatcher.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Network/networkWatchers/deploy.bicep b/arm/Microsoft.Network/networkWatchers/deploy.bicep index ae1b5a7fd4..2e3872943a 100644 --- a/arm/Microsoft.Network/networkWatchers/deploy.bicep +++ b/arm/Microsoft.Network/networkWatchers/deploy.bicep @@ -40,7 +40,7 @@ resource networkWatcher 'Microsoft.Network/networkWatchers@2021-02-01' = { properties: {} } -resource networkWatcher_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource networkWatcher_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${networkWatcher.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Network/networkWatchers/readme.md b/arm/Microsoft.Network/networkWatchers/readme.md index 2a9123d185..69761eb870 100644 --- a/arm/Microsoft.Network/networkWatchers/readme.md +++ b/arm/Microsoft.Network/networkWatchers/readme.md @@ -6,8 +6,8 @@ This template deploys a network watcher. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Network/networkWatchers` | 2021-02-01 | | `Microsoft.Network/networkWatchers/connectionMonitors` | 2021-03-01 | | `Microsoft.Network/networkWatchers/flowLogs` | 2021-03-01 | @@ -75,8 +75,8 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) - [Networkwatchers](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/networkWatchers) - [Networkwatchers/Connectionmonitors](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/networkWatchers/connectionMonitors) - [Networkwatchers/Flowlogs](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/networkWatchers/flowLogs) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Network/privateDnsZones/.bicep/nested_rbac.bicep b/arm/Microsoft.Network/privateDnsZones/.bicep/nested_rbac.bicep index 921291c400..9706c937b7 100644 --- a/arm/Microsoft.Network/privateDnsZones/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Network/privateDnsZones/.bicep/nested_rbac.bicep @@ -25,7 +25,7 @@ resource privateDnsZone 'Microsoft.Network/privateDnsZones@2018-09-01' existing name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(privateDnsZone.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Network/privateDnsZones/deploy.bicep b/arm/Microsoft.Network/privateDnsZones/deploy.bicep index 02d65d7ce1..3f176296f7 100644 --- a/arm/Microsoft.Network/privateDnsZones/deploy.bicep +++ b/arm/Microsoft.Network/privateDnsZones/deploy.bicep @@ -47,7 +47,7 @@ module privateDnsZone_virtualNetworkLinks 'virtualNetworkLinks/deploy.bicep' = [ } }] -resource privateDnsZone_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource privateDnsZone_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${privateDnsZone.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Network/privateDnsZones/readme.md b/arm/Microsoft.Network/privateDnsZones/readme.md index e61a41134b..06cf7b618e 100644 --- a/arm/Microsoft.Network/privateDnsZones/readme.md +++ b/arm/Microsoft.Network/privateDnsZones/readme.md @@ -6,8 +6,8 @@ This template deploys a private DNS zone. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Network/privateDnsZones` | 2020-06-01 | | `Microsoft.Network/privateDnsZones/virtualNetworkLinks` | 2020-06-01 | @@ -72,7 +72,7 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) - [Privatednszones](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2020-06-01/privateDnsZones) - [Privatednszones/Virtualnetworklinks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2020-06-01/privateDnsZones/virtualNetworkLinks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Network/privateEndpoints/.bicep/nested_rbac.bicep b/arm/Microsoft.Network/privateEndpoints/.bicep/nested_rbac.bicep index da73a45b85..63a851a101 100644 --- a/arm/Microsoft.Network/privateEndpoints/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Network/privateEndpoints/.bicep/nested_rbac.bicep @@ -24,7 +24,7 @@ resource privateEndpoint 'Microsoft.Network/privateEndpoints@2021-03-01' existin name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(privateEndpoint.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Network/privateEndpoints/deploy.bicep b/arm/Microsoft.Network/privateEndpoints/deploy.bicep index a171cb9816..3a3b976569 100644 --- a/arm/Microsoft.Network/privateEndpoints/deploy.bicep +++ b/arm/Microsoft.Network/privateEndpoints/deploy.bicep @@ -68,7 +68,7 @@ module privateEndpoint_privateDnsZoneGroups 'privateDnsZoneGroups/deploy.bicep' } }] -resource privateEndpoint_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource privateEndpoint_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${privateEndpoint.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Network/privateEndpoints/readme.md b/arm/Microsoft.Network/privateEndpoints/readme.md index 33e22b8c4c..c628c473dd 100644 --- a/arm/Microsoft.Network/privateEndpoints/readme.md +++ b/arm/Microsoft.Network/privateEndpoints/readme.md @@ -6,8 +6,8 @@ This template deploys a private endpoint for a generic service. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Network/privateEndpoints` | 2021-03-01 | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | 2021-03-01 | @@ -85,7 +85,7 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) - [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/privateEndpoints) - [Privateendpoints/Privatednszonegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/privateEndpoints/privateDnsZoneGroups) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Network/publicIPAddresses/.bicep/nested_rbac.bicep b/arm/Microsoft.Network/publicIPAddresses/.bicep/nested_rbac.bicep index c7de7eb565..16caa97465 100644 --- a/arm/Microsoft.Network/publicIPAddresses/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Network/publicIPAddresses/.bicep/nested_rbac.bicep @@ -28,7 +28,7 @@ resource publicIpAddress 'Microsoft.Network/publicIPAddresses@2021-02-01' existi name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(publicIpAddress.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Network/publicIPAddresses/.parameters/parameters.json b/arm/Microsoft.Network/publicIPAddresses/.parameters/parameters.json index 17fb9705d9..110dc0367a 100644 --- a/arm/Microsoft.Network/publicIPAddresses/.parameters/parameters.json +++ b/arm/Microsoft.Network/publicIPAddresses/.parameters/parameters.json @@ -27,13 +27,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.Network/publicIPAddresses/deploy.bicep b/arm/Microsoft.Network/publicIPAddresses/deploy.bicep index c1cd5a2e46..2075b51149 100644 --- a/arm/Microsoft.Network/publicIPAddresses/deploy.bicep +++ b/arm/Microsoft.Network/publicIPAddresses/deploy.bicep @@ -21,14 +21,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @allowed([ 'CanNotDelete' @@ -115,7 +115,7 @@ resource publicIpAddress 'Microsoft.Network/publicIPAddresses@2021-02-01' = { } } -resource publicIpAddress_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource publicIpAddress_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${publicIpAddress.name}-${lock}-lock' properties: { level: lock @@ -124,13 +124,13 @@ resource publicIpAddress_lock 'Microsoft.Authorization/locks@2016-09-01' = if (l scope: publicIpAddress } -resource publicIpAddress_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(workspaceId) || !empty(eventHubAuthorizationRuleId) || !empty(eventHubName)) { +resource publicIpAddress_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { name: '${publicIpAddress.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } diff --git a/arm/Microsoft.Network/publicIPAddresses/readme.md b/arm/Microsoft.Network/publicIPAddresses/readme.md index e1adf733a5..6b7f187917 100644 --- a/arm/Microsoft.Network/publicIPAddresses/readme.md +++ b/arm/Microsoft.Network/publicIPAddresses/readme.md @@ -4,8 +4,8 @@ | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Network/publicIPAddresses` | 2021-02-01 | @@ -14,10 +14,11 @@ | Parameter Name | Type | Default Value | Possible Values | Description | | :-- | :-- | :-- | :-- | :-- | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | | `logsToEnable` | array | `[DDoSProtectionNotifications, DDoSMitigationFlowLogs, DDoSMitigationReports]` | `[DDoSProtectionNotifications, DDoSMitigationFlowLogs, DDoSMitigationReports]` | Optional. The name of logs that will be streamed. | @@ -29,7 +30,6 @@ | `skuName` | string | `Basic` | | Optional. Public IP Address sku Name | | `skuTier` | string | `Regional` | | Optional. Public IP Address pricing tier | | `tags` | object | `{object}` | | Optional. Tags of the resource. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ### Parameter Usage: `tags` @@ -80,7 +80,7 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) - [Publicipaddresses](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/publicIPAddresses) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Network/publicIPPrefixes/.bicep/nested_rbac.bicep b/arm/Microsoft.Network/publicIPPrefixes/.bicep/nested_rbac.bicep index 925a0db08c..0d917e12fb 100644 --- a/arm/Microsoft.Network/publicIPPrefixes/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Network/publicIPPrefixes/.bicep/nested_rbac.bicep @@ -24,7 +24,7 @@ resource publicIpPrefix 'Microsoft.Network/publicIPPrefixes@2021-02-01' existing name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(publicIpPrefix.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Network/publicIPPrefixes/deploy.bicep b/arm/Microsoft.Network/publicIPPrefixes/deploy.bicep index 3b02f8aef7..9272be4fd5 100644 --- a/arm/Microsoft.Network/publicIPPrefixes/deploy.bicep +++ b/arm/Microsoft.Network/publicIPPrefixes/deploy.bicep @@ -45,7 +45,7 @@ resource publicIpPrefix 'Microsoft.Network/publicIPPrefixes@2021-02-01' = { } } -resource publicIpPrefix_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource publicIpPrefix_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${publicIpPrefix.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Network/publicIPPrefixes/readme.md b/arm/Microsoft.Network/publicIPPrefixes/readme.md index e9fa407663..5d2fc758a6 100644 --- a/arm/Microsoft.Network/publicIPPrefixes/readme.md +++ b/arm/Microsoft.Network/publicIPPrefixes/readme.md @@ -6,8 +6,8 @@ This template deploys a public IP prefix. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Network/publicIPPrefixes` | 2021-02-01 | ## Parameters @@ -71,6 +71,6 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) - [Publicipprefixes](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/publicIPPrefixes) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Network/routeTables/.bicep/nested_rbac.bicep b/arm/Microsoft.Network/routeTables/.bicep/nested_rbac.bicep index d976cf899d..4bf2e9e2c3 100644 --- a/arm/Microsoft.Network/routeTables/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Network/routeTables/.bicep/nested_rbac.bicep @@ -25,7 +25,7 @@ resource routeTable 'Microsoft.Network/routeTables@2021-02-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(routeTable.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Network/routeTables/deploy.bicep b/arm/Microsoft.Network/routeTables/deploy.bicep index 523c26479a..3ad1e610a3 100644 --- a/arm/Microsoft.Network/routeTables/deploy.bicep +++ b/arm/Microsoft.Network/routeTables/deploy.bicep @@ -42,7 +42,7 @@ resource routeTable 'Microsoft.Network/routeTables@2021-02-01' = { } } -resource routeTable_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource routeTable_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${routeTable.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Network/routeTables/readme.md b/arm/Microsoft.Network/routeTables/readme.md index 28c5dd0651..4b1720a105 100644 --- a/arm/Microsoft.Network/routeTables/readme.md +++ b/arm/Microsoft.Network/routeTables/readme.md @@ -6,8 +6,8 @@ This module deploys a user defined route table. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Network/routeTables` | 2021-02-01 | ## Parameters @@ -114,6 +114,6 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Routetables](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/routeTables) diff --git a/arm/Microsoft.Network/trafficmanagerprofiles/.bicep/nested_rbac.bicep b/arm/Microsoft.Network/trafficmanagerprofiles/.bicep/nested_rbac.bicep index 8af1a0fd87..22dfa67908 100644 --- a/arm/Microsoft.Network/trafficmanagerprofiles/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Network/trafficmanagerprofiles/.bicep/nested_rbac.bicep @@ -25,7 +25,7 @@ resource trafficmanagerprofile 'Microsoft.Network/trafficmanagerprofiles@2018-08 name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(trafficmanagerprofile.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Network/trafficmanagerprofiles/.parameters/parameters.json b/arm/Microsoft.Network/trafficmanagerprofiles/.parameters/parameters.json index 1807bab0d2..d2610899d7 100644 --- a/arm/Microsoft.Network/trafficmanagerprofiles/.parameters/parameters.json +++ b/arm/Microsoft.Network/trafficmanagerprofiles/.parameters/parameters.json @@ -24,13 +24,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.Network/trafficmanagerprofiles/deploy.bicep b/arm/Microsoft.Network/trafficmanagerprofiles/deploy.bicep index 940de98108..0eda73ab44 100644 --- a/arm/Microsoft.Network/trafficmanagerprofiles/deploy.bicep +++ b/arm/Microsoft.Network/trafficmanagerprofiles/deploy.bicep @@ -54,14 +54,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @allowed([ 'CanNotDelete' @@ -138,7 +138,7 @@ resource trafficManagerProfile 'Microsoft.Network/trafficmanagerprofiles@2018-08 } } -resource trafficManagerProfile_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource trafficManagerProfile_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${trafficManagerProfile.name}-${lock}-lock' properties: { level: lock @@ -147,13 +147,13 @@ resource trafficManagerProfile_lock 'Microsoft.Authorization/locks@2016-09-01' = scope: trafficManagerProfile } -resource trafficManagerProfile_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(workspaceId) || !empty(eventHubAuthorizationRuleId) || !empty(eventHubName)) { +resource trafficManagerProfile_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { name: '${trafficManagerProfile.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } diff --git a/arm/Microsoft.Network/trafficmanagerprofiles/readme.md b/arm/Microsoft.Network/trafficmanagerprofiles/readme.md index 8716783eed..475aea4ef6 100644 --- a/arm/Microsoft.Network/trafficmanagerprofiles/readme.md +++ b/arm/Microsoft.Network/trafficmanagerprofiles/readme.md @@ -6,8 +6,8 @@ This module deploys a traffic manager profile. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Network/trafficmanagerprofiles` | 2018-08-01 | @@ -16,11 +16,12 @@ This module deploys a traffic manager profile. | Parameter Name | Type | Default Value | Possible Values | Description | | :-- | :-- | :-- | :-- | :-- | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `endpoints` | array | `[]` | | Optional. The list of endpoints in the Traffic Manager profile. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | | `logsToEnable` | array | `[ProbeHealthStatusEvents]` | `[ProbeHealthStatusEvents]` | Optional. The name of logs that will be streamed. | | `maxReturn` | int | `1` | | Optional. Maximum number of endpoints to be returned for MultiValue routing type. | @@ -34,7 +35,6 @@ This module deploys a traffic manager profile. | `trafficRoutingMethod` | string | `Performance` | `[Performance, Priority, Weighted, Geographic, MultiValue, Subnet]` | Optional. The traffic routing method of the Traffic Manager profile. | | `trafficViewEnrollmentStatus` | string | `Disabled` | `[Disabled, Enabled]` | Optional. Indicates whether Traffic View is 'Enabled' or 'Disabled' for the Traffic Manager profile. Null, indicates 'Disabled'. Enabling this feature will increase the cost of the Traffic Manage profile. | | `ttl` | int | `60` | | Optional. The DNS Time-To-Live (TTL), in seconds. This informs the local DNS resolvers and DNS clients how long to cache DNS responses provided by this Traffic Manager profile. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ### Parameter Usage: `monitorConfig` @@ -123,7 +123,7 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Trafficmanagerprofiles](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2018-08-01/trafficmanagerprofiles) diff --git a/arm/Microsoft.Network/virtualNetworkGateways/.bicep/nested_rbac.bicep b/arm/Microsoft.Network/virtualNetworkGateways/.bicep/nested_rbac.bicep index 675b29a6a7..ea6e435d0a 100644 --- a/arm/Microsoft.Network/virtualNetworkGateways/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Network/virtualNetworkGateways/.bicep/nested_rbac.bicep @@ -24,7 +24,7 @@ resource virtualNetworkGateway 'Microsoft.Network/virtualNetworkGateways@2021-02 name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(virtualNetworkGateway.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Network/virtualNetworkGateways/.parameters/expressRoute.parameters.json b/arm/Microsoft.Network/virtualNetworkGateways/.parameters/expressRoute.parameters.json index d4604ecd30..59fdb37f97 100644 --- a/arm/Microsoft.Network/virtualNetworkGateways/.parameters/expressRoute.parameters.json +++ b/arm/Microsoft.Network/virtualNetworkGateways/.parameters/expressRoute.parameters.json @@ -50,13 +50,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.Network/virtualNetworkGateways/.parameters/vpn.parameters.json b/arm/Microsoft.Network/virtualNetworkGateways/.parameters/vpn.parameters.json index da81ae5485..4b91d93f4a 100644 --- a/arm/Microsoft.Network/virtualNetworkGateways/.parameters/vpn.parameters.json +++ b/arm/Microsoft.Network/virtualNetworkGateways/.parameters/vpn.parameters.json @@ -46,13 +46,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.Network/virtualNetworkGateways/deploy.bicep b/arm/Microsoft.Network/virtualNetworkGateways/deploy.bicep index 6f8bd5a883..4b17e4289f 100644 --- a/arm/Microsoft.Network/virtualNetworkGateways/deploy.bicep +++ b/arm/Microsoft.Network/virtualNetworkGateways/deploy.bicep @@ -77,14 +77,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'') param roleAssignments array = [] @@ -294,7 +294,7 @@ resource virtualGatewayPublicIP 'Microsoft.Network/publicIPAddresses@2021-02-01' }] @batchSize(1) -resource virtualGatewayPublicIP_lock 'Microsoft.Authorization/locks@2016-09-01' = [for (virtualGatewayPublicIpName, index) in virtualGatewayPipName_var: if (lock != 'NotSpecified') { +resource virtualGatewayPublicIP_lock 'Microsoft.Authorization/locks@2020-05-01' = [for (virtualGatewayPublicIpName, index) in virtualGatewayPipName_var: if (lock != 'NotSpecified') { name: '${virtualGatewayPublicIpName}-${lock}-lock' properties: { level: lock @@ -304,13 +304,13 @@ resource virtualGatewayPublicIP_lock 'Microsoft.Authorization/locks@2016-09-01' }] @batchSize(1) -resource virtualNetworkGatewayPublicIp_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = [for (virtualGatewayPublicIpName, index) in virtualGatewayPipName_var: if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource virtualNetworkGatewayPublicIp_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = [for (virtualGatewayPublicIpName, index) in virtualGatewayPipName_var: if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${virtualGatewayPublicIpName}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: publicIpDiagnosticsLogs } @@ -341,7 +341,7 @@ resource virtualNetworkGateway 'Microsoft.Network/virtualNetworkGateways@2021-02 ] } -resource virtualNetworkGateway_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource virtualNetworkGateway_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${virtualNetworkGateway.name}-${lock}-lock' properties: { level: lock @@ -350,13 +350,13 @@ resource virtualNetworkGateway_lock 'Microsoft.Authorization/locks@2016-09-01' = scope: virtualNetworkGateway } -resource virtualNetworkGateway_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(workspaceId) || !empty(eventHubAuthorizationRuleId) || !empty(eventHubName)) { +resource virtualNetworkGateway_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { name: '${virtualNetworkGateway.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: virtualNetworkGatewayDiagnosticsLogs } diff --git a/arm/Microsoft.Network/virtualNetworkGateways/readme.md b/arm/Microsoft.Network/virtualNetworkGateways/readme.md index 5f1946c045..ccac785fa3 100644 --- a/arm/Microsoft.Network/virtualNetworkGateways/readme.md +++ b/arm/Microsoft.Network/virtualNetworkGateways/readme.md @@ -6,8 +6,8 @@ This module deploys a virtual network gateway. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Network/publicIPAddresses` | 2021-02-01 | | `Microsoft.Network/virtualNetworkGateways` | 2021-02-01 | @@ -21,12 +21,13 @@ This module deploys a virtual network gateway. | `clientRevokedCertThumbprint` | string | | | Optional. Thumbprint of the revoked certificate. This would revoke VPN client certificates matching this thumbprint from connecting to the VNet. | | `clientRootCertData` | string | | | Optional. Client root certificate data used to authenticate VPN clients. | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `domainNameLabel` | array | `[]` | | Optional. DNS name(s) of the Public IP resource(s). If you enabled active-active configuration, you need to provide 2 DNS names, if you want to use this feature. A region specific suffix will be appended to it, e.g.: your-DNS-name.westeurope.cloudapp.azure.com | | `enableBgp` | bool | `True` | | Optional. Value to specify if BGP is enabled or not | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `gatewayPipName` | array | `[]` | | Optional. Specifies the name of the Public IP used by the Virtual Network Gateway. If it's not provided, a '-pip' suffix will be appended to the gateway's name. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | @@ -43,7 +44,6 @@ This module deploys a virtual network gateway. | `vNetResourceId` | string | | | Required. Virtual Network resource ID | | `vpnClientAddressPoolPrefix` | string | | | Optional. The IP address range from which VPN clients will receive an IP address when connected. Range specified must not overlap with on-premise network. | | `vpnType` | string | `RouteBased` | `[PolicyBased, RouteBased]` | Required. Specifies the VPN type | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ### Parameter Usage: `subnets` @@ -126,8 +126,8 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) - [Publicipaddresses](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/publicIPAddresses) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Virtualnetworkgateways](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/virtualNetworkGateways) diff --git a/arm/Microsoft.Network/virtualNetworks/.bicep/nested_rbac.bicep b/arm/Microsoft.Network/virtualNetworks/.bicep/nested_rbac.bicep index 1ee7998d15..eb79a9be0b 100644 --- a/arm/Microsoft.Network/virtualNetworks/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Network/virtualNetworks/.bicep/nested_rbac.bicep @@ -39,7 +39,7 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2021-03-01' existing name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(virtualNetwork.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Network/virtualNetworks/.parameters/parameters.json b/arm/Microsoft.Network/virtualNetworks/.parameters/parameters.json index 1edc7171f5..3c5e171d64 100644 --- a/arm/Microsoft.Network/virtualNetworks/.parameters/parameters.json +++ b/arm/Microsoft.Network/virtualNetworks/.parameters/parameters.json @@ -64,13 +64,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.Network/virtualNetworks/.parameters/vnetPeering.parameters.json b/arm/Microsoft.Network/virtualNetworks/.parameters/vnetPeering.parameters.json index 677753f51b..e9665da8e1 100644 --- a/arm/Microsoft.Network/virtualNetworks/.parameters/vnetPeering.parameters.json +++ b/arm/Microsoft.Network/virtualNetworks/.parameters/vnetPeering.parameters.json @@ -39,13 +39,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.Network/virtualNetworks/deploy.bicep b/arm/Microsoft.Network/virtualNetworks/deploy.bicep index 960f4fa88a..5d52ba25c0 100644 --- a/arm/Microsoft.Network/virtualNetworks/deploy.bicep +++ b/arm/Microsoft.Network/virtualNetworks/deploy.bicep @@ -28,14 +28,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @allowed([ 'CanNotDelete' @@ -183,7 +183,7 @@ module virtualNetwork_peering_remote 'virtualNetworkPeerings/deploy.bicep' = [fo ] }] -resource virtualNetwork_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource virtualNetwork_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${virtualNetwork.name}-${lock}-lock' properties: { level: lock @@ -192,13 +192,13 @@ resource virtualNetwork_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lo scope: virtualNetwork } -resource appServiceEnvironment_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(workspaceId) || !empty(eventHubAuthorizationRuleId) || !empty(eventHubName)) { +resource appServiceEnvironment_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { name: '${virtualNetwork.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } diff --git a/arm/Microsoft.Network/virtualNetworks/readme.md b/arm/Microsoft.Network/virtualNetworks/readme.md index 5737b655a8..886da074ac 100644 --- a/arm/Microsoft.Network/virtualNetworks/readme.md +++ b/arm/Microsoft.Network/virtualNetworks/readme.md @@ -6,8 +6,8 @@ This template deploys a virtual network (vNet). | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Network/virtualNetworks` | 2021-03-01 | | `Microsoft.Network/virtualNetworks/subnets` | 2021-03-01 | @@ -20,11 +20,12 @@ This template deploys a virtual network (vNet). | `addressPrefixes` | array | | | Required. An Array of 1 or more IP Address Prefixes for the Virtual Network. | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | | `ddosProtectionPlanId` | string | | | Optional. Resource ID of the DDoS protection plan to assign the VNET to. If it's left blank, DDoS protection will not be configured. If it's provided, the VNET created by this template will be attached to the referenced DDoS protection plan. The DDoS protection plan can exist in the same or in a different subscription. | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `dnsServers` | array | `[]` | | Optional. DNS Servers associated to the Virtual Network. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | | `logsToEnable` | array | `[VMProtectionAlerts]` | `[VMProtectionAlerts]` | Optional. The name of logs that will be streamed. | @@ -34,7 +35,6 @@ This template deploys a virtual network (vNet). | `subnets` | _[subnets](subnets/readme.md)_ array | | | Required. An Array of subnets to deploy to the Virual Network. | | `tags` | object | `{object}` | | Optional. Tags of the resource. | | `virtualNetworkPeerings` | _[virtualNetworkPeerings](virtualNetworkPeerings/readme.md)_ array | `[]` | | Optional. Virtual Network Peerings configurations | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ### Parameter Usage: `virtualNetworkPeerings` @@ -111,8 +111,8 @@ The network security group and route table resources must reside in the same res | Output Name | Type | Description | | :-- | :-- | :-- | -| `subnetNames` | array | | -| `subnetResourceIds` | array | | +| `subnetNames` | array | The names of the deployed subnets | +| `subnetResourceIds` | array | The resource IDs of the deployed subnets | | `virtualNetworkName` | string | The name of the virtual network | | `virtualNetworkResourceGroup` | string | The resource group the virtual network was deployed into | | `virtualNetworkResourceId` | string | The resource ID of the virtual network | @@ -120,8 +120,8 @@ The network security group and route table resources must reside in the same res ## Template references - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Virtualnetworks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/virtualNetworks) - [Virtualnetworks/Subnets](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/virtualNetworks/subnets) - [Virtualnetworks/Virtualnetworkpeerings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/virtualNetworks/virtualNetworkPeerings) diff --git a/arm/Microsoft.Network/virtualWans/.bicep/nested_rbac.bicep b/arm/Microsoft.Network/virtualWans/.bicep/nested_rbac.bicep index e8021da8ed..5fa4ad424d 100644 --- a/arm/Microsoft.Network/virtualWans/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Network/virtualWans/.bicep/nested_rbac.bicep @@ -24,7 +24,7 @@ resource virtualWan 'Microsoft.Network/virtualWans@2021-03-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(virtualWan.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Network/virtualWans/deploy.bicep b/arm/Microsoft.Network/virtualWans/deploy.bicep index d1c436a893..99bc313c1f 100644 --- a/arm/Microsoft.Network/virtualWans/deploy.bicep +++ b/arm/Microsoft.Network/virtualWans/deploy.bicep @@ -76,7 +76,7 @@ resource virtualWan 'Microsoft.Network/virtualWans@2021-03-01' = { } } -resource virtualWan_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource virtualWan_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${virtualWan.name}-${lock}-lock' properties: { level: lock @@ -96,7 +96,7 @@ resource virtualHub 'Microsoft.Network/virtualHubs@2021-03-01' = { } } -resource virtualHub_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource virtualHub_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${virtualHub.name}-${lock}-lock' properties: { level: lock @@ -127,7 +127,7 @@ resource vpnSite 'Microsoft.Network/vpnSites@2021-03-01' = { } } -resource vpnSite_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource vpnSite_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${vpnSite.name}-${lock}-lock' properties: { level: lock @@ -161,7 +161,7 @@ resource vpnGateway 'Microsoft.Network/vpnGateways@2021-03-01' = { } } -resource vpnGateway_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource vpnGateway_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${vpnGateway.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Network/virtualWans/readme.md b/arm/Microsoft.Network/virtualWans/readme.md index e5354fd5c8..0175bbbf00 100644 --- a/arm/Microsoft.Network/virtualWans/readme.md +++ b/arm/Microsoft.Network/virtualWans/readme.md @@ -6,8 +6,8 @@ This template deploys a virtual WAN. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Network/virtualHubs` | 2021-03-01 | | `Microsoft.Network/virtualWans` | 2021-03-01 | | `Microsoft.Network/vpnGateways` | 2021-03-01 | @@ -84,8 +84,8 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Virtualhubs](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/virtualHubs) - [Virtualwans](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/virtualWans) - [Vpngateways](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/vpnGateways) diff --git a/arm/Microsoft.OperationalInsights/workspaces/.bicep/nested_rbac.bicep b/arm/Microsoft.OperationalInsights/workspaces/.bicep/nested_rbac.bicep index 76f6b69035..86d7d80496 100644 --- a/arm/Microsoft.OperationalInsights/workspaces/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.OperationalInsights/workspaces/.bicep/nested_rbac.bicep @@ -29,7 +29,7 @@ resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2020-08 name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(logAnalyticsWorkspace.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.OperationalInsights/workspaces/.parameters/parameters.json b/arm/Microsoft.OperationalInsights/workspaces/.parameters/parameters.json index eef49351b9..bc0fdb97f3 100644 --- a/arm/Microsoft.OperationalInsights/workspaces/.parameters/parameters.json +++ b/arm/Microsoft.OperationalInsights/workspaces/.parameters/parameters.json @@ -155,13 +155,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.OperationalInsights/workspaces/deploy.bicep b/arm/Microsoft.OperationalInsights/workspaces/deploy.bicep index fc1b69591a..1158ce1d64 100644 --- a/arm/Microsoft.OperationalInsights/workspaces/deploy.bicep +++ b/arm/Microsoft.OperationalInsights/workspaces/deploy.bicep @@ -63,13 +63,13 @@ param diagnosticLogsRetentionInDays int = 365 param diagnosticStorageAccountId string = '' @description('Optional. Resource ID of a log analytics workspace.') -param workspaceId string = '' +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @allowed([ 'CanNotDelete' @@ -151,13 +151,13 @@ resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2020-08 } } -resource logAnalyticsWorkspace_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource logAnalyticsWorkspace_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${logAnalyticsWorkspace.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } @@ -230,7 +230,7 @@ module logAnalyticsWorkspace_solutions '.bicep/nested_solutions.bicep' = [for (g } }] -resource logAnalyticsWorkspace_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource logAnalyticsWorkspace_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${logAnalyticsWorkspace.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.OperationalInsights/workspaces/readme.md b/arm/Microsoft.OperationalInsights/workspaces/readme.md index 32fdb1ab34..dd5ecfbaa9 100644 --- a/arm/Microsoft.OperationalInsights/workspaces/readme.md +++ b/arm/Microsoft.OperationalInsights/workspaces/readme.md @@ -6,8 +6,8 @@ This template deploys a log analytics workspace. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.OperationalInsights/workspaces` | 2020-08-01 | | `Microsoft.OperationalInsights/workspaces/dataSources` | 2020-08-01 | @@ -24,10 +24,11 @@ This template deploys a log analytics workspace. | `dailyQuotaGb` | int | `-1` | | Optional. The workspace daily quota for ingestion. | | `dataRetention` | int | `365` | | Required. Number of days data will be retained for | | `dataSources` | _[dataSources](dataSources/readme.md)_ array | `[]` | | Optional. LAW data sources to configure. | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of a log analytics workspace. | | `gallerySolutions` | array | `[]` | | Optional. LAW gallerySolutions from the gallery. | | `linkedServices` | _[linkedServices](linkedServices/readme.md)_ array | `[]` | | Optional. List of services to be linked. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | @@ -43,7 +44,6 @@ This template deploys a log analytics workspace. | `storageInsightsConfigs` | array | `[]` | | Optional. List of storage accounts to be read by the workspace. | | `tags` | object | `{object}` | | Optional. Tags of the resource. | | `useResourcePermissions` | bool | | | Optional. Set to 'true' to use resource or workspace permissions and 'false' (or leave empty) to require workspace permissions. | -| `workspaceId` | string | | | Optional. Resource ID of a log analytics workspace. | ### Parameter Usage: `gallerySolutions` @@ -130,8 +130,8 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Solutions](https://docs.microsoft.com/en-us/azure/templates/Microsoft.OperationsManagement/2015-11-01-preview/solutions) - [Workspaces](https://docs.microsoft.com/en-us/azure/templates/Microsoft.OperationalInsights/2020-08-01/workspaces) - [Workspaces/Datasources](https://docs.microsoft.com/en-us/azure/templates/Microsoft.OperationalInsights/2020-08-01/workspaces/dataSources) diff --git a/arm/Microsoft.OperationalInsights/workspaces/storageInsightConfigs/readme.md b/arm/Microsoft.OperationalInsights/workspaces/storageInsightConfigs/readme.md index 4bde3c81c3..6799c47f59 100644 --- a/arm/Microsoft.OperationalInsights/workspaces/storageInsightConfigs/readme.md +++ b/arm/Microsoft.OperationalInsights/workspaces/storageInsightConfigs/readme.md @@ -15,7 +15,7 @@ This template deploys a storage insights configuration for a Log Analytics works | `containers` | array | `[]` | | Optional. The names of the blob containers that the workspace should read. | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | | `logAnalyticsWorkspaceName` | string | | | Required. Name of the Log Analytics workspace. | -| `name` | string | `[last(split(parameters('storageAccountId'), '/'))]` | | Optional. The name of the storage insights config | +| `name` | string | `[format('{0}-stinsconfig', last(split(parameters('storageAccountId'), '/')))]` | | Optional. The name of the storage insights config | | `storageAccountId` | string | | | Required. The Azure Resource Manager ID of the storage account resource. | | `tables` | array | `[]` | | Optional. The names of the Azure tables that the workspace should read. | | `tags` | object | `{object}` | | Optional. Tags to configure in the resource. | diff --git a/arm/Microsoft.RecoveryServices/vaults/.bicep/nested_rbac.bicep b/arm/Microsoft.RecoveryServices/vaults/.bicep/nested_rbac.bicep index aff4e435bf..eb751f0966 100644 --- a/arm/Microsoft.RecoveryServices/vaults/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.RecoveryServices/vaults/.bicep/nested_rbac.bicep @@ -29,7 +29,7 @@ resource rsv 'Microsoft.RecoveryServices/vaults@2021-08-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(rsv.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.RecoveryServices/vaults/.parameters/parameters.json b/arm/Microsoft.RecoveryServices/vaults/.parameters/parameters.json index dd44b491a5..035605e628 100644 --- a/arm/Microsoft.RecoveryServices/vaults/.parameters/parameters.json +++ b/arm/Microsoft.RecoveryServices/vaults/.parameters/parameters.json @@ -268,13 +268,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" }, "systemAssignedIdentity": { diff --git a/arm/Microsoft.RecoveryServices/vaults/deploy.bicep b/arm/Microsoft.RecoveryServices/vaults/deploy.bicep index c7020ca09d..d29ccaea70 100644 --- a/arm/Microsoft.RecoveryServices/vaults/deploy.bicep +++ b/arm/Microsoft.RecoveryServices/vaults/deploy.bicep @@ -28,14 +28,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'') param roleAssignments array = [] @@ -186,7 +186,7 @@ module rsv_backupConfig 'backupConfig/deploy.bicep' = if (!empty(backupConfig)) } } -resource rsv_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource rsv_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${rsv.name}-${lock}-lock' properties: { level: lock @@ -195,13 +195,13 @@ resource rsv_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotS scope: rsv } -resource rsv_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource rsv_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${rsv.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } diff --git a/arm/Microsoft.RecoveryServices/vaults/protectionContainers/readme.md b/arm/Microsoft.RecoveryServices/vaults/protectionContainers/readme.md index 82425cc183..e09c07a0fe 100644 --- a/arm/Microsoft.RecoveryServices/vaults/protectionContainers/readme.md +++ b/arm/Microsoft.RecoveryServices/vaults/protectionContainers/readme.md @@ -24,9 +24,9 @@ This module deploys a Protection Container for a Recovery Services Vault | Output Name | Type | Description | | :-- | :-- | :-- | -| `protectionContainerResourceId` | string | The resource ID of the Protection Container. | | `protectionContainerName` | string | The Name of the Protection Container. | | `protectionContainerResourceGroup` | string | The name of the Resource Group the Protection Container was created in. | +| `protectionContainerResourceId` | string | The resource ID of the Protection Container. | ## Template references diff --git a/arm/Microsoft.RecoveryServices/vaults/readme.md b/arm/Microsoft.RecoveryServices/vaults/readme.md index 78c7dfd2fd..a5aefeabab 100644 --- a/arm/Microsoft.RecoveryServices/vaults/readme.md +++ b/arm/Microsoft.RecoveryServices/vaults/readme.md @@ -6,8 +6,8 @@ This module deploys a recovery service vault. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.RecoveryServices/vaults` | 2021-08-01 | | `Microsoft.RecoveryServices/vaults/backupconfig` | 2021-08-01 | @@ -23,10 +23,11 @@ This module deploys a recovery service vault. | `backupPolicies` | _[backupPolicies](backupPolicies/readme.md)_ array | `[]` | | Optional. List of all backup policies. | | `backupStorageConfig` | _[backupStorageConfig](backupStorageConfig/readme.md)_ object | `{object}` | | Optional. The storage configuration for the Azure Recovery Service Vault | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | | `logsToEnable` | array | `[AzureBackupReport, CoreAzureBackup, AddonAzureBackupJobs, AddonAzureBackupAlerts, AddonAzureBackupPolicy, AddonAzureBackupStorage, AddonAzureBackupProtectedInstance, AzureSiteRecoveryJobs, AzureSiteRecoveryEvents, AzureSiteRecoveryReplicatedItems, AzureSiteRecoveryReplicationStats, AzureSiteRecoveryRecoveryPoints, AzureSiteRecoveryReplicationDataUploadRate, AzureSiteRecoveryProtectedDiskDataChurn]` | `[AzureBackupReport, CoreAzureBackup, AddonAzureBackupJobs, AddonAzureBackupAlerts, AddonAzureBackupPolicy, AddonAzureBackupStorage, AddonAzureBackupProtectedInstance, AzureSiteRecoveryJobs, AzureSiteRecoveryEvents, AzureSiteRecoveryReplicatedItems, AzureSiteRecoveryReplicationStats, AzureSiteRecoveryRecoveryPoints, AzureSiteRecoveryReplicationDataUploadRate, AzureSiteRecoveryProtectedDiskDataChurn]` | Optional. The name of logs that will be streamed. | @@ -37,7 +38,6 @@ This module deploys a recovery service vault. | `systemAssignedIdentity` | bool | | | Optional. Enables system assigned managed identity on the resource. | | `tags` | object | `{object}` | | Optional. Tags of the Recovery Service Vault resource. | | `userAssignedIdentities` | object | `{object}` | | Optional. The ID(s) to assign to the resource. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ### Parameter Usage: `backupStorageConfig` @@ -355,9 +355,9 @@ You can specify multiple user assigned identities to a resource by providing add ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Vaults](https://docs.microsoft.com/en-us/azure/templates/Microsoft.RecoveryServices/2021-08-01/vaults) - [Vaults/Backupconfig](https://docs.microsoft.com/en-us/azure/templates/Microsoft.RecoveryServices/2021-08-01/vaults/backupconfig) - [Vaults/Backupfabrics/Protectioncontainers](https://docs.microsoft.com/en-us/azure/templates/Microsoft.RecoveryServices/2021-08-01/vaults/backupFabrics/protectionContainers) diff --git a/arm/Microsoft.Resources/deploymentScripts/deploy.bicep b/arm/Microsoft.Resources/deploymentScripts/deploy.bicep index ba6fe19fe7..47bd4e5e77 100644 --- a/arm/Microsoft.Resources/deploymentScripts/deploy.bicep +++ b/arm/Microsoft.Resources/deploymentScripts/deploy.bicep @@ -110,7 +110,7 @@ resource deploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = { } } -resource deploymentScript_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource deploymentScript_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${deploymentScript.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Resources/deploymentScripts/readme.md b/arm/Microsoft.Resources/deploymentScripts/readme.md index ca56f4269c..c9fcad7749 100644 --- a/arm/Microsoft.Resources/deploymentScripts/readme.md +++ b/arm/Microsoft.Resources/deploymentScripts/readme.md @@ -6,7 +6,7 @@ This module deploys a deployment script. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | +| `Microsoft.Authorization/locks` | 2020-05-01 | | `Microsoft.Resources/deploymentScripts` | 2020-10-01 | ## Parameters @@ -78,5 +78,5 @@ This module requires a User Assigned Identity (MSI, managed service identity) to ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) - [Deploymentscripts](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Resources/2020-10-01/deploymentScripts) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) diff --git a/arm/Microsoft.Resources/resourceGroups/.bicep/nested_lock.bicep b/arm/Microsoft.Resources/resourceGroups/.bicep/nested_lock.bicep index a2f5c5c83f..0466e0bdcb 100644 --- a/arm/Microsoft.Resources/resourceGroups/.bicep/nested_lock.bicep +++ b/arm/Microsoft.Resources/resourceGroups/.bicep/nested_lock.bicep @@ -16,7 +16,7 @@ var lockNotes = { var lockName = empty(name) ? '${level}-lock' : name -resource lock 'Microsoft.Authorization/locks@2016-09-01' = if (level != 'NotSpecified') { +resource lock 'Microsoft.Authorization/locks@2020-05-01' = if (level != 'NotSpecified') { name: lockName properties: { level: level diff --git a/arm/Microsoft.Resources/resourceGroups/.bicep/nested_rbac.bicep b/arm/Microsoft.Resources/resourceGroups/.bicep/nested_rbac.bicep index 6fc4ae98bd..746874f92a 100644 --- a/arm/Microsoft.Resources/resourceGroups/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Resources/resourceGroups/.bicep/nested_rbac.bicep @@ -178,7 +178,7 @@ var builtInRoleNames = { 'Workbook Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b279062a-9be3-42a0-92ae-8b3cf002ec4d') } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(resourceGroupName, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Resources/resourceGroups/readme.md b/arm/Microsoft.Resources/resourceGroups/readme.md index 5e8efe34d3..19154ad94e 100644 --- a/arm/Microsoft.Resources/resourceGroups/readme.md +++ b/arm/Microsoft.Resources/resourceGroups/readme.md @@ -6,8 +6,8 @@ This module deploys a resource group. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Resources/resourceGroups` | 2019-05-01 | ## Parameters @@ -72,6 +72,6 @@ This module requires a User Assigned Identity (MSI, managed service identity) to ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) - [Resourcegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Resources/2019-05-01/resourceGroups) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.ServiceBus/namespaces/.bicep/nested_rbac.bicep b/arm/Microsoft.ServiceBus/namespaces/.bicep/nested_rbac.bicep index d34a35a841..be578a3643 100644 --- a/arm/Microsoft.ServiceBus/namespaces/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.ServiceBus/namespaces/.bicep/nested_rbac.bicep @@ -25,7 +25,7 @@ resource namespace 'Microsoft.ServiceBus/namespaces@2021-06-01-preview' existing name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(namespace.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.ServiceBus/namespaces/.parameters/parameters.json b/arm/Microsoft.ServiceBus/namespaces/.parameters/parameters.json index 8d368c1175..434359ba15 100644 --- a/arm/Microsoft.ServiceBus/namespaces/.parameters/parameters.json +++ b/arm/Microsoft.ServiceBus/namespaces/.parameters/parameters.json @@ -103,13 +103,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" }, "systemAssignedIdentity": { diff --git a/arm/Microsoft.ServiceBus/namespaces/deploy.bicep b/arm/Microsoft.ServiceBus/namespaces/deploy.bicep index 092df0e6e6..16aa61e27a 100644 --- a/arm/Microsoft.ServiceBus/namespaces/deploy.bicep +++ b/arm/Microsoft.ServiceBus/namespaces/deploy.bicep @@ -48,14 +48,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @allowed([ 'CanNotDelete' @@ -234,7 +234,7 @@ module serviceBusNamespace_queues 'queues/deploy.bicep' = [for (queue, index) in } }] -resource serviceBusNamespace_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource serviceBusNamespace_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${serviceBusNamespace.name}-${lock}-lock' properties: { level: lock @@ -243,13 +243,13 @@ resource serviceBusNamespace_lock 'Microsoft.Authorization/locks@2016-09-01' = i scope: serviceBusNamespace } -resource serviceBusNamespace_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(workspaceId) || !empty(eventHubAuthorizationRuleId) || !empty(eventHubName)) { +resource serviceBusNamespace_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { name: '${serviceBusNamespace.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } @@ -284,8 +284,5 @@ output serviceBusNamespaceResourceGroup string = resourceGroup().name @description('The name of the deployed service bus namespace') output serviceBusNamespaceName string = serviceBusNamespace.name -@description('The connection string of the deployed service bus namespace') -output serviceBusConnectionString string = 'Endpoint=sb://${serviceBusNamespace.name}.servicebus.windows.net/;SharedAccessKeyName=${listkeys(resourceId('Microsoft.ServiceBus/namespaces/authorizationRules', serviceBusNamespace.name, 'RootManageSharedAccessKey'), '2017-04-01').primaryKey}' - @description('The principal ID of the system assigned identity.') output systemAssignedPrincipalId string = systemAssignedIdentity && contains(serviceBusNamespace.identity, 'principalId') ? serviceBusNamespace.identity.principalId : '' diff --git a/arm/Microsoft.ServiceBus/namespaces/queues/.bicep/nested_rbac.bicep b/arm/Microsoft.ServiceBus/namespaces/queues/.bicep/nested_rbac.bicep index 2114337790..e527921f3e 100644 --- a/arm/Microsoft.ServiceBus/namespaces/queues/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.ServiceBus/namespaces/queues/.bicep/nested_rbac.bicep @@ -25,7 +25,7 @@ resource queue 'Microsoft.ServiceBus/namespaces/queues@2021-06-01-preview' exist name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}' } -resource roleAssigment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssigment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(queue.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.ServiceBus/namespaces/queues/deploy.bicep b/arm/Microsoft.ServiceBus/namespaces/queues/deploy.bicep index a1b1575ded..b91c8d3acd 100644 --- a/arm/Microsoft.ServiceBus/namespaces/queues/deploy.bicep +++ b/arm/Microsoft.ServiceBus/namespaces/queues/deploy.bicep @@ -121,7 +121,7 @@ module queue_authorizationRules 'authorizationRules/deploy.bicep' = [for (author } }] -resource queue_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource queue_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${queue.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.ServiceBus/namespaces/queues/readme.md b/arm/Microsoft.ServiceBus/namespaces/queues/readme.md index 3ff8c0f187..43785b7453 100644 --- a/arm/Microsoft.ServiceBus/namespaces/queues/readme.md +++ b/arm/Microsoft.ServiceBus/namespaces/queues/readme.md @@ -6,8 +6,8 @@ This module deploys a queue for a service bus namespace. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.ServiceBus/namespaces/queues` | 2021-06-01-preview | | `Microsoft.ServiceBus/namespaces/queues/authorizationRules` | 2017-04-01 | @@ -66,7 +66,7 @@ This module deploys a queue for a service bus namespace. ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) - [Namespaces/Queues](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2021-06-01-preview/namespaces/queues) - [Namespaces/Queues/Authorizationrules](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2017-04-01/namespaces/queues/authorizationRules) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.ServiceBus/namespaces/readme.md b/arm/Microsoft.ServiceBus/namespaces/readme.md index ff6f426f4a..d3e03a0a79 100644 --- a/arm/Microsoft.ServiceBus/namespaces/readme.md +++ b/arm/Microsoft.ServiceBus/namespaces/readme.md @@ -6,8 +6,8 @@ This module deploys a service bus namespace resource. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Network/privateEndpoints` | 2021-05-01 | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | 2020-05-01 | @@ -27,11 +27,12 @@ This module deploys a service bus namespace resource. | `authorizationRules` | _[authorizationRules](authorizationRules/readme.md)_ array | `[System.Collections.Hashtable]` | | Optional. Authorization Rules for the Service Bus namespace | | `baseTime` | string | `[utcNow('u')]` | | Generated. Do not provide a value! This date value is used to generate a SAS token to access the modules. | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `disasterRecoveryConfigs` | _[disasterRecoveryConfigs](disasterRecoveryConfigs/readme.md)_ object | `{object}` | | Optional. The disaster recovery configuration. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `ipFilterRules` | _[ipFilterRules](ipFilterRules/readme.md)_ array | `[]` | | Optional. IP Filter Rules for the Service Bus namespace | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | @@ -47,7 +48,6 @@ This module deploys a service bus namespace resource. | `tags` | object | `{object}` | | Optional. Tags of the resource. | | `userAssignedIdentities` | object | `{object}` | | Optional. The ID(s) to assign to the resource. | | `virtualNetworkRules` | _[virtualNetworkRules](virtualNetworkRules/readme.md)_ array | `[]` | | Optional. vNet Rules SubnetIds for the Service Bus namespace. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | | `zoneRedundant` | bool | | | Optional. Enabling this property creates a Premium Service Bus Namespace in regions supported availability zones. | ### Parameter Usage: `roleAssignments` @@ -142,7 +142,6 @@ You can specify multiple user assigned identities to a resource by providing add | Output Name | Type | Description | | :-- | :-- | :-- | -| `serviceBusConnectionString` | string | The connection string of the deployed service bus namespace | | `serviceBusNamespaceName` | string | The name of the deployed service bus namespace | | `serviceBusNamespaceResourceGroup` | string | The resource group of the deployed service bus namespace | | `serviceBusNamespaceResourceId` | string | The resource ID of the deployed service bus namespace | @@ -151,7 +150,7 @@ You can specify multiple user assigned identities to a resource by providing add ## Template references - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) - [Namespaces](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2021-06-01-preview/namespaces) - [Namespaces/Authorizationrules](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2017-04-01/namespaces/AuthorizationRules) - [Namespaces/Disasterrecoveryconfigs](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2017-04-01/namespaces/disasterRecoveryConfigs) @@ -160,6 +159,6 @@ You can specify multiple user assigned identities to a resource by providing add - [Namespaces/Queues](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2021-06-01-preview/namespaces/queues) - [Namespaces/Queues/Authorizationrules](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2017-04-01/namespaces/queues/authorizationRules) - [Namespaces/Virtualnetworkrules](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2018-01-01-preview/namespaces/virtualnetworkrules) -- [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/privateEndpoints) -- [Privateendpoints/Privatednszonegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2020-05-01/privateEndpoints/privateDnsZoneGroups) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints) +- [Privateendpoints/Privatednszonegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/privateEndpoints/privateDnsZoneGroups) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Sql/managedInstances/.bicep/nested_rbac.bicep b/arm/Microsoft.Sql/managedInstances/.bicep/nested_rbac.bicep index ef5901a113..a6285d10d5 100644 --- a/arm/Microsoft.Sql/managedInstances/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Sql/managedInstances/.bicep/nested_rbac.bicep @@ -25,7 +25,7 @@ resource managedInstance 'Microsoft.Sql/managedInstances@2020-08-01-preview' exi name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(managedInstance.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Sql/managedInstances/.parameters/parameters.json b/arm/Microsoft.Sql/managedInstances/.parameters/parameters.json index 2bcd61ba37..8e14ae78bc 100644 --- a/arm/Microsoft.Sql/managedInstances/.parameters/parameters.json +++ b/arm/Microsoft.Sql/managedInstances/.parameters/parameters.json @@ -131,13 +131,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.Sql/managedInstances/databases/deploy.bicep b/arm/Microsoft.Sql/managedInstances/databases/deploy.bicep index ecfeb9a223..5ad0239f10 100644 --- a/arm/Microsoft.Sql/managedInstances/databases/deploy.bicep +++ b/arm/Microsoft.Sql/managedInstances/databases/deploy.bicep @@ -52,14 +52,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @allowed([ 'CanNotDelete' @@ -132,7 +132,7 @@ resource database 'Microsoft.Sql/managedInstances/databases@2021-05-01-preview' } } -resource database_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource database_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${last(split(database.name, '/'))}-${lock}-lock' properties: { level: lock @@ -141,13 +141,13 @@ resource database_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != scope: database } -resource database_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource database_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${last(split(database.name, '/'))}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null logs: diagnosticsLogs } scope: database diff --git a/arm/Microsoft.Sql/managedInstances/databases/readme.md b/arm/Microsoft.Sql/managedInstances/databases/readme.md index 17c1d3199c..5dea6de7e3 100644 --- a/arm/Microsoft.Sql/managedInstances/databases/readme.md +++ b/arm/Microsoft.Sql/managedInstances/databases/readme.md @@ -6,7 +6,7 @@ This template deploys a SQL Managed Instances Database. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | +| `Microsoft.Authorization/locks` | 2020-05-01 | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Sql/managedInstances/databases` | 2021-05-01-preview | | `Microsoft.Sql/managedInstances/databases/backupLongTermRetentionPolicies` | 2021-02-01-preview | @@ -26,10 +26,11 @@ The SQL Managed Instance Database is deployed on a SQL Managed Instance. | `collation` | string | `SQL_Latin1_General_CP1_CI_AS` | | Optional. Collation of the managed instance database. | | `createMode` | string | `Default` | `[Default, RestoreExternalBackup, PointInTimeRestore, Recovery, RestoreLongTermRetentionBackup]` | Optional. Managed database create mode. PointInTimeRestore: Create a database by restoring a point in time backup of an existing database. SourceDatabaseName, SourceManagedInstanceName and PointInTime must be specified. RestoreExternalBackup: Create a database by restoring from external backup files. Collation, StorageContainerUri and StorageContainerSasToken must be specified. Recovery: Creates a database by restoring a geo-replicated backup. RecoverableDatabaseId must be specified as the recoverable database resource ID to restore. | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | | `logsToEnable` | array | `[SQLInsights, QueryStoreRuntimeStatistics, QueryStoreWaitStatistics, Errors]` | `[SQLInsights, QueryStoreRuntimeStatistics, QueryStoreWaitStatistics, Errors]` | Optional. The name of logs that will be streamed. | @@ -43,7 +44,6 @@ The SQL Managed Instance Database is deployed on a SQL Managed Instance. | `storageContainerSasToken` | string | | | Optional. Conditional. If createMode is RestoreExternalBackup, this value is required. Specifies the storage container sas token. | | `storageContainerUri` | string | | | Optional. Conditional. If createMode is RestoreExternalBackup, this value is required. Specifies the uri of the storage container where backups for this restore are stored. | | `tags` | object | `{object}` | | Optional. Tags of the resource. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ### Parameter Usage: `tags` @@ -72,8 +72,8 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) - [Managedinstances/Databases](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-05-01-preview/managedInstances/databases) - [Managedinstances/Databases/Backuplongtermretentionpolicies](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-02-01-preview/managedInstances/databases/backupLongTermRetentionPolicies) - [Managedinstances/Databases/Backupshorttermretentionpolicies](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2017-03-01-preview/managedInstances/databases/backupShortTermRetentionPolicies) diff --git a/arm/Microsoft.Sql/managedInstances/deploy.bicep b/arm/Microsoft.Sql/managedInstances/deploy.bicep index 3e46a50932..eea9458926 100644 --- a/arm/Microsoft.Sql/managedInstances/deploy.bicep +++ b/arm/Microsoft.Sql/managedInstances/deploy.bicep @@ -80,14 +80,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of a log analytics workspace.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @allowed([ 'CanNotDelete' @@ -212,7 +212,7 @@ resource managedInstance 'Microsoft.Sql/managedInstances@2021-05-01-preview' = { } } -resource managedInstance_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource managedInstance_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${managedInstance.name}-${lock}-lock' properties: { level: lock @@ -221,13 +221,13 @@ resource managedInstance_lock 'Microsoft.Authorization/locks@2016-09-01' = if (l scope: managedInstance } -resource managedInstance_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource managedInstance_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${managedInstance.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } @@ -253,8 +253,8 @@ module managedInstance_databases 'databases/deploy.bicep' = [for (database, inde createMode: contains(database, 'createMode') ? database.createMode : 'Default' diagnosticLogsRetentionInDays: contains(database, 'diagnosticLogsRetentionInDays') ? database.diagnosticLogsRetentionInDays : 365 diagnosticStorageAccountId: contains(database, 'diagnosticStorageAccountId') ? database.diagnosticStorageAccountId : '' - eventHubAuthorizationRuleId: contains(database, 'eventHubAuthorizationRuleId') ? database.eventHubAuthorizationRuleId : '' - eventHubName: contains(database, 'eventHubName') ? database.eventHubName : '' + diagnosticEventHubAuthorizationRuleId: contains(database, 'diagnosticEventHubAuthorizationRuleId') ? database.diagnosticEventHubAuthorizationRuleId : '' + diagnosticEventHubName: contains(database, 'diagnosticEventHubName') ? database.diagnosticEventHubName : '' location: contains(database, 'location') ? database.location : managedInstance.location lock: contains(database, 'lock') ? database.lock : lock longTermRetentionBackupResourceId: contains(database, 'longTermRetentionBackupResourceId') ? database.longTermRetentionBackupResourceId : '' @@ -265,7 +265,7 @@ module managedInstance_databases 'databases/deploy.bicep' = [for (database, inde storageContainerSasToken: contains(database, 'storageContainerSasToken') ? database.storageContainerSasToken : '' storageContainerUri: contains(database, 'storageContainerUri') ? database.storageContainerUri : '' tags: contains(database, 'tags') ? database.tags : {} - workspaceId: contains(database, 'workspaceId') ? database.workspaceId : '' + diagnosticWorkspaceId: contains(database, 'diagnosticWorkspaceId') ? database.diagnosticWorkspaceId : '' backupShortTermRetentionPoliciesObj: contains(database, 'backupShortTermRetentionPolicies') ? database.backupShortTermRetentionPolicies : {} backupLongTermRetentionPoliciesObj: contains(database, 'backupLongTermRetentionPolicies') ? database.backupLongTermRetentionPolicies : {} } diff --git a/arm/Microsoft.Sql/managedInstances/readme.md b/arm/Microsoft.Sql/managedInstances/readme.md index dedd857d3e..965c82009d 100644 --- a/arm/Microsoft.Sql/managedInstances/readme.md +++ b/arm/Microsoft.Sql/managedInstances/readme.md @@ -6,8 +6,8 @@ This template deploys a SQL managed instance. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Sql/managedInstances` | 2021-05-01-preview | | `Microsoft.Sql/managedInstances/administrators` | 2021-02-01-preview | @@ -33,12 +33,13 @@ SQL Managed Instance is deployed on a virtual network. This network is required | `collation` | string | `SQL_Latin1_General_CP1_CI_AS` | | Optional. Collation of the managed instance. | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | | `databases` | _[databases](databases/readme.md)_ array | `[]` | | Optional. Databases to create in this server. | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `dnsZonePartner` | string | | | Optional. The resource ID of another managed instance whose DNS zone this managed instance will share after creation. | | `encryptionProtectorObj` | _[encryptionProtector](encryptionProtector/readme.md)_ object | `{object}` | | Optional. The encryption protection configuration | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `hardwareFamily` | string | `Gen5` | | Optional. If the service has different generations of hardware, for the same SKU, then that can be captured here. | | `instancePoolResourceId` | string | | | Optional. The resource ID of the instance pool this managed server belongs to. | | `keys` | _[keys](keys/readme.md)_ array | `[]` | | Optional. The keys to configure | @@ -66,7 +67,6 @@ SQL Managed Instance is deployed on a virtual network. This network is required | `userAssignedIdentities` | object | `{object}` | | Optional. The ID(s) to assign to the resource. | | `vCores` | int | `4` | | Optional. The number of vCores. Allowed values: 8, 16, 24, 32, 40, 64, 80. | | `vulnerabilityAssessmentsObj` | _[vulnerabilityAssessments](vulnerabilityAssessments/readme.md)_ object | `{object}` | | Optional. The vulnerability assessment configuration | -| `workspaceId` | string | | | Optional. Resource ID of a log analytics workspace. | ### Parameter Usage : `userAssignedIdentities` @@ -142,9 +142,8 @@ You can specify multiple user assigned identities to a resource by providing add ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) - [Managedinstances](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-05-01-preview/managedInstances) - [Managedinstances/Administrators](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-02-01-preview/managedInstances/administrators) - [Managedinstances/Databases](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-05-01-preview/managedInstances/databases) @@ -154,3 +153,4 @@ You can specify multiple user assigned identities to a resource by providing add - [Managedinstances/Keys](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-05-01-preview/managedInstances/keys) - [Managedinstances/Securityalertpolicies](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2017-03-01-preview/managedInstances/securityAlertPolicies) - [Managedinstances/Vulnerabilityassessments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-02-01-preview/managedInstances/vulnerabilityAssessments) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Sql/servers/.bicep/nested_rbac.bicep b/arm/Microsoft.Sql/servers/.bicep/nested_rbac.bicep index ea9d14ecef..93a78da858 100644 --- a/arm/Microsoft.Sql/servers/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Sql/servers/.bicep/nested_rbac.bicep @@ -26,7 +26,7 @@ resource server 'Microsoft.Sql/servers@2020-02-02-preview' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(server.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Sql/servers/databases/deploy.bicep b/arm/Microsoft.Sql/servers/databases/deploy.bicep index 8d7f953ae7..9a0454d893 100644 --- a/arm/Microsoft.Sql/servers/databases/deploy.bicep +++ b/arm/Microsoft.Sql/servers/databases/deploy.bicep @@ -58,14 +58,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @description('Optional. The name of logs that will be streamed.') @allowed([ @@ -167,13 +167,13 @@ resource database 'Microsoft.Sql/servers/databases@2021-02-01-preview' = { } } -resource database_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource database_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${last(split(database.name, '/'))}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } diff --git a/arm/Microsoft.Sql/servers/databases/readme.md b/arm/Microsoft.Sql/servers/databases/readme.md index 4a993e8b41..328530202a 100644 --- a/arm/Microsoft.Sql/servers/databases/readme.md +++ b/arm/Microsoft.Sql/servers/databases/readme.md @@ -16,10 +16,11 @@ This module deploys an Azure SQL Server. | `autoPauseDelay` | string | | | Optional. Time in minutes after which database is automatically paused. | | `collation` | string | | | Optional. The collation of the database. | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `highAvailabilityReplicaCount` | int | | | Optional. The number of readonly secondary replicas associated with the database. | | `isLedgerOn` | bool | | | Optional. Whether or not this database is a ledger database, which means all tables in the database are ledger tables. Note: the value of this property cannot be changed after the database has been created. | | `licenseType` | string | | | Optional. The license type to apply for this database. | @@ -37,7 +38,6 @@ This module deploys an Azure SQL Server. | `skuName` | string | | | Required. The name of the SKU. | | `tags` | object | `{object}` | | Optional. Tags of the resource. | | `tier` | string | | | Optional. The tier or edition of the particular SKU. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | | `zoneRedundant` | bool | | | Optional. Whether or not this database is zone redundant. | ### Parameter Usage: `tags` diff --git a/arm/Microsoft.Sql/servers/deploy.bicep b/arm/Microsoft.Sql/servers/deploy.bicep index ce7fc91b11..00e2d6a64b 100644 --- a/arm/Microsoft.Sql/servers/deploy.bicep +++ b/arm/Microsoft.Sql/servers/deploy.bicep @@ -67,7 +67,7 @@ resource server 'Microsoft.Sql/servers@2021-05-01-preview' = { } } -resource server_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource server_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${server.name}-${lock}-lock' properties: { level: lock @@ -97,8 +97,8 @@ module server_databases 'databases/deploy.bicep' = [for (database, index) in dat autoPauseDelay: contains(database, 'autoPauseDelay') ? database.autoPauseDelay : '' diagnosticLogsRetentionInDays: contains(database, 'diagnosticLogsRetentionInDays') ? database.diagnosticLogsRetentionInDays : 365 diagnosticStorageAccountId: contains(database, 'diagnosticStorageAccountId') ? database.diagnosticStorageAccountId : '' - eventHubAuthorizationRuleId: contains(database, 'eventHubAuthorizationRuleId') ? database.eventHubAuthorizationRuleId : '' - eventHubName: contains(database, 'eventHubName') ? database.eventHubName : '' + diagnosticEventHubAuthorizationRuleId: contains(database, 'diagnosticEventHubAuthorizationRuleId') ? database.diagnosticEventHubAuthorizationRuleId : '' + diagnosticEventHubName: contains(database, 'diagnosticEventHubName') ? database.diagnosticEventHubName : '' isLedgerOn: contains(database, 'isLedgerOn') ? database.isLedgerOn : false location: contains(database, 'location') ? database.location : server.location logsToEnable: contains(database, 'logsToEnable') ? database.logsToEnable : [] @@ -111,7 +111,7 @@ module server_databases 'databases/deploy.bicep' = [for (database, index) in dat requestedBackupStorageRedundancy: contains(database, 'requestedBackupStorageRedundancy') ? database.requestedBackupStorageRedundancy : '' sampleName: contains(database, 'sampleName') ? database.sampleName : '' tags: contains(database, 'tags') ? database.tags : {} - workspaceId: contains(database, 'workspaceId') ? database.workspaceId : '' + diagnosticWorkspaceId: contains(database, 'diagnosticWorkspaceId') ? database.diagnosticWorkspaceId : '' zoneRedundant: contains(database, 'zoneRedundant') ? database.zoneRedundant : false } }] diff --git a/arm/Microsoft.Sql/servers/firewallRules/readme.md b/arm/Microsoft.Sql/servers/firewallRules/readme.md index 2ed62c149c..9850b4de65 100644 --- a/arm/Microsoft.Sql/servers/firewallRules/readme.md +++ b/arm/Microsoft.Sql/servers/firewallRules/readme.md @@ -22,9 +22,9 @@ This module deploys an SQL Server Firewall rule. | Output Name | Type | Description | | :-- | :-- | :-- | -| `databaseResourceId` | string | The resource ID of the deployed firewall rule | | `databaseName` | string | The name of the deployed firewall rule | | `databaseResourceGroup` | string | The resourceGroup of the deployed firewall rule | +| `databaseResourceId` | string | The resource ID of the deployed firewall rule | ## Template references diff --git a/arm/Microsoft.Sql/servers/readme.md b/arm/Microsoft.Sql/servers/readme.md index a11a2cb394..d03045de68 100644 --- a/arm/Microsoft.Sql/servers/readme.md +++ b/arm/Microsoft.Sql/servers/readme.md @@ -6,8 +6,8 @@ This module deploys a SQL server. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Sql/servers` | 2021-05-01-preview | | `Microsoft.Sql/servers/databases` | 2021-02-01-preview | @@ -95,9 +95,9 @@ You can specify multiple user assigned identities to a resource by providing add ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Servers](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-05-01-preview/servers) - [Servers/Databases](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-02-01-preview/servers/databases) - [Servers/Firewallrules](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-05-01-preview/servers/firewallRules) diff --git a/arm/Microsoft.Sql/servers/securityAlertPolicies/readme.md b/arm/Microsoft.Sql/servers/securityAlertPolicies/readme.md index 87c40b7fa9..b3ad674ffa 100644 --- a/arm/Microsoft.Sql/servers/securityAlertPolicies/readme.md +++ b/arm/Microsoft.Sql/servers/securityAlertPolicies/readme.md @@ -27,9 +27,9 @@ This module deploys an SQL Server Security Alert Policy. | Output Name | Type | Description | | :-- | :-- | :-- | -| `databaseResourceId` | string | The resource ID of the deployed security alert policy | | `databaseName` | string | The name of the deployed security alert policy | | `databaseResourceGroup` | string | The resourceGroup of the deployed security alert policy | +| `databaseResourceId` | string | The resource ID of the deployed security alert policy | ## Template references diff --git a/arm/Microsoft.Storage/storageAccounts/.bicep/nested_rbac.bicep b/arm/Microsoft.Storage/storageAccounts/.bicep/nested_rbac.bicep index 4c89ddb7a2..e611b0f42b 100644 --- a/arm/Microsoft.Storage/storageAccounts/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Storage/storageAccounts/.bicep/nested_rbac.bicep @@ -49,7 +49,7 @@ resource storageAccount 'Microsoft.Storage/storageAccounts@2021-06-01' existing name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(storageAccount.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Storage/storageAccounts/.parameters/parameters.json b/arm/Microsoft.Storage/storageAccounts/.parameters/parameters.json index 78c725d89c..5406f61895 100644 --- a/arm/Microsoft.Storage/storageAccounts/.parameters/parameters.json +++ b/arm/Microsoft.Storage/storageAccounts/.parameters/parameters.json @@ -132,13 +132,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.Storage/storageAccounts/blobServices/containers/.bicep/nested_rbac.bicep b/arm/Microsoft.Storage/storageAccounts/blobServices/containers/.bicep/nested_rbac.bicep index ec0dd38e62..3db79286a8 100644 --- a/arm/Microsoft.Storage/storageAccounts/blobServices/containers/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Storage/storageAccounts/blobServices/containers/.bicep/nested_rbac.bicep @@ -40,7 +40,7 @@ resource container 'Microsoft.Storage/storageAccounts/blobServices/containers@20 name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}/${split(resourceId, '/')[12]}' } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(container.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Storage/storageAccounts/blobServices/containers/readme.md b/arm/Microsoft.Storage/storageAccounts/blobServices/containers/readme.md index ec183fd71e..20926def1a 100644 --- a/arm/Microsoft.Storage/storageAccounts/blobServices/containers/readme.md +++ b/arm/Microsoft.Storage/storageAccounts/blobServices/containers/readme.md @@ -6,7 +6,7 @@ This module deployes a blob container | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Storage/storageAccounts/blobServices/containers` | 2019-06-01 | | `Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies` | 2019-06-01 | @@ -55,6 +55,6 @@ This module deployes a blob container ## Template references -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Storageaccounts/Blobservices/Containers](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2019-06-01/storageAccounts/blobServices/containers) - [Storageaccounts/Blobservices/Containers/Immutabilitypolicies](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2019-06-01/storageAccounts/blobServices/containers/immutabilityPolicies) diff --git a/arm/Microsoft.Storage/storageAccounts/blobServices/deploy.bicep b/arm/Microsoft.Storage/storageAccounts/blobServices/deploy.bicep index 38973f1598..be1a7aeef8 100644 --- a/arm/Microsoft.Storage/storageAccounts/blobServices/deploy.bicep +++ b/arm/Microsoft.Storage/storageAccounts/blobServices/deploy.bicep @@ -26,13 +26,13 @@ param diagnosticLogsRetentionInDays int = 365 param diagnosticStorageAccountId string = '' @description('Optional. Resource ID of a log analytics workspace.') -param workspaceId string = '' +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @description('Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered') param cuaId string = '' @@ -97,13 +97,13 @@ resource blobServices 'Microsoft.Storage/storageAccounts/blobServices@2021-06-01 } } -resource blobServices_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource blobServices_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${blobServices.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } diff --git a/arm/Microsoft.Storage/storageAccounts/blobServices/readme.md b/arm/Microsoft.Storage/storageAccounts/blobServices/readme.md index d553636eb1..f28400bb7c 100644 --- a/arm/Microsoft.Storage/storageAccounts/blobServices/readme.md +++ b/arm/Microsoft.Storage/storageAccounts/blobServices/readme.md @@ -6,7 +6,7 @@ This module can be used to deploy a blob service into a storage account. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Storage/storageAccounts/blobServices` | 2021-06-01 | | `Microsoft.Storage/storageAccounts/blobServices/containers` | 2019-06-01 | @@ -21,15 +21,15 @@ This module can be used to deploy a blob service into a storage account. | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | | `deleteRetentionPolicy` | bool | `True` | | Optional. Indicates whether DeleteRetentionPolicy is enabled for the Blob service. | | `deleteRetentionPolicyDays` | int | `7` | | Optional. Indicates the number of days that the deleted blob should be retained. The minimum specified value can be 1 and the maximum value can be 365. | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of a log analytics workspace. | | `logsToEnable` | array | `[StorageRead, StorageWrite, StorageDelete]` | `[StorageRead, StorageWrite, StorageDelete]` | Optional. The name of logs that will be streamed. | | `metricsToEnable` | array | `[Transaction]` | `[Transaction]` | Optional. The name of metrics that will be streamed. | | `name` | string | `default` | | Optional. The name of the blob service | | `storageAccountName` | string | | | Required. Name of the Storage Account. | -| `workspaceId` | string | | | Optional. Resource ID of a log analytics workspace. | ## Outputs @@ -42,8 +42,8 @@ This module can be used to deploy a blob service into a storage account. ## Template references -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Storageaccounts/Blobservices](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-06-01/storageAccounts/blobServices) - [Storageaccounts/Blobservices/Containers](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2019-06-01/storageAccounts/blobServices/containers) - [Storageaccounts/Blobservices/Containers/Immutabilitypolicies](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2019-06-01/storageAccounts/blobServices/containers/immutabilityPolicies) diff --git a/arm/Microsoft.Storage/storageAccounts/deploy.bicep b/arm/Microsoft.Storage/storageAccounts/deploy.bicep index 21d50045f9..d51d3ddaa0 100644 --- a/arm/Microsoft.Storage/storageAccounts/deploy.bicep +++ b/arm/Microsoft.Storage/storageAccounts/deploy.bicep @@ -93,14 +93,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of a log analytics workspace.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @allowed([ 'CanNotDelete' @@ -196,19 +196,19 @@ resource storageAccount 'Microsoft.Storage/storageAccounts@2021-06-01' = { properties: saProperties } -resource storageAccount_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource storageAccount_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${storageAccount.name}-diagnosticSettings' properties: { storageAccountId: empty(diagnosticStorageAccountId) ? null : diagnosticStorageAccountId - workspaceId: empty(workspaceId) ? null : workspaceId - eventHubAuthorizationRuleId: empty(eventHubAuthorizationRuleId) ? null : eventHubAuthorizationRuleId - eventHubName: empty(eventHubName) ? null : eventHubName + workspaceId: empty(diagnosticWorkspaceId) ? null : diagnosticWorkspaceId + eventHubAuthorizationRuleId: empty(diagnosticEventHubAuthorizationRuleId) ? null : diagnosticEventHubAuthorizationRuleId + eventHubName: empty(diagnosticEventHubName) ? null : diagnosticEventHubName metrics: diagnosticsMetrics } scope: storageAccount } -resource storageAccount_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource storageAccount_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${storageAccount.name}-${lock}-lock' properties: { level: lock @@ -256,11 +256,11 @@ module storageAccount_blobServices 'blobServices/deploy.bicep' = if (!empty(blob deleteRetentionPolicyDays: contains(blobServices, 'deleteRetentionPolicyDays') ? blobServices.deleteRetentionPolicyDays : 7 diagnosticLogsRetentionInDays: contains(blobServices, 'diagnosticLogsRetentionInDays') ? blobServices.diagnosticLogsRetentionInDays : 365 diagnosticStorageAccountId: contains(blobServices, 'diagnosticStorageAccountId') ? blobServices.diagnosticStorageAccountId : '' - eventHubAuthorizationRuleId: contains(blobServices, 'eventHubAuthorizationRuleId') ? blobServices.eventHubAuthorizationRuleId : '' - eventHubName: contains(blobServices, 'eventHubName') ? blobServices.eventHubName : '' + diagnosticEventHubAuthorizationRuleId: contains(blobServices, 'diagnosticEventHubAuthorizationRuleId') ? blobServices.diagnosticEventHubAuthorizationRuleId : '' + diagnosticEventHubName: contains(blobServices, 'diagnosticEventHubName') ? blobServices.diagnosticEventHubName : '' logsToEnable: contains(blobServices, 'logsToEnable') ? blobServices.logsToEnable : [] metricsToEnable: contains(blobServices, 'metricsToEnable') ? blobServices.metricsToEnable : [] - workspaceId: contains(blobServices, 'workspaceId') ? blobServices.workspaceId : '' + diagnosticWorkspaceId: contains(blobServices, 'diagnosticWorkspaceId') ? blobServices.diagnosticWorkspaceId : '' } } @@ -271,8 +271,8 @@ module storageAccount_fileServices 'fileServices/deploy.bicep' = if (!empty(file storageAccountName: storageAccount.name diagnosticLogsRetentionInDays: contains(fileServices, 'diagnosticLogsRetentionInDays') ? fileServices.diagnosticLogsRetentionInDays : 365 diagnosticStorageAccountId: contains(fileServices, 'diagnosticStorageAccountId') ? fileServices.diagnosticStorageAccountId : '' - eventHubAuthorizationRuleId: contains(fileServices, 'eventHubAuthorizationRuleId') ? fileServices.eventHubAuthorizationRuleId : '' - eventHubName: contains(fileServices, 'eventHubName') ? fileServices.eventHubName : '' + diagnosticEventHubAuthorizationRuleId: contains(fileServices, 'diagnosticEventHubAuthorizationRuleId') ? fileServices.diagnosticEventHubAuthorizationRuleId : '' + diagnosticEventHubName: contains(fileServices, 'diagnosticEventHubName') ? fileServices.diagnosticEventHubName : '' logsToEnable: contains(fileServices, 'logsToEnable') ? fileServices.logsToEnable : [] metricsToEnable: contains(fileServices, 'metricsToEnable') ? fileServices.metricsToEnable : [] protocolSettings: contains(fileServices, 'protocolSettings') ? fileServices.protocolSettings : {} @@ -281,7 +281,7 @@ module storageAccount_fileServices 'fileServices/deploy.bicep' = if (!empty(file days: 7 } shares: contains(fileServices, 'shares') ? fileServices.shares : [] - workspaceId: contains(fileServices, 'workspaceId') ? fileServices.workspaceId : '' + diagnosticWorkspaceId: contains(fileServices, 'diagnosticWorkspaceId') ? fileServices.diagnosticWorkspaceId : '' } } @@ -292,12 +292,12 @@ module storageAccount_queueServices 'queueServices/deploy.bicep' = if (!empty(qu storageAccountName: storageAccount.name diagnosticLogsRetentionInDays: contains(queueServices, 'diagnosticLogsRetentionInDays') ? queueServices.diagnosticLogsRetentionInDays : 365 diagnosticStorageAccountId: contains(queueServices, 'diagnosticStorageAccountId') ? queueServices.diagnosticStorageAccountId : '' - eventHubAuthorizationRuleId: contains(queueServices, 'eventHubAuthorizationRuleId') ? queueServices.eventHubAuthorizationRuleId : '' - eventHubName: contains(queueServices, 'eventHubName') ? queueServices.eventHubName : '' + diagnosticEventHubAuthorizationRuleId: contains(queueServices, 'diagnosticEventHubAuthorizationRuleId') ? queueServices.diagnosticEventHubAuthorizationRuleId : '' + diagnosticEventHubName: contains(queueServices, 'diagnosticEventHubName') ? queueServices.diagnosticEventHubName : '' logsToEnable: contains(queueServices, 'logsToEnable') ? queueServices.logsToEnable : [] metricsToEnable: contains(queueServices, 'metricsToEnable') ? queueServices.metricsToEnable : [] queues: contains(queueServices, 'queues') ? queueServices.queues : [] - workspaceId: contains(queueServices, 'workspaceId') ? queueServices.workspaceId : '' + diagnosticWorkspaceId: contains(queueServices, 'diagnosticWorkspaceId') ? queueServices.diagnosticWorkspaceId : '' } } @@ -308,12 +308,12 @@ module storageAccount_tableServices 'tableServices/deploy.bicep' = if (!empty(ta storageAccountName: storageAccount.name diagnosticLogsRetentionInDays: contains(tableServices, 'diagnosticLogsRetentionInDays') ? tableServices.diagnosticLogsRetentionInDays : 365 diagnosticStorageAccountId: contains(tableServices, 'diagnosticStorageAccountId') ? tableServices.diagnosticStorageAccountId : '' - eventHubAuthorizationRuleId: contains(tableServices, 'eventHubAuthorizationRuleId') ? tableServices.eventHubAuthorizationRuleId : '' - eventHubName: contains(tableServices, 'eventHubName') ? tableServices.eventHubName : '' + diagnosticEventHubAuthorizationRuleId: contains(tableServices, 'diagnosticEventHubAuthorizationRuleId') ? tableServices.diagnosticEventHubAuthorizationRuleId : '' + diagnosticEventHubName: contains(tableServices, 'diagnosticEventHubName') ? tableServices.diagnosticEventHubName : '' logsToEnable: contains(tableServices, 'logsToEnable') ? tableServices.logsToEnable : [] metricsToEnable: contains(tableServices, 'metricsToEnable') ? tableServices.metricsToEnable : [] tables: contains(tableServices, 'tables') ? tableServices.tables : [] - workspaceId: contains(tableServices, 'workspaceId') ? tableServices.workspaceId : '' + diagnosticWorkspaceId: contains(tableServices, 'diagnosticWorkspaceId') ? tableServices.diagnosticWorkspaceId : '' } } diff --git a/arm/Microsoft.Storage/storageAccounts/fileServices/deploy.bicep b/arm/Microsoft.Storage/storageAccounts/fileServices/deploy.bicep index d48624aa19..4dbfb97fcf 100644 --- a/arm/Microsoft.Storage/storageAccounts/fileServices/deploy.bicep +++ b/arm/Microsoft.Storage/storageAccounts/fileServices/deploy.bicep @@ -23,13 +23,13 @@ param diagnosticLogsRetentionInDays int = 365 param diagnosticStorageAccountId string = '' @description('Optional. Resource ID of a log analytics workspace.') -param workspaceId string = '' +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @description('Optional. File shares to create.') param shares array = [] @@ -94,13 +94,13 @@ resource fileServices 'Microsoft.Storage/storageAccounts/fileServices@2021-04-01 } } -resource fileServices_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource fileServices_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${fileServices.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } diff --git a/arm/Microsoft.Storage/storageAccounts/fileServices/readme.md b/arm/Microsoft.Storage/storageAccounts/fileServices/readme.md index 76e0c64f21..1ae193c4e9 100644 --- a/arm/Microsoft.Storage/storageAccounts/fileServices/readme.md +++ b/arm/Microsoft.Storage/storageAccounts/fileServices/readme.md @@ -6,7 +6,7 @@ This module can be used to deploy a file share service into a storage account. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Storage/storageAccounts/fileServices` | 2021-04-01 | | `Microsoft.Storage/storageAccounts/fileServices/shares` | 2019-06-01 | @@ -16,10 +16,11 @@ This module can be used to deploy a file share service into a storage account. | Parameter Name | Type | Default Value | Possible Values | Description | | :-- | :-- | :-- | :-- | :-- | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of a log analytics workspace. | | `logsToEnable` | array | `[StorageRead, StorageWrite, StorageDelete]` | `[StorageRead, StorageWrite, StorageDelete]` | Optional. The name of logs that will be streamed. | | `metricsToEnable` | array | `[Transaction]` | `[Transaction]` | Optional. The name of metrics that will be streamed. | | `name` | string | `default` | | Optional. The name of the file service | @@ -27,7 +28,6 @@ This module can be used to deploy a file share service into a storage account. | `shareDeleteRetentionPolicy` | object | `{object}` | | Optional. The service properties for soft delete. | | `shares` | _[shares](shares/readme.md)_ array | `[]` | | Optional. File shares to create. | | `storageAccountName` | string | | | Required. Name of the Storage Account. | -| `workspaceId` | string | | | Optional. Resource ID of a log analytics workspace. | ## Outputs @@ -39,7 +39,7 @@ This module can be used to deploy a file share service into a storage account. ## Template references -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Storageaccounts/Fileservices](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-04-01/storageAccounts/fileServices) - [Storageaccounts/Fileservices/Shares](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2019-06-01/storageAccounts/fileServices/shares) diff --git a/arm/Microsoft.Storage/storageAccounts/fileServices/shares/.bicep/nested_rbac.bicep b/arm/Microsoft.Storage/storageAccounts/fileServices/shares/.bicep/nested_rbac.bicep index 5600d96b54..6a91451e29 100644 --- a/arm/Microsoft.Storage/storageAccounts/fileServices/shares/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Storage/storageAccounts/fileServices/shares/.bicep/nested_rbac.bicep @@ -49,7 +49,7 @@ resource fileShare 'Microsoft.Storage/storageAccounts/fileServices/shares@2019-0 name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}/${split(resourceId, '/')[12]}' } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(fileShare.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Storage/storageAccounts/fileServices/shares/readme.md b/arm/Microsoft.Storage/storageAccounts/fileServices/shares/readme.md index bd76d94986..a56c46f324 100644 --- a/arm/Microsoft.Storage/storageAccounts/fileServices/shares/readme.md +++ b/arm/Microsoft.Storage/storageAccounts/fileServices/shares/readme.md @@ -6,7 +6,7 @@ This module deploys a storage account file share. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Storage/storageAccounts/fileServices/shares` | 2019-06-01 | ## Parameters @@ -52,5 +52,5 @@ This module deploys a storage account file share. ## Template references -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Storageaccounts/Fileservices/Shares](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2019-06-01/storageAccounts/fileServices/shares) diff --git a/arm/Microsoft.Storage/storageAccounts/queueServices/deploy.bicep b/arm/Microsoft.Storage/storageAccounts/queueServices/deploy.bicep index 5a7ba6cb5c..021d9a6ee9 100644 --- a/arm/Microsoft.Storage/storageAccounts/queueServices/deploy.bicep +++ b/arm/Microsoft.Storage/storageAccounts/queueServices/deploy.bicep @@ -17,13 +17,13 @@ param diagnosticLogsRetentionInDays int = 365 param diagnosticStorageAccountId string = '' @description('Optional. Resource ID of a log analytics workspace.') -param workspaceId string = '' +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @description('Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered') param cuaId string = '' @@ -82,13 +82,13 @@ resource queueServices 'Microsoft.Storage/storageAccounts/queueServices@2021-04- properties: {} } -resource queueServices_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource queueServices_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${queueServices.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } diff --git a/arm/Microsoft.Storage/storageAccounts/queueServices/queues/.bicep/nested_rbac.bicep b/arm/Microsoft.Storage/storageAccounts/queueServices/queues/.bicep/nested_rbac.bicep index 4f5c422930..fd1dfa435e 100644 --- a/arm/Microsoft.Storage/storageAccounts/queueServices/queues/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Storage/storageAccounts/queueServices/queues/.bicep/nested_rbac.bicep @@ -46,7 +46,7 @@ resource queue 'Microsoft.Storage/storageAccounts/queueServices/queues@2019-06-0 name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}/${split(resourceId, '/')[12]}' } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(queue.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Storage/storageAccounts/queueServices/queues/readme.md b/arm/Microsoft.Storage/storageAccounts/queueServices/queues/readme.md index 0664c92dc1..e23a57ebf3 100644 --- a/arm/Microsoft.Storage/storageAccounts/queueServices/queues/readme.md +++ b/arm/Microsoft.Storage/storageAccounts/queueServices/queues/readme.md @@ -6,7 +6,7 @@ This module deployes a storage account queue | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Storage/storageAccounts/queueServices/queues` | 2019-06-01 | ## Parameters @@ -52,5 +52,5 @@ This module deployes a storage account queue ## Template references -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Storageaccounts/Queueservices/Queues](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2019-06-01/storageAccounts/queueServices/queues) diff --git a/arm/Microsoft.Storage/storageAccounts/queueServices/readme.md b/arm/Microsoft.Storage/storageAccounts/queueServices/readme.md index 32afcf82d4..02db74800b 100644 --- a/arm/Microsoft.Storage/storageAccounts/queueServices/readme.md +++ b/arm/Microsoft.Storage/storageAccounts/queueServices/readme.md @@ -6,7 +6,7 @@ This module can be used to deploy a file share service into a storage account. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Storage/storageAccounts/queueServices` | 2021-04-01 | | `Microsoft.Storage/storageAccounts/queueServices/queues` | 2019-06-01 | @@ -16,16 +16,16 @@ This module can be used to deploy a file share service into a storage account. | Parameter Name | Type | Default Value | Possible Values | Description | | :-- | :-- | :-- | :-- | :-- | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of a log analytics workspace. | | `logsToEnable` | array | `[StorageRead, StorageWrite, StorageDelete]` | `[StorageRead, StorageWrite, StorageDelete]` | Optional. The name of logs that will be streamed. | | `metricsToEnable` | array | `[Transaction]` | `[Transaction]` | Optional. The name of metrics that will be streamed. | | `name` | string | `default` | | Optional. The name of the queue service | | `queues` | _[queues](queues/readme.md)_ array | `[]` | | Optional. Queues to create. | | `storageAccountName` | string | | | Required. Name of the Storage Account. | -| `workspaceId` | string | | | Optional. Resource ID of a log analytics workspace. | ## Outputs @@ -38,7 +38,7 @@ This module can be used to deploy a file share service into a storage account. ## Template references -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Storageaccounts/Queueservices](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-04-01/storageAccounts/queueServices) - [Storageaccounts/Queueservices/Queues](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2019-06-01/storageAccounts/queueServices/queues) diff --git a/arm/Microsoft.Storage/storageAccounts/readme.md b/arm/Microsoft.Storage/storageAccounts/readme.md index 187e9a0628..028628c69a 100644 --- a/arm/Microsoft.Storage/storageAccounts/readme.md +++ b/arm/Microsoft.Storage/storageAccounts/readme.md @@ -6,8 +6,8 @@ This module is used to deploy a storage account, with the ability to deploy 1 or | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Network/privateEndpoints` | 2021-05-01 | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | 2021-02-01 | @@ -32,11 +32,12 @@ This module is used to deploy a storage account, with the ability to deploy 1 or | `basetime` | string | `[utcNow('u')]` | | Generated. Do not provide a value! This date value is used to generate a SAS token to access the modules. | | `blobServices` | _[blobServices](blobServices/readme.md)_ object | `{object}` | | Optional. Blob service and containers to deploy | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `enableHierarchicalNamespace` | bool | | | Optional. If true, enables Hierarchical Namespace for the storage account | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `fileServices` | _[fileServices](fileServices/readme.md)_ object | `{object}` | | Optional. File service and shares to deploy | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | @@ -56,7 +57,6 @@ This module is used to deploy a storage account, with the ability to deploy 1 or | `tags` | object | `{object}` | | Optional. Tags of the resource. | | `userAssignedIdentities` | object | `{object}` | | Optional. The ID(s) to assign to the resource. | | `vNetId` | string | | | Optional. Virtual Network Identifier used to create a service endpoint. | -| `workspaceId` | string | | | Optional. Resource ID of a log analytics workspace. | ### Parameter Usage: `roleAssignments` @@ -180,10 +180,11 @@ The hierarchical namespace of the storage account (see parameter `enableHierarch ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/privateEndpoints) +- [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints) - [Privateendpoints/Privatednszonegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/privateEndpoints/privateDnsZoneGroups) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Storageaccounts](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-06-01/storageAccounts) - [Storageaccounts/Blobservices](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-06-01/storageAccounts/blobServices) - [Storageaccounts/Blobservices/Containers](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2019-06-01/storageAccounts/blobServices/containers) diff --git a/arm/Microsoft.Storage/storageAccounts/tableServices/deploy.bicep b/arm/Microsoft.Storage/storageAccounts/tableServices/deploy.bicep index bd8d531e66..a7ec57af23 100644 --- a/arm/Microsoft.Storage/storageAccounts/tableServices/deploy.bicep +++ b/arm/Microsoft.Storage/storageAccounts/tableServices/deploy.bicep @@ -17,13 +17,13 @@ param diagnosticLogsRetentionInDays int = 365 param diagnosticStorageAccountId string = '' @description('Optional. Resource ID of a log analytics workspace.') -param workspaceId string = '' +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @description('Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered') param cuaId string = '' @@ -82,13 +82,13 @@ resource tableServices 'Microsoft.Storage/storageAccounts/tableServices@2021-04- properties: {} } -resource tableServices_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource tableServices_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: '${tableServices.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } diff --git a/arm/Microsoft.Storage/storageAccounts/tableServices/readme.md b/arm/Microsoft.Storage/storageAccounts/tableServices/readme.md index 499eea50a0..e2406550d6 100644 --- a/arm/Microsoft.Storage/storageAccounts/tableServices/readme.md +++ b/arm/Microsoft.Storage/storageAccounts/tableServices/readme.md @@ -15,16 +15,16 @@ This module deploys a storage account table service | Parameter Name | Type | Default Value | Possible Values | Description | | :-- | :-- | :-- | :-- | :-- | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of a log analytics workspace. | | `logsToEnable` | array | `[StorageRead, StorageWrite, StorageDelete]` | `[StorageRead, StorageWrite, StorageDelete]` | Optional. The name of logs that will be streamed. | | `metricsToEnable` | array | `[Transaction]` | `[Transaction]` | Optional. The name of metrics that will be streamed. | | `name` | string | `default` | | Optional. The name of the table service | | `storageAccountName` | string | | | Required. Name of the Storage Account. | | `tables` | _[tables](tables/readme.md)_ array | `[]` | | Optional. tables to create. | -| `workspaceId` | string | | | Optional. Resource ID of a log analytics workspace. | ## Outputs diff --git a/arm/Microsoft.Synapse/privateLinkHubs/.bicep/nested_rbac.bicep b/arm/Microsoft.Synapse/privateLinkHubs/.bicep/nested_rbac.bicep index 0c750fea26..07993ec01d 100644 --- a/arm/Microsoft.Synapse/privateLinkHubs/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Synapse/privateLinkHubs/.bicep/nested_rbac.bicep @@ -22,7 +22,7 @@ resource privateLinkHub 'Microsoft.Synapse/privateLinkHubs@2021-06-01' existing name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(privateLinkHub.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Synapse/privateLinkHubs/deploy.bicep b/arm/Microsoft.Synapse/privateLinkHubs/deploy.bicep index 1605f04c7b..08d5b0648e 100644 --- a/arm/Microsoft.Synapse/privateLinkHubs/deploy.bicep +++ b/arm/Microsoft.Synapse/privateLinkHubs/deploy.bicep @@ -28,7 +28,7 @@ resource privateLinkHub 'Microsoft.Synapse/privateLinkHubs@2021-06-01' = { } // Resource Lock -resource privateLinkHub_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource privateLinkHub_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${privateLinkHub.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Synapse/privateLinkHubs/readme.md b/arm/Microsoft.Synapse/privateLinkHubs/readme.md index 71b1a5494c..674f0cec80 100644 --- a/arm/Microsoft.Synapse/privateLinkHubs/readme.md +++ b/arm/Microsoft.Synapse/privateLinkHubs/readme.md @@ -6,8 +6,8 @@ This module deploys Synapse PrivateLinkHubs. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Network/privateEndpoints` | 2021-03-01 | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | 2021-03-01 | | `Microsoft.Synapse/privateLinkHubs` | 2021-06-01 | @@ -108,8 +108,8 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) - [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/privateEndpoints) - [Privateendpoints/Privatednszonegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/privateEndpoints/privateDnsZoneGroups) - [Privatelinkhubs](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Synapse/2021-06-01/privateLinkHubs) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.VirtualMachineImages/imageTemplates/.bicep/nested_rbac.bicep b/arm/Microsoft.VirtualMachineImages/imageTemplates/.bicep/nested_rbac.bicep index 0f8d11053d..f0e4261703 100644 --- a/arm/Microsoft.VirtualMachineImages/imageTemplates/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.VirtualMachineImages/imageTemplates/.bicep/nested_rbac.bicep @@ -22,7 +22,7 @@ resource imageTemplate 'Microsoft.VirtualMachineImages/imageTemplates@2020-02-14 name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(imageTemplate.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.VirtualMachineImages/imageTemplates/deploy.bicep b/arm/Microsoft.VirtualMachineImages/imageTemplates/deploy.bicep index c1bf55f285..045757a185 100644 --- a/arm/Microsoft.VirtualMachineImages/imageTemplates/deploy.bicep +++ b/arm/Microsoft.VirtualMachineImages/imageTemplates/deploy.bicep @@ -148,7 +148,7 @@ resource imageTemplate 'Microsoft.VirtualMachineImages/imageTemplates@2020-02-14 } } -resource imageTemplate_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource imageTemplate_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${imageTemplate.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.VirtualMachineImages/imageTemplates/readme.md b/arm/Microsoft.VirtualMachineImages/imageTemplates/readme.md index e3d402878d..da38a8aca3 100644 --- a/arm/Microsoft.VirtualMachineImages/imageTemplates/readme.md +++ b/arm/Microsoft.VirtualMachineImages/imageTemplates/readme.md @@ -6,8 +6,8 @@ This module deploys an image template that can be consumed by the Azure Image Bu | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.VirtualMachineImages/imageTemplates` | 2020-02-14 | ## Parameters @@ -118,6 +118,6 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Define resources with Bicep and ARM templates](https://docs.microsoft.com/en-us/azure/templates) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Web/connections/.bicep/nested_rbac.bicep b/arm/Microsoft.Web/connections/.bicep/nested_rbac.bicep index 03e9c55213..e4f4db74c6 100644 --- a/arm/Microsoft.Web/connections/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Web/connections/.bicep/nested_rbac.bicep @@ -24,7 +24,7 @@ resource connection 'Microsoft.Web/connections@2016-06-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(connection.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Web/connections/deploy.bicep b/arm/Microsoft.Web/connections/deploy.bicep index 2dc6d4f27b..6adf3f9d4d 100644 --- a/arm/Microsoft.Web/connections/deploy.bicep +++ b/arm/Microsoft.Web/connections/deploy.bicep @@ -75,7 +75,7 @@ resource connection 'Microsoft.Web/connections@2016-06-01' = { } } -resource connection_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource connection_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${connection.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Web/connections/readme.md b/arm/Microsoft.Web/connections/readme.md index 4f36d31dc6..c63943ce7a 100644 --- a/arm/Microsoft.Web/connections/readme.md +++ b/arm/Microsoft.Web/connections/readme.md @@ -6,8 +6,8 @@ This module deploys an Azure API connection. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Web/connections` | 2016-06-01 | ## Parameters @@ -131,6 +131,6 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Connections](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Web/2016-06-01/connections) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Web/hostingEnvironments/.bicep/nested_rbac.bicep b/arm/Microsoft.Web/hostingEnvironments/.bicep/nested_rbac.bicep index aaa4a50830..6931680286 100644 --- a/arm/Microsoft.Web/hostingEnvironments/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Web/hostingEnvironments/.bicep/nested_rbac.bicep @@ -23,7 +23,7 @@ resource appServiceEnvironment 'Microsoft.Web/hostingEnvironments@2021-02-01' ex name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(appServiceEnvironment.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Web/hostingEnvironments/.parameters/parameters.json b/arm/Microsoft.Web/hostingEnvironments/.parameters/parameters.json index ba93fec638..effc59e36e 100644 --- a/arm/Microsoft.Web/hostingEnvironments/.parameters/parameters.json +++ b/arm/Microsoft.Web/hostingEnvironments/.parameters/parameters.json @@ -24,13 +24,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.Web/hostingEnvironments/deploy.bicep b/arm/Microsoft.Web/hostingEnvironments/deploy.bicep index 3da610f4d2..f6c71a8b3f 100644 --- a/arm/Microsoft.Web/hostingEnvironments/deploy.bicep +++ b/arm/Microsoft.Web/hostingEnvironments/deploy.bicep @@ -78,14 +78,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @allowed([ 'CanNotDelete' @@ -157,7 +157,7 @@ resource appServiceEnvironment 'Microsoft.Web/hostingEnvironments@2021-02-01' = } } -resource appServiceEnvironment_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource appServiceEnvironment_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${appServiceEnvironment.name}-${lock}-lock' properties: { level: lock @@ -166,13 +166,13 @@ resource appServiceEnvironment_lock 'Microsoft.Authorization/locks@2016-09-01' = scope: appServiceEnvironment } -resource appServiceEnvironment_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(workspaceId) || !empty(eventHubAuthorizationRuleId) || !empty(eventHubName)) { +resource appServiceEnvironment_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { name: '${appServiceEnvironment.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null logs: diagnosticsLogs } scope: appServiceEnvironment diff --git a/arm/Microsoft.Web/hostingEnvironments/readme.md b/arm/Microsoft.Web/hostingEnvironments/readme.md index 40d9106ac7..689ab2d827 100644 --- a/arm/Microsoft.Web/hostingEnvironments/readme.md +++ b/arm/Microsoft.Web/hostingEnvironments/readme.md @@ -6,8 +6,8 @@ This module deploys an app service environment. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Web/hostingEnvironments` | 2021-02-01 | @@ -18,12 +18,13 @@ This module deploys an app service environment. | `apiManagementAccountId` | string | | | Optional. API Management Account associated with the App Service Environment. | | `clusterSettings` | array | `[]` | | Optional. Custom settings for changing the behavior of the App Service Environment | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | | `dnsSuffix` | string | | | Optional. DNS suffix of the App Service Environment. | | `dynamicCacheEnabled` | bool | | | Optional. True/false indicating whether the App Service Environment is suspended. The environment can be suspended e.g. when the management endpoint is no longer available(most likely because NSG blocked the incoming traffic). | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `frontEndScaleFactor` | int | `15` | | Optional. Scale factor for frontends. | | `hasLinuxWorkers` | bool | | | Optional. Flag that displays whether an ASE has linux workers or not | | `internalLoadBalancingMode` | string | `None` | `[None, Web, Publishing]` | Optional. Specifies which endpoints to serve internally in the Virtual Network for the App Service Environment. - None, Web, Publishing, Web,Publishing | @@ -42,7 +43,6 @@ This module deploys an app service environment. | `tags` | object | `{object}` | | Optional. Resource tags. | | `userWhitelistedIpRanges` | array | `[]` | | Optional. User added ip ranges to whitelist on ASE db - string | | `workerPools` | array | `[]` | | Optional. Description of worker pools with worker size IDs, VM sizes, and number of workers in each pool.. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ### Parameter Usage: `roleAssignments` @@ -141,7 +141,7 @@ workerPools can have two properties workerSize and workerCount: ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) - [Hostingenvironments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Web/2021-02-01/hostingEnvironments) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Web/serverfarms/.bicep/nested_rbac.bicep b/arm/Microsoft.Web/serverfarms/.bicep/nested_rbac.bicep index fa51e27883..e9946e9743 100644 --- a/arm/Microsoft.Web/serverfarms/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Web/serverfarms/.bicep/nested_rbac.bicep @@ -26,7 +26,7 @@ resource appServicePlan 'Microsoft.Web/serverfarms@2021-02-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(appServicePlan.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Web/serverfarms/deploy.bicep b/arm/Microsoft.Web/serverfarms/deploy.bicep index adb0fae658..b2b8705b0e 100644 --- a/arm/Microsoft.Web/serverfarms/deploy.bicep +++ b/arm/Microsoft.Web/serverfarms/deploy.bicep @@ -82,7 +82,7 @@ resource appServicePlan 'Microsoft.Web/serverfarms@2021-02-01' = { } } -resource appServicePlan_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource appServicePlan_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${appServicePlan.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Web/serverfarms/readme.md b/arm/Microsoft.Web/serverfarms/readme.md index 9583fc961d..9f7c85d82c 100644 --- a/arm/Microsoft.Web/serverfarms/readme.md +++ b/arm/Microsoft.Web/serverfarms/readme.md @@ -6,8 +6,8 @@ This module deploys an app service plan. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Web/serverfarms` | 2021-02-01 | ## Parameters @@ -92,6 +92,6 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Serverfarms](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Web/2021-02-01/serverfarms) diff --git a/arm/Microsoft.Web/sites/.bicep/nested_components.bicep b/arm/Microsoft.Web/sites/.bicep/nested_components.bicep index e3379a0a2e..169266210b 100644 --- a/arm/Microsoft.Web/sites/.bicep/nested_components.bicep +++ b/arm/Microsoft.Web/sites/.bicep/nested_components.bicep @@ -15,7 +15,7 @@ param appInsightsType string = 'web' param appInsightsRequestSource string = 'rest' @description('Required. Resource ID of the log analytics workspace which the data will be ingested to. This property is required to create an application with this API version. Applications from older versions will not have this property.') -param workspaceResourceId string +param workspaceResourceId string @description('Optional. The network access type for accessing Application Insights ingestion. - Enabled or Disabled.') @allowed([ @@ -48,7 +48,6 @@ param lock string = 'NotSpecified' @description('Optional. Tags of the resource.') param tags object = {} - resource appInsights 'Microsoft.Insights/components@2020-02-02' = { name: name location: location @@ -57,13 +56,13 @@ resource appInsights 'Microsoft.Insights/components@2020-02-02' = { properties: { Application_Type: appInsightsType Request_Source: appInsightsRequestSource - WorkspaceResourceId: workspaceResourceId + WorkspaceResourceId: workspaceResourceId publicNetworkAccessForIngestion: appInsightsPublicNetworkAccessForIngestion publicNetworkAccessForQuery: appInsightsPublicNetworkAccessForQuery } } -resource appInsights_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource appInsights_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${appInsights.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Web/sites/.bicep/nested_rbac.bicep b/arm/Microsoft.Web/sites/.bicep/nested_rbac.bicep index 5b9bb3498f..759726e64a 100644 --- a/arm/Microsoft.Web/sites/.bicep/nested_rbac.bicep +++ b/arm/Microsoft.Web/sites/.bicep/nested_rbac.bicep @@ -24,7 +24,7 @@ resource app 'Microsoft.Web/sites@2020-12-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = [for principalId in principalIds: { name: guid(app.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/arm/Microsoft.Web/sites/.bicep/nested_serverfarms.bicep b/arm/Microsoft.Web/sites/.bicep/nested_serverfarms.bicep index 7d300d6b0f..4e7a4a5af5 100644 --- a/arm/Microsoft.Web/sites/.bicep/nested_serverfarms.bicep +++ b/arm/Microsoft.Web/sites/.bicep/nested_serverfarms.bicep @@ -69,7 +69,7 @@ resource appServicePlan 'Microsoft.Web/serverfarms@2021-02-01' = { } } -resource appServicePlan_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource appServicePlan_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${appServicePlan.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Web/sites/.parameters/fa.parameters.json b/arm/Microsoft.Web/sites/.parameters/fa.parameters.json index 1c0fcb37cb..8c1f4bede3 100644 --- a/arm/Microsoft.Web/sites/.parameters/fa.parameters.json +++ b/arm/Microsoft.Web/sites/.parameters/fa.parameters.json @@ -57,13 +57,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.Web/sites/.parameters/wa.parameters.json b/arm/Microsoft.Web/sites/.parameters/wa.parameters.json index 355267d9ac..0bd5311c92 100644 --- a/arm/Microsoft.Web/sites/.parameters/wa.parameters.json +++ b/arm/Microsoft.Web/sites/.parameters/wa.parameters.json @@ -63,13 +63,13 @@ "diagnosticStorageAccountId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" }, - "workspaceId": { + "diagnosticWorkspaceId": { "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" }, - "eventHubAuthorizationRuleId": { + "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, - "eventHubName": { + "diagnosticEventHubName": { "value": "adp-sxx-az-evh-x-001" } } diff --git a/arm/Microsoft.Web/sites/deploy.bicep b/arm/Microsoft.Web/sites/deploy.bicep index aff99edc77..56ef6b8a87 100644 --- a/arm/Microsoft.Web/sites/deploy.bicep +++ b/arm/Microsoft.Web/sites/deploy.bicep @@ -87,13 +87,13 @@ param diagnosticLogsRetentionInDays int = 365 param diagnosticStorageAccountId string = '' @description('Optional. Resource ID of log analytics workspace.') -param workspaceId string = '' +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the event hub namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @description('Optional. The name of logs that will be streamed.') @allowed([ @@ -216,7 +216,7 @@ module app_appsettings 'config/deploy.bicep' = { } } -resource app_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource app_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${app.name}-${lock}-lock' properties: { level: lock @@ -225,13 +225,13 @@ resource app_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotS scope: app } -resource app_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(workspaceId) || !empty(eventHubAuthorizationRuleId) || !empty(eventHubName)) { +resource app_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { name: '${app.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } diff --git a/arm/Microsoft.Web/sites/readme.md b/arm/Microsoft.Web/sites/readme.md index 0b20f3f1de..ee9d4d8d78 100644 --- a/arm/Microsoft.Web/sites/readme.md +++ b/arm/Microsoft.Web/sites/readme.md @@ -6,8 +6,8 @@ This module deploys a web or function app. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2016-09-01 | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/components` | 2020-02-02 | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Network/privateEndpoints` | 2021-03-01 | @@ -27,17 +27,18 @@ This module deploys a web or function app. | `appServicePlanObject` | object | `{object}` | | Optional. Required if no appServicePlanId is provided to deploy a new app service plan. | | `clientAffinityEnabled` | bool | `True` | | Optional. If client affinity is enabled. | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered. | +| `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | -| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the event hub namespace in which the event hub should be created or streamed to. | -| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticWorkspaceId` | string | | | Optional. Resource ID of log analytics workspace. | | `functionsExtensionVersion` | string | `~3` | | Optional. Version if the function extension. | | `functionsWorkerRuntime` | string | | `[dotnet, node, python, java, powershell, ]` | Optional. Runtime of the function worker. | | `httpsOnly` | bool | `True` | | Optional. Configures a site to accept only HTTPS requests. Issues redirect for HTTP requests. | | `kind` | string | | `[functionapp, app]` | Required. Type of site to deploy. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all Resources. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | -| `logsToEnable` | array | `[AppServiceHTTPLogs, AppServiceConsoleLogs, AppServiceAppLogs, AppServiceFileAuditLogs, AppServiceAuditLogs]` | `[AppServiceHTTPLogs, AppServiceConsoleLogs, AppServiceAppLogs, AppServiceFileAuditLogs, AppServiceAuditLogs]` | Optional. The name of logs that will be streamed. | +| `logsToEnable` | array | `[if(equals(parameters('kind'), 'functionapp'), createArray('FunctionAppLogs'), createArray('AppServiceHTTPLogs', 'AppServiceConsoleLogs', 'AppServiceAppLogs', 'AppServiceFileAuditLogs', 'AppServiceAuditLogs'))]` | `[AppServiceHTTPLogs, AppServiceConsoleLogs, AppServiceAppLogs, AppServiceFileAuditLogs, AppServiceAuditLogs, FunctionAppLogs]` | Optional. The name of logs that will be streamed. | | `metricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | Optional. The name of metrics that will be streamed. | | `name` | string | | | Required. Name of the site. | | `privateEndpoints` | array | `[]` | | Optional. Configuration details for private endpoints. | @@ -47,7 +48,6 @@ This module deploys a web or function app. | `systemAssignedIdentity` | bool | | | Optional. Enables system assigned managed identity on the resource. | | `tags` | object | `{object}` | | Optional. Tags of the resource. | | `userAssignedIdentities` | object | `{object}` | | Optional. The ID(s) to assign to the resource. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics workspace. | ### Parameter Usage: `privateEndpoints` @@ -184,12 +184,12 @@ You can specify multiple user assigned identities to a resource by providing add ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- ['sites/config' Parent Documentation](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Web/sites) - [Components](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2020-02-02/components) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) - [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/privateEndpoints) - [Privateendpoints/Privatednszonegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/privateEndpoints/privateDnsZoneGroups) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Serverfarms](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Web/2021-02-01/serverfarms) - [Sites](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Web/2020-12-01/sites) -- ['sites/config' Parent Documentation](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Web/sites) diff --git a/constructs/Microsoft.Authorization/roleAssignments-multiRolesMultiPrincipals/readme.md b/constructs/Microsoft.Authorization/roleAssignments-multiRolesMultiPrincipals/readme.md index d5c6528d78..e9096a4992 100644 --- a/constructs/Microsoft.Authorization/roleAssignments-multiRolesMultiPrincipals/readme.md +++ b/constructs/Microsoft.Authorization/roleAssignments-multiRolesMultiPrincipals/readme.md @@ -6,7 +6,7 @@ This module deploys Role Assignments. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | ## Parameters @@ -102,4 +102,4 @@ This module can be deployed both at management group, subscription or resource g ## Template references -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/constructs/Microsoft.Management/managementGroup-structure/deploy.json b/constructs/Microsoft.Management/managementGroup-structure/deploy.json index 5832ab1421..ce59829ea8 100644 --- a/constructs/Microsoft.Management/managementGroup-structure/deploy.json +++ b/constructs/Microsoft.Management/managementGroup-structure/deploy.json @@ -366,7 +366,7 @@ "resources": [ { "type": "Microsoft.Management/managementGroups/providers/roleAssignments", - "apiVersion": "2020-04-01-preview", + "apiVersion": "2021-04-01-preview", "name": "[ concat( parameters('MGName'), diff --git a/docs/wiki/ModulesDesign.md b/docs/wiki/ModulesDesign.md index 5b9875b05e..7cdccd09d7 100644 --- a/docs/wiki/ModulesDesign.md +++ b/docs/wiki/ModulesDesign.md @@ -146,7 +146,7 @@ The locks extension can be added as a `resource` to the resource template direct @description('Optional. Specify the type of lock.') param lock string = 'NotSpecified' -resource _lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { +resource _lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { name: '${.name}-${lock}-lock' properties: { level: lock @@ -206,7 +206,7 @@ resource '/@.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName @@ -229,14 +229,14 @@ param diagnosticLogsRetentionInDays int = 365 @description('Optional. Resource ID of the diagnostic storage account.') param diagnosticStorageAccountId string = '' -@description('Optional. Resource ID of log analytics.') -param workspaceId string = '' +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' -@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param eventHubAuthorizationRuleId string = '' +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' -@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param eventHubName string = '' +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' @description('Optional. The name of logs that will be streamed.') @allowed([ @@ -273,13 +273,13 @@ var diagnosticsMetrics = [for metric in metricsToEnable: { } }] -resource _diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(workspaceId) || !empty(eventHubAuthorizationRuleId) || !empty(eventHubName)) { +resource _diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { name: '${.name}-diagnosticSettings' properties: { storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(workspaceId) ? workspaceId : null - eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null - eventHubName: !empty(eventHubName) ? eventHubName : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } From 8653cd7685621a32ce770386c687fa97a525f0a2 Mon Sep 17 00:00:00 2001 From: Rainer Halanek <61878316+rahalan@users.noreply.github.com> Date: Fri, 14 Jan 2022 08:33:45 +0100 Subject: [PATCH 2/9] Update arm/Microsoft.Authorization/roleAssignments/readme.md Co-authored-by: Alexander Sehr --- arm/Microsoft.Authorization/roleAssignments/readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arm/Microsoft.Authorization/roleAssignments/readme.md b/arm/Microsoft.Authorization/roleAssignments/readme.md index 4aea529f47..db6653d0d6 100644 --- a/arm/Microsoft.Authorization/roleAssignments/readme.md +++ b/arm/Microsoft.Authorization/roleAssignments/readme.md @@ -14,7 +14,7 @@ This module deploys Role Assignments. | :-- | :-- | :-- | :-- | :-- | | `condition` | string | | | Optional. The conditions on the role assignment. This limits the resources it can be assigned to | | `conditionVersion` | string | `2.0` | `[2.0]` | Optional. Version of the condition. Currently accepted value is "2.0" | -| `delegatedManagedIdentityResourceId` | string | | | Optional. Id of the delegated managed identity resource | +| `delegatedManagedIdentityResourceId` | string | | | Optional. ID of the delegated managed identity resource | | `description` | string | | | Optional. Description of role assignment | | `location` | string | `[deployment().location]` | | Optional. Location for all resources. | | `managementGroupId` | string | | | Optional. Group ID of the Management Group to assign the RBAC role to. If no Subscription is provided, the module deploys at management group level, therefore assigns the provided RBAC role to the management group. | From 7468f0f0185fd4b4737a4fe1b8e1952598eb7d56 Mon Sep 17 00:00:00 2001 From: Rainer Halanek <61878316+rahalan@users.noreply.github.com> Date: Fri, 14 Jan 2022 08:33:52 +0100 Subject: [PATCH 3/9] Update arm/Microsoft.Compute/virtualMachineScaleSets/extensions/readme.md Co-authored-by: Alexander Sehr --- .../virtualMachineScaleSets/extensions/readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arm/Microsoft.Compute/virtualMachineScaleSets/extensions/readme.md b/arm/Microsoft.Compute/virtualMachineScaleSets/extensions/readme.md index ca786a0c28..8d2ef006ea 100644 --- a/arm/Microsoft.Compute/virtualMachineScaleSets/extensions/readme.md +++ b/arm/Microsoft.Compute/virtualMachineScaleSets/extensions/readme.md @@ -31,7 +31,7 @@ This module deploys a virtual machine scale set extension. | :-- | :-- | :-- | | `extensionName` | string | The name of the extension | | `extensionResourceGroup` | string | The name of the Resource Group the extension was created in. | -| `extensionResourceId` | string | The ResourceId of the extension | +| `extensionResourceId` | string | The Resource ID of the extension | ## Template references From 91da28aa40e48ba562505820106f84acbd096a42 Mon Sep 17 00:00:00 2001 From: Rainer Halanek Date: Fri, 14 Jan 2022 09:10:48 +0100 Subject: [PATCH 4/9] revert to older lock API version --- arm/Microsoft.AnalysisServices/servers/deploy.bicep | 2 +- arm/Microsoft.AnalysisServices/servers/readme.md | 4 ++-- arm/Microsoft.ApiManagement/service/deploy.bicep | 2 +- arm/Microsoft.ApiManagement/service/readme.md | 4 ++-- arm/Microsoft.Automation/automationAccounts/deploy.bicep | 2 +- arm/Microsoft.Automation/automationAccounts/readme.md | 4 ++-- arm/Microsoft.Batch/batchAccounts/deploy.bicep | 2 +- arm/Microsoft.Batch/batchAccounts/readme.md | 4 ++-- arm/Microsoft.CognitiveServices/accounts/deploy.bicep | 2 +- arm/Microsoft.CognitiveServices/accounts/readme.md | 4 ++-- arm/Microsoft.Compute/availabilitySets/deploy.bicep | 2 +- arm/Microsoft.Compute/availabilitySets/readme.md | 4 ++-- arm/Microsoft.Compute/galleries/deploy.bicep | 2 +- arm/Microsoft.Compute/galleries/readme.md | 4 ++-- .../proximityPlacementGroups/deploy.bicep | 2 +- arm/Microsoft.Compute/proximityPlacementGroups/readme.md | 4 ++-- .../virtualMachineScaleSets/deploy.bicep | 2 +- arm/Microsoft.Compute/virtualMachineScaleSets/readme.md | 4 ++-- .../containerGroups/deploy.bicep | 2 +- arm/Microsoft.ContainerInstance/containerGroups/readme.md | 4 ++-- arm/Microsoft.ContainerRegistry/registries/deploy.bicep | 2 +- arm/Microsoft.ContainerRegistry/registries/readme.md | 4 ++-- .../managedClusters/deploy.bicep | 2 +- arm/Microsoft.ContainerService/managedClusters/readme.md | 4 ++-- arm/Microsoft.DataFactory/factories/deploy.bicep | 2 +- arm/Microsoft.DataFactory/factories/readme.md | 4 ++-- arm/Microsoft.Databricks/workspaces/deploy.bicep | 2 +- arm/Microsoft.Databricks/workspaces/readme.md | 4 ++-- .../applicationgroups/deploy.bicep | 2 +- .../applicationgroups/readme.md | 4 ++-- .../hostpools/deploy.bicep | 2 +- arm/Microsoft.DesktopVirtualization/hostpools/readme.md | 4 ++-- .../workspaces/deploy.bicep | 2 +- arm/Microsoft.DesktopVirtualization/workspaces/readme.md | 4 ++-- arm/Microsoft.DocumentDB/databaseAccounts/deploy.bicep | 2 +- arm/Microsoft.DocumentDB/databaseAccounts/readme.md | 4 ++-- arm/Microsoft.EventGrid/topics/deploy.bicep | 2 +- arm/Microsoft.EventGrid/topics/readme.md | 4 ++-- .../namespaces/.bicep/nested_privateEndpoint.bicep | 2 +- arm/Microsoft.EventHub/namespaces/deploy.bicep | 2 +- arm/Microsoft.EventHub/namespaces/eventhubs/deploy.bicep | 2 +- arm/Microsoft.EventHub/namespaces/eventhubs/readme.md | 4 ++-- arm/Microsoft.EventHub/namespaces/readme.md | 6 +++--- arm/Microsoft.HealthBot/healthBots/deploy.bicep | 2 +- arm/Microsoft.HealthBot/healthBots/readme.md | 4 ++-- .../privateLinkScopes/.bicep/nested_privateEndpoint.bicep | 2 +- arm/Microsoft.Insights/privateLinkScopes/deploy.bicep | 2 +- arm/Microsoft.Insights/privateLinkScopes/readme.md | 6 +++--- arm/Microsoft.KeyVault/vaults/deploy.bicep | 2 +- arm/Microsoft.KeyVault/vaults/readme.md | 4 ++-- arm/Microsoft.Logic/workflows/deploy.bicep | 2 +- arm/Microsoft.Logic/workflows/readme.md | 4 ++-- .../workspaces/deploy.bicep | 2 +- .../workspaces/readme.md | 4 ++-- .../userAssignedIdentities/deploy.bicep | 2 +- .../userAssignedIdentities/readme.md | 4 ++-- arm/Microsoft.NetApp/netAppAccounts/deploy.bicep | 2 +- arm/Microsoft.NetApp/netAppAccounts/readme.md | 4 ++-- arm/Microsoft.Network/applicationGateways/deploy.bicep | 2 +- arm/Microsoft.Network/applicationGateways/readme.md | 4 ++-- .../applicationSecurityGroups/deploy.bicep | 2 +- arm/Microsoft.Network/applicationSecurityGroups/readme.md | 4 ++-- arm/Microsoft.Network/azureFirewalls/deploy.bicep | 4 ++-- arm/Microsoft.Network/azureFirewalls/readme.md | 4 ++-- .../bastionHosts/.bicep/nested_publicIPAddress.bicep | 2 +- arm/Microsoft.Network/bastionHosts/deploy.bicep | 2 +- arm/Microsoft.Network/bastionHosts/readme.md | 4 ++-- arm/Microsoft.Network/connections/deploy.bicep | 2 +- arm/Microsoft.Network/connections/readme.md | 4 ++-- arm/Microsoft.Network/ddosProtectionPlans/deploy.bicep | 2 +- arm/Microsoft.Network/ddosProtectionPlans/readme.md | 4 ++-- arm/Microsoft.Network/expressRouteCircuits/deploy.bicep | 4 ++-- arm/Microsoft.Network/expressRouteCircuits/readme.md | 4 ++-- arm/Microsoft.Network/ipGroups/deploy.bicep | 2 +- arm/Microsoft.Network/ipGroups/readme.md | 4 ++-- arm/Microsoft.Network/loadBalancers/deploy.bicep | 2 +- arm/Microsoft.Network/loadBalancers/readme.md | 4 ++-- arm/Microsoft.Network/localNetworkGateways/deploy.bicep | 2 +- arm/Microsoft.Network/localNetworkGateways/readme.md | 4 ++-- arm/Microsoft.Network/natGateways/deploy.bicep | 4 ++-- arm/Microsoft.Network/natGateways/readme.md | 4 ++-- arm/Microsoft.Network/networkSecurityGroups/deploy.bicep | 2 +- arm/Microsoft.Network/networkSecurityGroups/readme.md | 4 ++-- arm/Microsoft.Network/networkWatchers/deploy.bicep | 2 +- arm/Microsoft.Network/networkWatchers/readme.md | 4 ++-- arm/Microsoft.Network/privateDnsZones/deploy.bicep | 2 +- arm/Microsoft.Network/privateDnsZones/readme.md | 4 ++-- arm/Microsoft.Network/privateEndpoints/deploy.bicep | 2 +- arm/Microsoft.Network/privateEndpoints/readme.md | 4 ++-- arm/Microsoft.Network/publicIPAddresses/deploy.bicep | 2 +- arm/Microsoft.Network/publicIPAddresses/readme.md | 4 ++-- arm/Microsoft.Network/publicIPPrefixes/deploy.bicep | 2 +- arm/Microsoft.Network/publicIPPrefixes/readme.md | 4 ++-- arm/Microsoft.Network/routeTables/deploy.bicep | 2 +- arm/Microsoft.Network/routeTables/readme.md | 4 ++-- arm/Microsoft.Network/trafficmanagerprofiles/deploy.bicep | 2 +- arm/Microsoft.Network/trafficmanagerprofiles/readme.md | 4 ++-- arm/Microsoft.Network/virtualNetworkGateways/deploy.bicep | 4 ++-- arm/Microsoft.Network/virtualNetworkGateways/readme.md | 4 ++-- arm/Microsoft.Network/virtualNetworks/deploy.bicep | 2 +- arm/Microsoft.Network/virtualNetworks/readme.md | 4 ++-- arm/Microsoft.Network/virtualWans/deploy.bicep | 8 ++++---- arm/Microsoft.Network/virtualWans/readme.md | 4 ++-- arm/Microsoft.OperationalInsights/workspaces/deploy.bicep | 2 +- arm/Microsoft.OperationalInsights/workspaces/readme.md | 4 ++-- arm/Microsoft.RecoveryServices/vaults/deploy.bicep | 2 +- arm/Microsoft.RecoveryServices/vaults/readme.md | 4 ++-- arm/Microsoft.Resources/deploymentScripts/deploy.bicep | 2 +- arm/Microsoft.Resources/deploymentScripts/readme.md | 4 ++-- .../resourceGroups/.bicep/nested_lock.bicep | 2 +- arm/Microsoft.Resources/resourceGroups/readme.md | 4 ++-- .../namespaces/.bicep/nested_privateEndpoints.bicep | 2 +- arm/Microsoft.ServiceBus/namespaces/deploy.bicep | 2 +- arm/Microsoft.ServiceBus/namespaces/queues/deploy.bicep | 2 +- arm/Microsoft.ServiceBus/namespaces/queues/readme.md | 4 ++-- arm/Microsoft.ServiceBus/namespaces/readme.md | 6 +++--- arm/Microsoft.Sql/managedInstances/databases/deploy.bicep | 2 +- arm/Microsoft.Sql/managedInstances/databases/readme.md | 4 ++-- arm/Microsoft.Sql/managedInstances/deploy.bicep | 2 +- arm/Microsoft.Sql/managedInstances/readme.md | 4 ++-- arm/Microsoft.Sql/servers/deploy.bicep | 2 +- arm/Microsoft.Sql/servers/readme.md | 4 ++-- arm/Microsoft.Storage/storageAccounts/deploy.bicep | 2 +- arm/Microsoft.Storage/storageAccounts/readme.md | 4 ++-- arm/Microsoft.Synapse/privateLinkHubs/deploy.bicep | 2 +- arm/Microsoft.Synapse/privateLinkHubs/readme.md | 4 ++-- .../imageTemplates/deploy.bicep | 2 +- .../imageTemplates/readme.md | 4 ++-- arm/Microsoft.Web/connections/deploy.bicep | 2 +- arm/Microsoft.Web/connections/readme.md | 4 ++-- arm/Microsoft.Web/hostingEnvironments/deploy.bicep | 2 +- arm/Microsoft.Web/hostingEnvironments/readme.md | 4 ++-- arm/Microsoft.Web/serverfarms/deploy.bicep | 2 +- arm/Microsoft.Web/serverfarms/readme.md | 4 ++-- arm/Microsoft.Web/sites/.bicep/nested_components.bicep | 2 +- arm/Microsoft.Web/sites/.bicep/nested_serverfarms.bicep | 2 +- arm/Microsoft.Web/sites/deploy.bicep | 2 +- arm/Microsoft.Web/sites/readme.md | 4 ++-- .../managementGroup-structure/deploy.json | 4 ++-- .../managementGroup-structure/readme.md | 2 +- docs/wiki/ModulesDesign.md | 2 +- 141 files changed, 218 insertions(+), 218 deletions(-) diff --git a/arm/Microsoft.AnalysisServices/servers/deploy.bicep b/arm/Microsoft.AnalysisServices/servers/deploy.bicep index 312334c2d8..c8f76e244a 100644 --- a/arm/Microsoft.AnalysisServices/servers/deploy.bicep +++ b/arm/Microsoft.AnalysisServices/servers/deploy.bicep @@ -111,7 +111,7 @@ resource server 'Microsoft.AnalysisServices/servers@2017-08-01' = { } } -resource server_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource server_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${server.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.AnalysisServices/servers/readme.md b/arm/Microsoft.AnalysisServices/servers/readme.md index 3ef1a5a69f..f20a0be96b 100644 --- a/arm/Microsoft.AnalysisServices/servers/readme.md +++ b/arm/Microsoft.AnalysisServices/servers/readme.md @@ -7,7 +7,7 @@ This module deploys an analysis service server. | Resource Type | API Version | | :-- | :-- | | `Microsoft.AnalysisServices/servers` | 2017-08-01 | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | @@ -88,6 +88,6 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Servers](https://docs.microsoft.com/en-us/azure/templates/Microsoft.AnalysisServices/2017-08-01/servers) diff --git a/arm/Microsoft.ApiManagement/service/deploy.bicep b/arm/Microsoft.ApiManagement/service/deploy.bicep index b7ede99f90..5a12eba217 100644 --- a/arm/Microsoft.ApiManagement/service/deploy.bicep +++ b/arm/Microsoft.ApiManagement/service/deploy.bicep @@ -396,7 +396,7 @@ module subscriptions_resource 'subscriptions/deploy.bicep' = [for (subscription, } }] -resource apiManagementService_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource apiManagementService_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${apiManagementService.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.ApiManagement/service/readme.md b/arm/Microsoft.ApiManagement/service/readme.md index 162b8be42d..2017224728 100644 --- a/arm/Microsoft.ApiManagement/service/readme.md +++ b/arm/Microsoft.ApiManagement/service/readme.md @@ -21,7 +21,7 @@ This module deploys an API management service. | `Microsoft.ApiManagement/service/products/apis` | 2021-08-01 | | `Microsoft.ApiManagement/service/products/groups` | 2021-08-01 | | `Microsoft.ApiManagement/service/subscriptions` | 2021-08-01 | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | @@ -153,7 +153,7 @@ You can specify multiple user assigned identities to a resource by providing add - ['service/portalsettings' Parent Documentation](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/service) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Service](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service) - [Service/Apis](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/apis) diff --git a/arm/Microsoft.Automation/automationAccounts/deploy.bicep b/arm/Microsoft.Automation/automationAccounts/deploy.bicep index 9475b11329..fa0b69746d 100644 --- a/arm/Microsoft.Automation/automationAccounts/deploy.bicep +++ b/arm/Microsoft.Automation/automationAccounts/deploy.bicep @@ -287,7 +287,7 @@ module automationAccount_softwareUpdateConfigurations 'softwareUpdateConfigurati ] }] -resource automationAccount_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource automationAccount_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${automationAccount.name}-AutoAccount-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Automation/automationAccounts/readme.md b/arm/Microsoft.Automation/automationAccounts/readme.md index 5b18f63cff..c0c8f87546 100644 --- a/arm/Microsoft.Automation/automationAccounts/readme.md +++ b/arm/Microsoft.Automation/automationAccounts/readme.md @@ -6,7 +6,7 @@ This module deploys an Azure Automation Account. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Automation/automationAccounts` | 2020-01-13-preview | | `Microsoft.Automation/automationAccounts/jobSchedules` | 2020-01-13-preview | @@ -158,7 +158,7 @@ You can specify multiple user assigned identities to a resource by providing add - [Automationaccounts/Softwareupdateconfigurations](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Automation/2019-06-01/automationAccounts/softwareUpdateConfigurations) - [Automationaccounts/Variables](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Automation/2020-01-13-preview/automationAccounts/variables) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/privateEndpoints) - [Privateendpoints/Privatednszonegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/privateEndpoints/privateDnsZoneGroups) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Batch/batchAccounts/deploy.bicep b/arm/Microsoft.Batch/batchAccounts/deploy.bicep index ebb82d1d19..a30debf1ff 100644 --- a/arm/Microsoft.Batch/batchAccounts/deploy.bicep +++ b/arm/Microsoft.Batch/batchAccounts/deploy.bicep @@ -82,7 +82,7 @@ resource batchAccount 'Microsoft.Batch/batchAccounts@2020-09-01' = { properties: {} } -resource batchAccount_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource batchAccount_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${batchAccount.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Batch/batchAccounts/readme.md b/arm/Microsoft.Batch/batchAccounts/readme.md index e8110071a9..ae1d9529a2 100644 --- a/arm/Microsoft.Batch/batchAccounts/readme.md +++ b/arm/Microsoft.Batch/batchAccounts/readme.md @@ -4,7 +4,7 @@ | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Batch/batchAccounts` | 2020-09-01 | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | @@ -54,4 +54,4 @@ Tag names and tag values can be provided as needed. A tag can be left without a - [Batchaccounts](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Batch/2020-09-01/batchAccounts) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) diff --git a/arm/Microsoft.CognitiveServices/accounts/deploy.bicep b/arm/Microsoft.CognitiveServices/accounts/deploy.bicep index c2761c7109..bd8040908a 100644 --- a/arm/Microsoft.CognitiveServices/accounts/deploy.bicep +++ b/arm/Microsoft.CognitiveServices/accounts/deploy.bicep @@ -180,7 +180,7 @@ resource cognitiveServices 'Microsoft.CognitiveServices/accounts@2017-04-18' = { } } -resource cognitiveServices_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource cognitiveServices_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${cognitiveServices.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.CognitiveServices/accounts/readme.md b/arm/Microsoft.CognitiveServices/accounts/readme.md index e7c7d1f82a..025c3d9b38 100644 --- a/arm/Microsoft.CognitiveServices/accounts/readme.md +++ b/arm/Microsoft.CognitiveServices/accounts/readme.md @@ -6,7 +6,7 @@ This module deploys different kinds of cognitive services resources | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.CognitiveServices/accounts` | 2017-04-18 | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | @@ -202,7 +202,7 @@ You can specify multiple user assigned identities to a resource by providing add - [Accounts](https://docs.microsoft.com/en-us/azure/templates/Microsoft.CognitiveServices/2017-04-18/accounts) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints) - [Privateendpoints/Privatednszonegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/privateEndpoints/privateDnsZoneGroups) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Compute/availabilitySets/deploy.bicep b/arm/Microsoft.Compute/availabilitySets/deploy.bicep index a56225846a..5b89a2a418 100644 --- a/arm/Microsoft.Compute/availabilitySets/deploy.bicep +++ b/arm/Microsoft.Compute/availabilitySets/deploy.bicep @@ -52,7 +52,7 @@ resource availabilitySet 'Microsoft.Compute/availabilitySets@2021-04-01' = { } } -resource availabilitySet_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource availabilitySet_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${availabilitySet.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Compute/availabilitySets/readme.md b/arm/Microsoft.Compute/availabilitySets/readme.md index ceedd94101..ac8a3d356c 100644 --- a/arm/Microsoft.Compute/availabilitySets/readme.md +++ b/arm/Microsoft.Compute/availabilitySets/readme.md @@ -6,7 +6,7 @@ This template deploys an availability set | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Compute/availabilitySets` | 2021-04-01 | @@ -75,5 +75,5 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references - [Availabilitysets](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Compute/2021-04-01/availabilitySets) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Compute/galleries/deploy.bicep b/arm/Microsoft.Compute/galleries/deploy.bicep index e2ace83fc3..b315394af7 100644 --- a/arm/Microsoft.Compute/galleries/deploy.bicep +++ b/arm/Microsoft.Compute/galleries/deploy.bicep @@ -43,7 +43,7 @@ resource gallery 'Microsoft.Compute/galleries@2020-09-30' = { } } -resource gallery_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource gallery_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${gallery.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Compute/galleries/readme.md b/arm/Microsoft.Compute/galleries/readme.md index b390a1a7b7..10de8bbdbf 100644 --- a/arm/Microsoft.Compute/galleries/readme.md +++ b/arm/Microsoft.Compute/galleries/readme.md @@ -6,7 +6,7 @@ This module deploys an Azure compute gallery (formerly known as shared image gal | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Compute/galleries` | 2020-09-30 | | `Microsoft.Compute/galleries/images` | 2020-09-30 | @@ -75,5 +75,5 @@ Tag names and tag values can be provided as needed. A tag can be left without a - [Galleries](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Compute/2020-09-30/galleries) - [Galleries/Images](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Compute/2020-09-30/galleries/images) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Compute/proximityPlacementGroups/deploy.bicep b/arm/Microsoft.Compute/proximityPlacementGroups/deploy.bicep index 45872a39d5..dadc3ec338 100644 --- a/arm/Microsoft.Compute/proximityPlacementGroups/deploy.bicep +++ b/arm/Microsoft.Compute/proximityPlacementGroups/deploy.bicep @@ -42,7 +42,7 @@ resource proximityPlacementGroup 'Microsoft.Compute/proximityPlacementGroups@202 } } -resource proximityPlacementGroup_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource proximityPlacementGroup_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${proximityPlacementGroup.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Compute/proximityPlacementGroups/readme.md b/arm/Microsoft.Compute/proximityPlacementGroups/readme.md index bd3ca412ee..781982c285 100644 --- a/arm/Microsoft.Compute/proximityPlacementGroups/readme.md +++ b/arm/Microsoft.Compute/proximityPlacementGroups/readme.md @@ -6,7 +6,7 @@ This template deploys a proximity placement group. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Compute/proximityPlacementGroups` | 2021-04-01 | @@ -71,6 +71,6 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Proximityplacementgroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Compute/2021-04-01/proximityPlacementGroups) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Compute/virtualMachineScaleSets/deploy.bicep b/arm/Microsoft.Compute/virtualMachineScaleSets/deploy.bicep index ce34cf8c91..6e763584e7 100644 --- a/arm/Microsoft.Compute/virtualMachineScaleSets/deploy.bicep +++ b/arm/Microsoft.Compute/virtualMachineScaleSets/deploy.bicep @@ -584,7 +584,7 @@ module vmss_diskEncryptionExtension 'extensions/deploy.bicep' = if (extensionDis ] } -resource vmss_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource vmss_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${vmss.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Compute/virtualMachineScaleSets/readme.md b/arm/Microsoft.Compute/virtualMachineScaleSets/readme.md index 7fd3b799dd..7a45e172be 100644 --- a/arm/Microsoft.Compute/virtualMachineScaleSets/readme.md +++ b/arm/Microsoft.Compute/virtualMachineScaleSets/readme.md @@ -6,7 +6,7 @@ This module deploys a virtual machine scale set. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Compute/proximityPlacementGroups` | 2021-04-01 | | `Microsoft.Compute/virtualMachineScaleSets` | 2021-04-01 | @@ -424,7 +424,7 @@ You can specify multiple user assigned identities to a resource by providing add ## Template references - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Proximityplacementgroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Compute/2021-04-01/proximityPlacementGroups) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Virtualmachinescalesets](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Compute/2021-04-01/virtualMachineScaleSets) diff --git a/arm/Microsoft.ContainerInstance/containerGroups/deploy.bicep b/arm/Microsoft.ContainerInstance/containerGroups/deploy.bicep index f4d50532f7..d68894cf06 100644 --- a/arm/Microsoft.ContainerInstance/containerGroups/deploy.bicep +++ b/arm/Microsoft.ContainerInstance/containerGroups/deploy.bicep @@ -104,7 +104,7 @@ resource containergroup 'Microsoft.ContainerInstance/containerGroups@2021-03-01' } } -resource containergroup_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource containergroup_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${containergroup.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.ContainerInstance/containerGroups/readme.md b/arm/Microsoft.ContainerInstance/containerGroups/readme.md index b89da6b404..9b02b6d1f3 100644 --- a/arm/Microsoft.ContainerInstance/containerGroups/readme.md +++ b/arm/Microsoft.ContainerInstance/containerGroups/readme.md @@ -8,7 +8,7 @@ The top-level resource in Azure Container Instances is the container group. A co | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.ContainerInstance/containerGroups` | 2021-03-01 | ## Parameters @@ -91,4 +91,4 @@ You can specify multiple user assigned identities to a resource by providing add ## Template references - [Containergroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ContainerInstance/2021-03-01/containerGroups) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) diff --git a/arm/Microsoft.ContainerRegistry/registries/deploy.bicep b/arm/Microsoft.ContainerRegistry/registries/deploy.bicep index d72a7a01dd..0b8c18e2bc 100644 --- a/arm/Microsoft.ContainerRegistry/registries/deploy.bicep +++ b/arm/Microsoft.ContainerRegistry/registries/deploy.bicep @@ -159,7 +159,7 @@ resource registry 'Microsoft.ContainerRegistry/registries@2020-11-01-preview' = } } -resource registry_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource registry_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${registry.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.ContainerRegistry/registries/readme.md b/arm/Microsoft.ContainerRegistry/registries/readme.md index 38a155c3ec..bfd25bdca8 100644 --- a/arm/Microsoft.ContainerRegistry/registries/readme.md +++ b/arm/Microsoft.ContainerRegistry/registries/readme.md @@ -6,7 +6,7 @@ Azure Container Registry is a managed, private Docker registry service based on | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.ContainerRegistry/registries` | 2020-11-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | @@ -159,7 +159,7 @@ You can specify multiple user assigned identities to a resource by providing add ## Template references - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/privateEndpoints) - [Privateendpoints/Privatednszonegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/privateEndpoints/privateDnsZoneGroups) - [Registries](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ContainerRegistry/2020-11-01-preview/registries) diff --git a/arm/Microsoft.ContainerService/managedClusters/deploy.bicep b/arm/Microsoft.ContainerService/managedClusters/deploy.bicep index 1f0cc0d760..9de28338cb 100644 --- a/arm/Microsoft.ContainerService/managedClusters/deploy.bicep +++ b/arm/Microsoft.ContainerService/managedClusters/deploy.bicep @@ -380,7 +380,7 @@ module managedCluster_agentPools 'agentPools/deploy.bicep' = [for (agentPool, in } }] -resource managedCluster_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource managedCluster_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${managedCluster.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.ContainerService/managedClusters/readme.md b/arm/Microsoft.ContainerService/managedClusters/readme.md index 891b2e207e..225b40261d 100644 --- a/arm/Microsoft.ContainerService/managedClusters/readme.md +++ b/arm/Microsoft.ContainerService/managedClusters/readme.md @@ -6,7 +6,7 @@ This module deploys Azure Kubernetes Cluster (AKS). | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.ContainerService/managedClusters` | 2021-07-01 | | `Microsoft.ContainerService/managedClusters/agentPools` | 2021-08-01 | @@ -208,7 +208,7 @@ You can specify multiple user assigned identities to a resource by providing add ## Template references - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Managedclusters](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ContainerService/2021-07-01/managedClusters) - [Managedclusters/Agentpools](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ContainerService/2021-08-01/managedClusters/agentPools) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.DataFactory/factories/deploy.bicep b/arm/Microsoft.DataFactory/factories/deploy.bicep index 674ec6d802..56ef5545c8 100644 --- a/arm/Microsoft.DataFactory/factories/deploy.bicep +++ b/arm/Microsoft.DataFactory/factories/deploy.bicep @@ -170,7 +170,7 @@ module dataFactory_integrationRuntime 'integrationRuntime/deploy.bicep' = if (!e ] } -resource dataFactory_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource dataFactory_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${dataFactory.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.DataFactory/factories/readme.md b/arm/Microsoft.DataFactory/factories/readme.md index 95a8be5be8..78ec8ec99b 100644 --- a/arm/Microsoft.DataFactory/factories/readme.md +++ b/arm/Microsoft.DataFactory/factories/readme.md @@ -4,7 +4,7 @@ | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.DataFactory/factories` | 2018-06-01 | | `Microsoft.DataFactory/factories/integrationRuntimes` | 2018-06-01 | @@ -108,5 +108,5 @@ You can specify multiple user assigned identities to a resource by providing add - [Factories](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DataFactory/2018-06-01/factories) - [Factories/Integrationruntimes](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DataFactory/2018-06-01/factories/integrationRuntimes) - [Factories/Managedvirtualnetworks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DataFactory/2018-06-01/factories/managedVirtualNetworks) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Databricks/workspaces/deploy.bicep b/arm/Microsoft.Databricks/workspaces/deploy.bicep index 7d6c2d6679..369173234e 100644 --- a/arm/Microsoft.Databricks/workspaces/deploy.bicep +++ b/arm/Microsoft.Databricks/workspaces/deploy.bicep @@ -108,7 +108,7 @@ resource workspace 'Microsoft.Databricks/workspaces@2018-04-01' = { } } -resource workspace_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource workspace_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${workspace.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Databricks/workspaces/readme.md b/arm/Microsoft.Databricks/workspaces/readme.md index 81b8323fe5..44370b931f 100644 --- a/arm/Microsoft.Databricks/workspaces/readme.md +++ b/arm/Microsoft.Databricks/workspaces/readme.md @@ -4,7 +4,7 @@ | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Databricks/workspaces` | 2018-04-01 | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | @@ -112,6 +112,6 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Workspaces](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Databricks/2018-04-01/workspaces) diff --git a/arm/Microsoft.DesktopVirtualization/applicationgroups/deploy.bicep b/arm/Microsoft.DesktopVirtualization/applicationgroups/deploy.bicep index 0029da911a..af8cc7b32e 100644 --- a/arm/Microsoft.DesktopVirtualization/applicationgroups/deploy.bicep +++ b/arm/Microsoft.DesktopVirtualization/applicationgroups/deploy.bicep @@ -100,7 +100,7 @@ resource appGroup 'Microsoft.DesktopVirtualization/applicationgroups@2021-07-12' } } -resource appGroup_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource appGroup_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${appGroup.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.DesktopVirtualization/applicationgroups/readme.md b/arm/Microsoft.DesktopVirtualization/applicationgroups/readme.md index 37d1de521e..c02c89d540 100644 --- a/arm/Microsoft.DesktopVirtualization/applicationgroups/readme.md +++ b/arm/Microsoft.DesktopVirtualization/applicationgroups/readme.md @@ -6,7 +6,7 @@ This module deploys an Azure virtual desktop application group. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.DesktopVirtualization/applicationGroups` | 2021-07-12 | | `Microsoft.DesktopVirtualization/applicationGroups/applications` | 2021-07-12 | @@ -86,5 +86,5 @@ Tag names and tag values can be provided as needed. A tag can be left without a - [Applicationgroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DesktopVirtualization/2021-07-12/applicationGroups) - [Applicationgroups/Applications](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DesktopVirtualization/2021-07-12/applicationGroups/applications) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.DesktopVirtualization/hostpools/deploy.bicep b/arm/Microsoft.DesktopVirtualization/hostpools/deploy.bicep index 509b2cacb8..9cbd1b8cc4 100644 --- a/arm/Microsoft.DesktopVirtualization/hostpools/deploy.bicep +++ b/arm/Microsoft.DesktopVirtualization/hostpools/deploy.bicep @@ -159,7 +159,7 @@ resource hostPool 'Microsoft.DesktopVirtualization/hostpools@2021-07-12' = { } } -resource hostPool_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource hostPool_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${hostPool.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.DesktopVirtualization/hostpools/readme.md b/arm/Microsoft.DesktopVirtualization/hostpools/readme.md index 76a72dbbde..5c1333ad58 100644 --- a/arm/Microsoft.DesktopVirtualization/hostpools/readme.md +++ b/arm/Microsoft.DesktopVirtualization/hostpools/readme.md @@ -6,7 +6,7 @@ This module deploys an Azure virtual desktop host pool. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.DesktopVirtualization/hostPools` | 2021-07-12 | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | @@ -128,5 +128,5 @@ Tag names and tag values can be provided as needed. A tag can be left without a - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) - [Hostpools](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DesktopVirtualization/2021-07-12/hostPools) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.DesktopVirtualization/workspaces/deploy.bicep b/arm/Microsoft.DesktopVirtualization/workspaces/deploy.bicep index 2393ec0787..8681b131e6 100644 --- a/arm/Microsoft.DesktopVirtualization/workspaces/deploy.bicep +++ b/arm/Microsoft.DesktopVirtualization/workspaces/deploy.bicep @@ -86,7 +86,7 @@ resource workspace 'Microsoft.DesktopVirtualization/workspaces@2021-07-12' = { } } -resource workspace_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource workspace_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${workspace.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.DesktopVirtualization/workspaces/readme.md b/arm/Microsoft.DesktopVirtualization/workspaces/readme.md index 79c0e0522e..b0f97aea44 100644 --- a/arm/Microsoft.DesktopVirtualization/workspaces/readme.md +++ b/arm/Microsoft.DesktopVirtualization/workspaces/readme.md @@ -6,7 +6,7 @@ This module deploys an Azure virtual desktop workspace. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.DesktopVirtualization/workspaces` | 2021-07-12 | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | @@ -82,6 +82,6 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Workspaces](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DesktopVirtualization/2021-07-12/workspaces) diff --git a/arm/Microsoft.DocumentDB/databaseAccounts/deploy.bicep b/arm/Microsoft.DocumentDB/databaseAccounts/deploy.bicep index 9980e04f1e..0386bfa11f 100644 --- a/arm/Microsoft.DocumentDB/databaseAccounts/deploy.bicep +++ b/arm/Microsoft.DocumentDB/databaseAccounts/deploy.bicep @@ -206,7 +206,7 @@ resource databaseAccount 'Microsoft.DocumentDB/databaseAccounts@2021-06-15' = { properties: databaseAccount_properties } -resource databaseAccount_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource databaseAccount_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${databaseAccount.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.DocumentDB/databaseAccounts/readme.md b/arm/Microsoft.DocumentDB/databaseAccounts/readme.md index 0ea0255580..85361f5708 100644 --- a/arm/Microsoft.DocumentDB/databaseAccounts/readme.md +++ b/arm/Microsoft.DocumentDB/databaseAccounts/readme.md @@ -6,7 +6,7 @@ This module deploys a DocumentDB database account and its child resources. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.DocumentDB/databaseAccounts` | 2021-06-15 | | `Microsoft.DocumentDB/databaseAccounts/mongodbDatabases` | 2021-07-01-preview | @@ -216,5 +216,5 @@ You can specify multiple user assigned identities to a resource by providing add - [Databaseaccounts/Sqldatabases](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DocumentDB/2021-06-15/databaseAccounts/sqlDatabases) - [Databaseaccounts/Sqldatabases/Containers](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DocumentDB/2021-07-01-preview/databaseAccounts/sqlDatabases/containers) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.EventGrid/topics/deploy.bicep b/arm/Microsoft.EventGrid/topics/deploy.bicep index c172d0d23a..d52af252e3 100644 --- a/arm/Microsoft.EventGrid/topics/deploy.bicep +++ b/arm/Microsoft.EventGrid/topics/deploy.bicep @@ -99,7 +99,7 @@ resource eventGrid 'Microsoft.EventGrid/topics@2020-06-01' = { } } -resource eventGrid_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource eventGrid_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${eventGrid.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.EventGrid/topics/readme.md b/arm/Microsoft.EventGrid/topics/readme.md index 744a284b89..e5098c6d3b 100644 --- a/arm/Microsoft.EventGrid/topics/readme.md +++ b/arm/Microsoft.EventGrid/topics/readme.md @@ -6,7 +6,7 @@ This module deploys an event grid topic. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.EventGrid/topics` | 2020-06-01 | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | @@ -120,7 +120,7 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints) - [Privateendpoints/Privatednszonegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/privateEndpoints/privateDnsZoneGroups) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.EventHub/namespaces/.bicep/nested_privateEndpoint.bicep b/arm/Microsoft.EventHub/namespaces/.bicep/nested_privateEndpoint.bicep index e54b6948f7..bee82b861e 100644 --- a/arm/Microsoft.EventHub/namespaces/.bicep/nested_privateEndpoint.bicep +++ b/arm/Microsoft.EventHub/namespaces/.bicep/nested_privateEndpoint.bicep @@ -36,7 +36,7 @@ resource privateEndpoint 'Microsoft.Network/privateEndpoints@2021-03-01' = { } } -resource privateDnsZoneGroups 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2020-05-01' = if (!empty(privateEndpoint_var.privateDnsZoneResourceIds)) { +resource privateDnsZoneGroups 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2017-04-01' = if (!empty(privateEndpoint_var.privateDnsZoneResourceIds)) { name: '${privateEndpoint_var.name}/default' properties: { privateDnsZoneConfigs: [for privateDnsZoneResourceId in privateEndpoint_var.privateDnsZoneResourceIds: { diff --git a/arm/Microsoft.EventHub/namespaces/deploy.bicep b/arm/Microsoft.EventHub/namespaces/deploy.bicep index 6b3278cd56..4197861e75 100644 --- a/arm/Microsoft.EventHub/namespaces/deploy.bicep +++ b/arm/Microsoft.EventHub/namespaces/deploy.bicep @@ -192,7 +192,7 @@ resource eventHubNamespace 'Microsoft.EventHub/namespaces@2021-06-01-preview' = } } -resource eventHubNamespace_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource eventHubNamespace_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${eventHubNamespace.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.EventHub/namespaces/eventhubs/deploy.bicep b/arm/Microsoft.EventHub/namespaces/eventhubs/deploy.bicep index cd166d3dc7..9f90d167c5 100644 --- a/arm/Microsoft.EventHub/namespaces/eventhubs/deploy.bicep +++ b/arm/Microsoft.EventHub/namespaces/eventhubs/deploy.bicep @@ -137,7 +137,7 @@ resource eventHub 'Microsoft.EventHub/namespaces/eventhubs@2021-06-01-preview' = properties: captureDescriptionEnabled ? eventHubPropertiesWithCapture : eventHubPropertiesSimple } -resource eventHub_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource eventHub_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${eventHub.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.EventHub/namespaces/eventhubs/readme.md b/arm/Microsoft.EventHub/namespaces/eventhubs/readme.md index b5bdeafc3c..3ab5c1ae22 100644 --- a/arm/Microsoft.EventHub/namespaces/eventhubs/readme.md +++ b/arm/Microsoft.EventHub/namespaces/eventhubs/readme.md @@ -6,7 +6,7 @@ This module deploys an Event Hub. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.EventHub/namespaces/eventhubs` | 2021-06-01-preview | | `Microsoft.EventHub/namespaces/eventhubs/authorizationRules` | 2021-06-01-preview | @@ -69,7 +69,7 @@ This module deploys an Event Hub. ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Namespaces/Eventhubs](https://docs.microsoft.com/en-us/azure/templates/Microsoft.EventHub/2021-06-01-preview/namespaces/eventhubs) - [Namespaces/Eventhubs/Authorizationrules](https://docs.microsoft.com/en-us/azure/templates/Microsoft.EventHub/2021-06-01-preview/namespaces/eventhubs/authorizationRules) - [Namespaces/Eventhubs/Consumergroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.EventHub/2021-06-01-preview/namespaces/eventhubs/consumergroups) diff --git a/arm/Microsoft.EventHub/namespaces/readme.md b/arm/Microsoft.EventHub/namespaces/readme.md index 1155a3441a..0a1d748a94 100644 --- a/arm/Microsoft.EventHub/namespaces/readme.md +++ b/arm/Microsoft.EventHub/namespaces/readme.md @@ -6,7 +6,7 @@ This module deploys an event hub namespace. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.EventHub/namespaces` | 2021-06-01-preview | | `Microsoft.EventHub/namespaces/authorizationRules` | 2017-04-01 | @@ -16,7 +16,7 @@ This module deploys an event hub namespace. | `Microsoft.EventHub/namespaces/eventhubs/consumergroups` | 2021-06-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Network/privateEndpoints` | 2021-03-01 | -| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | 2020-05-01 | +| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | 2017-04-01 | ## Parameters @@ -150,7 +150,7 @@ You can specify multiple user assigned identities to a resource by providing add ## Template references - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Namespaces](https://docs.microsoft.com/en-us/azure/templates/Microsoft.EventHub/2021-06-01-preview/namespaces) - [Namespaces/Authorizationrules](https://docs.microsoft.com/en-us/azure/templates/Microsoft.EventHub/2017-04-01/namespaces/authorizationRules) - [Namespaces/Disasterrecoveryconfigs](https://docs.microsoft.com/en-us/azure/templates/Microsoft.EventHub/2017-04-01/namespaces/disasterRecoveryConfigs) diff --git a/arm/Microsoft.HealthBot/healthBots/deploy.bicep b/arm/Microsoft.HealthBot/healthBots/deploy.bicep index a2a19915a9..413c3ebdb1 100644 --- a/arm/Microsoft.HealthBot/healthBots/deploy.bicep +++ b/arm/Microsoft.HealthBot/healthBots/deploy.bicep @@ -39,7 +39,7 @@ resource azureHealthBot 'Microsoft.HealthBot/healthBots@2020-12-08' = { properties: {} } -resource azureHealthBot_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource azureHealthBot_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${azureHealthBot.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.HealthBot/healthBots/readme.md b/arm/Microsoft.HealthBot/healthBots/readme.md index 8ab04a5920..e8acfd748f 100644 --- a/arm/Microsoft.HealthBot/healthBots/readme.md +++ b/arm/Microsoft.HealthBot/healthBots/readme.md @@ -6,7 +6,7 @@ This module deploys an Azure Health Bot. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.HealthBot/healthBots` | 2020-12-08 | @@ -72,5 +72,5 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references - [Define resources with Bicep and ARM templates](https://docs.microsoft.com/en-us/azure/templates) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Insights/privateLinkScopes/.bicep/nested_privateEndpoint.bicep b/arm/Microsoft.Insights/privateLinkScopes/.bicep/nested_privateEndpoint.bicep index 595b138a0d..93eb75add0 100644 --- a/arm/Microsoft.Insights/privateLinkScopes/.bicep/nested_privateEndpoint.bicep +++ b/arm/Microsoft.Insights/privateLinkScopes/.bicep/nested_privateEndpoint.bicep @@ -35,7 +35,7 @@ resource privateEndpoint 'Microsoft.Network/privateEndpoints@2021-03-01' = { customDnsConfigs: privateEndpoint_var.customDnsConfigs } - resource privateDnsZoneGroups 'privateDnsZoneGroups@2020-05-01' = { + resource privateDnsZoneGroups 'privateDnsZoneGroups@2017-04-01' = { name: 'default' properties: { privateDnsZoneConfigs: [for privateDnsZoneResourceId in privateEndpoint_var.privateDnsZoneResourceIds: { diff --git a/arm/Microsoft.Insights/privateLinkScopes/deploy.bicep b/arm/Microsoft.Insights/privateLinkScopes/deploy.bicep index 40257b19af..7b0bb19c61 100644 --- a/arm/Microsoft.Insights/privateLinkScopes/deploy.bicep +++ b/arm/Microsoft.Insights/privateLinkScopes/deploy.bicep @@ -49,7 +49,7 @@ module privateLinkScope_scopedResource 'scopedResources/deploy.bicep' = [for (sc } }] -resource privateLinkScope_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource privateLinkScope_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${privateLinkScope.name}-${lock}-lock' scope: privateLinkScope properties: { diff --git a/arm/Microsoft.Insights/privateLinkScopes/readme.md b/arm/Microsoft.Insights/privateLinkScopes/readme.md index f1c931899a..708cd1fb2d 100644 --- a/arm/Microsoft.Insights/privateLinkScopes/readme.md +++ b/arm/Microsoft.Insights/privateLinkScopes/readme.md @@ -6,12 +6,12 @@ This module deploys an Azure Monitor Private Link Scope. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `microsoft.insights/privateLinkScopes` | 2019-10-17-preview | | `Microsoft.Insights/privateLinkScopes/scopedResources` | 2021-07-01-preview | | `Microsoft.Network/privateEndpoints` | 2021-03-01 | -| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | 2020-05-01 | +| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | 2017-04-01 | ## Parameters @@ -111,7 +111,7 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/privateEndpoints) - [Privateendpoints/Privatednszonegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/privateEndpoints/privateDnsZoneGroups) - [Privatelinkscopes](https://docs.microsoft.com/en-us/azure/templates/microsoft.insights/2019-10-17-preview/privateLinkScopes) diff --git a/arm/Microsoft.KeyVault/vaults/deploy.bicep b/arm/Microsoft.KeyVault/vaults/deploy.bicep index edb5a7c833..44ee6033fa 100644 --- a/arm/Microsoft.KeyVault/vaults/deploy.bicep +++ b/arm/Microsoft.KeyVault/vaults/deploy.bicep @@ -187,7 +187,7 @@ resource keyVault 'Microsoft.KeyVault/vaults@2019-09-01' = { } } -resource keyVault_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource keyVault_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${keyVault.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.KeyVault/vaults/readme.md b/arm/Microsoft.KeyVault/vaults/readme.md index 6a96d0eabb..5281b52e24 100644 --- a/arm/Microsoft.KeyVault/vaults/readme.md +++ b/arm/Microsoft.KeyVault/vaults/readme.md @@ -6,7 +6,7 @@ This module deploys a key vault and it's child resources. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.KeyVault/vaults` | 2019-09-01 | @@ -187,7 +187,7 @@ To use Private Endpoint the following dependencies must be deployed: ## Template references - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints) - [Privateendpoints/Privatednszonegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/privateEndpoints/privateDnsZoneGroups) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Logic/workflows/deploy.bicep b/arm/Microsoft.Logic/workflows/deploy.bicep index a936fad736..c6c733e8b9 100644 --- a/arm/Microsoft.Logic/workflows/deploy.bicep +++ b/arm/Microsoft.Logic/workflows/deploy.bicep @@ -180,7 +180,7 @@ resource logicApp 'Microsoft.Logic/workflows@2019-05-01' = { } } -resource logicApp_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource logicApp_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${logicApp.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Logic/workflows/readme.md b/arm/Microsoft.Logic/workflows/readme.md index 277f8e8843..3fc1d99cd2 100644 --- a/arm/Microsoft.Logic/workflows/readme.md +++ b/arm/Microsoft.Logic/workflows/readme.md @@ -6,7 +6,7 @@ This module deploys a Logic App resource. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Logic/workflows` | 2019-05-01 | @@ -163,6 +163,6 @@ You can specify multiple user assigned identities to a resource by providing add ## Template references - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Workflows](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Logic/2019-05-01/workflows) diff --git a/arm/Microsoft.MachineLearningServices/workspaces/deploy.bicep b/arm/Microsoft.MachineLearningServices/workspaces/deploy.bicep index c08cd03896..623c8886d6 100644 --- a/arm/Microsoft.MachineLearningServices/workspaces/deploy.bicep +++ b/arm/Microsoft.MachineLearningServices/workspaces/deploy.bicep @@ -143,7 +143,7 @@ resource workspace 'Microsoft.MachineLearningServices/workspaces@2021-04-01' = { } } -resource workspace_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource workspace_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${workspace.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.MachineLearningServices/workspaces/readme.md b/arm/Microsoft.MachineLearningServices/workspaces/readme.md index 2fbb2bb006..fe3f8eae40 100644 --- a/arm/Microsoft.MachineLearningServices/workspaces/readme.md +++ b/arm/Microsoft.MachineLearningServices/workspaces/readme.md @@ -6,7 +6,7 @@ This module deploys a Machine Learning Services Workspace. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.MachineLearningServices/workspaces` | 2021-04-01 | @@ -127,7 +127,7 @@ To use Private Endpoint the following dependencies must be deployed: ## Template references - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints) - [Privateendpoints/Privatednszonegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/privateEndpoints/privateDnsZoneGroups) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.ManagedIdentity/userAssignedIdentities/deploy.bicep b/arm/Microsoft.ManagedIdentity/userAssignedIdentities/deploy.bicep index 1f5de06d1d..67b1c9e825 100644 --- a/arm/Microsoft.ManagedIdentity/userAssignedIdentities/deploy.bicep +++ b/arm/Microsoft.ManagedIdentity/userAssignedIdentities/deploy.bicep @@ -32,7 +32,7 @@ resource userMsi 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = tags: tags } -resource userMsi_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource userMsi_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${userMsi.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.ManagedIdentity/userAssignedIdentities/readme.md b/arm/Microsoft.ManagedIdentity/userAssignedIdentities/readme.md index 9fbc462fb0..00be0e27d8 100644 --- a/arm/Microsoft.ManagedIdentity/userAssignedIdentities/readme.md +++ b/arm/Microsoft.ManagedIdentity/userAssignedIdentities/readme.md @@ -6,7 +6,7 @@ This module deploys a user assigned identity. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.ManagedIdentity/userAssignedIdentities` | 2018-11-30 | @@ -71,6 +71,6 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Userassignedidentities](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ManagedIdentity/2018-11-30/userAssignedIdentities) diff --git a/arm/Microsoft.NetApp/netAppAccounts/deploy.bicep b/arm/Microsoft.NetApp/netAppAccounts/deploy.bicep index 935ae973c9..7119d4a611 100644 --- a/arm/Microsoft.NetApp/netAppAccounts/deploy.bicep +++ b/arm/Microsoft.NetApp/netAppAccounts/deploy.bicep @@ -68,7 +68,7 @@ resource netAppAccount 'Microsoft.NetApp/netAppAccounts@2021-04-01' = { } } -resource netAppAccount_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource netAppAccount_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${netAppAccount.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.NetApp/netAppAccounts/readme.md b/arm/Microsoft.NetApp/netAppAccounts/readme.md index e021dc65ee..cbf45e579c 100644 --- a/arm/Microsoft.NetApp/netAppAccounts/readme.md +++ b/arm/Microsoft.NetApp/netAppAccounts/readme.md @@ -6,7 +6,7 @@ This template deploys Azure NetApp Files. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.NetApp/netAppAccounts` | 2021-04-01 | | `Microsoft.NetApp/netAppAccounts/capacityPools` | 2021-06-01 | @@ -79,7 +79,7 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Netappaccounts](https://docs.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2021-04-01/netAppAccounts) - [Netappaccounts/Capacitypools](https://docs.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2021-06-01/netAppAccounts/capacityPools) - [Netappaccounts/Capacitypools/Volumes](https://docs.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2021-06-01/netAppAccounts/capacityPools/volumes) diff --git a/arm/Microsoft.Network/applicationGateways/deploy.bicep b/arm/Microsoft.Network/applicationGateways/deploy.bicep index e263363d6d..57af3861cb 100644 --- a/arm/Microsoft.Network/applicationGateways/deploy.bicep +++ b/arm/Microsoft.Network/applicationGateways/deploy.bicep @@ -391,7 +391,7 @@ resource applicationGateway 'Microsoft.Network/applicationGateways@2021-03-01' = dependsOn: [] } -resource applicationGateway_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource applicationGateway_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${applicationGateway.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Network/applicationGateways/readme.md b/arm/Microsoft.Network/applicationGateways/readme.md index b9b502f13e..b95fa7ebc2 100644 --- a/arm/Microsoft.Network/applicationGateways/readme.md +++ b/arm/Microsoft.Network/applicationGateways/readme.md @@ -6,7 +6,7 @@ This template deploys an application gateway. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Network/applicationGateways` | 2021-03-01 | @@ -243,5 +243,5 @@ You can specify multiple user assigned identities to a resource by providing add - [Applicationgateways](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/applicationGateways) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Network/applicationSecurityGroups/deploy.bicep b/arm/Microsoft.Network/applicationSecurityGroups/deploy.bicep index b0131790fe..8b49ebdcf1 100644 --- a/arm/Microsoft.Network/applicationSecurityGroups/deploy.bicep +++ b/arm/Microsoft.Network/applicationSecurityGroups/deploy.bicep @@ -33,7 +33,7 @@ resource applicationSecurityGroup 'Microsoft.Network/applicationSecurityGroups@2 properties: {} } -resource applicationSecurityGroup_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource applicationSecurityGroup_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${applicationSecurityGroup.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Network/applicationSecurityGroups/readme.md b/arm/Microsoft.Network/applicationSecurityGroups/readme.md index f55dea12fc..badbccbc37 100644 --- a/arm/Microsoft.Network/applicationSecurityGroups/readme.md +++ b/arm/Microsoft.Network/applicationSecurityGroups/readme.md @@ -6,7 +6,7 @@ This module deploys an application security group. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Network/applicationSecurityGroups` | 2021-02-01 | @@ -71,5 +71,5 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references - [Applicationsecuritygroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/applicationSecurityGroups) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Network/azureFirewalls/deploy.bicep b/arm/Microsoft.Network/azureFirewalls/deploy.bicep index 239e31c7a4..2aa1724aee 100644 --- a/arm/Microsoft.Network/azureFirewalls/deploy.bicep +++ b/arm/Microsoft.Network/azureFirewalls/deploy.bicep @@ -166,7 +166,7 @@ resource azureFirewallPip 'Microsoft.Network/publicIPAddresses@2021-02-01' = { } } -resource azureFirewallPip_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource azureFirewallPip_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${azureFirewallPip.name}-${lock}-lock' properties: { level: lock @@ -221,7 +221,7 @@ resource azureFirewall 'Microsoft.Network/azureFirewalls@2021-03-01' = { } } -resource azureFirewall_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource azureFirewall_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${azureFirewall.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Network/azureFirewalls/readme.md b/arm/Microsoft.Network/azureFirewalls/readme.md index f7ad866b01..2837ca8868 100644 --- a/arm/Microsoft.Network/azureFirewalls/readme.md +++ b/arm/Microsoft.Network/azureFirewalls/readme.md @@ -6,7 +6,7 @@ This module deploys a firewall. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Network/azureFirewalls` | 2021-03-01 | @@ -102,6 +102,6 @@ The `networkRuleCollections` parameter accepts a JSON Array of AzureFirewallNetw - [Azurefirewalls](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/azureFirewalls) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Publicipaddresses](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/publicIPAddresses) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Network/bastionHosts/.bicep/nested_publicIPAddress.bicep b/arm/Microsoft.Network/bastionHosts/.bicep/nested_publicIPAddress.bicep index e9eab376c4..3190605988 100644 --- a/arm/Microsoft.Network/bastionHosts/.bicep/nested_publicIPAddress.bicep +++ b/arm/Microsoft.Network/bastionHosts/.bicep/nested_publicIPAddress.bicep @@ -107,7 +107,7 @@ resource publicIpAddress 'Microsoft.Network/publicIPAddresses@2021-02-01' = { } } -resource publicIpAddress_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource publicIpAddress_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${publicIpAddress.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Network/bastionHosts/deploy.bicep b/arm/Microsoft.Network/bastionHosts/deploy.bicep index 81a939c943..6c3792b0c5 100644 --- a/arm/Microsoft.Network/bastionHosts/deploy.bicep +++ b/arm/Microsoft.Network/bastionHosts/deploy.bicep @@ -129,7 +129,7 @@ resource azureBastion 'Microsoft.Network/bastionHosts@2021-02-01' = { } } -resource azureBastion_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource azureBastion_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${azureBastion.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Network/bastionHosts/readme.md b/arm/Microsoft.Network/bastionHosts/readme.md index 8b9ae1616b..07f64754a5 100644 --- a/arm/Microsoft.Network/bastionHosts/readme.md +++ b/arm/Microsoft.Network/bastionHosts/readme.md @@ -6,7 +6,7 @@ This module deploys a bastion host. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Network/bastionHosts` | 2021-02-01 | @@ -83,6 +83,6 @@ Tag names and tag values can be provided as needed. A tag can be left without a - [Bastionhosts](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/bastionHosts) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Publicipaddresses](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/publicIPAddresses) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Network/connections/deploy.bicep b/arm/Microsoft.Network/connections/deploy.bicep index acd5848a5e..c780a20c32 100644 --- a/arm/Microsoft.Network/connections/deploy.bicep +++ b/arm/Microsoft.Network/connections/deploy.bicep @@ -113,7 +113,7 @@ resource connection 'Microsoft.Network/connections@2021-02-01' = { } } -resource connection_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource connection_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${connection.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Network/connections/readme.md b/arm/Microsoft.Network/connections/readme.md index 99d1197086..9090c7624f 100644 --- a/arm/Microsoft.Network/connections/readme.md +++ b/arm/Microsoft.Network/connections/readme.md @@ -6,7 +6,7 @@ This template deploys a virtual network gateway connection. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Network/connections` | 2021-02-01 | ## Parameters @@ -93,4 +93,4 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references - [Connections](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/connections) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) diff --git a/arm/Microsoft.Network/ddosProtectionPlans/deploy.bicep b/arm/Microsoft.Network/ddosProtectionPlans/deploy.bicep index adc3f2a93e..402c245252 100644 --- a/arm/Microsoft.Network/ddosProtectionPlans/deploy.bicep +++ b/arm/Microsoft.Network/ddosProtectionPlans/deploy.bicep @@ -34,7 +34,7 @@ resource ddosProtectionPlan 'Microsoft.Network/ddosProtectionPlans@2021-02-01' = properties: {} } -resource ddosProtectionPlan_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource ddosProtectionPlan_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${ddosProtectionPlan.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Network/ddosProtectionPlans/readme.md b/arm/Microsoft.Network/ddosProtectionPlans/readme.md index 0085d8cfb9..7282785758 100644 --- a/arm/Microsoft.Network/ddosProtectionPlans/readme.md +++ b/arm/Microsoft.Network/ddosProtectionPlans/readme.md @@ -6,7 +6,7 @@ This template deploys a DDoS protection plan. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Network/ddosProtectionPlans` | 2021-02-01 | @@ -71,5 +71,5 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references - [Ddosprotectionplans](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/ddosProtectionPlans) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Network/expressRouteCircuits/deploy.bicep b/arm/Microsoft.Network/expressRouteCircuits/deploy.bicep index 24b8d0dc9c..911317ec9b 100644 --- a/arm/Microsoft.Network/expressRouteCircuits/deploy.bicep +++ b/arm/Microsoft.Network/expressRouteCircuits/deploy.bicep @@ -164,7 +164,7 @@ resource expressRouteCircuits 'Microsoft.Network/expressRouteCircuits@2021-02-01 } } -resource expressRouteCircuits_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource expressRouteCircuits_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${expressRouteCircuits.name}-${lock}-lock' properties: { level: lock @@ -205,4 +205,4 @@ output expressRouteCircuitResourceGroup string = resourceGroup().name output expressRouteCircuitName string = expressRouteCircuits.name @description('The service key of the express route circuit') -output expressRouteCircuitServiceKey string = reference(expressRouteCircuits.id, '2020-05-01').serviceKey +output expressRouteCircuitServiceKey string = reference(expressRouteCircuits.id, '2017-04-01').serviceKey diff --git a/arm/Microsoft.Network/expressRouteCircuits/readme.md b/arm/Microsoft.Network/expressRouteCircuits/readme.md index ca8569dff5..a66938ce1f 100644 --- a/arm/Microsoft.Network/expressRouteCircuits/readme.md +++ b/arm/Microsoft.Network/expressRouteCircuits/readme.md @@ -6,7 +6,7 @@ This template deploys an express route circuit. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Network/expressRouteCircuits` | 2021-02-01 | @@ -93,5 +93,5 @@ Tag names and tag values can be provided as needed. A tag can be left without a - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) - [Expressroutecircuits](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/expressRouteCircuits) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Network/ipGroups/deploy.bicep b/arm/Microsoft.Network/ipGroups/deploy.bicep index 4af958bc57..1424e1775f 100644 --- a/arm/Microsoft.Network/ipGroups/deploy.bicep +++ b/arm/Microsoft.Network/ipGroups/deploy.bicep @@ -39,7 +39,7 @@ resource ipGroup 'Microsoft.Network/ipGroups@2021-02-01' = { } } -resource ipGroup_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource ipGroup_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${ipGroup.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Network/ipGroups/readme.md b/arm/Microsoft.Network/ipGroups/readme.md index 6144e7c385..28370e1f19 100644 --- a/arm/Microsoft.Network/ipGroups/readme.md +++ b/arm/Microsoft.Network/ipGroups/readme.md @@ -6,7 +6,7 @@ This module deploys an IP group. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Network/ipGroups` | 2021-02-01 | @@ -72,5 +72,5 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references - [Ipgroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/ipGroups) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Network/loadBalancers/deploy.bicep b/arm/Microsoft.Network/loadBalancers/deploy.bicep index 45c31e4edc..ff6a91c1f0 100644 --- a/arm/Microsoft.Network/loadBalancers/deploy.bicep +++ b/arm/Microsoft.Network/loadBalancers/deploy.bicep @@ -207,7 +207,7 @@ module loadBalancer_inboundNATRules 'inboundNatRules/deploy.bicep' = [for (inbou ] }] -resource loadBalancer_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource loadBalancer_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${loadBalancer.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Network/loadBalancers/readme.md b/arm/Microsoft.Network/loadBalancers/readme.md index 199b526467..ae23863c40 100644 --- a/arm/Microsoft.Network/loadBalancers/readme.md +++ b/arm/Microsoft.Network/loadBalancers/readme.md @@ -6,7 +6,7 @@ This module deploys a load balancer. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Network/loadBalancers` | 2021-02-01 | @@ -220,5 +220,5 @@ Tag names and tag values can be provided as needed. A tag can be left without a - [Loadbalancers](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/loadBalancers) - [Loadbalancers/Backendaddresspools](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/loadBalancers/backendAddressPools) - [Loadbalancers/Inboundnatrules](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/loadBalancers/inboundNatRules) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Network/localNetworkGateways/deploy.bicep b/arm/Microsoft.Network/localNetworkGateways/deploy.bicep index 9974e9cb79..d427df77c5 100644 --- a/arm/Microsoft.Network/localNetworkGateways/deploy.bicep +++ b/arm/Microsoft.Network/localNetworkGateways/deploy.bicep @@ -65,7 +65,7 @@ resource localNetworkGateway 'Microsoft.Network/localNetworkGateways@2021-02-01' } } -resource localNetworkGateway_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource localNetworkGateway_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${localNetworkGateway.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Network/localNetworkGateways/readme.md b/arm/Microsoft.Network/localNetworkGateways/readme.md index efae226523..59b83613c6 100644 --- a/arm/Microsoft.Network/localNetworkGateways/readme.md +++ b/arm/Microsoft.Network/localNetworkGateways/readme.md @@ -6,7 +6,7 @@ This module deploys a local network gateway. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Network/localNetworkGateways` | 2021-02-01 | @@ -77,5 +77,5 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references - [Localnetworkgateways](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/localNetworkGateways) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Network/natGateways/deploy.bicep b/arm/Microsoft.Network/natGateways/deploy.bicep index e724f17c65..2dac24b1df 100644 --- a/arm/Microsoft.Network/natGateways/deploy.bicep +++ b/arm/Microsoft.Network/natGateways/deploy.bicep @@ -139,7 +139,7 @@ resource publicIP 'Microsoft.Network/publicIPAddresses@2021-02-01' = if (natGate } } -resource publicIP_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource publicIP_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${publicIP.name}-${lock}-lock' properties: { level: lock @@ -174,7 +174,7 @@ resource natGateway 'Microsoft.Network/natGateways@2021-02-01' = { zones: zones } -resource natGateway_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource natGateway_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${natGateway.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Network/natGateways/readme.md b/arm/Microsoft.Network/natGateways/readme.md index 9c9a85a916..16e195294e 100644 --- a/arm/Microsoft.Network/natGateways/readme.md +++ b/arm/Microsoft.Network/natGateways/readme.md @@ -6,7 +6,7 @@ This module deploys a NAT gateway. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Network/natGateways` | 2021-02-01 | @@ -88,7 +88,7 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Natgateways](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/natGateways) - [Publicipaddresses](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/publicIPAddresses) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Network/networkSecurityGroups/deploy.bicep b/arm/Microsoft.Network/networkSecurityGroups/deploy.bicep index a6da336731..0082a6445d 100644 --- a/arm/Microsoft.Network/networkSecurityGroups/deploy.bicep +++ b/arm/Microsoft.Network/networkSecurityGroups/deploy.bicep @@ -93,7 +93,7 @@ resource networkSecurityGroup 'Microsoft.Network/networkSecurityGroups@2021-02-0 } } -resource networkSecurityGroup_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource networkSecurityGroup_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${networkSecurityGroup.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Network/networkSecurityGroups/readme.md b/arm/Microsoft.Network/networkSecurityGroups/readme.md index d4cd9b88f0..e8a31ac9a4 100644 --- a/arm/Microsoft.Network/networkSecurityGroups/readme.md +++ b/arm/Microsoft.Network/networkSecurityGroups/readme.md @@ -6,7 +6,7 @@ This template deploys a network security group (NSG) with optional security rule | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Network/networkSecurityGroups` | 2021-02-01 | @@ -159,6 +159,6 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Networksecuritygroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/networkSecurityGroups) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Network/networkWatchers/deploy.bicep b/arm/Microsoft.Network/networkWatchers/deploy.bicep index 2e3872943a..003ca34c4e 100644 --- a/arm/Microsoft.Network/networkWatchers/deploy.bicep +++ b/arm/Microsoft.Network/networkWatchers/deploy.bicep @@ -40,7 +40,7 @@ resource networkWatcher 'Microsoft.Network/networkWatchers@2021-02-01' = { properties: {} } -resource networkWatcher_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource networkWatcher_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${networkWatcher.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Network/networkWatchers/readme.md b/arm/Microsoft.Network/networkWatchers/readme.md index 69761eb870..daf5e9a17b 100644 --- a/arm/Microsoft.Network/networkWatchers/readme.md +++ b/arm/Microsoft.Network/networkWatchers/readme.md @@ -6,7 +6,7 @@ This template deploys a network watcher. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Network/networkWatchers` | 2021-02-01 | | `Microsoft.Network/networkWatchers/connectionMonitors` | 2021-03-01 | @@ -75,7 +75,7 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Networkwatchers](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/networkWatchers) - [Networkwatchers/Connectionmonitors](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/networkWatchers/connectionMonitors) - [Networkwatchers/Flowlogs](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/networkWatchers/flowLogs) diff --git a/arm/Microsoft.Network/privateDnsZones/deploy.bicep b/arm/Microsoft.Network/privateDnsZones/deploy.bicep index 3f176296f7..366549354a 100644 --- a/arm/Microsoft.Network/privateDnsZones/deploy.bicep +++ b/arm/Microsoft.Network/privateDnsZones/deploy.bicep @@ -47,7 +47,7 @@ module privateDnsZone_virtualNetworkLinks 'virtualNetworkLinks/deploy.bicep' = [ } }] -resource privateDnsZone_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource privateDnsZone_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${privateDnsZone.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Network/privateDnsZones/readme.md b/arm/Microsoft.Network/privateDnsZones/readme.md index 06cf7b618e..2da8f59ac2 100644 --- a/arm/Microsoft.Network/privateDnsZones/readme.md +++ b/arm/Microsoft.Network/privateDnsZones/readme.md @@ -6,7 +6,7 @@ This template deploys a private DNS zone. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Network/privateDnsZones` | 2020-06-01 | | `Microsoft.Network/privateDnsZones/virtualNetworkLinks` | 2020-06-01 | @@ -72,7 +72,7 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Privatednszones](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2020-06-01/privateDnsZones) - [Privatednszones/Virtualnetworklinks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2020-06-01/privateDnsZones/virtualNetworkLinks) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Network/privateEndpoints/deploy.bicep b/arm/Microsoft.Network/privateEndpoints/deploy.bicep index 3a3b976569..c2db6a2abf 100644 --- a/arm/Microsoft.Network/privateEndpoints/deploy.bicep +++ b/arm/Microsoft.Network/privateEndpoints/deploy.bicep @@ -68,7 +68,7 @@ module privateEndpoint_privateDnsZoneGroups 'privateDnsZoneGroups/deploy.bicep' } }] -resource privateEndpoint_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource privateEndpoint_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${privateEndpoint.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Network/privateEndpoints/readme.md b/arm/Microsoft.Network/privateEndpoints/readme.md index c628c473dd..8f176f2012 100644 --- a/arm/Microsoft.Network/privateEndpoints/readme.md +++ b/arm/Microsoft.Network/privateEndpoints/readme.md @@ -6,7 +6,7 @@ This template deploys a private endpoint for a generic service. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Network/privateEndpoints` | 2021-03-01 | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | 2021-03-01 | @@ -85,7 +85,7 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/privateEndpoints) - [Privateendpoints/Privatednszonegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/privateEndpoints/privateDnsZoneGroups) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Network/publicIPAddresses/deploy.bicep b/arm/Microsoft.Network/publicIPAddresses/deploy.bicep index 2075b51149..35fec83021 100644 --- a/arm/Microsoft.Network/publicIPAddresses/deploy.bicep +++ b/arm/Microsoft.Network/publicIPAddresses/deploy.bicep @@ -115,7 +115,7 @@ resource publicIpAddress 'Microsoft.Network/publicIPAddresses@2021-02-01' = { } } -resource publicIpAddress_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource publicIpAddress_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${publicIpAddress.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Network/publicIPAddresses/readme.md b/arm/Microsoft.Network/publicIPAddresses/readme.md index 6b7f187917..1c2cc79612 100644 --- a/arm/Microsoft.Network/publicIPAddresses/readme.md +++ b/arm/Microsoft.Network/publicIPAddresses/readme.md @@ -4,7 +4,7 @@ | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Network/publicIPAddresses` | 2021-02-01 | @@ -81,6 +81,6 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Publicipaddresses](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/publicIPAddresses) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Network/publicIPPrefixes/deploy.bicep b/arm/Microsoft.Network/publicIPPrefixes/deploy.bicep index 9272be4fd5..305aa0bed5 100644 --- a/arm/Microsoft.Network/publicIPPrefixes/deploy.bicep +++ b/arm/Microsoft.Network/publicIPPrefixes/deploy.bicep @@ -45,7 +45,7 @@ resource publicIpPrefix 'Microsoft.Network/publicIPPrefixes@2021-02-01' = { } } -resource publicIpPrefix_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource publicIpPrefix_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${publicIpPrefix.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Network/publicIPPrefixes/readme.md b/arm/Microsoft.Network/publicIPPrefixes/readme.md index 5d2fc758a6..ab0e357f3b 100644 --- a/arm/Microsoft.Network/publicIPPrefixes/readme.md +++ b/arm/Microsoft.Network/publicIPPrefixes/readme.md @@ -6,7 +6,7 @@ This template deploys a public IP prefix. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Network/publicIPPrefixes` | 2021-02-01 | @@ -71,6 +71,6 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Publicipprefixes](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/publicIPPrefixes) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Network/routeTables/deploy.bicep b/arm/Microsoft.Network/routeTables/deploy.bicep index 3ad1e610a3..96aa332be0 100644 --- a/arm/Microsoft.Network/routeTables/deploy.bicep +++ b/arm/Microsoft.Network/routeTables/deploy.bicep @@ -42,7 +42,7 @@ resource routeTable 'Microsoft.Network/routeTables@2021-02-01' = { } } -resource routeTable_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource routeTable_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${routeTable.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Network/routeTables/readme.md b/arm/Microsoft.Network/routeTables/readme.md index 4b1720a105..10c50ebe95 100644 --- a/arm/Microsoft.Network/routeTables/readme.md +++ b/arm/Microsoft.Network/routeTables/readme.md @@ -6,7 +6,7 @@ This module deploys a user defined route table. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Network/routeTables` | 2021-02-01 | @@ -114,6 +114,6 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Routetables](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/routeTables) diff --git a/arm/Microsoft.Network/trafficmanagerprofiles/deploy.bicep b/arm/Microsoft.Network/trafficmanagerprofiles/deploy.bicep index 0eda73ab44..2e45ec0ef1 100644 --- a/arm/Microsoft.Network/trafficmanagerprofiles/deploy.bicep +++ b/arm/Microsoft.Network/trafficmanagerprofiles/deploy.bicep @@ -138,7 +138,7 @@ resource trafficManagerProfile 'Microsoft.Network/trafficmanagerprofiles@2018-08 } } -resource trafficManagerProfile_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource trafficManagerProfile_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${trafficManagerProfile.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Network/trafficmanagerprofiles/readme.md b/arm/Microsoft.Network/trafficmanagerprofiles/readme.md index 475aea4ef6..8843e9d0cd 100644 --- a/arm/Microsoft.Network/trafficmanagerprofiles/readme.md +++ b/arm/Microsoft.Network/trafficmanagerprofiles/readme.md @@ -6,7 +6,7 @@ This module deploys a traffic manager profile. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Network/trafficmanagerprofiles` | 2018-08-01 | @@ -124,6 +124,6 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Trafficmanagerprofiles](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2018-08-01/trafficmanagerprofiles) diff --git a/arm/Microsoft.Network/virtualNetworkGateways/deploy.bicep b/arm/Microsoft.Network/virtualNetworkGateways/deploy.bicep index 4b17e4289f..88ae4eaea8 100644 --- a/arm/Microsoft.Network/virtualNetworkGateways/deploy.bicep +++ b/arm/Microsoft.Network/virtualNetworkGateways/deploy.bicep @@ -294,7 +294,7 @@ resource virtualGatewayPublicIP 'Microsoft.Network/publicIPAddresses@2021-02-01' }] @batchSize(1) -resource virtualGatewayPublicIP_lock 'Microsoft.Authorization/locks@2020-05-01' = [for (virtualGatewayPublicIpName, index) in virtualGatewayPipName_var: if (lock != 'NotSpecified') { +resource virtualGatewayPublicIP_lock 'Microsoft.Authorization/locks@2017-04-01' = [for (virtualGatewayPublicIpName, index) in virtualGatewayPipName_var: if (lock != 'NotSpecified') { name: '${virtualGatewayPublicIpName}-${lock}-lock' properties: { level: lock @@ -341,7 +341,7 @@ resource virtualNetworkGateway 'Microsoft.Network/virtualNetworkGateways@2021-02 ] } -resource virtualNetworkGateway_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource virtualNetworkGateway_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${virtualNetworkGateway.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Network/virtualNetworkGateways/readme.md b/arm/Microsoft.Network/virtualNetworkGateways/readme.md index ccac785fa3..8a1f1d7e4f 100644 --- a/arm/Microsoft.Network/virtualNetworkGateways/readme.md +++ b/arm/Microsoft.Network/virtualNetworkGateways/readme.md @@ -6,7 +6,7 @@ This module deploys a virtual network gateway. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Network/publicIPAddresses` | 2021-02-01 | @@ -127,7 +127,7 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Publicipaddresses](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/publicIPAddresses) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Virtualnetworkgateways](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/virtualNetworkGateways) diff --git a/arm/Microsoft.Network/virtualNetworks/deploy.bicep b/arm/Microsoft.Network/virtualNetworks/deploy.bicep index 5d52ba25c0..a8393f5d85 100644 --- a/arm/Microsoft.Network/virtualNetworks/deploy.bicep +++ b/arm/Microsoft.Network/virtualNetworks/deploy.bicep @@ -183,7 +183,7 @@ module virtualNetwork_peering_remote 'virtualNetworkPeerings/deploy.bicep' = [fo ] }] -resource virtualNetwork_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource virtualNetwork_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${virtualNetwork.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Network/virtualNetworks/readme.md b/arm/Microsoft.Network/virtualNetworks/readme.md index 886da074ac..1631ef1365 100644 --- a/arm/Microsoft.Network/virtualNetworks/readme.md +++ b/arm/Microsoft.Network/virtualNetworks/readme.md @@ -6,7 +6,7 @@ This template deploys a virtual network (vNet). | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Network/virtualNetworks` | 2021-03-01 | @@ -120,7 +120,7 @@ The network security group and route table resources must reside in the same res ## Template references - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Virtualnetworks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/virtualNetworks) - [Virtualnetworks/Subnets](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/virtualNetworks/subnets) diff --git a/arm/Microsoft.Network/virtualWans/deploy.bicep b/arm/Microsoft.Network/virtualWans/deploy.bicep index 99bc313c1f..f29b91a82a 100644 --- a/arm/Microsoft.Network/virtualWans/deploy.bicep +++ b/arm/Microsoft.Network/virtualWans/deploy.bicep @@ -76,7 +76,7 @@ resource virtualWan 'Microsoft.Network/virtualWans@2021-03-01' = { } } -resource virtualWan_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource virtualWan_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${virtualWan.name}-${lock}-lock' properties: { level: lock @@ -96,7 +96,7 @@ resource virtualHub 'Microsoft.Network/virtualHubs@2021-03-01' = { } } -resource virtualHub_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource virtualHub_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${virtualHub.name}-${lock}-lock' properties: { level: lock @@ -127,7 +127,7 @@ resource vpnSite 'Microsoft.Network/vpnSites@2021-03-01' = { } } -resource vpnSite_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource vpnSite_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${vpnSite.name}-${lock}-lock' properties: { level: lock @@ -161,7 +161,7 @@ resource vpnGateway 'Microsoft.Network/vpnGateways@2021-03-01' = { } } -resource vpnGateway_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource vpnGateway_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${vpnGateway.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Network/virtualWans/readme.md b/arm/Microsoft.Network/virtualWans/readme.md index 0175bbbf00..57e87d1b73 100644 --- a/arm/Microsoft.Network/virtualWans/readme.md +++ b/arm/Microsoft.Network/virtualWans/readme.md @@ -6,7 +6,7 @@ This template deploys a virtual WAN. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Network/virtualHubs` | 2021-03-01 | | `Microsoft.Network/virtualWans` | 2021-03-01 | @@ -84,7 +84,7 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Virtualhubs](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/virtualHubs) - [Virtualwans](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/virtualWans) diff --git a/arm/Microsoft.OperationalInsights/workspaces/deploy.bicep b/arm/Microsoft.OperationalInsights/workspaces/deploy.bicep index 1158ce1d64..adadecb186 100644 --- a/arm/Microsoft.OperationalInsights/workspaces/deploy.bicep +++ b/arm/Microsoft.OperationalInsights/workspaces/deploy.bicep @@ -230,7 +230,7 @@ module logAnalyticsWorkspace_solutions '.bicep/nested_solutions.bicep' = [for (g } }] -resource logAnalyticsWorkspace_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource logAnalyticsWorkspace_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${logAnalyticsWorkspace.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.OperationalInsights/workspaces/readme.md b/arm/Microsoft.OperationalInsights/workspaces/readme.md index dd5ecfbaa9..de22269371 100644 --- a/arm/Microsoft.OperationalInsights/workspaces/readme.md +++ b/arm/Microsoft.OperationalInsights/workspaces/readme.md @@ -6,7 +6,7 @@ This template deploys a log analytics workspace. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.OperationalInsights/workspaces` | 2020-08-01 | @@ -130,7 +130,7 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Solutions](https://docs.microsoft.com/en-us/azure/templates/Microsoft.OperationsManagement/2015-11-01-preview/solutions) - [Workspaces](https://docs.microsoft.com/en-us/azure/templates/Microsoft.OperationalInsights/2020-08-01/workspaces) diff --git a/arm/Microsoft.RecoveryServices/vaults/deploy.bicep b/arm/Microsoft.RecoveryServices/vaults/deploy.bicep index d29ccaea70..a438501491 100644 --- a/arm/Microsoft.RecoveryServices/vaults/deploy.bicep +++ b/arm/Microsoft.RecoveryServices/vaults/deploy.bicep @@ -186,7 +186,7 @@ module rsv_backupConfig 'backupConfig/deploy.bicep' = if (!empty(backupConfig)) } } -resource rsv_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource rsv_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${rsv.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.RecoveryServices/vaults/readme.md b/arm/Microsoft.RecoveryServices/vaults/readme.md index a5aefeabab..329b884c6d 100644 --- a/arm/Microsoft.RecoveryServices/vaults/readme.md +++ b/arm/Microsoft.RecoveryServices/vaults/readme.md @@ -6,7 +6,7 @@ This module deploys a recovery service vault. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.RecoveryServices/vaults` | 2021-08-01 | @@ -356,7 +356,7 @@ You can specify multiple user assigned identities to a resource by providing add ## Template references - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Vaults](https://docs.microsoft.com/en-us/azure/templates/Microsoft.RecoveryServices/2021-08-01/vaults) - [Vaults/Backupconfig](https://docs.microsoft.com/en-us/azure/templates/Microsoft.RecoveryServices/2021-08-01/vaults/backupconfig) diff --git a/arm/Microsoft.Resources/deploymentScripts/deploy.bicep b/arm/Microsoft.Resources/deploymentScripts/deploy.bicep index 47bd4e5e77..564d61bf36 100644 --- a/arm/Microsoft.Resources/deploymentScripts/deploy.bicep +++ b/arm/Microsoft.Resources/deploymentScripts/deploy.bicep @@ -110,7 +110,7 @@ resource deploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = { } } -resource deploymentScript_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource deploymentScript_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${deploymentScript.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Resources/deploymentScripts/readme.md b/arm/Microsoft.Resources/deploymentScripts/readme.md index c9fcad7749..492305d269 100644 --- a/arm/Microsoft.Resources/deploymentScripts/readme.md +++ b/arm/Microsoft.Resources/deploymentScripts/readme.md @@ -6,7 +6,7 @@ This module deploys a deployment script. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Resources/deploymentScripts` | 2020-10-01 | ## Parameters @@ -79,4 +79,4 @@ This module requires a User Assigned Identity (MSI, managed service identity) to ## Template references - [Deploymentscripts](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Resources/2020-10-01/deploymentScripts) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) diff --git a/arm/Microsoft.Resources/resourceGroups/.bicep/nested_lock.bicep b/arm/Microsoft.Resources/resourceGroups/.bicep/nested_lock.bicep index 0466e0bdcb..776d6d2588 100644 --- a/arm/Microsoft.Resources/resourceGroups/.bicep/nested_lock.bicep +++ b/arm/Microsoft.Resources/resourceGroups/.bicep/nested_lock.bicep @@ -16,7 +16,7 @@ var lockNotes = { var lockName = empty(name) ? '${level}-lock' : name -resource lock 'Microsoft.Authorization/locks@2020-05-01' = if (level != 'NotSpecified') { +resource lock 'Microsoft.Authorization/locks@2017-04-01' = if (level != 'NotSpecified') { name: lockName properties: { level: level diff --git a/arm/Microsoft.Resources/resourceGroups/readme.md b/arm/Microsoft.Resources/resourceGroups/readme.md index 19154ad94e..640b7389b7 100644 --- a/arm/Microsoft.Resources/resourceGroups/readme.md +++ b/arm/Microsoft.Resources/resourceGroups/readme.md @@ -6,7 +6,7 @@ This module deploys a resource group. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Resources/resourceGroups` | 2019-05-01 | @@ -72,6 +72,6 @@ This module requires a User Assigned Identity (MSI, managed service identity) to ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Resourcegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Resources/2019-05-01/resourceGroups) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.ServiceBus/namespaces/.bicep/nested_privateEndpoints.bicep b/arm/Microsoft.ServiceBus/namespaces/.bicep/nested_privateEndpoints.bicep index 739c0bbb6c..647a0a2251 100644 --- a/arm/Microsoft.ServiceBus/namespaces/.bicep/nested_privateEndpoints.bicep +++ b/arm/Microsoft.ServiceBus/namespaces/.bicep/nested_privateEndpoints.bicep @@ -35,7 +35,7 @@ resource privateEndpoint_name 'Microsoft.Network/privateEndpoints@2021-05-01' = customDnsConfigs: privateEndpoint_var.customDnsConfigs } - resource privateEndpoint_name_default 'privateDnsZoneGroups@2020-05-01' = if (!empty(privateEndpoint_var.privateDnsZoneResourceIds)) { + resource privateEndpoint_name_default 'privateDnsZoneGroups@2017-04-01' = if (!empty(privateEndpoint_var.privateDnsZoneResourceIds)) { name: 'default' properties: { privateDnsZoneConfigs: [for j in range(0, length(privateEndpoint_var.privateDnsZoneResourceIds)): { diff --git a/arm/Microsoft.ServiceBus/namespaces/deploy.bicep b/arm/Microsoft.ServiceBus/namespaces/deploy.bicep index 16aa61e27a..0bfc27f840 100644 --- a/arm/Microsoft.ServiceBus/namespaces/deploy.bicep +++ b/arm/Microsoft.ServiceBus/namespaces/deploy.bicep @@ -234,7 +234,7 @@ module serviceBusNamespace_queues 'queues/deploy.bicep' = [for (queue, index) in } }] -resource serviceBusNamespace_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource serviceBusNamespace_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${serviceBusNamespace.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.ServiceBus/namespaces/queues/deploy.bicep b/arm/Microsoft.ServiceBus/namespaces/queues/deploy.bicep index b91c8d3acd..4e6b08abce 100644 --- a/arm/Microsoft.ServiceBus/namespaces/queues/deploy.bicep +++ b/arm/Microsoft.ServiceBus/namespaces/queues/deploy.bicep @@ -121,7 +121,7 @@ module queue_authorizationRules 'authorizationRules/deploy.bicep' = [for (author } }] -resource queue_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource queue_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${queue.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.ServiceBus/namespaces/queues/readme.md b/arm/Microsoft.ServiceBus/namespaces/queues/readme.md index 43785b7453..206c777941 100644 --- a/arm/Microsoft.ServiceBus/namespaces/queues/readme.md +++ b/arm/Microsoft.ServiceBus/namespaces/queues/readme.md @@ -6,7 +6,7 @@ This module deploys a queue for a service bus namespace. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.ServiceBus/namespaces/queues` | 2021-06-01-preview | | `Microsoft.ServiceBus/namespaces/queues/authorizationRules` | 2017-04-01 | @@ -66,7 +66,7 @@ This module deploys a queue for a service bus namespace. ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Namespaces/Queues](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2021-06-01-preview/namespaces/queues) - [Namespaces/Queues/Authorizationrules](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2017-04-01/namespaces/queues/authorizationRules) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.ServiceBus/namespaces/readme.md b/arm/Microsoft.ServiceBus/namespaces/readme.md index d3e03a0a79..d66fbc10e4 100644 --- a/arm/Microsoft.ServiceBus/namespaces/readme.md +++ b/arm/Microsoft.ServiceBus/namespaces/readme.md @@ -6,11 +6,11 @@ This module deploys a service bus namespace resource. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Network/privateEndpoints` | 2021-05-01 | -| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | 2020-05-01 | +| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | 2017-04-01 | | `Microsoft.ServiceBus/namespaces` | 2021-06-01-preview | | `Microsoft.ServiceBus/namespaces/AuthorizationRules` | 2017-04-01 | | `Microsoft.ServiceBus/namespaces/disasterRecoveryConfigs` | 2017-04-01 | @@ -150,7 +150,7 @@ You can specify multiple user assigned identities to a resource by providing add ## Template references - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Namespaces](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2021-06-01-preview/namespaces) - [Namespaces/Authorizationrules](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2017-04-01/namespaces/AuthorizationRules) - [Namespaces/Disasterrecoveryconfigs](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2017-04-01/namespaces/disasterRecoveryConfigs) diff --git a/arm/Microsoft.Sql/managedInstances/databases/deploy.bicep b/arm/Microsoft.Sql/managedInstances/databases/deploy.bicep index 5ad0239f10..b76e90c36b 100644 --- a/arm/Microsoft.Sql/managedInstances/databases/deploy.bicep +++ b/arm/Microsoft.Sql/managedInstances/databases/deploy.bicep @@ -132,7 +132,7 @@ resource database 'Microsoft.Sql/managedInstances/databases@2021-05-01-preview' } } -resource database_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource database_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${last(split(database.name, '/'))}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Sql/managedInstances/databases/readme.md b/arm/Microsoft.Sql/managedInstances/databases/readme.md index 5dea6de7e3..fb87356250 100644 --- a/arm/Microsoft.Sql/managedInstances/databases/readme.md +++ b/arm/Microsoft.Sql/managedInstances/databases/readme.md @@ -6,7 +6,7 @@ This template deploys a SQL Managed Instances Database. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Sql/managedInstances/databases` | 2021-05-01-preview | | `Microsoft.Sql/managedInstances/databases/backupLongTermRetentionPolicies` | 2021-02-01-preview | @@ -73,7 +73,7 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Managedinstances/Databases](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-05-01-preview/managedInstances/databases) - [Managedinstances/Databases/Backuplongtermretentionpolicies](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-02-01-preview/managedInstances/databases/backupLongTermRetentionPolicies) - [Managedinstances/Databases/Backupshorttermretentionpolicies](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2017-03-01-preview/managedInstances/databases/backupShortTermRetentionPolicies) diff --git a/arm/Microsoft.Sql/managedInstances/deploy.bicep b/arm/Microsoft.Sql/managedInstances/deploy.bicep index eea9458926..2fd206b0e8 100644 --- a/arm/Microsoft.Sql/managedInstances/deploy.bicep +++ b/arm/Microsoft.Sql/managedInstances/deploy.bicep @@ -212,7 +212,7 @@ resource managedInstance 'Microsoft.Sql/managedInstances@2021-05-01-preview' = { } } -resource managedInstance_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource managedInstance_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${managedInstance.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Sql/managedInstances/readme.md b/arm/Microsoft.Sql/managedInstances/readme.md index 965c82009d..69c5096f17 100644 --- a/arm/Microsoft.Sql/managedInstances/readme.md +++ b/arm/Microsoft.Sql/managedInstances/readme.md @@ -6,7 +6,7 @@ This template deploys a SQL managed instance. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Sql/managedInstances` | 2021-05-01-preview | @@ -143,7 +143,7 @@ You can specify multiple user assigned identities to a resource by providing add ## Template references - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Managedinstances](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-05-01-preview/managedInstances) - [Managedinstances/Administrators](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-02-01-preview/managedInstances/administrators) - [Managedinstances/Databases](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-05-01-preview/managedInstances/databases) diff --git a/arm/Microsoft.Sql/servers/deploy.bicep b/arm/Microsoft.Sql/servers/deploy.bicep index 00e2d6a64b..9b32d7818c 100644 --- a/arm/Microsoft.Sql/servers/deploy.bicep +++ b/arm/Microsoft.Sql/servers/deploy.bicep @@ -67,7 +67,7 @@ resource server 'Microsoft.Sql/servers@2021-05-01-preview' = { } } -resource server_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource server_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${server.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Sql/servers/readme.md b/arm/Microsoft.Sql/servers/readme.md index d03045de68..649dd85a41 100644 --- a/arm/Microsoft.Sql/servers/readme.md +++ b/arm/Microsoft.Sql/servers/readme.md @@ -6,7 +6,7 @@ This module deploys a SQL server. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Sql/servers` | 2021-05-01-preview | @@ -96,7 +96,7 @@ You can specify multiple user assigned identities to a resource by providing add ## Template references - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Servers](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-05-01-preview/servers) - [Servers/Databases](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-02-01-preview/servers/databases) diff --git a/arm/Microsoft.Storage/storageAccounts/deploy.bicep b/arm/Microsoft.Storage/storageAccounts/deploy.bicep index d51d3ddaa0..f689827bd1 100644 --- a/arm/Microsoft.Storage/storageAccounts/deploy.bicep +++ b/arm/Microsoft.Storage/storageAccounts/deploy.bicep @@ -208,7 +208,7 @@ resource storageAccount_diagnosticSettings 'Microsoft.Insights/diagnosticSetting scope: storageAccount } -resource storageAccount_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource storageAccount_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${storageAccount.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Storage/storageAccounts/readme.md b/arm/Microsoft.Storage/storageAccounts/readme.md index 028628c69a..13693b0fe7 100644 --- a/arm/Microsoft.Storage/storageAccounts/readme.md +++ b/arm/Microsoft.Storage/storageAccounts/readme.md @@ -6,7 +6,7 @@ This module is used to deploy a storage account, with the ability to deploy 1 or | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Network/privateEndpoints` | 2021-05-01 | @@ -181,7 +181,7 @@ The hierarchical namespace of the storage account (see parameter `enableHierarch ## Template references - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints) - [Privateendpoints/Privatednszonegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/privateEndpoints/privateDnsZoneGroups) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Synapse/privateLinkHubs/deploy.bicep b/arm/Microsoft.Synapse/privateLinkHubs/deploy.bicep index 08d5b0648e..c67c5a85d1 100644 --- a/arm/Microsoft.Synapse/privateLinkHubs/deploy.bicep +++ b/arm/Microsoft.Synapse/privateLinkHubs/deploy.bicep @@ -28,7 +28,7 @@ resource privateLinkHub 'Microsoft.Synapse/privateLinkHubs@2021-06-01' = { } // Resource Lock -resource privateLinkHub_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource privateLinkHub_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${privateLinkHub.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Synapse/privateLinkHubs/readme.md b/arm/Microsoft.Synapse/privateLinkHubs/readme.md index 674f0cec80..b343edf101 100644 --- a/arm/Microsoft.Synapse/privateLinkHubs/readme.md +++ b/arm/Microsoft.Synapse/privateLinkHubs/readme.md @@ -6,7 +6,7 @@ This module deploys Synapse PrivateLinkHubs. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Network/privateEndpoints` | 2021-03-01 | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | 2021-03-01 | @@ -108,7 +108,7 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/privateEndpoints) - [Privateendpoints/Privatednszonegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/privateEndpoints/privateDnsZoneGroups) - [Privatelinkhubs](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Synapse/2021-06-01/privateLinkHubs) diff --git a/arm/Microsoft.VirtualMachineImages/imageTemplates/deploy.bicep b/arm/Microsoft.VirtualMachineImages/imageTemplates/deploy.bicep index 045757a185..cd5552ce0a 100644 --- a/arm/Microsoft.VirtualMachineImages/imageTemplates/deploy.bicep +++ b/arm/Microsoft.VirtualMachineImages/imageTemplates/deploy.bicep @@ -148,7 +148,7 @@ resource imageTemplate 'Microsoft.VirtualMachineImages/imageTemplates@2020-02-14 } } -resource imageTemplate_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource imageTemplate_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${imageTemplate.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.VirtualMachineImages/imageTemplates/readme.md b/arm/Microsoft.VirtualMachineImages/imageTemplates/readme.md index da38a8aca3..772d52e2f1 100644 --- a/arm/Microsoft.VirtualMachineImages/imageTemplates/readme.md +++ b/arm/Microsoft.VirtualMachineImages/imageTemplates/readme.md @@ -6,7 +6,7 @@ This module deploys an image template that can be consumed by the Azure Image Bu | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.VirtualMachineImages/imageTemplates` | 2020-02-14 | @@ -119,5 +119,5 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references - [Define resources with Bicep and ARM templates](https://docs.microsoft.com/en-us/azure/templates) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Web/connections/deploy.bicep b/arm/Microsoft.Web/connections/deploy.bicep index 6adf3f9d4d..c0f7d7f930 100644 --- a/arm/Microsoft.Web/connections/deploy.bicep +++ b/arm/Microsoft.Web/connections/deploy.bicep @@ -75,7 +75,7 @@ resource connection 'Microsoft.Web/connections@2016-06-01' = { } } -resource connection_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource connection_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${connection.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Web/connections/readme.md b/arm/Microsoft.Web/connections/readme.md index c63943ce7a..f79acfc63f 100644 --- a/arm/Microsoft.Web/connections/readme.md +++ b/arm/Microsoft.Web/connections/readme.md @@ -6,7 +6,7 @@ This module deploys an Azure API connection. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Web/connections` | 2016-06-01 | @@ -132,5 +132,5 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references - [Connections](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Web/2016-06-01/connections) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Web/hostingEnvironments/deploy.bicep b/arm/Microsoft.Web/hostingEnvironments/deploy.bicep index f6c71a8b3f..01f986b77e 100644 --- a/arm/Microsoft.Web/hostingEnvironments/deploy.bicep +++ b/arm/Microsoft.Web/hostingEnvironments/deploy.bicep @@ -157,7 +157,7 @@ resource appServiceEnvironment 'Microsoft.Web/hostingEnvironments@2021-02-01' = } } -resource appServiceEnvironment_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource appServiceEnvironment_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${appServiceEnvironment.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Web/hostingEnvironments/readme.md b/arm/Microsoft.Web/hostingEnvironments/readme.md index 689ab2d827..c64de59ad2 100644 --- a/arm/Microsoft.Web/hostingEnvironments/readme.md +++ b/arm/Microsoft.Web/hostingEnvironments/readme.md @@ -6,7 +6,7 @@ This module deploys an app service environment. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Web/hostingEnvironments` | 2021-02-01 | @@ -143,5 +143,5 @@ workerPools can have two properties workerSize and workerCount: - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) - [Hostingenvironments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Web/2021-02-01/hostingEnvironments) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Web/serverfarms/deploy.bicep b/arm/Microsoft.Web/serverfarms/deploy.bicep index b2b8705b0e..9807621112 100644 --- a/arm/Microsoft.Web/serverfarms/deploy.bicep +++ b/arm/Microsoft.Web/serverfarms/deploy.bicep @@ -82,7 +82,7 @@ resource appServicePlan 'Microsoft.Web/serverfarms@2021-02-01' = { } } -resource appServicePlan_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource appServicePlan_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${appServicePlan.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Web/serverfarms/readme.md b/arm/Microsoft.Web/serverfarms/readme.md index 9f7c85d82c..0b53e446b0 100644 --- a/arm/Microsoft.Web/serverfarms/readme.md +++ b/arm/Microsoft.Web/serverfarms/readme.md @@ -6,7 +6,7 @@ This module deploys an app service plan. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Web/serverfarms` | 2021-02-01 | @@ -92,6 +92,6 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) - [Serverfarms](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Web/2021-02-01/serverfarms) diff --git a/arm/Microsoft.Web/sites/.bicep/nested_components.bicep b/arm/Microsoft.Web/sites/.bicep/nested_components.bicep index 169266210b..5bec3c7561 100644 --- a/arm/Microsoft.Web/sites/.bicep/nested_components.bicep +++ b/arm/Microsoft.Web/sites/.bicep/nested_components.bicep @@ -62,7 +62,7 @@ resource appInsights 'Microsoft.Insights/components@2020-02-02' = { } } -resource appInsights_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource appInsights_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${appInsights.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Web/sites/.bicep/nested_serverfarms.bicep b/arm/Microsoft.Web/sites/.bicep/nested_serverfarms.bicep index 4e7a4a5af5..f2b861b3fc 100644 --- a/arm/Microsoft.Web/sites/.bicep/nested_serverfarms.bicep +++ b/arm/Microsoft.Web/sites/.bicep/nested_serverfarms.bicep @@ -69,7 +69,7 @@ resource appServicePlan 'Microsoft.Web/serverfarms@2021-02-01' = { } } -resource appServicePlan_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource appServicePlan_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${appServicePlan.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Web/sites/deploy.bicep b/arm/Microsoft.Web/sites/deploy.bicep index 56ef6b8a87..54e080eae8 100644 --- a/arm/Microsoft.Web/sites/deploy.bicep +++ b/arm/Microsoft.Web/sites/deploy.bicep @@ -216,7 +216,7 @@ module app_appsettings 'config/deploy.bicep' = { } } -resource app_lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource app_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${app.name}-${lock}-lock' properties: { level: lock diff --git a/arm/Microsoft.Web/sites/readme.md b/arm/Microsoft.Web/sites/readme.md index ee9d4d8d78..70b25f0c69 100644 --- a/arm/Microsoft.Web/sites/readme.md +++ b/arm/Microsoft.Web/sites/readme.md @@ -6,7 +6,7 @@ This module deploys a web or function app. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | 2020-05-01 | +| `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/components` | 2020-02-02 | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | @@ -187,7 +187,7 @@ You can specify multiple user assigned identities to a resource by providing add - ['sites/config' Parent Documentation](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Web/sites) - [Components](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2020-02-02/components) - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) -- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) +- [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/privateEndpoints) - [Privateendpoints/Privatednszonegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/privateEndpoints/privateDnsZoneGroups) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/constructs/Microsoft.Management/managementGroup-structure/deploy.json b/constructs/Microsoft.Management/managementGroup-structure/deploy.json index ce59829ea8..871e18d8fc 100644 --- a/constructs/Microsoft.Management/managementGroup-structure/deploy.json +++ b/constructs/Microsoft.Management/managementGroup-structure/deploy.json @@ -191,7 +191,7 @@ { "type": "Microsoft.Management/managementGroups", "comments": "Fake deployment, used to specify a non-existent dependency. Never deployed", - "apiVersion": "2020-05-01", + "apiVersion": "2017-04-01", "scope": "/", "name": "noop", "condition": false, @@ -238,7 +238,7 @@ ], "type": "Microsoft.Management/managementGroups", - "apiVersion": "2020-05-01", + "apiVersion": "2017-04-01", "scope": "/", "name": "[parameters('mgStructure')[copyIndex('mgLoop')].name]", "properties": { diff --git a/constructs/Microsoft.Management/managementGroup-structure/readme.md b/constructs/Microsoft.Management/managementGroup-structure/readme.md index 8656a49d88..77bda05667 100644 --- a/constructs/Microsoft.Management/managementGroup-structure/readme.md +++ b/constructs/Microsoft.Management/managementGroup-structure/readme.md @@ -11,7 +11,7 @@ This module has some known **limitations**: |Resource Type|ApiVersion| |:--|:--| -|`Microsoft.Management/managementGroups`|2020-05-01| +|`Microsoft.Management/managementGroups`|2017-04-01| |`Microsoft.Resources/deployments`|2020-06-01| ## Parameters diff --git a/docs/wiki/ModulesDesign.md b/docs/wiki/ModulesDesign.md index 7cdccd09d7..851bcf04e6 100644 --- a/docs/wiki/ModulesDesign.md +++ b/docs/wiki/ModulesDesign.md @@ -146,7 +146,7 @@ The locks extension can be added as a `resource` to the resource template direct @description('Optional. Specify the type of lock.') param lock string = 'NotSpecified' -resource _lock 'Microsoft.Authorization/locks@2020-05-01' = if (lock != 'NotSpecified') { +resource _lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${.name}-${lock}-lock' properties: { level: lock From abf0dc7478d932b16c9475783dc2b34653fa24c7 Mon Sep 17 00:00:00 2001 From: Rainer Halanek Date: Fri, 14 Jan 2022 11:24:37 +0100 Subject: [PATCH 5/9] fix API version --- .../managementGroup-structure/deploy.json | 4 ++-- .../Microsoft.Management/managementGroup-structure/readme.md | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/constructs/Microsoft.Management/managementGroup-structure/deploy.json b/constructs/Microsoft.Management/managementGroup-structure/deploy.json index 871e18d8fc..25f84a5dc9 100644 --- a/constructs/Microsoft.Management/managementGroup-structure/deploy.json +++ b/constructs/Microsoft.Management/managementGroup-structure/deploy.json @@ -191,7 +191,7 @@ { "type": "Microsoft.Management/managementGroups", "comments": "Fake deployment, used to specify a non-existent dependency. Never deployed", - "apiVersion": "2017-04-01", + "apiVersion": "2021-04-01", "scope": "/", "name": "noop", "condition": false, @@ -238,7 +238,7 @@ ], "type": "Microsoft.Management/managementGroups", - "apiVersion": "2017-04-01", + "apiVersion": "2021-04-01", "scope": "/", "name": "[parameters('mgStructure')[copyIndex('mgLoop')].name]", "properties": { diff --git a/constructs/Microsoft.Management/managementGroup-structure/readme.md b/constructs/Microsoft.Management/managementGroup-structure/readme.md index 77bda05667..f643efe439 100644 --- a/constructs/Microsoft.Management/managementGroup-structure/readme.md +++ b/constructs/Microsoft.Management/managementGroup-structure/readme.md @@ -11,7 +11,7 @@ This module has some known **limitations**: |Resource Type|ApiVersion| |:--|:--| -|`Microsoft.Management/managementGroups`|2017-04-01| +|`Microsoft.Management/managementGroups`|2021-04-01| |`Microsoft.Resources/deployments`|2020-06-01| ## Parameters @@ -124,4 +124,4 @@ This template is using a **Tenant level deployment**, meaning the user/principal ## Additional resources - [Management group](https://docs.microsoft.com/en-us/azure/governance/management-groups/) -- [Template reference](https://docs.microsoft.com/en-us/azure/templates/microsoft.management/managementgroups) +- [Managementgroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Management/2021-04-01/managementGroups) From 373fc787f57bf842818ee27f6227227506cc421d Mon Sep 17 00:00:00 2001 From: Rainer Halanek <61878316+rahalan@users.noreply.github.com> Date: Fri, 14 Jan 2022 11:25:04 +0100 Subject: [PATCH 6/9] Update arm/Microsoft.ContainerService/managedClusters/deploy.bicep Co-authored-by: Alexander Sehr --- arm/Microsoft.ContainerService/managedClusters/deploy.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arm/Microsoft.ContainerService/managedClusters/deploy.bicep b/arm/Microsoft.ContainerService/managedClusters/deploy.bicep index 9de28338cb..9a58ebfafc 100644 --- a/arm/Microsoft.ContainerService/managedClusters/deploy.bicep +++ b/arm/Microsoft.ContainerService/managedClusters/deploy.bicep @@ -282,7 +282,7 @@ resource managedCluster 'Microsoft.ContainerService/managedClusters@2021-07-01' enabled: httpApplicationRoutingEnabled } omsagent: { - enabled: (omsAgentEnabled && (!empty(monitoringWorkspaceId))) + enabled: omsAgentEnabled && !empty(monitoringWorkspaceId) config: { logAnalyticsWorkspaceResourceID: ((!empty(monitoringWorkspaceId)) ? monitoringWorkspaceId : null) } From a51bd5300c921e4bc437d75a274337c7127e6b17 Mon Sep 17 00:00:00 2001 From: Rainer Halanek <61878316+rahalan@users.noreply.github.com> Date: Fri, 14 Jan 2022 11:25:16 +0100 Subject: [PATCH 7/9] Update arm/Microsoft.ContainerService/managedClusters/deploy.bicep Co-authored-by: Alexander Sehr --- arm/Microsoft.ContainerService/managedClusters/deploy.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arm/Microsoft.ContainerService/managedClusters/deploy.bicep b/arm/Microsoft.ContainerService/managedClusters/deploy.bicep index 9a58ebfafc..ff93a7a2a6 100644 --- a/arm/Microsoft.ContainerService/managedClusters/deploy.bicep +++ b/arm/Microsoft.ContainerService/managedClusters/deploy.bicep @@ -284,7 +284,7 @@ resource managedCluster 'Microsoft.ContainerService/managedClusters@2021-07-01' omsagent: { enabled: omsAgentEnabled && !empty(monitoringWorkspaceId) config: { - logAnalyticsWorkspaceResourceID: ((!empty(monitoringWorkspaceId)) ? monitoringWorkspaceId : null) + logAnalyticsWorkspaceResourceID: !empty(monitoringWorkspaceId) ? monitoringWorkspaceId : null } } aciConnectorLinux: { From 3a1cfefb89c7bf5e0c90a4efbd67c9c73287c612 Mon Sep 17 00:00:00 2001 From: Rainer Halanek Date: Fri, 14 Jan 2022 12:18:14 +0100 Subject: [PATCH 8/9] fix api --- .../namespaces/.bicep/nested_privateEndpoint.bicep | 2 +- arm/Microsoft.EventHub/namespaces/readme.md | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/arm/Microsoft.EventHub/namespaces/.bicep/nested_privateEndpoint.bicep b/arm/Microsoft.EventHub/namespaces/.bicep/nested_privateEndpoint.bicep index bee82b861e..c3bcaedfc1 100644 --- a/arm/Microsoft.EventHub/namespaces/.bicep/nested_privateEndpoint.bicep +++ b/arm/Microsoft.EventHub/namespaces/.bicep/nested_privateEndpoint.bicep @@ -36,7 +36,7 @@ resource privateEndpoint 'Microsoft.Network/privateEndpoints@2021-03-01' = { } } -resource privateDnsZoneGroups 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2017-04-01' = if (!empty(privateEndpoint_var.privateDnsZoneResourceIds)) { +resource privateDnsZoneGroups 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2021-05-01' = if (!empty(privateEndpoint_var.privateDnsZoneResourceIds)) { name: '${privateEndpoint_var.name}/default' properties: { privateDnsZoneConfigs: [for privateDnsZoneResourceId in privateEndpoint_var.privateDnsZoneResourceIds: { diff --git a/arm/Microsoft.EventHub/namespaces/readme.md b/arm/Microsoft.EventHub/namespaces/readme.md index 0a1d748a94..c414c637b9 100644 --- a/arm/Microsoft.EventHub/namespaces/readme.md +++ b/arm/Microsoft.EventHub/namespaces/readme.md @@ -16,7 +16,7 @@ This module deploys an event hub namespace. | `Microsoft.EventHub/namespaces/eventhubs/consumergroups` | 2021-06-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Network/privateEndpoints` | 2021-03-01 | -| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | 2017-04-01 | +| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | 2021-05-01 | ## Parameters @@ -158,5 +158,5 @@ You can specify multiple user assigned identities to a resource by providing add - [Namespaces/Eventhubs/Authorizationrules](https://docs.microsoft.com/en-us/azure/templates/Microsoft.EventHub/2021-06-01-preview/namespaces/eventhubs/authorizationRules) - [Namespaces/Eventhubs/Consumergroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.EventHub/2021-06-01-preview/namespaces/eventhubs/consumergroups) - [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/privateEndpoints) -- [Privateendpoints/Privatednszonegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/privateEndpoints/privateDnsZoneGroups) -- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) +- [Privateendpoints/Privatednszonegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints/privateDnsZoneGroups) +- [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/roleAssignments) From 87b112c90ca17b0e0b8f8a4b6afa9e1dba660fbf Mon Sep 17 00:00:00 2001 From: Rainer Halanek Date: Fri, 14 Jan 2022 12:40:27 +0100 Subject: [PATCH 9/9] fix API versions --- .../privateLinkScopes/.bicep/nested_privateEndpoint.bicep | 2 +- arm/Microsoft.Insights/privateLinkScopes/readme.md | 4 ++-- arm/Microsoft.Network/expressRouteCircuits/deploy.bicep | 2 +- .../namespaces/.bicep/nested_privateEndpoints.bicep | 2 +- arm/Microsoft.ServiceBus/namespaces/readme.md | 4 ++-- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/arm/Microsoft.Insights/privateLinkScopes/.bicep/nested_privateEndpoint.bicep b/arm/Microsoft.Insights/privateLinkScopes/.bicep/nested_privateEndpoint.bicep index 93eb75add0..3f3dcb5698 100644 --- a/arm/Microsoft.Insights/privateLinkScopes/.bicep/nested_privateEndpoint.bicep +++ b/arm/Microsoft.Insights/privateLinkScopes/.bicep/nested_privateEndpoint.bicep @@ -35,7 +35,7 @@ resource privateEndpoint 'Microsoft.Network/privateEndpoints@2021-03-01' = { customDnsConfigs: privateEndpoint_var.customDnsConfigs } - resource privateDnsZoneGroups 'privateDnsZoneGroups@2017-04-01' = { + resource privateDnsZoneGroups 'privateDnsZoneGroups@2021-05-01' = { name: 'default' properties: { privateDnsZoneConfigs: [for privateDnsZoneResourceId in privateEndpoint_var.privateDnsZoneResourceIds: { diff --git a/arm/Microsoft.Insights/privateLinkScopes/readme.md b/arm/Microsoft.Insights/privateLinkScopes/readme.md index 708cd1fb2d..3ac8cedf31 100644 --- a/arm/Microsoft.Insights/privateLinkScopes/readme.md +++ b/arm/Microsoft.Insights/privateLinkScopes/readme.md @@ -11,7 +11,7 @@ This module deploys an Azure Monitor Private Link Scope. | `microsoft.insights/privateLinkScopes` | 2019-10-17-preview | | `Microsoft.Insights/privateLinkScopes/scopedResources` | 2021-07-01-preview | | `Microsoft.Network/privateEndpoints` | 2021-03-01 | -| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | 2017-04-01 | +| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | 2021-05-01 | ## Parameters @@ -113,7 +113,7 @@ Tag names and tag values can be provided as needed. A tag can be left without a - [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) - [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/privateEndpoints) -- [Privateendpoints/Privatednszonegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/privateEndpoints/privateDnsZoneGroups) +- [Privateendpoints/Privatednszonegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints/privateDnsZoneGroups) - [Privatelinkscopes](https://docs.microsoft.com/en-us/azure/templates/microsoft.insights/2019-10-17-preview/privateLinkScopes) - [Privatelinkscopes/Scopedresources](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-07-01-preview/privateLinkScopes/scopedResources) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments) diff --git a/arm/Microsoft.Network/expressRouteCircuits/deploy.bicep b/arm/Microsoft.Network/expressRouteCircuits/deploy.bicep index 911317ec9b..1b67c176c2 100644 --- a/arm/Microsoft.Network/expressRouteCircuits/deploy.bicep +++ b/arm/Microsoft.Network/expressRouteCircuits/deploy.bicep @@ -205,4 +205,4 @@ output expressRouteCircuitResourceGroup string = resourceGroup().name output expressRouteCircuitName string = expressRouteCircuits.name @description('The service key of the express route circuit') -output expressRouteCircuitServiceKey string = reference(expressRouteCircuits.id, '2017-04-01').serviceKey +output expressRouteCircuitServiceKey string = reference(expressRouteCircuits.id, '2021-02-01').serviceKey diff --git a/arm/Microsoft.ServiceBus/namespaces/.bicep/nested_privateEndpoints.bicep b/arm/Microsoft.ServiceBus/namespaces/.bicep/nested_privateEndpoints.bicep index 647a0a2251..d1381aa576 100644 --- a/arm/Microsoft.ServiceBus/namespaces/.bicep/nested_privateEndpoints.bicep +++ b/arm/Microsoft.ServiceBus/namespaces/.bicep/nested_privateEndpoints.bicep @@ -35,7 +35,7 @@ resource privateEndpoint_name 'Microsoft.Network/privateEndpoints@2021-05-01' = customDnsConfigs: privateEndpoint_var.customDnsConfigs } - resource privateEndpoint_name_default 'privateDnsZoneGroups@2017-04-01' = if (!empty(privateEndpoint_var.privateDnsZoneResourceIds)) { + resource privateEndpoint_name_default 'privateDnsZoneGroups@2021-05-01' = if (!empty(privateEndpoint_var.privateDnsZoneResourceIds)) { name: 'default' properties: { privateDnsZoneConfigs: [for j in range(0, length(privateEndpoint_var.privateDnsZoneResourceIds)): { diff --git a/arm/Microsoft.ServiceBus/namespaces/readme.md b/arm/Microsoft.ServiceBus/namespaces/readme.md index d66fbc10e4..5ae6ea0c82 100644 --- a/arm/Microsoft.ServiceBus/namespaces/readme.md +++ b/arm/Microsoft.ServiceBus/namespaces/readme.md @@ -10,7 +10,7 @@ This module deploys a service bus namespace resource. | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Network/privateEndpoints` | 2021-05-01 | -| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | 2017-04-01 | +| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | 2021-05-01 | | `Microsoft.ServiceBus/namespaces` | 2021-06-01-preview | | `Microsoft.ServiceBus/namespaces/AuthorizationRules` | 2017-04-01 | | `Microsoft.ServiceBus/namespaces/disasterRecoveryConfigs` | 2017-04-01 | @@ -160,5 +160,5 @@ You can specify multiple user assigned identities to a resource by providing add - [Namespaces/Queues/Authorizationrules](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2017-04-01/namespaces/queues/authorizationRules) - [Namespaces/Virtualnetworkrules](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2018-01-01-preview/namespaces/virtualnetworkrules) - [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints) -- [Privateendpoints/Privatednszonegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/privateEndpoints/privateDnsZoneGroups) +- [Privateendpoints/Privatednszonegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints/privateDnsZoneGroups) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-04-01-preview/roleAssignments)