From 1b898b1c0f89494156567adf729fb22152d8d296 Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Thu, 2 Feb 2023 11:17:59 +0100 Subject: [PATCH 01/18] Add premium option to sa tier --- modules/Microsoft.Storage/storageAccounts/deploy.bicep | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/Microsoft.Storage/storageAccounts/deploy.bicep b/modules/Microsoft.Storage/storageAccounts/deploy.bicep index 15ef20f9ab..203d568a76 100644 --- a/modules/Microsoft.Storage/storageAccounts/deploy.bicep +++ b/modules/Microsoft.Storage/storageAccounts/deploy.bicep @@ -40,6 +40,7 @@ param storageAccountSku string = 'Standard_GRS' @allowed([ 'Hot' 'Cool' + 'Premium' ]) @description('Optional. Storage Account Access Tier.') param storageAccountAccessTier string = 'Hot' From 0fbe25e7daa512e54c7b7bb157e8a8912ce894df Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Thu, 2 Feb 2023 11:18:06 +0100 Subject: [PATCH 02/18] Test premium tier --- .../.test/minPremium/deploy.test.bicep | 44 +++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 modules/Microsoft.Storage/storageAccounts/.test/minPremium/deploy.test.bicep diff --git a/modules/Microsoft.Storage/storageAccounts/.test/minPremium/deploy.test.bicep b/modules/Microsoft.Storage/storageAccounts/.test/minPremium/deploy.test.bicep new file mode 100644 index 0000000000..21fd731fb1 --- /dev/null +++ b/modules/Microsoft.Storage/storageAccounts/.test/minPremium/deploy.test.bicep @@ -0,0 +1,44 @@ +targetScope = 'subscription' + +// ========== // +// Parameters // +// ========== // + +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +param resourceGroupName string = 'ms.storage.storageaccounts-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param location string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'ssaminprem' + +@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') +param enableDefaultTelemetry bool = true + +// ============ // +// Dependencies // +// ============ // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: location +} + +// ============== // +// Test Execution // +// ============== // + +module testDeployment '../../deploy.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-test-${serviceShort}' + params: { + enableDefaultTelemetry: enableDefaultTelemetry + name: '<>${serviceShort}001' + allowBlobPublicAccess: false + storageAccountAccessTier: 'Premium' + } +} From 23822d2dc88d82507fd805ac747c9aada9ffb507 Mon Sep 17 00:00:00 2001 From: CARMLPipelinePrincipal Date: Thu, 2 Feb 2023 10:18:48 +0000 Subject: [PATCH 03/18] Push updated Readme file(s) --- docs/wiki/The library - Module overview.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/wiki/The library - Module overview.md b/docs/wiki/The library - Module overview.md index afeaa31e20..f89eb86c51 100644 --- a/docs/wiki/The library - Module overview.md +++ b/docs/wiki/The library - Module overview.md @@ -123,7 +123,7 @@ This section provides an overview of the library's feature set. | 108 | MS.SignalRService

webPubSub | :white_check_mark: | :white_check_mark: | :white_check_mark: | | :white_check_mark: | | | 156 | | 109 | MS.Sql

managedInstances | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | | [L1:6, L2:2] | 348 | | 110 | MS.Sql

servers | :white_check_mark: | :white_check_mark: | :white_check_mark: | | :white_check_mark: | | [L1:7] | 272 | -| 111 | MS.Storage

storageAccounts | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | [L1:6, L2:4, L3:1] | 412 | +| 111 | MS.Storage

storageAccounts | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | [L1:6, L2:4, L3:1] | 413 | | 112 | MS.Synapse

privateLinkHubs | :white_check_mark: | :white_check_mark: | :white_check_mark: | | :white_check_mark: | | | 90 | | 113 | MS.Synapse

workspaces | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | [L1:1] | 273 | | 114 | MS.VirtualMachineImages

imageTemplates | :white_check_mark: | :white_check_mark: | :white_check_mark: | | | | | 197 | @@ -132,7 +132,7 @@ This section provides an overview of the library's feature set. | 117 | MS.Web

serverfarms | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | | | 159 | | 118 | MS.Web

sites | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | [L1:3, L2:2] | 380 | | 119 | MS.Web

staticSites | :white_check_mark: | :white_check_mark: | :white_check_mark: | | :white_check_mark: | | [L1:3] | 193 | -| Sum | | 93 | 91 | 102 | 50 | 23 | 2 | 175 | 20548 | +| Sum | | 93 | 91 | 102 | 50 | 23 | 2 | 175 | 20549 | ## Legend From f74bbd6e1accce19e6b83553a7d3320a4a21e701 Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Thu, 2 Feb 2023 11:30:56 +0100 Subject: [PATCH 04/18] Revert "Push updated Readme file(s)" This reverts commit 23822d2dc88d82507fd805ac747c9aada9ffb507. --- docs/wiki/The library - Module overview.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/wiki/The library - Module overview.md b/docs/wiki/The library - Module overview.md index f89eb86c51..afeaa31e20 100644 --- a/docs/wiki/The library - Module overview.md +++ b/docs/wiki/The library - Module overview.md @@ -123,7 +123,7 @@ This section provides an overview of the library's feature set. | 108 | MS.SignalRService

webPubSub | :white_check_mark: | :white_check_mark: | :white_check_mark: | | :white_check_mark: | | | 156 | | 109 | MS.Sql

managedInstances | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | | [L1:6, L2:2] | 348 | | 110 | MS.Sql

servers | :white_check_mark: | :white_check_mark: | :white_check_mark: | | :white_check_mark: | | [L1:7] | 272 | -| 111 | MS.Storage

storageAccounts | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | [L1:6, L2:4, L3:1] | 413 | +| 111 | MS.Storage

storageAccounts | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | [L1:6, L2:4, L3:1] | 412 | | 112 | MS.Synapse

privateLinkHubs | :white_check_mark: | :white_check_mark: | :white_check_mark: | | :white_check_mark: | | | 90 | | 113 | MS.Synapse

workspaces | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | [L1:1] | 273 | | 114 | MS.VirtualMachineImages

imageTemplates | :white_check_mark: | :white_check_mark: | :white_check_mark: | | | | | 197 | @@ -132,7 +132,7 @@ This section provides an overview of the library's feature set. | 117 | MS.Web

serverfarms | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | | | 159 | | 118 | MS.Web

sites | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | [L1:3, L2:2] | 380 | | 119 | MS.Web

staticSites | :white_check_mark: | :white_check_mark: | :white_check_mark: | | :white_check_mark: | | [L1:3] | 193 | -| Sum | | 93 | 91 | 102 | 50 | 23 | 2 | 175 | 20549 | +| Sum | | 93 | 91 | 102 | 50 | 23 | 2 | 175 | 20548 | ## Legend From 12989d0171ca22c96134068c72b2618d53e2ac45 Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Thu, 2 Feb 2023 11:31:02 +0100 Subject: [PATCH 05/18] Revert "Test premium tier" This reverts commit 0fbe25e7daa512e54c7b7bb157e8a8912ce894df. --- .../.test/minPremium/deploy.test.bicep | 44 ------------------- 1 file changed, 44 deletions(-) delete mode 100644 modules/Microsoft.Storage/storageAccounts/.test/minPremium/deploy.test.bicep diff --git a/modules/Microsoft.Storage/storageAccounts/.test/minPremium/deploy.test.bicep b/modules/Microsoft.Storage/storageAccounts/.test/minPremium/deploy.test.bicep deleted file mode 100644 index 21fd731fb1..0000000000 --- a/modules/Microsoft.Storage/storageAccounts/.test/minPremium/deploy.test.bicep +++ /dev/null @@ -1,44 +0,0 @@ -targetScope = 'subscription' - -// ========== // -// Parameters // -// ========== // - -@description('Optional. The name of the resource group to deploy for testing purposes.') -@maxLength(90) -param resourceGroupName string = 'ms.storage.storageaccounts-${serviceShort}-rg' - -@description('Optional. The location to deploy resources to.') -param location string = deployment().location - -@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') -param serviceShort string = 'ssaminprem' - -@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') -param enableDefaultTelemetry bool = true - -// ============ // -// Dependencies // -// ============ // - -// General resources -// ================= -resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { - name: resourceGroupName - location: location -} - -// ============== // -// Test Execution // -// ============== // - -module testDeployment '../../deploy.bicep' = { - scope: resourceGroup - name: '${uniqueString(deployment().name, location)}-test-${serviceShort}' - params: { - enableDefaultTelemetry: enableDefaultTelemetry - name: '<>${serviceShort}001' - allowBlobPublicAccess: false - storageAccountAccessTier: 'Premium' - } -} From e185fd1b38db275b61398620f8864d80ae0da47d Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Thu, 2 Feb 2023 11:31:33 +0100 Subject: [PATCH 06/18] Revert "Add premium option to sa tier" This reverts commit 1b898b1c0f89494156567adf729fb22152d8d296. --- modules/Microsoft.Storage/storageAccounts/deploy.bicep | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/Microsoft.Storage/storageAccounts/deploy.bicep b/modules/Microsoft.Storage/storageAccounts/deploy.bicep index 203d568a76..15ef20f9ab 100644 --- a/modules/Microsoft.Storage/storageAccounts/deploy.bicep +++ b/modules/Microsoft.Storage/storageAccounts/deploy.bicep @@ -40,7 +40,6 @@ param storageAccountSku string = 'Standard_GRS' @allowed([ 'Hot' 'Cool' - 'Premium' ]) @description('Optional. Storage Account Access Tier.') param storageAccountAccessTier string = 'Hot' From 9ffa78430b5802554f2763f19fe1f27ff99dba95 Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Thu, 2 Feb 2023 12:02:04 +0100 Subject: [PATCH 07/18] Change the readmes way of evaluating if it should document examples --- utilities/tools/Set-ModuleReadMe.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utilities/tools/Set-ModuleReadMe.ps1 b/utilities/tools/Set-ModuleReadMe.ps1 index fcf4384711..5739f228f0 100644 --- a/utilities/tools/Set-ModuleReadMe.ps1 +++ b/utilities/tools/Set-ModuleReadMe.ps1 @@ -1566,8 +1566,8 @@ function Set-ModuleReadMe { $readMeFileContent = Set-CrossReferencesSection @inputObject } - $isTopLevelModule = $fullModuleIdentifier.Split('/').Count -eq 2 # / - if ($SectionsToRefresh -contains 'Deployment examples' -and $isTopLevelModule) { + $hasTests = Get-ChildItem -Path (Join-Path -Path $moduleRoot -ChildPath '.test') -Recurse -Filter 'deploy.test.bicep' + if ($SectionsToRefresh -contains 'Deployment examples' -and $hasTests) { # Handle [Deployment examples] section # =================================== $inputObject = @{ From 16c31d28b4afc7c4f79027ce1192695b74126100 Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Thu, 2 Feb 2023 13:30:30 +0100 Subject: [PATCH 08/18] Fix sorting --- utilities/tools/Set-ModuleReadMe.ps1 | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/utilities/tools/Set-ModuleReadMe.ps1 b/utilities/tools/Set-ModuleReadMe.ps1 index 5739f228f0..35c0e90786 100644 --- a/utilities/tools/Set-ModuleReadMe.ps1 +++ b/utilities/tools/Set-ModuleReadMe.ps1 @@ -192,9 +192,9 @@ function Set-ParametersSection { } # Add external single quotes to all default values of type string except for those using functions - $defaultValue = ($parameter.defaultValue -is [array]) ? ('[{0}]' -f (($parameter.defaultValue | Sort-Object) -join ', ')) : (($parameter.defaultValue -is [hashtable]) ? '{object}' : (($parameter.defaultValue -is [string]) -and ($parameter.defaultValue -notmatch '\[\w+\(.*\).*\]') ? '''' + $parameter.defaultValue + '''' : $parameter.defaultValue)) + $defaultValue = ($parameter.defaultValue -is [array]) ? ('[{0}]' -f (($parameter.defaultValue | Sort-Object -Culture 'en-US') -join ', ')) : (($parameter.defaultValue -is [hashtable]) ? '{object}' : (($parameter.defaultValue -is [string]) -and ($parameter.defaultValue -notmatch '\[\w+\(.*\).*\]') ? '''' + $parameter.defaultValue + '''' : $parameter.defaultValue)) $description = $parameter.metadata.description.Replace("`r`n", '

').Replace("`n", '

') - $allowedValue = ($parameter.allowedValues -is [array]) ? ('[{0}]' -f (($parameter.allowedValues | Sort-Object) -join ', ')) : (($parameter.allowedValues -is [hashtable]) ? '{object}' : $parameter.allowedValues) + $allowedValue = ($parameter.allowedValues -is [array]) ? ('[{0}]' -f (($parameter.allowedValues | Sort-Object -Culture 'en-US') -join ', ')) : (($parameter.allowedValues -is [hashtable]) ? '{object}' : $parameter.allowedValues) # Further, replace all "empty string" default values with actual visible quotes if ([regex]::Match($allowedValue, '^(\[\s*,.+)|(\[.+,\s*,)|(.+,\s*\])$').Captures.Count -gt 0) { $allowedValue = $allowedValue -replace '\[\s*,', "[''," -replace ',\s*,', ", ''," -replace ',\s*\]', ", '']" @@ -367,13 +367,13 @@ function Set-CrossReferencesSection { $dependencies = (Get-CrossReferencedModuleList)[$FullModuleIdentifier] if ($dependencies.Keys -contains 'localPathReferences' -and $dependencies['localPathReferences']) { - foreach ($reference in ($dependencies['localPathReferences'] | Sort-Object)) { + foreach ($reference in ($dependencies['localPathReferences'] | Sort-Object -Culture 'en-US')) { $SectionContent += ("| ``{0}`` | {1} |" -f $reference, 'Local reference') } } if ($dependencies.Keys -contains 'remoteReferences' -and $dependencies['remoteReferences']) { - foreach ($reference in ($dependencies['remoteReferences'] | Sort-Object)) { + foreach ($reference in ($dependencies['remoteReferences'] | Sort-Object -Culture 'en-US')) { $SectionContent += ("| ``{0}`` | {1} |" -f $reference, 'Remote reference') } } @@ -938,7 +938,7 @@ function Set-DeploymentExamplesSection { $testFilePaths = Get-ModuleTestFileList -ModulePath $moduleRoot | ForEach-Object { Join-Path $moduleRoot $_ } - $RequiredParametersList = $TemplateFileContent.parameters.Keys | Where-Object { $TemplateFileContent.parameters[$_].Keys -notcontains 'defaultValue' } | Sort-Object + $RequiredParametersList = $TemplateFileContent.parameters.Keys | Where-Object { $TemplateFileContent.parameters[$_].Keys -notcontains 'defaultValue' } | Sort-Object -Culture 'en-US' ############################ ## Process test files ## @@ -1204,7 +1204,7 @@ function Set-DeploymentExamplesSection { # Also, add a link to the corresponding Key Vault 'resource' to each identified Key Vault secret reference $extendedKeyVaultReferences = @() $counter = 0 - foreach ($reference in ($keyVaultReferenceData | Sort-Object -Property 'vaultName' -Unique)) { + foreach ($reference in ($keyVaultReferenceData | Sort-Object -Property 'vaultName' -Unique -Culture 'en-US')) { $counter++ $extendedKeyVaultReferences += @( "resource kv$counter 'Microsoft.KeyVault/vaults@2019-09-01' existing = {", @@ -1566,8 +1566,8 @@ function Set-ModuleReadMe { $readMeFileContent = Set-CrossReferencesSection @inputObject } - $hasTests = Get-ChildItem -Path (Join-Path -Path $moduleRoot -ChildPath '.test') -Recurse -Filter 'deploy.test.bicep' - if ($SectionsToRefresh -contains 'Deployment examples' -and $hasTests) { + $isTopLevelModule = $fullModuleIdentifier.Split('/').Count -eq 2 # / + if ($SectionsToRefresh -contains 'Deployment examples' -and $isTopLevelModule) { # Handle [Deployment examples] section # =================================== $inputObject = @{ From 8f444bcdd4ed9fb2939e01f26b151262cd94c96d Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Thu, 2 Feb 2023 13:54:13 +0100 Subject: [PATCH 09/18] refreshed readmes --- .../Microsoft.AAD/DomainServices/readme.md | 4 +- .../service/authorizationServers/readme.md | 4 +- .../service/identityProviders/readme.md | 2 +- .../diskEncryptionSets/deploy.bicep | 2 +- .../virtualMachineScaleSets/readme.md | 6 +- .../virtualMachines/readme.md | 38 ++-- .../flexibleServers/readme.md | 2 +- .../labs/artifactSources/readme.md | 2 +- .../Microsoft.KeyVault/vaults/keys/readme.md | 2 +- .../vaults/secrets/readme.md | 6 +- .../Microsoft.NetApp/netAppAccounts/readme.md | 2 +- .../privateDnsZones/readme.md | 48 ++--- .../virtualNetworkGateways/readme.md | 190 +++++++++--------- .../signalR/readme.md | 8 +- .../webPubSub/readme.md | 8 +- .../Microsoft.Sql/managedInstances/readme.md | 2 +- modules/Microsoft.Sql/servers/readme.md | 2 +- .../servers/securityAlertPolicies/readme.md | 2 +- modules/Microsoft.Web/staticSites/readme.md | 2 +- 19 files changed, 166 insertions(+), 166 deletions(-) diff --git a/modules/Microsoft.AAD/DomainServices/readme.md b/modules/Microsoft.AAD/DomainServices/readme.md index bddb5fb45b..2d78a24a52 100644 --- a/modules/Microsoft.AAD/DomainServices/readme.md +++ b/modules/Microsoft.AAD/DomainServices/readme.md @@ -32,8 +32,8 @@ This template deploys Azure Active Directory Domain Services (AADDS). | Parameter Name | Type | Default Value | Description | | :-- | :-- | :-- | :-- | -| `pfxCertificate` | secureString | `''` | The certificate required to configure Secure LDAP. Should be a base64encoded representation of the certificate PFX file. Required if secure LDAP is enabled and must be valid more than 30 days. | -| `pfxCertificatePassword` | secureString | `''` | The password to decrypt the provided Secure LDAP certificate PFX file. Required if secure LDAP is enabled. | +| `pfxCertificate` | securestring | `''` | The certificate required to configure Secure LDAP. Should be a base64encoded representation of the certificate PFX file. Required if secure LDAP is enabled and must be valid more than 30 days. | +| `pfxCertificatePassword` | securestring | `''` | The password to decrypt the provided Secure LDAP certificate PFX file. Required if secure LDAP is enabled. | **Optional parameters** diff --git a/modules/Microsoft.ApiManagement/service/authorizationServers/readme.md b/modules/Microsoft.ApiManagement/service/authorizationServers/readme.md index e92fdae8eb..363caafe8f 100644 --- a/modules/Microsoft.ApiManagement/service/authorizationServers/readme.md +++ b/modules/Microsoft.ApiManagement/service/authorizationServers/readme.md @@ -28,8 +28,8 @@ The following resources are required to be able to deploy this resource. | Parameter Name | Type | Description | | :-- | :-- | :-- | | `authorizationEndpoint` | string | OAuth authorization endpoint. See . | -| `clientId` | secureString | Client or app ID registered with this authorization server. | -| `clientSecret` | secureString | Client or app secret registered with this authorization server. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value. | +| `clientId` | securestring | Client or app ID registered with this authorization server. | +| `clientSecret` | securestring | Client or app secret registered with this authorization server. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value. | | `grantTypes` | array | Form of an authorization grant, which the client uses to request the access token. - authorizationCode, implicit, resourceOwnerPassword, clientCredentials. | | `name` | string | Identifier of the authorization server. | diff --git a/modules/Microsoft.ApiManagement/service/identityProviders/readme.md b/modules/Microsoft.ApiManagement/service/identityProviders/readme.md index 78569a5aec..2c462b84be 100644 --- a/modules/Microsoft.ApiManagement/service/identityProviders/readme.md +++ b/modules/Microsoft.ApiManagement/service/identityProviders/readme.md @@ -29,7 +29,7 @@ This module deploys API Management Service Identity Provider. | :-- | :-- | :-- | :-- | | `apiManagementServiceName` | string | | The name of the parent API Management service. Required if the template is used in a standalone deployment. | | `identityProviderClientId` | string | `''` | Client ID of the Application in the external Identity Provider. Required if identity provider is used. | -| `identityProviderClientSecret` | secureString | `''` | Client secret of the Application in external Identity Provider, used to authenticate login request. Required if identity provider is used. | +| `identityProviderClientSecret` | securestring | `''` | Client secret of the Application in external Identity Provider, used to authenticate login request. Required if identity provider is used. | **Optional parameters** diff --git a/modules/Microsoft.Compute/diskEncryptionSets/deploy.bicep b/modules/Microsoft.Compute/diskEncryptionSets/deploy.bicep index 57b274b78d..556dcb25f0 100644 --- a/modules/Microsoft.Compute/diskEncryptionSets/deploy.bicep +++ b/modules/Microsoft.Compute/diskEncryptionSets/deploy.bicep @@ -133,7 +133,7 @@ output resourceGroupName string = resourceGroup().name output systemAssignedPrincipalId string = diskEncryptionSet.identity.principalId @description('The name of the key vault with the disk encryption key.') -output keyVaultName string = last(split(keyVaultResourceId, '/')) +output keyVaultName string = any(last(split(keyVaultResourceId, '/'))) @description('The location the resource was deployed into.') output location string = diskEncryptionSet.location diff --git a/modules/Microsoft.Compute/virtualMachineScaleSets/readme.md b/modules/Microsoft.Compute/virtualMachineScaleSets/readme.md index 522e82f6a0..51e3959cb9 100644 --- a/modules/Microsoft.Compute/virtualMachineScaleSets/readme.md +++ b/modules/Microsoft.Compute/virtualMachineScaleSets/readme.md @@ -32,7 +32,7 @@ The following resources are required to be able to deploy this resource. | Parameter Name | Type | Allowed Values | Description | | :-- | :-- | :-- | :-- | -| `adminUsername` | secureString | | Administrator username. | +| `adminUsername` | securestring | | Administrator username. | | `imageReference` | object | | OS image reference. In case of marketplace images, it's the combination of the publisher, offer, sku, version attributes. In case of custom images it's the resource ID of the custom image. | | `name` | string | | Name of the VMSS. | | `nicConfigurations` | array | | Configures NICs and PIPs. | @@ -45,7 +45,7 @@ The following resources are required to be able to deploy this resource. | Parameter Name | Type | Default Value | Allowed Values | Description | | :-- | :-- | :-- | :-- | :-- | | `additionalUnattendContent` | array | `[]` | | Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. - AdditionalUnattendContent object. | -| `adminPassword` | secureString | `''` | | When specifying a Windows Virtual Machine, this value should be passed. | +| `adminPassword` | securestring | `''` | | When specifying a Windows Virtual Machine, this value should be passed. | | `automaticRepairsPolicyEnabled` | bool | `False` | | Specifies whether automatic repairs should be enabled on the virtual machine scale set. | | `availabilityZones` | array | `[]` | | The virtual machine scale set zones. NOTE: Availability zones can only be set when you create the scale set. | | `bootDiagnosticStorageAccountName` | string | `''` | | Storage account used to store boot diagnostic information. Boot diagnostics will be disabled if no value is provided. | @@ -71,7 +71,7 @@ The following resources are required to be able to deploy this resource. | `extensionCustomScriptConfig` | object | `{object}` | | The configuration for the [Custom Script] extension. Must at least contain the ["enabled": true] property to be executed. | | `extensionDependencyAgentConfig` | object | `{object}` | | The configuration for the [Dependency Agent] extension. Must at least contain the ["enabled": true] property to be executed. | | `extensionDomainJoinConfig` | object | `{object}` | | The configuration for the [Domain Join] extension. Must at least contain the ["enabled": true] property to be executed. | -| `extensionDomainJoinPassword` | secureString | `''` | | Required if name is specified. Password of the user specified in user parameter. | +| `extensionDomainJoinPassword` | securestring | `''` | | Required if name is specified. Password of the user specified in user parameter. | | `extensionDSCConfig` | object | `{object}` | | The configuration for the [Desired State Configuration] extension. Must at least contain the ["enabled": true] property to be executed. | | `extensionMonitoringAgentConfig` | object | `{object}` | | The configuration for the [Monitoring Agent] extension. Must at least contain the ["enabled": true] property to be executed. | | `extensionNetworkWatcherAgentConfig` | object | `{object}` | | The configuration for the [Network Watcher Agent] extension. Must at least contain the ["enabled": true] property to be executed. | diff --git a/modules/Microsoft.Compute/virtualMachines/readme.md b/modules/Microsoft.Compute/virtualMachines/readme.md index 708b924375..6e4a1a902e 100644 --- a/modules/Microsoft.Compute/virtualMachines/readme.md +++ b/modules/Microsoft.Compute/virtualMachines/readme.md @@ -31,7 +31,7 @@ This module deploys one Virtual Machine with one or multiple NICs and optionally | Parameter Name | Type | Default Value | Allowed Values | Description | | :-- | :-- | :-- | :-- | :-- | -| `adminUsername` | secureString | | | Administrator username. | +| `adminUsername` | securestring | | | Administrator username. | | `configurationProfile` | string | `''` | `['', /providers/Microsoft.Automanage/bestPractices/AzureBestPracticesDevTest, /providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction]` | The configuration profile of automanage. | | `imageReference` | object | | | OS image reference. In case of marketplace images, it's the combination of the publisher, offer, sku, version attributes. In case of custom images it's the resource ID of the custom image. | | `nicConfigurations` | array | | | Configures NICs and PIPs. | @@ -44,7 +44,7 @@ This module deploys one Virtual Machine with one or multiple NICs and optionally | Parameter Name | Type | Default Value | Allowed Values | Description | | :-- | :-- | :-- | :-- | :-- | | `additionalUnattendContent` | array | `[]` | | Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. - AdditionalUnattendContent object. | -| `adminPassword` | secureString | `''` | | When specifying a Windows Virtual Machine, this value should be passed. | +| `adminPassword` | securestring | `''` | | When specifying a Windows Virtual Machine, this value should be passed. | | `allowExtensionOperations` | bool | `True` | | Specifies whether extension operations should be allowed on the virtual machine. This may only be set to False when no extensions are present on the virtual machine. | | `availabilitySetResourceId` | string | `''` | | Resource ID of an availability set. Cannot be used in combination with availability zone nor scale set. | | `availabilityZone` | int | `0` | `[0, 1, 2, 3]` | If set to 1, 2 or 3, the availability zone for all VMs is hardcoded to that value. If zero, then availability zones is not used. Cannot be used in combination with availability set nor scale set. | @@ -75,7 +75,7 @@ This module deploys one Virtual Machine with one or multiple NICs and optionally | `extensionCustomScriptProtectedSetting` | secureObject | `{object}` | | Any object that contains the extension specific protected settings. | | `extensionDependencyAgentConfig` | object | `{object}` | | The configuration for the [Dependency Agent] extension. Must at least contain the ["enabled": true] property to be executed. | | `extensionDomainJoinConfig` | object | `{object}` | | The configuration for the [Domain Join] extension. Must at least contain the ["enabled": true] property to be executed. | -| `extensionDomainJoinPassword` | secureString | `''` | | Required if name is specified. Password of the user specified in user parameter. | +| `extensionDomainJoinPassword` | securestring | `''` | | Required if name is specified. Password of the user specified in user parameter. | | `extensionDSCConfig` | object | `{object}` | | The configuration for the [Desired State Configuration] extension. Must at least contain the ["enabled": true] property to be executed. | | `extensionMonitoringAgentConfig` | object | `{object}` | | The configuration for the [Monitoring Agent] extension. Must at least contain the ["enabled": true] property to be executed. | | `extensionNetworkWatcherAgentConfig` | object | `{object}` | | The configuration for the [Network Watcher Agent] extension. Must at least contain the ["enabled": true] property to be executed. | @@ -1143,9 +1143,6 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = { enableAutomaticUpdates: true enableDefaultTelemetry: '' encryptionAtHost: false - extensionAadJoinConfig: { - enabled: true - } extensionAzureDiskEncryptionConfig: { enabled: true settings: { @@ -1183,6 +1180,9 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = { extensionNetworkWatcherAgentConfig: { enabled: true } + extensionAadJoinConfig: { + enabled: true + } location: '' lock: 'CanNotDelete' monitoringWorkspaceId: '' @@ -1359,11 +1359,6 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = { "encryptionAtHost": { "value": false }, - "extensionAadJoinConfig": { - "value": { - "enabled": true - } - }, "extensionAzureDiskEncryptionConfig": { "value": { "enabled": true, @@ -1415,6 +1410,11 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = { "enabled": true } }, + "extensionAadJoinConfig": { + "value": { + "enabled": true + } + }, "location": { "value": "" }, @@ -1848,9 +1848,6 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = { enableAutomaticUpdates: true enableDefaultTelemetry: '' encryptionAtHost: false - extensionAadJoinConfig: { - enabled: true - } extensionAntiMalwareConfig: { enabled: true settings: { @@ -1906,6 +1903,9 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = { extensionNetworkWatcherAgentConfig: { enabled: true } + extensionAadJoinConfig: { + enabled: true + } location: '' lock: 'CanNotDelete' monitoringWorkspaceId: '' @@ -2077,11 +2077,6 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = { "encryptionAtHost": { "value": false }, - "extensionAadJoinConfig": { - "value": { - "enabled": true - } - }, "extensionAntiMalwareConfig": { "value": { "enabled": true, @@ -2153,6 +2148,11 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = { "enabled": true } }, + "extensionAadJoinConfig": { + "value": { + "enabled": true + } + }, "location": { "value": "" }, diff --git a/modules/Microsoft.DBforPostgreSQL/flexibleServers/readme.md b/modules/Microsoft.DBforPostgreSQL/flexibleServers/readme.md index 23cc3b33e5..eeef5163d3 100644 --- a/modules/Microsoft.DBforPostgreSQL/flexibleServers/readme.md +++ b/modules/Microsoft.DBforPostgreSQL/flexibleServers/readme.md @@ -29,7 +29,7 @@ This module deploys DBforPostgreSQL FlexibleServers. | Parameter Name | Type | Allowed Values | Description | | :-- | :-- | :-- | :-- | | `administratorLogin` | string | | The administrator login name of a server. Can only be specified when the PostgreSQL server is being created. | -| `administratorLoginPassword` | secureString | | The administrator login password. | +| `administratorLoginPassword` | securestring | | The administrator login password. | | `name` | string | | The name of the PostgreSQL flexible server. | | `skuName` | string | | The name of the sku, typically, tier + family + cores, e.g. Standard_D4s_v3. | | `tier` | string | `[Burstable, GeneralPurpose, MemoryOptimized]` | The tier of the particular SKU. Tier must align with the "skuName" property. Example, tier cannot be "Burstable" if skuName is "Standard_D4s_v3". | diff --git a/modules/Microsoft.DevTestLab/labs/artifactSources/readme.md b/modules/Microsoft.DevTestLab/labs/artifactSources/readme.md index f62129f177..a1943dd255 100644 --- a/modules/Microsoft.DevTestLab/labs/artifactSources/readme.md +++ b/modules/Microsoft.DevTestLab/labs/artifactSources/readme.md @@ -41,7 +41,7 @@ An artifact source allows you to create custom artifacts for the VMs in the lab, | `branchRef` | string | `''` | | The artifact source's branch reference (e.g. main or master). | | `displayName` | string | `[parameters('name')]` | | The artifact source's display name. Default is the name of the artifact source. | | `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `securityToken` | secureString | `''` | | The security token to authenticate to the artifact source. | +| `securityToken` | securestring | `''` | | The security token to authenticate to the artifact source. | | `sourceType` | string | `''` | `['', GitHub, StorageAccount, VsoGit]` | The artifact source's type. | | `status` | string | `'Enabled'` | `[Disabled, Enabled]` | Indicates if the artifact source is enabled (values: Enabled, Disabled). Default is "Enabled". | | `tags` | object | `{object}` | | Tags of the resource. | diff --git a/modules/Microsoft.KeyVault/vaults/keys/readme.md b/modules/Microsoft.KeyVault/vaults/keys/readme.md index d81da3a45a..880ef0864e 100644 --- a/modules/Microsoft.KeyVault/vaults/keys/readme.md +++ b/modules/Microsoft.KeyVault/vaults/keys/readme.md @@ -14,7 +14,7 @@ This module deploys a key vault key. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | -| `Microsoft.KeyVault/vaults/keys` | [2022-07-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.KeyVault/2022-07-01/vaults/keys) | +| `Microsoft.KeyVault/vaults/keys` | [2022-07-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.KeyVault/vaults/keys) | ## Parameters diff --git a/modules/Microsoft.KeyVault/vaults/secrets/readme.md b/modules/Microsoft.KeyVault/vaults/secrets/readme.md index dbf60f730d..aa412b923e 100644 --- a/modules/Microsoft.KeyVault/vaults/secrets/readme.md +++ b/modules/Microsoft.KeyVault/vaults/secrets/readme.md @@ -14,7 +14,7 @@ This module deploys a key vault secret. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | -| `Microsoft.KeyVault/vaults/secrets` | [2022-07-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.KeyVault/2022-07-01/vaults/secrets) | +| `Microsoft.KeyVault/vaults/secrets` | [2022-07-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.KeyVault/vaults/secrets) | ## Parameters @@ -23,7 +23,7 @@ This module deploys a key vault secret. | Parameter Name | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the secret. | -| `value` | secureString | The value of the secret. NOTE: "value" will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets. | +| `value` | securestring | The value of the secret. NOTE: "value" will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets. | **Conditional parameters** @@ -38,7 +38,7 @@ This module deploys a key vault secret. | `attributesEnabled` | bool | `True` | Determines whether the object is enabled. | | `attributesExp` | int | `-1` | Expiry date in seconds since 1970-01-01T00:00:00Z. For security reasons, it is recommended to set an expiration date whenever possible. | | `attributesNbf` | int | `-1` | Not before date in seconds since 1970-01-01T00:00:00Z. | -| `contentType` | secureString | `''` | The content type of the secret. | +| `contentType` | securestring | `''` | The content type of the secret. | | `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | | `roleAssignments` | array | `[]` | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | `tags` | object | `{object}` | Resource tags. | diff --git a/modules/Microsoft.NetApp/netAppAccounts/readme.md b/modules/Microsoft.NetApp/netAppAccounts/readme.md index 31a60959dd..6fd17e6122 100644 --- a/modules/Microsoft.NetApp/netAppAccounts/readme.md +++ b/modules/Microsoft.NetApp/netAppAccounts/readme.md @@ -35,7 +35,7 @@ This template deploys Azure NetApp Files. | `capacityPools` | _[capacityPools](capacityPools/readme.md)_ array | `[]` | | Capacity pools to create. | | `dnsServers` | string | `''` | | Required if domainName is specified. Comma separated list of DNS server IP addresses (IPv4 only) required for the Active Directory (AD) domain join and SMB authentication operations to succeed. | | `domainJoinOU` | string | `''` | | Used only if domainName is specified. LDAP Path for the Organization Unit (OU) where SMB Server machine accounts will be created (i.e. 'OU=SecondLevel,OU=FirstLevel'). | -| `domainJoinPassword` | secureString | `''` | | Required if domainName is specified. Password of the user specified in domainJoinUser parameter. | +| `domainJoinPassword` | securestring | `''` | | Required if domainName is specified. Password of the user specified in domainJoinUser parameter. | | `domainJoinUser` | string | `''` | | Required if domainName is specified. Username of Active Directory domain administrator, with permissions to create SMB server machine account in the AD domain. | | `domainName` | string | `''` | | Fully Qualified Active Directory DNS Domain Name (e.g. 'contoso.com'). | | `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | diff --git a/modules/Microsoft.Network/privateDnsZones/readme.md b/modules/Microsoft.Network/privateDnsZones/readme.md index 018b9ca0e5..e9c4ce6b2c 100644 --- a/modules/Microsoft.Network/privateDnsZones/readme.md +++ b/modules/Microsoft.Network/privateDnsZones/readme.md @@ -208,17 +208,6 @@ module privateDnsZones './Microsoft.Network/privateDnsZones/deploy.bicep' = { ttl: 3600 } ] - aaaa: [ - { - aaaaRecords: [ - { - ipv6Address: '2001:0db8:85a3:0000:0000:8a2e:0370:7334' - } - ] - name: 'AAAA_2001_0db8_85a3_0000_0000_8a2e_0370_7334' - ttl: 3600 - } - ] cname: [ { cnameRecord: { @@ -364,6 +353,17 @@ module privateDnsZones './Microsoft.Network/privateDnsZones/deploy.bicep' = { virtualNetworkResourceId: '' } ] + aaaa: [ + { + name: 'AAAA_2001_0db8_85a3_0000_0000_8a2e_0370_7334' + ttl: 3600 + aaaaRecords: [ + { + ipv6Address: '2001:0db8:85a3:0000:0000:8a2e:0370:7334' + } + ] + } + ] } } ``` @@ -407,19 +407,6 @@ module privateDnsZones './Microsoft.Network/privateDnsZones/deploy.bicep' = { } ] }, - "aaaa": { - "value": [ - { - "aaaaRecords": [ - { - "ipv6Address": "2001:0db8:85a3:0000:0000:8a2e:0370:7334" - } - ], - "name": "AAAA_2001_0db8_85a3_0000_0000_8a2e_0370_7334", - "ttl": 3600 - } - ] - }, "cname": { "value": [ { @@ -584,6 +571,19 @@ module privateDnsZones './Microsoft.Network/privateDnsZones/deploy.bicep' = { "virtualNetworkResourceId": "" } ] + }, + "aaaa": { + "value": [ + { + "name": "AAAA_2001_0db8_85a3_0000_0000_8a2e_0370_7334", + "ttl": 3600, + "aaaaRecords": [ + { + "ipv6Address": "2001:0db8:85a3:0000:0000:8a2e:0370:7334" + } + ] + } + ] } } } diff --git a/modules/Microsoft.Network/virtualNetworkGateways/readme.md b/modules/Microsoft.Network/virtualNetworkGateways/readme.md index 0b8214bc89..720f918401 100644 --- a/modules/Microsoft.Network/virtualNetworkGateways/readme.md +++ b/modules/Microsoft.Network/virtualNetworkGateways/readme.md @@ -257,7 +257,7 @@ The following module usage examples are retrieved from the content of the files >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -

Example 1: Aadvpn

+

Example 1: Expressroute

@@ -265,48 +265,40 @@ The following module usage examples are retrieved from the content of the files ```bicep module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy.bicep' = { - name: '${uniqueString(deployment().name, location)}-test-nvngavpn' + name: '${uniqueString(deployment().name, location)}-test-nvger' params: { // Required parameters - name: '<>nvngavpn001' - virtualNetworkGatewaySku: 'VpnGw2AZ' - virtualNetworkGatewayType: 'Vpn' + name: '<>nvger001' + virtualNetworkGatewaySku: 'ErGw1AZ' + virtualNetworkGatewayType: 'ExpressRoute' vNetResourceId: '' // Non-required parameters - activeActive: false diagnosticEventHubAuthorizationRuleId: '' diagnosticEventHubName: '' + diagnosticLogsRetentionInDays: 7 diagnosticStorageAccountId: '' diagnosticWorkspaceId: '' domainNameLabel: [ - '<>-dm-nvngavpn' + '<>-dm-nvger' ] enableDefaultTelemetry: '' - lock: 'CanNotDelete' - publicIpZones: [ - '1' - ] + gatewayPipName: '<>-pip-nvger' roleAssignments: [ { principalIds: [ '' ] - principalType: 'ServicePrincipal' roleDefinitionIdOrName: 'Reader' } ] - vpnClientAadConfiguration: { - aadAudience: '41b23e61-6c1e-4545-b367-cd054e0ed4b4' - aadIssuer: '' - aadTenant: '' - vpnAuthenticationTypes: [ - 'AAD' - ] - vpnClientProtocols: [ - 'OpenVPN' - ] + tags: { + Contact: 'test.user@testcompany.com' + CostCenter: '' + Environment: 'Validation' + PurchaseOrder: '' + Role: 'DeploymentValidation' + ServiceName: 'DeploymentValidation' } - vpnType: 'RouteBased' } } ``` @@ -325,27 +317,27 @@ module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy "parameters": { // Required parameters "name": { - "value": "<>nvngavpn001" + "value": "<>nvger001" }, "virtualNetworkGatewaySku": { - "value": "VpnGw2AZ" + "value": "ErGw1AZ" }, "virtualNetworkGatewayType": { - "value": "Vpn" + "value": "ExpressRoute" }, "vNetResourceId": { "value": "" }, // Non-required parameters - "activeActive": { - "value": false - }, "diagnosticEventHubAuthorizationRuleId": { "value": "" }, "diagnosticEventHubName": { "value": "" }, + "diagnosticLogsRetentionInDays": { + "value": 7 + }, "diagnosticStorageAccountId": { "value": "" }, @@ -354,19 +346,14 @@ module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy }, "domainNameLabel": { "value": [ - "<>-dm-nvngavpn" + "<>-dm-nvger" ] }, "enableDefaultTelemetry": { "value": "" }, - "lock": { - "value": "CanNotDelete" - }, - "publicIpZones": { - "value": [ - "1" - ] + "gatewayPipName": { + "value": "<>-pip-nvger" }, "roleAssignments": { "value": [ @@ -374,26 +361,19 @@ module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy "principalIds": [ "" ], - "principalType": "ServicePrincipal", "roleDefinitionIdOrName": "Reader" } ] }, - "vpnClientAadConfiguration": { + "tags": { "value": { - "aadAudience": "41b23e61-6c1e-4545-b367-cd054e0ed4b4", - "aadIssuer": "", - "aadTenant": "", - "vpnAuthenticationTypes": [ - "AAD" - ], - "vpnClientProtocols": [ - "OpenVPN" - ] + "Contact": "test.user@testcompany.com", + "CostCenter": "", + "Environment": "Validation", + "PurchaseOrder": "", + "Role": "DeploymentValidation", + "ServiceName": "DeploymentValidation" } - }, - "vpnType": { - "value": "RouteBased" } } } @@ -402,7 +382,7 @@ module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy

-

Example 2: Expressroute

+

Example 2: Vpn

@@ -410,24 +390,28 @@ module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy ```bicep module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy.bicep' = { - name: '${uniqueString(deployment().name, location)}-test-nvger' + name: '${uniqueString(deployment().name, location)}-test-nvgvpn' params: { // Required parameters - name: '<>nvger001' - virtualNetworkGatewaySku: 'ErGw1AZ' - virtualNetworkGatewayType: 'ExpressRoute' + name: '<>nvgvpn001' + virtualNetworkGatewaySku: 'VpnGw1AZ' + virtualNetworkGatewayType: 'Vpn' vNetResourceId: '' // Non-required parameters + activeActive: true diagnosticEventHubAuthorizationRuleId: '' diagnosticEventHubName: '' diagnosticLogsRetentionInDays: 7 diagnosticStorageAccountId: '' diagnosticWorkspaceId: '' domainNameLabel: [ - '<>-dm-nvger' + '<>-dm-nvgvpn' ] enableDefaultTelemetry: '' - gatewayPipName: '<>-pip-nvger' + lock: 'CanNotDelete' + publicIpZones: [ + '1' + ] roleAssignments: [ { principalIds: [ @@ -436,14 +420,7 @@ module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy roleDefinitionIdOrName: 'Reader' } ] - tags: { - Contact: 'test.user@testcompany.com' - CostCenter: '' - Environment: 'Validation' - PurchaseOrder: '' - Role: 'DeploymentValidation' - ServiceName: 'DeploymentValidation' - } + vpnType: 'RouteBased' } } ``` @@ -462,18 +439,21 @@ module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy "parameters": { // Required parameters "name": { - "value": "<>nvger001" + "value": "<>nvgvpn001" }, "virtualNetworkGatewaySku": { - "value": "ErGw1AZ" + "value": "VpnGw1AZ" }, "virtualNetworkGatewayType": { - "value": "ExpressRoute" + "value": "Vpn" }, "vNetResourceId": { "value": "" }, // Non-required parameters + "activeActive": { + "value": true + }, "diagnosticEventHubAuthorizationRuleId": { "value": "" }, @@ -491,14 +471,19 @@ module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy }, "domainNameLabel": { "value": [ - "<>-dm-nvger" + "<>-dm-nvgvpn" ] }, "enableDefaultTelemetry": { "value": "" }, - "gatewayPipName": { - "value": "<>-pip-nvger" + "lock": { + "value": "CanNotDelete" + }, + "publicIpZones": { + "value": [ + "1" + ] }, "roleAssignments": { "value": [ @@ -510,15 +495,8 @@ module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy } ] }, - "tags": { - "value": { - "Contact": "test.user@testcompany.com", - "CostCenter": "", - "Environment": "Validation", - "PurchaseOrder": "", - "Role": "DeploymentValidation", - "ServiceName": "DeploymentValidation" - } + "vpnType": { + "value": "RouteBased" } } } @@ -527,7 +505,7 @@ module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy

-

Example 3: Vpn

+

Example 3: Aadvpn

@@ -535,22 +513,21 @@ module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy ```bicep module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy.bicep' = { - name: '${uniqueString(deployment().name, location)}-test-nvgvpn' + name: '${uniqueString(deployment().name, location)}-test-nvngavpn' params: { // Required parameters - name: '<>nvgvpn001' - virtualNetworkGatewaySku: 'VpnGw1AZ' + name: '<>nvngavpn001' + virtualNetworkGatewaySku: 'VpnGw2AZ' virtualNetworkGatewayType: 'Vpn' vNetResourceId: '' // Non-required parameters - activeActive: true + activeActive: false diagnosticEventHubAuthorizationRuleId: '' diagnosticEventHubName: '' - diagnosticLogsRetentionInDays: 7 diagnosticStorageAccountId: '' diagnosticWorkspaceId: '' domainNameLabel: [ - '<>-dm-nvgvpn' + '<>-dm-nvngavpn' ] enableDefaultTelemetry: '' lock: 'CanNotDelete' @@ -562,9 +539,21 @@ module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy principalIds: [ '' ] + principalType: 'ServicePrincipal' roleDefinitionIdOrName: 'Reader' } ] + vpnClientAadConfiguration: { + vpnAuthenticationTypes: [ + 'AAD' + ] + vpnClientProtocols: [ + 'OpenVPN' + ] + aadAudience: '41b23e61-6c1e-4545-b367-cd054e0ed4b4' + aadIssuer: '' + aadTenant: '' + } vpnType: 'RouteBased' } } @@ -584,10 +573,10 @@ module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy "parameters": { // Required parameters "name": { - "value": "<>nvgvpn001" + "value": "<>nvngavpn001" }, "virtualNetworkGatewaySku": { - "value": "VpnGw1AZ" + "value": "VpnGw2AZ" }, "virtualNetworkGatewayType": { "value": "Vpn" @@ -597,7 +586,7 @@ module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy }, // Non-required parameters "activeActive": { - "value": true + "value": false }, "diagnosticEventHubAuthorizationRuleId": { "value": "" @@ -605,9 +594,6 @@ module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy "diagnosticEventHubName": { "value": "" }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, "diagnosticStorageAccountId": { "value": "" }, @@ -616,7 +602,7 @@ module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy }, "domainNameLabel": { "value": [ - "<>-dm-nvgvpn" + "<>-dm-nvngavpn" ] }, "enableDefaultTelemetry": { @@ -636,10 +622,24 @@ module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy "principalIds": [ "" ], + "principalType": "ServicePrincipal", "roleDefinitionIdOrName": "Reader" } ] }, + "vpnClientAadConfiguration": { + "value": { + "vpnAuthenticationTypes": [ + "AAD" + ], + "vpnClientProtocols": [ + "OpenVPN" + ], + "aadAudience": "41b23e61-6c1e-4545-b367-cd054e0ed4b4", + "aadIssuer": "", + "aadTenant": "" + } + }, "vpnType": { "value": "RouteBased" } diff --git a/modules/Microsoft.SignalRService/signalR/readme.md b/modules/Microsoft.SignalRService/signalR/readme.md index 1ca0d57fac..5e25fbba43 100644 --- a/modules/Microsoft.SignalRService/signalR/readme.md +++ b/modules/Microsoft.SignalRService/signalR/readme.md @@ -292,8 +292,8 @@ module signalR './Microsoft.SignalRService/signalR/deploy.bicep' = { // Non-required parameters capacity: 2 clientCertEnabled: false - disableAadAuth: false disableLocalAuth: true + disableAadAuth: false enableDefaultTelemetry: '' kind: 'SignalR' location: '' @@ -371,12 +371,12 @@ module signalR './Microsoft.SignalRService/signalR/deploy.bicep' = { "clientCertEnabled": { "value": false }, - "disableAadAuth": { - "value": false - }, "disableLocalAuth": { "value": true }, + "disableAadAuth": { + "value": false + }, "enableDefaultTelemetry": { "value": "" }, diff --git a/modules/Microsoft.SignalRService/webPubSub/readme.md b/modules/Microsoft.SignalRService/webPubSub/readme.md index 912f90f503..9ebaf06c25 100644 --- a/modules/Microsoft.SignalRService/webPubSub/readme.md +++ b/modules/Microsoft.SignalRService/webPubSub/readme.md @@ -398,8 +398,8 @@ module webPubSub './Microsoft.SignalRService/webPubSub/deploy.bicep' = { // Non-required parameters capacity: 2 clientCertEnabled: false - disableAadAuth: false disableLocalAuth: true + disableAadAuth: false enableDefaultTelemetry: '' location: '' lock: 'CanNotDelete' @@ -477,12 +477,12 @@ module webPubSub './Microsoft.SignalRService/webPubSub/deploy.bicep' = { "clientCertEnabled": { "value": false }, - "disableAadAuth": { - "value": false - }, "disableLocalAuth": { "value": true }, + "disableAadAuth": { + "value": false + }, "enableDefaultTelemetry": { "value": "" }, diff --git a/modules/Microsoft.Sql/managedInstances/readme.md b/modules/Microsoft.Sql/managedInstances/readme.md index a8b02fed4f..6ae4ad196d 100644 --- a/modules/Microsoft.Sql/managedInstances/readme.md +++ b/modules/Microsoft.Sql/managedInstances/readme.md @@ -46,7 +46,7 @@ SQL MI allows for Azure AD Authentication via an [Azure AD Admin](https://docs.m | Parameter Name | Type | Description | | :-- | :-- | :-- | | `administratorLogin` | string | The username used to establish jumpbox VMs. | -| `administratorLoginPassword` | secureString | The password given to the admin user. | +| `administratorLoginPassword` | securestring | The password given to the admin user. | | `name` | string | The name of the SQL managed instance. | | `subnetId` | string | The fully qualified resource ID of the subnet on which the SQL managed instance will be placed. | diff --git a/modules/Microsoft.Sql/servers/readme.md b/modules/Microsoft.Sql/servers/readme.md index 3c6d44eb91..00ffa526f4 100644 --- a/modules/Microsoft.Sql/servers/readme.md +++ b/modules/Microsoft.Sql/servers/readme.md @@ -41,7 +41,7 @@ This module deploys a SQL server. | Parameter Name | Type | Default Value | Description | | :-- | :-- | :-- | :-- | | `administratorLogin` | string | `''` | The administrator username for the server. Required if no `administrators` object for AAD authentication is provided. | -| `administratorLoginPassword` | secureString | `''` | The administrator login password. Required if no `administrators` object for AAD authentication is provided. | +| `administratorLoginPassword` | securestring | `''` | The administrator login password. Required if no `administrators` object for AAD authentication is provided. | | `administrators` | object | `{object}` | The Azure Active Directory (AAD) administrator authentication. Required if no `administratorLogin` & `administratorLoginPassword` is provided. | | `primaryUserAssignedIdentityId` | string | `''` | The resource ID of a user assigned identity to be used by default. Required if "userAssignedIdentities" is not empty. | diff --git a/modules/Microsoft.Sql/servers/securityAlertPolicies/readme.md b/modules/Microsoft.Sql/servers/securityAlertPolicies/readme.md index ab8202d989..33426b8907 100644 --- a/modules/Microsoft.Sql/servers/securityAlertPolicies/readme.md +++ b/modules/Microsoft.Sql/servers/securityAlertPolicies/readme.md @@ -39,7 +39,7 @@ This module deploys an SQL Server Security Alert Policy. | `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | | `retentionDays` | int | `0` | | Specifies the number of days to keep in the Threat Detection audit logs. | | `state` | string | `'Disabled'` | `[Disabled, Enabled]` | Specifies the state of the policy, whether it is enabled or disabled or a policy has not been applied yet on the specific database. | -| `storageAccountAccessKey` | secureString | `''` | | Specifies the identifier key of the Threat Detection audit storage account.. | +| `storageAccountAccessKey` | securestring | `''` | | Specifies the identifier key of the Threat Detection audit storage account.. | | `storageEndpoint` | string | `''` | | Specifies the blob storage endpoint. This blob storage will hold all Threat Detection audit logs. | diff --git a/modules/Microsoft.Web/staticSites/readme.md b/modules/Microsoft.Web/staticSites/readme.md index d3a8475ce8..bf2d6cb7ac 100644 --- a/modules/Microsoft.Web/staticSites/readme.md +++ b/modules/Microsoft.Web/staticSites/readme.md @@ -48,7 +48,7 @@ This module deploys a Static Web App. | `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | | `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Note, requires the 'sku' to be 'Standard'. | | `provider` | string | `'None'` | | The provider that submitted the last deployment to the primary environment of the static site. | -| `repositoryToken` | secureString | `''` | | The Personal Access Token for accessing the GitHub repository. | +| `repositoryToken` | securestring | `''` | | The Personal Access Token for accessing the GitHub repository. | | `repositoryUrl` | string | `''` | | The name of the GitHub repository. | | `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | `sku` | string | `'Free'` | `[Free, Standard]` | Type of static site to deploy. | From cd5f70513cd4caa8ab583a76e08ae5d49b1c7ebc Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Mon, 6 Feb 2023 09:59:13 +0100 Subject: [PATCH 10/18] add examples in readme if tests exist --- utilities/tools/Set-ModuleReadMe.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utilities/tools/Set-ModuleReadMe.ps1 b/utilities/tools/Set-ModuleReadMe.ps1 index 35c0e90786..1703845279 100644 --- a/utilities/tools/Set-ModuleReadMe.ps1 +++ b/utilities/tools/Set-ModuleReadMe.ps1 @@ -1566,8 +1566,8 @@ function Set-ModuleReadMe { $readMeFileContent = Set-CrossReferencesSection @inputObject } - $isTopLevelModule = $fullModuleIdentifier.Split('/').Count -eq 2 # / - if ($SectionsToRefresh -contains 'Deployment examples' -and $isTopLevelModule) { + $hasTests = Get-ChildItem -Path (Join-Path -Path $moduleRoot -ChildPath '.test') -Recurse -Filter 'deploy.test.bicep' + if ($SectionsToRefresh -contains 'Deployment examples' -and $hasTests) { # Handle [Deployment examples] section # =================================== $inputObject = @{ From d98aac948631414dc35b29b4a270c3642a8f93b3 Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Mon, 6 Feb 2023 11:23:38 +0100 Subject: [PATCH 11/18] refreshed all readmes --- modules/Microsoft.KeyVault/vaults/keys/readme.md | 2 +- modules/Microsoft.KeyVault/vaults/secrets/readme.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/Microsoft.KeyVault/vaults/keys/readme.md b/modules/Microsoft.KeyVault/vaults/keys/readme.md index 880ef0864e..d81da3a45a 100644 --- a/modules/Microsoft.KeyVault/vaults/keys/readme.md +++ b/modules/Microsoft.KeyVault/vaults/keys/readme.md @@ -14,7 +14,7 @@ This module deploys a key vault key. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | -| `Microsoft.KeyVault/vaults/keys` | [2022-07-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.KeyVault/vaults/keys) | +| `Microsoft.KeyVault/vaults/keys` | [2022-07-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.KeyVault/2022-07-01/vaults/keys) | ## Parameters diff --git a/modules/Microsoft.KeyVault/vaults/secrets/readme.md b/modules/Microsoft.KeyVault/vaults/secrets/readme.md index aa412b923e..0f910c6020 100644 --- a/modules/Microsoft.KeyVault/vaults/secrets/readme.md +++ b/modules/Microsoft.KeyVault/vaults/secrets/readme.md @@ -14,7 +14,7 @@ This module deploys a key vault secret. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | -| `Microsoft.KeyVault/vaults/secrets` | [2022-07-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.KeyVault/vaults/secrets) | +| `Microsoft.KeyVault/vaults/secrets` | [2022-07-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.KeyVault/2022-07-01/vaults/secrets) | ## Parameters From 385333511ca5dd9ce521fd7682200eddf48355e4 Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Mon, 6 Feb 2023 11:50:35 +0100 Subject: [PATCH 12/18] revert sort changes --- .../Microsoft.AAD/DomainServices/readme.md | 4 +- .../service/authorizationServers/readme.md | 4 +- .../service/identityProviders/readme.md | 2 +- .../virtualMachineScaleSets/readme.md | 6 +- .../virtualMachines/readme.md | 38 ++-- .../flexibleServers/readme.md | 2 +- .../labs/artifactSources/readme.md | 2 +- .../vaults/secrets/readme.md | 4 +- .../Microsoft.NetApp/netAppAccounts/readme.md | 2 +- .../privateDnsZones/readme.md | 48 ++--- .../virtualNetworkGateways/readme.md | 190 +++++++++--------- .../signalR/readme.md | 8 +- .../webPubSub/readme.md | 8 +- .../Microsoft.Sql/managedInstances/readme.md | 2 +- modules/Microsoft.Sql/servers/readme.md | 2 +- .../servers/securityAlertPolicies/readme.md | 2 +- modules/Microsoft.Web/staticSites/readme.md | 2 +- utilities/tools/Set-ModuleReadMe.ps1 | 12 +- 18 files changed, 169 insertions(+), 169 deletions(-) diff --git a/modules/Microsoft.AAD/DomainServices/readme.md b/modules/Microsoft.AAD/DomainServices/readme.md index 2d78a24a52..bddb5fb45b 100644 --- a/modules/Microsoft.AAD/DomainServices/readme.md +++ b/modules/Microsoft.AAD/DomainServices/readme.md @@ -32,8 +32,8 @@ This template deploys Azure Active Directory Domain Services (AADDS). | Parameter Name | Type | Default Value | Description | | :-- | :-- | :-- | :-- | -| `pfxCertificate` | securestring | `''` | The certificate required to configure Secure LDAP. Should be a base64encoded representation of the certificate PFX file. Required if secure LDAP is enabled and must be valid more than 30 days. | -| `pfxCertificatePassword` | securestring | `''` | The password to decrypt the provided Secure LDAP certificate PFX file. Required if secure LDAP is enabled. | +| `pfxCertificate` | secureString | `''` | The certificate required to configure Secure LDAP. Should be a base64encoded representation of the certificate PFX file. Required if secure LDAP is enabled and must be valid more than 30 days. | +| `pfxCertificatePassword` | secureString | `''` | The password to decrypt the provided Secure LDAP certificate PFX file. Required if secure LDAP is enabled. | **Optional parameters** diff --git a/modules/Microsoft.ApiManagement/service/authorizationServers/readme.md b/modules/Microsoft.ApiManagement/service/authorizationServers/readme.md index 363caafe8f..e92fdae8eb 100644 --- a/modules/Microsoft.ApiManagement/service/authorizationServers/readme.md +++ b/modules/Microsoft.ApiManagement/service/authorizationServers/readme.md @@ -28,8 +28,8 @@ The following resources are required to be able to deploy this resource. | Parameter Name | Type | Description | | :-- | :-- | :-- | | `authorizationEndpoint` | string | OAuth authorization endpoint. See . | -| `clientId` | securestring | Client or app ID registered with this authorization server. | -| `clientSecret` | securestring | Client or app secret registered with this authorization server. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value. | +| `clientId` | secureString | Client or app ID registered with this authorization server. | +| `clientSecret` | secureString | Client or app secret registered with this authorization server. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value. | | `grantTypes` | array | Form of an authorization grant, which the client uses to request the access token. - authorizationCode, implicit, resourceOwnerPassword, clientCredentials. | | `name` | string | Identifier of the authorization server. | diff --git a/modules/Microsoft.ApiManagement/service/identityProviders/readme.md b/modules/Microsoft.ApiManagement/service/identityProviders/readme.md index 2c462b84be..78569a5aec 100644 --- a/modules/Microsoft.ApiManagement/service/identityProviders/readme.md +++ b/modules/Microsoft.ApiManagement/service/identityProviders/readme.md @@ -29,7 +29,7 @@ This module deploys API Management Service Identity Provider. | :-- | :-- | :-- | :-- | | `apiManagementServiceName` | string | | The name of the parent API Management service. Required if the template is used in a standalone deployment. | | `identityProviderClientId` | string | `''` | Client ID of the Application in the external Identity Provider. Required if identity provider is used. | -| `identityProviderClientSecret` | securestring | `''` | Client secret of the Application in external Identity Provider, used to authenticate login request. Required if identity provider is used. | +| `identityProviderClientSecret` | secureString | `''` | Client secret of the Application in external Identity Provider, used to authenticate login request. Required if identity provider is used. | **Optional parameters** diff --git a/modules/Microsoft.Compute/virtualMachineScaleSets/readme.md b/modules/Microsoft.Compute/virtualMachineScaleSets/readme.md index 51e3959cb9..522e82f6a0 100644 --- a/modules/Microsoft.Compute/virtualMachineScaleSets/readme.md +++ b/modules/Microsoft.Compute/virtualMachineScaleSets/readme.md @@ -32,7 +32,7 @@ The following resources are required to be able to deploy this resource. | Parameter Name | Type | Allowed Values | Description | | :-- | :-- | :-- | :-- | -| `adminUsername` | securestring | | Administrator username. | +| `adminUsername` | secureString | | Administrator username. | | `imageReference` | object | | OS image reference. In case of marketplace images, it's the combination of the publisher, offer, sku, version attributes. In case of custom images it's the resource ID of the custom image. | | `name` | string | | Name of the VMSS. | | `nicConfigurations` | array | | Configures NICs and PIPs. | @@ -45,7 +45,7 @@ The following resources are required to be able to deploy this resource. | Parameter Name | Type | Default Value | Allowed Values | Description | | :-- | :-- | :-- | :-- | :-- | | `additionalUnattendContent` | array | `[]` | | Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. - AdditionalUnattendContent object. | -| `adminPassword` | securestring | `''` | | When specifying a Windows Virtual Machine, this value should be passed. | +| `adminPassword` | secureString | `''` | | When specifying a Windows Virtual Machine, this value should be passed. | | `automaticRepairsPolicyEnabled` | bool | `False` | | Specifies whether automatic repairs should be enabled on the virtual machine scale set. | | `availabilityZones` | array | `[]` | | The virtual machine scale set zones. NOTE: Availability zones can only be set when you create the scale set. | | `bootDiagnosticStorageAccountName` | string | `''` | | Storage account used to store boot diagnostic information. Boot diagnostics will be disabled if no value is provided. | @@ -71,7 +71,7 @@ The following resources are required to be able to deploy this resource. | `extensionCustomScriptConfig` | object | `{object}` | | The configuration for the [Custom Script] extension. Must at least contain the ["enabled": true] property to be executed. | | `extensionDependencyAgentConfig` | object | `{object}` | | The configuration for the [Dependency Agent] extension. Must at least contain the ["enabled": true] property to be executed. | | `extensionDomainJoinConfig` | object | `{object}` | | The configuration for the [Domain Join] extension. Must at least contain the ["enabled": true] property to be executed. | -| `extensionDomainJoinPassword` | securestring | `''` | | Required if name is specified. Password of the user specified in user parameter. | +| `extensionDomainJoinPassword` | secureString | `''` | | Required if name is specified. Password of the user specified in user parameter. | | `extensionDSCConfig` | object | `{object}` | | The configuration for the [Desired State Configuration] extension. Must at least contain the ["enabled": true] property to be executed. | | `extensionMonitoringAgentConfig` | object | `{object}` | | The configuration for the [Monitoring Agent] extension. Must at least contain the ["enabled": true] property to be executed. | | `extensionNetworkWatcherAgentConfig` | object | `{object}` | | The configuration for the [Network Watcher Agent] extension. Must at least contain the ["enabled": true] property to be executed. | diff --git a/modules/Microsoft.Compute/virtualMachines/readme.md b/modules/Microsoft.Compute/virtualMachines/readme.md index 6e4a1a902e..708b924375 100644 --- a/modules/Microsoft.Compute/virtualMachines/readme.md +++ b/modules/Microsoft.Compute/virtualMachines/readme.md @@ -31,7 +31,7 @@ This module deploys one Virtual Machine with one or multiple NICs and optionally | Parameter Name | Type | Default Value | Allowed Values | Description | | :-- | :-- | :-- | :-- | :-- | -| `adminUsername` | securestring | | | Administrator username. | +| `adminUsername` | secureString | | | Administrator username. | | `configurationProfile` | string | `''` | `['', /providers/Microsoft.Automanage/bestPractices/AzureBestPracticesDevTest, /providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction]` | The configuration profile of automanage. | | `imageReference` | object | | | OS image reference. In case of marketplace images, it's the combination of the publisher, offer, sku, version attributes. In case of custom images it's the resource ID of the custom image. | | `nicConfigurations` | array | | | Configures NICs and PIPs. | @@ -44,7 +44,7 @@ This module deploys one Virtual Machine with one or multiple NICs and optionally | Parameter Name | Type | Default Value | Allowed Values | Description | | :-- | :-- | :-- | :-- | :-- | | `additionalUnattendContent` | array | `[]` | | Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. - AdditionalUnattendContent object. | -| `adminPassword` | securestring | `''` | | When specifying a Windows Virtual Machine, this value should be passed. | +| `adminPassword` | secureString | `''` | | When specifying a Windows Virtual Machine, this value should be passed. | | `allowExtensionOperations` | bool | `True` | | Specifies whether extension operations should be allowed on the virtual machine. This may only be set to False when no extensions are present on the virtual machine. | | `availabilitySetResourceId` | string | `''` | | Resource ID of an availability set. Cannot be used in combination with availability zone nor scale set. | | `availabilityZone` | int | `0` | `[0, 1, 2, 3]` | If set to 1, 2 or 3, the availability zone for all VMs is hardcoded to that value. If zero, then availability zones is not used. Cannot be used in combination with availability set nor scale set. | @@ -75,7 +75,7 @@ This module deploys one Virtual Machine with one or multiple NICs and optionally | `extensionCustomScriptProtectedSetting` | secureObject | `{object}` | | Any object that contains the extension specific protected settings. | | `extensionDependencyAgentConfig` | object | `{object}` | | The configuration for the [Dependency Agent] extension. Must at least contain the ["enabled": true] property to be executed. | | `extensionDomainJoinConfig` | object | `{object}` | | The configuration for the [Domain Join] extension. Must at least contain the ["enabled": true] property to be executed. | -| `extensionDomainJoinPassword` | securestring | `''` | | Required if name is specified. Password of the user specified in user parameter. | +| `extensionDomainJoinPassword` | secureString | `''` | | Required if name is specified. Password of the user specified in user parameter. | | `extensionDSCConfig` | object | `{object}` | | The configuration for the [Desired State Configuration] extension. Must at least contain the ["enabled": true] property to be executed. | | `extensionMonitoringAgentConfig` | object | `{object}` | | The configuration for the [Monitoring Agent] extension. Must at least contain the ["enabled": true] property to be executed. | | `extensionNetworkWatcherAgentConfig` | object | `{object}` | | The configuration for the [Network Watcher Agent] extension. Must at least contain the ["enabled": true] property to be executed. | @@ -1143,6 +1143,9 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = { enableAutomaticUpdates: true enableDefaultTelemetry: '' encryptionAtHost: false + extensionAadJoinConfig: { + enabled: true + } extensionAzureDiskEncryptionConfig: { enabled: true settings: { @@ -1180,9 +1183,6 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = { extensionNetworkWatcherAgentConfig: { enabled: true } - extensionAadJoinConfig: { - enabled: true - } location: '' lock: 'CanNotDelete' monitoringWorkspaceId: '' @@ -1359,6 +1359,11 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = { "encryptionAtHost": { "value": false }, + "extensionAadJoinConfig": { + "value": { + "enabled": true + } + }, "extensionAzureDiskEncryptionConfig": { "value": { "enabled": true, @@ -1410,11 +1415,6 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = { "enabled": true } }, - "extensionAadJoinConfig": { - "value": { - "enabled": true - } - }, "location": { "value": "" }, @@ -1848,6 +1848,9 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = { enableAutomaticUpdates: true enableDefaultTelemetry: '' encryptionAtHost: false + extensionAadJoinConfig: { + enabled: true + } extensionAntiMalwareConfig: { enabled: true settings: { @@ -1903,9 +1906,6 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = { extensionNetworkWatcherAgentConfig: { enabled: true } - extensionAadJoinConfig: { - enabled: true - } location: '' lock: 'CanNotDelete' monitoringWorkspaceId: '' @@ -2077,6 +2077,11 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = { "encryptionAtHost": { "value": false }, + "extensionAadJoinConfig": { + "value": { + "enabled": true + } + }, "extensionAntiMalwareConfig": { "value": { "enabled": true, @@ -2148,11 +2153,6 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = { "enabled": true } }, - "extensionAadJoinConfig": { - "value": { - "enabled": true - } - }, "location": { "value": "" }, diff --git a/modules/Microsoft.DBforPostgreSQL/flexibleServers/readme.md b/modules/Microsoft.DBforPostgreSQL/flexibleServers/readme.md index eeef5163d3..23cc3b33e5 100644 --- a/modules/Microsoft.DBforPostgreSQL/flexibleServers/readme.md +++ b/modules/Microsoft.DBforPostgreSQL/flexibleServers/readme.md @@ -29,7 +29,7 @@ This module deploys DBforPostgreSQL FlexibleServers. | Parameter Name | Type | Allowed Values | Description | | :-- | :-- | :-- | :-- | | `administratorLogin` | string | | The administrator login name of a server. Can only be specified when the PostgreSQL server is being created. | -| `administratorLoginPassword` | securestring | | The administrator login password. | +| `administratorLoginPassword` | secureString | | The administrator login password. | | `name` | string | | The name of the PostgreSQL flexible server. | | `skuName` | string | | The name of the sku, typically, tier + family + cores, e.g. Standard_D4s_v3. | | `tier` | string | `[Burstable, GeneralPurpose, MemoryOptimized]` | The tier of the particular SKU. Tier must align with the "skuName" property. Example, tier cannot be "Burstable" if skuName is "Standard_D4s_v3". | diff --git a/modules/Microsoft.DevTestLab/labs/artifactSources/readme.md b/modules/Microsoft.DevTestLab/labs/artifactSources/readme.md index a1943dd255..f62129f177 100644 --- a/modules/Microsoft.DevTestLab/labs/artifactSources/readme.md +++ b/modules/Microsoft.DevTestLab/labs/artifactSources/readme.md @@ -41,7 +41,7 @@ An artifact source allows you to create custom artifacts for the VMs in the lab, | `branchRef` | string | `''` | | The artifact source's branch reference (e.g. main or master). | | `displayName` | string | `[parameters('name')]` | | The artifact source's display name. Default is the name of the artifact source. | | `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `securityToken` | securestring | `''` | | The security token to authenticate to the artifact source. | +| `securityToken` | secureString | `''` | | The security token to authenticate to the artifact source. | | `sourceType` | string | `''` | `['', GitHub, StorageAccount, VsoGit]` | The artifact source's type. | | `status` | string | `'Enabled'` | `[Disabled, Enabled]` | Indicates if the artifact source is enabled (values: Enabled, Disabled). Default is "Enabled". | | `tags` | object | `{object}` | | Tags of the resource. | diff --git a/modules/Microsoft.KeyVault/vaults/secrets/readme.md b/modules/Microsoft.KeyVault/vaults/secrets/readme.md index 0f910c6020..dbf60f730d 100644 --- a/modules/Microsoft.KeyVault/vaults/secrets/readme.md +++ b/modules/Microsoft.KeyVault/vaults/secrets/readme.md @@ -23,7 +23,7 @@ This module deploys a key vault secret. | Parameter Name | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the secret. | -| `value` | securestring | The value of the secret. NOTE: "value" will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets. | +| `value` | secureString | The value of the secret. NOTE: "value" will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets. | **Conditional parameters** @@ -38,7 +38,7 @@ This module deploys a key vault secret. | `attributesEnabled` | bool | `True` | Determines whether the object is enabled. | | `attributesExp` | int | `-1` | Expiry date in seconds since 1970-01-01T00:00:00Z. For security reasons, it is recommended to set an expiration date whenever possible. | | `attributesNbf` | int | `-1` | Not before date in seconds since 1970-01-01T00:00:00Z. | -| `contentType` | securestring | `''` | The content type of the secret. | +| `contentType` | secureString | `''` | The content type of the secret. | | `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | | `roleAssignments` | array | `[]` | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | `tags` | object | `{object}` | Resource tags. | diff --git a/modules/Microsoft.NetApp/netAppAccounts/readme.md b/modules/Microsoft.NetApp/netAppAccounts/readme.md index 6fd17e6122..31a60959dd 100644 --- a/modules/Microsoft.NetApp/netAppAccounts/readme.md +++ b/modules/Microsoft.NetApp/netAppAccounts/readme.md @@ -35,7 +35,7 @@ This template deploys Azure NetApp Files. | `capacityPools` | _[capacityPools](capacityPools/readme.md)_ array | `[]` | | Capacity pools to create. | | `dnsServers` | string | `''` | | Required if domainName is specified. Comma separated list of DNS server IP addresses (IPv4 only) required for the Active Directory (AD) domain join and SMB authentication operations to succeed. | | `domainJoinOU` | string | `''` | | Used only if domainName is specified. LDAP Path for the Organization Unit (OU) where SMB Server machine accounts will be created (i.e. 'OU=SecondLevel,OU=FirstLevel'). | -| `domainJoinPassword` | securestring | `''` | | Required if domainName is specified. Password of the user specified in domainJoinUser parameter. | +| `domainJoinPassword` | secureString | `''` | | Required if domainName is specified. Password of the user specified in domainJoinUser parameter. | | `domainJoinUser` | string | `''` | | Required if domainName is specified. Username of Active Directory domain administrator, with permissions to create SMB server machine account in the AD domain. | | `domainName` | string | `''` | | Fully Qualified Active Directory DNS Domain Name (e.g. 'contoso.com'). | | `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | diff --git a/modules/Microsoft.Network/privateDnsZones/readme.md b/modules/Microsoft.Network/privateDnsZones/readme.md index e9c4ce6b2c..018b9ca0e5 100644 --- a/modules/Microsoft.Network/privateDnsZones/readme.md +++ b/modules/Microsoft.Network/privateDnsZones/readme.md @@ -208,6 +208,17 @@ module privateDnsZones './Microsoft.Network/privateDnsZones/deploy.bicep' = { ttl: 3600 } ] + aaaa: [ + { + aaaaRecords: [ + { + ipv6Address: '2001:0db8:85a3:0000:0000:8a2e:0370:7334' + } + ] + name: 'AAAA_2001_0db8_85a3_0000_0000_8a2e_0370_7334' + ttl: 3600 + } + ] cname: [ { cnameRecord: { @@ -353,17 +364,6 @@ module privateDnsZones './Microsoft.Network/privateDnsZones/deploy.bicep' = { virtualNetworkResourceId: '' } ] - aaaa: [ - { - name: 'AAAA_2001_0db8_85a3_0000_0000_8a2e_0370_7334' - ttl: 3600 - aaaaRecords: [ - { - ipv6Address: '2001:0db8:85a3:0000:0000:8a2e:0370:7334' - } - ] - } - ] } } ``` @@ -407,6 +407,19 @@ module privateDnsZones './Microsoft.Network/privateDnsZones/deploy.bicep' = { } ] }, + "aaaa": { + "value": [ + { + "aaaaRecords": [ + { + "ipv6Address": "2001:0db8:85a3:0000:0000:8a2e:0370:7334" + } + ], + "name": "AAAA_2001_0db8_85a3_0000_0000_8a2e_0370_7334", + "ttl": 3600 + } + ] + }, "cname": { "value": [ { @@ -571,19 +584,6 @@ module privateDnsZones './Microsoft.Network/privateDnsZones/deploy.bicep' = { "virtualNetworkResourceId": "" } ] - }, - "aaaa": { - "value": [ - { - "name": "AAAA_2001_0db8_85a3_0000_0000_8a2e_0370_7334", - "ttl": 3600, - "aaaaRecords": [ - { - "ipv6Address": "2001:0db8:85a3:0000:0000:8a2e:0370:7334" - } - ] - } - ] } } } diff --git a/modules/Microsoft.Network/virtualNetworkGateways/readme.md b/modules/Microsoft.Network/virtualNetworkGateways/readme.md index 720f918401..0b8214bc89 100644 --- a/modules/Microsoft.Network/virtualNetworkGateways/readme.md +++ b/modules/Microsoft.Network/virtualNetworkGateways/readme.md @@ -257,7 +257,7 @@ The following module usage examples are retrieved from the content of the files >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -

Example 1: Expressroute

+

Example 1: Aadvpn

@@ -265,40 +265,48 @@ The following module usage examples are retrieved from the content of the files ```bicep module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy.bicep' = { - name: '${uniqueString(deployment().name, location)}-test-nvger' + name: '${uniqueString(deployment().name, location)}-test-nvngavpn' params: { // Required parameters - name: '<>nvger001' - virtualNetworkGatewaySku: 'ErGw1AZ' - virtualNetworkGatewayType: 'ExpressRoute' + name: '<>nvngavpn001' + virtualNetworkGatewaySku: 'VpnGw2AZ' + virtualNetworkGatewayType: 'Vpn' vNetResourceId: '' // Non-required parameters + activeActive: false diagnosticEventHubAuthorizationRuleId: '' diagnosticEventHubName: '' - diagnosticLogsRetentionInDays: 7 diagnosticStorageAccountId: '' diagnosticWorkspaceId: '' domainNameLabel: [ - '<>-dm-nvger' + '<>-dm-nvngavpn' ] enableDefaultTelemetry: '' - gatewayPipName: '<>-pip-nvger' + lock: 'CanNotDelete' + publicIpZones: [ + '1' + ] roleAssignments: [ { principalIds: [ '' ] + principalType: 'ServicePrincipal' roleDefinitionIdOrName: 'Reader' } ] - tags: { - Contact: 'test.user@testcompany.com' - CostCenter: '' - Environment: 'Validation' - PurchaseOrder: '' - Role: 'DeploymentValidation' - ServiceName: 'DeploymentValidation' + vpnClientAadConfiguration: { + aadAudience: '41b23e61-6c1e-4545-b367-cd054e0ed4b4' + aadIssuer: '' + aadTenant: '' + vpnAuthenticationTypes: [ + 'AAD' + ] + vpnClientProtocols: [ + 'OpenVPN' + ] } + vpnType: 'RouteBased' } } ``` @@ -317,27 +325,27 @@ module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy "parameters": { // Required parameters "name": { - "value": "<>nvger001" + "value": "<>nvngavpn001" }, "virtualNetworkGatewaySku": { - "value": "ErGw1AZ" + "value": "VpnGw2AZ" }, "virtualNetworkGatewayType": { - "value": "ExpressRoute" + "value": "Vpn" }, "vNetResourceId": { "value": "" }, // Non-required parameters + "activeActive": { + "value": false + }, "diagnosticEventHubAuthorizationRuleId": { "value": "" }, "diagnosticEventHubName": { "value": "" }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, "diagnosticStorageAccountId": { "value": "" }, @@ -346,14 +354,19 @@ module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy }, "domainNameLabel": { "value": [ - "<>-dm-nvger" + "<>-dm-nvngavpn" ] }, "enableDefaultTelemetry": { "value": "" }, - "gatewayPipName": { - "value": "<>-pip-nvger" + "lock": { + "value": "CanNotDelete" + }, + "publicIpZones": { + "value": [ + "1" + ] }, "roleAssignments": { "value": [ @@ -361,19 +374,26 @@ module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy "principalIds": [ "" ], + "principalType": "ServicePrincipal", "roleDefinitionIdOrName": "Reader" } ] }, - "tags": { + "vpnClientAadConfiguration": { "value": { - "Contact": "test.user@testcompany.com", - "CostCenter": "", - "Environment": "Validation", - "PurchaseOrder": "", - "Role": "DeploymentValidation", - "ServiceName": "DeploymentValidation" + "aadAudience": "41b23e61-6c1e-4545-b367-cd054e0ed4b4", + "aadIssuer": "", + "aadTenant": "", + "vpnAuthenticationTypes": [ + "AAD" + ], + "vpnClientProtocols": [ + "OpenVPN" + ] } + }, + "vpnType": { + "value": "RouteBased" } } } @@ -382,7 +402,7 @@ module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy

-

Example 2: Vpn

+

Example 2: Expressroute

@@ -390,28 +410,24 @@ module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy ```bicep module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy.bicep' = { - name: '${uniqueString(deployment().name, location)}-test-nvgvpn' + name: '${uniqueString(deployment().name, location)}-test-nvger' params: { // Required parameters - name: '<>nvgvpn001' - virtualNetworkGatewaySku: 'VpnGw1AZ' - virtualNetworkGatewayType: 'Vpn' + name: '<>nvger001' + virtualNetworkGatewaySku: 'ErGw1AZ' + virtualNetworkGatewayType: 'ExpressRoute' vNetResourceId: '' // Non-required parameters - activeActive: true diagnosticEventHubAuthorizationRuleId: '' diagnosticEventHubName: '' diagnosticLogsRetentionInDays: 7 diagnosticStorageAccountId: '' diagnosticWorkspaceId: '' domainNameLabel: [ - '<>-dm-nvgvpn' + '<>-dm-nvger' ] enableDefaultTelemetry: '' - lock: 'CanNotDelete' - publicIpZones: [ - '1' - ] + gatewayPipName: '<>-pip-nvger' roleAssignments: [ { principalIds: [ @@ -420,7 +436,14 @@ module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy roleDefinitionIdOrName: 'Reader' } ] - vpnType: 'RouteBased' + tags: { + Contact: 'test.user@testcompany.com' + CostCenter: '' + Environment: 'Validation' + PurchaseOrder: '' + Role: 'DeploymentValidation' + ServiceName: 'DeploymentValidation' + } } } ``` @@ -439,21 +462,18 @@ module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy "parameters": { // Required parameters "name": { - "value": "<>nvgvpn001" + "value": "<>nvger001" }, "virtualNetworkGatewaySku": { - "value": "VpnGw1AZ" + "value": "ErGw1AZ" }, "virtualNetworkGatewayType": { - "value": "Vpn" + "value": "ExpressRoute" }, "vNetResourceId": { "value": "" }, // Non-required parameters - "activeActive": { - "value": true - }, "diagnosticEventHubAuthorizationRuleId": { "value": "" }, @@ -471,19 +491,14 @@ module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy }, "domainNameLabel": { "value": [ - "<>-dm-nvgvpn" + "<>-dm-nvger" ] }, "enableDefaultTelemetry": { "value": "" }, - "lock": { - "value": "CanNotDelete" - }, - "publicIpZones": { - "value": [ - "1" - ] + "gatewayPipName": { + "value": "<>-pip-nvger" }, "roleAssignments": { "value": [ @@ -495,8 +510,15 @@ module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy } ] }, - "vpnType": { - "value": "RouteBased" + "tags": { + "value": { + "Contact": "test.user@testcompany.com", + "CostCenter": "", + "Environment": "Validation", + "PurchaseOrder": "", + "Role": "DeploymentValidation", + "ServiceName": "DeploymentValidation" + } } } } @@ -505,7 +527,7 @@ module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy

-

Example 3: Aadvpn

+

Example 3: Vpn

@@ -513,21 +535,22 @@ module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy ```bicep module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy.bicep' = { - name: '${uniqueString(deployment().name, location)}-test-nvngavpn' + name: '${uniqueString(deployment().name, location)}-test-nvgvpn' params: { // Required parameters - name: '<>nvngavpn001' - virtualNetworkGatewaySku: 'VpnGw2AZ' + name: '<>nvgvpn001' + virtualNetworkGatewaySku: 'VpnGw1AZ' virtualNetworkGatewayType: 'Vpn' vNetResourceId: '' // Non-required parameters - activeActive: false + activeActive: true diagnosticEventHubAuthorizationRuleId: '' diagnosticEventHubName: '' + diagnosticLogsRetentionInDays: 7 diagnosticStorageAccountId: '' diagnosticWorkspaceId: '' domainNameLabel: [ - '<>-dm-nvngavpn' + '<>-dm-nvgvpn' ] enableDefaultTelemetry: '' lock: 'CanNotDelete' @@ -539,21 +562,9 @@ module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy principalIds: [ '' ] - principalType: 'ServicePrincipal' roleDefinitionIdOrName: 'Reader' } ] - vpnClientAadConfiguration: { - vpnAuthenticationTypes: [ - 'AAD' - ] - vpnClientProtocols: [ - 'OpenVPN' - ] - aadAudience: '41b23e61-6c1e-4545-b367-cd054e0ed4b4' - aadIssuer: '' - aadTenant: '' - } vpnType: 'RouteBased' } } @@ -573,10 +584,10 @@ module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy "parameters": { // Required parameters "name": { - "value": "<>nvngavpn001" + "value": "<>nvgvpn001" }, "virtualNetworkGatewaySku": { - "value": "VpnGw2AZ" + "value": "VpnGw1AZ" }, "virtualNetworkGatewayType": { "value": "Vpn" @@ -586,7 +597,7 @@ module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy }, // Non-required parameters "activeActive": { - "value": false + "value": true }, "diagnosticEventHubAuthorizationRuleId": { "value": "" @@ -594,6 +605,9 @@ module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy "diagnosticEventHubName": { "value": "" }, + "diagnosticLogsRetentionInDays": { + "value": 7 + }, "diagnosticStorageAccountId": { "value": "" }, @@ -602,7 +616,7 @@ module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy }, "domainNameLabel": { "value": [ - "<>-dm-nvngavpn" + "<>-dm-nvgvpn" ] }, "enableDefaultTelemetry": { @@ -622,24 +636,10 @@ module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy "principalIds": [ "" ], - "principalType": "ServicePrincipal", "roleDefinitionIdOrName": "Reader" } ] }, - "vpnClientAadConfiguration": { - "value": { - "vpnAuthenticationTypes": [ - "AAD" - ], - "vpnClientProtocols": [ - "OpenVPN" - ], - "aadAudience": "41b23e61-6c1e-4545-b367-cd054e0ed4b4", - "aadIssuer": "", - "aadTenant": "" - } - }, "vpnType": { "value": "RouteBased" } diff --git a/modules/Microsoft.SignalRService/signalR/readme.md b/modules/Microsoft.SignalRService/signalR/readme.md index 5e25fbba43..1ca0d57fac 100644 --- a/modules/Microsoft.SignalRService/signalR/readme.md +++ b/modules/Microsoft.SignalRService/signalR/readme.md @@ -292,8 +292,8 @@ module signalR './Microsoft.SignalRService/signalR/deploy.bicep' = { // Non-required parameters capacity: 2 clientCertEnabled: false - disableLocalAuth: true disableAadAuth: false + disableLocalAuth: true enableDefaultTelemetry: '' kind: 'SignalR' location: '' @@ -371,12 +371,12 @@ module signalR './Microsoft.SignalRService/signalR/deploy.bicep' = { "clientCertEnabled": { "value": false }, - "disableLocalAuth": { - "value": true - }, "disableAadAuth": { "value": false }, + "disableLocalAuth": { + "value": true + }, "enableDefaultTelemetry": { "value": "" }, diff --git a/modules/Microsoft.SignalRService/webPubSub/readme.md b/modules/Microsoft.SignalRService/webPubSub/readme.md index 9ebaf06c25..912f90f503 100644 --- a/modules/Microsoft.SignalRService/webPubSub/readme.md +++ b/modules/Microsoft.SignalRService/webPubSub/readme.md @@ -398,8 +398,8 @@ module webPubSub './Microsoft.SignalRService/webPubSub/deploy.bicep' = { // Non-required parameters capacity: 2 clientCertEnabled: false - disableLocalAuth: true disableAadAuth: false + disableLocalAuth: true enableDefaultTelemetry: '' location: '' lock: 'CanNotDelete' @@ -477,12 +477,12 @@ module webPubSub './Microsoft.SignalRService/webPubSub/deploy.bicep' = { "clientCertEnabled": { "value": false }, - "disableLocalAuth": { - "value": true - }, "disableAadAuth": { "value": false }, + "disableLocalAuth": { + "value": true + }, "enableDefaultTelemetry": { "value": "" }, diff --git a/modules/Microsoft.Sql/managedInstances/readme.md b/modules/Microsoft.Sql/managedInstances/readme.md index 6ae4ad196d..a8b02fed4f 100644 --- a/modules/Microsoft.Sql/managedInstances/readme.md +++ b/modules/Microsoft.Sql/managedInstances/readme.md @@ -46,7 +46,7 @@ SQL MI allows for Azure AD Authentication via an [Azure AD Admin](https://docs.m | Parameter Name | Type | Description | | :-- | :-- | :-- | | `administratorLogin` | string | The username used to establish jumpbox VMs. | -| `administratorLoginPassword` | securestring | The password given to the admin user. | +| `administratorLoginPassword` | secureString | The password given to the admin user. | | `name` | string | The name of the SQL managed instance. | | `subnetId` | string | The fully qualified resource ID of the subnet on which the SQL managed instance will be placed. | diff --git a/modules/Microsoft.Sql/servers/readme.md b/modules/Microsoft.Sql/servers/readme.md index 00ffa526f4..3c6d44eb91 100644 --- a/modules/Microsoft.Sql/servers/readme.md +++ b/modules/Microsoft.Sql/servers/readme.md @@ -41,7 +41,7 @@ This module deploys a SQL server. | Parameter Name | Type | Default Value | Description | | :-- | :-- | :-- | :-- | | `administratorLogin` | string | `''` | The administrator username for the server. Required if no `administrators` object for AAD authentication is provided. | -| `administratorLoginPassword` | securestring | `''` | The administrator login password. Required if no `administrators` object for AAD authentication is provided. | +| `administratorLoginPassword` | secureString | `''` | The administrator login password. Required if no `administrators` object for AAD authentication is provided. | | `administrators` | object | `{object}` | The Azure Active Directory (AAD) administrator authentication. Required if no `administratorLogin` & `administratorLoginPassword` is provided. | | `primaryUserAssignedIdentityId` | string | `''` | The resource ID of a user assigned identity to be used by default. Required if "userAssignedIdentities" is not empty. | diff --git a/modules/Microsoft.Sql/servers/securityAlertPolicies/readme.md b/modules/Microsoft.Sql/servers/securityAlertPolicies/readme.md index 33426b8907..ab8202d989 100644 --- a/modules/Microsoft.Sql/servers/securityAlertPolicies/readme.md +++ b/modules/Microsoft.Sql/servers/securityAlertPolicies/readme.md @@ -39,7 +39,7 @@ This module deploys an SQL Server Security Alert Policy. | `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | | `retentionDays` | int | `0` | | Specifies the number of days to keep in the Threat Detection audit logs. | | `state` | string | `'Disabled'` | `[Disabled, Enabled]` | Specifies the state of the policy, whether it is enabled or disabled or a policy has not been applied yet on the specific database. | -| `storageAccountAccessKey` | securestring | `''` | | Specifies the identifier key of the Threat Detection audit storage account.. | +| `storageAccountAccessKey` | secureString | `''` | | Specifies the identifier key of the Threat Detection audit storage account.. | | `storageEndpoint` | string | `''` | | Specifies the blob storage endpoint. This blob storage will hold all Threat Detection audit logs. | diff --git a/modules/Microsoft.Web/staticSites/readme.md b/modules/Microsoft.Web/staticSites/readme.md index bf2d6cb7ac..d3a8475ce8 100644 --- a/modules/Microsoft.Web/staticSites/readme.md +++ b/modules/Microsoft.Web/staticSites/readme.md @@ -48,7 +48,7 @@ This module deploys a Static Web App. | `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | | `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Note, requires the 'sku' to be 'Standard'. | | `provider` | string | `'None'` | | The provider that submitted the last deployment to the primary environment of the static site. | -| `repositoryToken` | securestring | `''` | | The Personal Access Token for accessing the GitHub repository. | +| `repositoryToken` | secureString | `''` | | The Personal Access Token for accessing the GitHub repository. | | `repositoryUrl` | string | `''` | | The name of the GitHub repository. | | `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | `sku` | string | `'Free'` | `[Free, Standard]` | Type of static site to deploy. | diff --git a/utilities/tools/Set-ModuleReadMe.ps1 b/utilities/tools/Set-ModuleReadMe.ps1 index 1703845279..5739f228f0 100644 --- a/utilities/tools/Set-ModuleReadMe.ps1 +++ b/utilities/tools/Set-ModuleReadMe.ps1 @@ -192,9 +192,9 @@ function Set-ParametersSection { } # Add external single quotes to all default values of type string except for those using functions - $defaultValue = ($parameter.defaultValue -is [array]) ? ('[{0}]' -f (($parameter.defaultValue | Sort-Object -Culture 'en-US') -join ', ')) : (($parameter.defaultValue -is [hashtable]) ? '{object}' : (($parameter.defaultValue -is [string]) -and ($parameter.defaultValue -notmatch '\[\w+\(.*\).*\]') ? '''' + $parameter.defaultValue + '''' : $parameter.defaultValue)) + $defaultValue = ($parameter.defaultValue -is [array]) ? ('[{0}]' -f (($parameter.defaultValue | Sort-Object) -join ', ')) : (($parameter.defaultValue -is [hashtable]) ? '{object}' : (($parameter.defaultValue -is [string]) -and ($parameter.defaultValue -notmatch '\[\w+\(.*\).*\]') ? '''' + $parameter.defaultValue + '''' : $parameter.defaultValue)) $description = $parameter.metadata.description.Replace("`r`n", '

').Replace("`n", '

') - $allowedValue = ($parameter.allowedValues -is [array]) ? ('[{0}]' -f (($parameter.allowedValues | Sort-Object -Culture 'en-US') -join ', ')) : (($parameter.allowedValues -is [hashtable]) ? '{object}' : $parameter.allowedValues) + $allowedValue = ($parameter.allowedValues -is [array]) ? ('[{0}]' -f (($parameter.allowedValues | Sort-Object) -join ', ')) : (($parameter.allowedValues -is [hashtable]) ? '{object}' : $parameter.allowedValues) # Further, replace all "empty string" default values with actual visible quotes if ([regex]::Match($allowedValue, '^(\[\s*,.+)|(\[.+,\s*,)|(.+,\s*\])$').Captures.Count -gt 0) { $allowedValue = $allowedValue -replace '\[\s*,', "[''," -replace ',\s*,', ", ''," -replace ',\s*\]', ", '']" @@ -367,13 +367,13 @@ function Set-CrossReferencesSection { $dependencies = (Get-CrossReferencedModuleList)[$FullModuleIdentifier] if ($dependencies.Keys -contains 'localPathReferences' -and $dependencies['localPathReferences']) { - foreach ($reference in ($dependencies['localPathReferences'] | Sort-Object -Culture 'en-US')) { + foreach ($reference in ($dependencies['localPathReferences'] | Sort-Object)) { $SectionContent += ("| ``{0}`` | {1} |" -f $reference, 'Local reference') } } if ($dependencies.Keys -contains 'remoteReferences' -and $dependencies['remoteReferences']) { - foreach ($reference in ($dependencies['remoteReferences'] | Sort-Object -Culture 'en-US')) { + foreach ($reference in ($dependencies['remoteReferences'] | Sort-Object)) { $SectionContent += ("| ``{0}`` | {1} |" -f $reference, 'Remote reference') } } @@ -938,7 +938,7 @@ function Set-DeploymentExamplesSection { $testFilePaths = Get-ModuleTestFileList -ModulePath $moduleRoot | ForEach-Object { Join-Path $moduleRoot $_ } - $RequiredParametersList = $TemplateFileContent.parameters.Keys | Where-Object { $TemplateFileContent.parameters[$_].Keys -notcontains 'defaultValue' } | Sort-Object -Culture 'en-US' + $RequiredParametersList = $TemplateFileContent.parameters.Keys | Where-Object { $TemplateFileContent.parameters[$_].Keys -notcontains 'defaultValue' } | Sort-Object ############################ ## Process test files ## @@ -1204,7 +1204,7 @@ function Set-DeploymentExamplesSection { # Also, add a link to the corresponding Key Vault 'resource' to each identified Key Vault secret reference $extendedKeyVaultReferences = @() $counter = 0 - foreach ($reference in ($keyVaultReferenceData | Sort-Object -Property 'vaultName' -Unique -Culture 'en-US')) { + foreach ($reference in ($keyVaultReferenceData | Sort-Object -Property 'vaultName' -Unique)) { $counter++ $extendedKeyVaultReferences += @( "resource kv$counter 'Microsoft.KeyVault/vaults@2019-09-01' existing = {", From fab68515290b2b8efd8f2a9d72c22faca4d26cc1 Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Mon, 6 Feb 2023 11:53:53 +0100 Subject: [PATCH 13/18] revert diskEncrtyption --- modules/Microsoft.Compute/diskEncryptionSets/deploy.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Microsoft.Compute/diskEncryptionSets/deploy.bicep b/modules/Microsoft.Compute/diskEncryptionSets/deploy.bicep index 556dcb25f0..57b274b78d 100644 --- a/modules/Microsoft.Compute/diskEncryptionSets/deploy.bicep +++ b/modules/Microsoft.Compute/diskEncryptionSets/deploy.bicep @@ -133,7 +133,7 @@ output resourceGroupName string = resourceGroup().name output systemAssignedPrincipalId string = diskEncryptionSet.identity.principalId @description('The name of the key vault with the disk encryption key.') -output keyVaultName string = any(last(split(keyVaultResourceId, '/'))) +output keyVaultName string = last(split(keyVaultResourceId, '/')) @description('The location the resource was deployed into.') output location string = diskEncryptionSet.location From 0b0465bfb1d0606f6c993d6512dcfc94dfeece0b Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Mon, 6 Feb 2023 12:17:14 +0100 Subject: [PATCH 14/18] refresh --- modules/Microsoft.Compute/diskEncryptionSets/deploy.bicep | 2 +- utilities/tools/Set-ModuleReadMe.ps1 | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/Microsoft.Compute/diskEncryptionSets/deploy.bicep b/modules/Microsoft.Compute/diskEncryptionSets/deploy.bicep index 57b274b78d..556dcb25f0 100644 --- a/modules/Microsoft.Compute/diskEncryptionSets/deploy.bicep +++ b/modules/Microsoft.Compute/diskEncryptionSets/deploy.bicep @@ -133,7 +133,7 @@ output resourceGroupName string = resourceGroup().name output systemAssignedPrincipalId string = diskEncryptionSet.identity.principalId @description('The name of the key vault with the disk encryption key.') -output keyVaultName string = last(split(keyVaultResourceId, '/')) +output keyVaultName string = any(last(split(keyVaultResourceId, '/'))) @description('The location the resource was deployed into.') output location string = diskEncryptionSet.location diff --git a/utilities/tools/Set-ModuleReadMe.ps1 b/utilities/tools/Set-ModuleReadMe.ps1 index 5739f228f0..fcf4384711 100644 --- a/utilities/tools/Set-ModuleReadMe.ps1 +++ b/utilities/tools/Set-ModuleReadMe.ps1 @@ -1566,8 +1566,8 @@ function Set-ModuleReadMe { $readMeFileContent = Set-CrossReferencesSection @inputObject } - $hasTests = Get-ChildItem -Path (Join-Path -Path $moduleRoot -ChildPath '.test') -Recurse -Filter 'deploy.test.bicep' - if ($SectionsToRefresh -contains 'Deployment examples' -and $hasTests) { + $isTopLevelModule = $fullModuleIdentifier.Split('/').Count -eq 2 # / + if ($SectionsToRefresh -contains 'Deployment examples' -and $isTopLevelModule) { # Handle [Deployment examples] section # =================================== $inputObject = @{ From 140b02735ac2610fef2febbdfd3737635e98fa35 Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Mon, 6 Feb 2023 12:40:01 +0100 Subject: [PATCH 15/18] readded new condition --- utilities/tools/Set-ModuleReadMe.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utilities/tools/Set-ModuleReadMe.ps1 b/utilities/tools/Set-ModuleReadMe.ps1 index fcf4384711..5739f228f0 100644 --- a/utilities/tools/Set-ModuleReadMe.ps1 +++ b/utilities/tools/Set-ModuleReadMe.ps1 @@ -1566,8 +1566,8 @@ function Set-ModuleReadMe { $readMeFileContent = Set-CrossReferencesSection @inputObject } - $isTopLevelModule = $fullModuleIdentifier.Split('/').Count -eq 2 # / - if ($SectionsToRefresh -contains 'Deployment examples' -and $isTopLevelModule) { + $hasTests = Get-ChildItem -Path (Join-Path -Path $moduleRoot -ChildPath '.test') -Recurse -Filter 'deploy.test.bicep' + if ($SectionsToRefresh -contains 'Deployment examples' -and $hasTests) { # Handle [Deployment examples] section # =================================== $inputObject = @{ From 9d2885f68d63c4c141810ee796394a635e516668 Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Mon, 6 Feb 2023 12:51:55 +0100 Subject: [PATCH 16/18] revert as its only a local issue --- modules/Microsoft.Compute/diskEncryptionSets/deploy.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Microsoft.Compute/diskEncryptionSets/deploy.bicep b/modules/Microsoft.Compute/diskEncryptionSets/deploy.bicep index 556dcb25f0..57b274b78d 100644 --- a/modules/Microsoft.Compute/diskEncryptionSets/deploy.bicep +++ b/modules/Microsoft.Compute/diskEncryptionSets/deploy.bicep @@ -133,7 +133,7 @@ output resourceGroupName string = resourceGroup().name output systemAssignedPrincipalId string = diskEncryptionSet.identity.principalId @description('The name of the key vault with the disk encryption key.') -output keyVaultName string = any(last(split(keyVaultResourceId, '/'))) +output keyVaultName string = last(split(keyVaultResourceId, '/')) @description('The location the resource was deployed into.') output location string = diskEncryptionSet.location From c57c8778a32760116583c19f195627742a67c715 Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Tue, 14 Feb 2023 10:24:15 +0100 Subject: [PATCH 17/18] Updating check to look for deploy.test.* files. --- .../.test/test/deploy.test.json | 115 ++++++++++++++++++ utilities/tools/Set-ModuleReadMe.ps1 | 2 +- 2 files changed, 116 insertions(+), 1 deletion(-) create mode 100644 modules/Microsoft.DocumentDB/databaseAccounts/.test/test/deploy.test.json diff --git a/modules/Microsoft.DocumentDB/databaseAccounts/.test/test/deploy.test.json b/modules/Microsoft.DocumentDB/databaseAccounts/.test/test/deploy.test.json new file mode 100644 index 0000000000..0564b4a031 --- /dev/null +++ b/modules/Microsoft.DocumentDB/databaseAccounts/.test/test/deploy.test.json @@ -0,0 +1,115 @@ +targetScope = 'subscription' + +// ========== // +// Parameters // +// ========== // + +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +param resourceGroupName string = 'ms.documentdb.databaseaccounts-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param location string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'dddasql' + +@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') +param enableDefaultTelemetry bool = true + +// ============ // +// Dependencies // +// ============ // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2022-09-01' = { + name: resourceGroupName + location: location +} + +module nestedDependencies 'dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-nestedDependencies' + params: { + managedIdentityName: 'dep-<>-msi-${serviceShort}' + } +} + +// Diagnostics +// =========== +module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' + params: { + storageAccountName: 'dep<>diasa${serviceShort}01' + logAnalyticsWorkspaceName: 'dep-<>-law-${serviceShort}' + eventHubNamespaceEventHubName: 'dep-<>-evh-${serviceShort}' + eventHubNamespaceName: 'dep-<>-evhns-${serviceShort}' + location: location + } +} + +// ============== // +// Test Execution // +// ============== // + +module testDeployment '../../deploy.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-test-${serviceShort}' + params: { + enableDefaultTelemetry: enableDefaultTelemetry + name: '<>${serviceShort}001' + locations: [ + { + failoverPriority: 0 + isZoneRedundant: false + locationName: 'West Europe' + } + { + failoverPriority: 1 + isZoneRedundant: false + locationName: 'North Europe' + } + ] + diagnosticStorageAccountId: diagnosticDependencies.outputs.storageAccountResourceId + diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId + diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId + diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName + diagnosticLogsRetentionInDays: 7 + location: location + roleAssignments: [ + { + roleDefinitionIdOrName: 'Reader' + principalIds: [ + nestedDependencies.outputs.managedIdentityPrincipalId + ] + principalType: 'ServicePrincipal' + } + ] + sqlDatabases: [ + { + containers: [ + { + kind: 'Hash' + name: 'container-001' + indexingPolicy: { + automatic: true + } + paths: [ + '/myPartitionKey' + ] + } + ] + name: '<>-sql-${serviceShort}-001' + } + { + containers: [] + name: '<>-sql-${serviceShort}-002' + } + ] + userAssignedIdentities: { + '${nestedDependencies.outputs.managedIdentityResourceId}': {} + } + } +} diff --git a/utilities/tools/Set-ModuleReadMe.ps1 b/utilities/tools/Set-ModuleReadMe.ps1 index 5739f228f0..643316c8f2 100644 --- a/utilities/tools/Set-ModuleReadMe.ps1 +++ b/utilities/tools/Set-ModuleReadMe.ps1 @@ -1566,7 +1566,7 @@ function Set-ModuleReadMe { $readMeFileContent = Set-CrossReferencesSection @inputObject } - $hasTests = Get-ChildItem -Path (Join-Path -Path $moduleRoot -ChildPath '.test') -Recurse -Filter 'deploy.test.bicep' + $hasTests = (Get-ChildItem -Path (Join-Path -Path $moduleRoot -ChildPath '.test') -Recurse -Include 'deploy.test.*').count -gt 0 if ($SectionsToRefresh -contains 'Deployment examples' -and $hasTests) { # Handle [Deployment examples] section # =================================== From 25e89d3944a395f9951bbb5d52985374f85777bf Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Wed, 15 Feb 2023 11:52:07 +0100 Subject: [PATCH 18/18] remove extra file for testing readme gen feature --- .../.test/test/deploy.test.json | 115 ------------------ 1 file changed, 115 deletions(-) delete mode 100644 modules/Microsoft.DocumentDB/databaseAccounts/.test/test/deploy.test.json diff --git a/modules/Microsoft.DocumentDB/databaseAccounts/.test/test/deploy.test.json b/modules/Microsoft.DocumentDB/databaseAccounts/.test/test/deploy.test.json deleted file mode 100644 index 0564b4a031..0000000000 --- a/modules/Microsoft.DocumentDB/databaseAccounts/.test/test/deploy.test.json +++ /dev/null @@ -1,115 +0,0 @@ -targetScope = 'subscription' - -// ========== // -// Parameters // -// ========== // - -@description('Optional. The name of the resource group to deploy for testing purposes.') -@maxLength(90) -param resourceGroupName string = 'ms.documentdb.databaseaccounts-${serviceShort}-rg' - -@description('Optional. The location to deploy resources to.') -param location string = deployment().location - -@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') -param serviceShort string = 'dddasql' - -@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') -param enableDefaultTelemetry bool = true - -// ============ // -// Dependencies // -// ============ // - -// General resources -// ================= -resource resourceGroup 'Microsoft.Resources/resourceGroups@2022-09-01' = { - name: resourceGroupName - location: location -} - -module nestedDependencies 'dependencies.bicep' = { - scope: resourceGroup - name: '${uniqueString(deployment().name, location)}-nestedDependencies' - params: { - managedIdentityName: 'dep-<>-msi-${serviceShort}' - } -} - -// Diagnostics -// =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { - scope: resourceGroup - name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' - params: { - storageAccountName: 'dep<>diasa${serviceShort}01' - logAnalyticsWorkspaceName: 'dep-<>-law-${serviceShort}' - eventHubNamespaceEventHubName: 'dep-<>-evh-${serviceShort}' - eventHubNamespaceName: 'dep-<>-evhns-${serviceShort}' - location: location - } -} - -// ============== // -// Test Execution // -// ============== // - -module testDeployment '../../deploy.bicep' = { - scope: resourceGroup - name: '${uniqueString(deployment().name, location)}-test-${serviceShort}' - params: { - enableDefaultTelemetry: enableDefaultTelemetry - name: '<>${serviceShort}001' - locations: [ - { - failoverPriority: 0 - isZoneRedundant: false - locationName: 'West Europe' - } - { - failoverPriority: 1 - isZoneRedundant: false - locationName: 'North Europe' - } - ] - diagnosticStorageAccountId: diagnosticDependencies.outputs.storageAccountResourceId - diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId - diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId - diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName - diagnosticLogsRetentionInDays: 7 - location: location - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - nestedDependencies.outputs.managedIdentityPrincipalId - ] - principalType: 'ServicePrincipal' - } - ] - sqlDatabases: [ - { - containers: [ - { - kind: 'Hash' - name: 'container-001' - indexingPolicy: { - automatic: true - } - paths: [ - '/myPartitionKey' - ] - } - ] - name: '<>-sql-${serviceShort}-001' - } - { - containers: [] - name: '<>-sql-${serviceShort}-002' - } - ] - userAssignedIdentities: { - '${nestedDependencies.outputs.managedIdentityResourceId}': {} - } - } -}