From 027d408bd57e06c25aff1c3fbef1417b4127adcc Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Wed, 27 Nov 2024 22:02:45 +0100 Subject: [PATCH 1/4] Updated docs --- .../specs/bicep/resource/interfaces.md | 47 +++--- .../specs/legacy/bicep/interfaces.md | 8 +- .../specs/legacy/shared/interfaces.md | 58 +++---- .../specs/terraform/resource/interfaces.md | 42 ++--- .../{ => bicep}/int.cmk.input.bicep | 0 .../bicep/int.cmk.udt.schema1.bicep | 61 ++++++++ .../bicep/int.cmk.udt.schema2.bicep | 64 ++++++++ .../{ => bicep}/int.diag.input.bicep | 0 .../bicep/int.diag.udt.schema.bicep | 35 +++++ .../{ => bicep}/int.locks.input.bicep | 0 .../{ => bicep}/int.locks.udt.schema.bicep | 15 +- .../interfaces/{ => bicep}/int.mi.input.bicep | 0 .../{ => bicep}/int.mi.udt.schema.bicep | 17 +- .../interfaces/{ => bicep}/int.pe.input.bicep | 0 .../interfaces/bicep/int.pe.udt.schema1.bicep | 55 +++++++ .../interfaces/bicep/int.pe.udt.schema2.bicep | 55 +++++++ .../{ => bicep}/int.rbac.input.bicep | 0 .../{ => bicep}/int.rbac.udt.schema.bicep | 33 +--- .../{ => bicep}/int.secExp.input.bicep | 0 .../{ => bicep}/int.secExp.module.bicep | 27 +--- .../{ => bicep}/int.secExp.output.bicep | 0 .../int.secExp.output.jsonFmt.json | 0 .../{ => bicep}/int.secExp.udt.schema.bicep | 8 +- .../{ => bicep}/int.tags.input.bicep | 0 .../{ => bicep}/int.tags.udt.schema.bicep | 0 .../interfaces/int.cmk.udt.schema.bicep | 63 -------- .../interfaces/int.diag.udt.schema.bicep | 82 ---------- .../interfaces/int.pe.udt.schema1.bicep | 146 ------------------ .../interfaces/int.pe.udt.schema2.bicep | 146 ------------------ .../interfaces/{ => tf}/int.cmk.input.tf | 0 .../interfaces/{ => tf}/int.cmk.schema.tf | 0 .../interfaces/{ => tf}/int.diag.input.tf | 0 .../interfaces/{ => tf}/int.diag.schema.tf | 0 .../interfaces/{ => tf}/int.locks.input.tf | 0 .../interfaces/{ => tf}/int.locks.schema.tf | 0 .../interfaces/{ => tf}/int.mi.input.tf | 0 .../interfaces/{ => tf}/int.mi.schema.tf | 0 .../interfaces/{ => tf}/int.pe.input.tf | 0 .../interfaces/{ => tf}/int.pe.schema.tf | 0 .../interfaces/{ => tf}/int.rbac.input.tf | 0 .../interfaces/{ => tf}/int.rbac.schema.tf | 0 .../interfaces/{ => tf}/int.tags.input.tf | 0 .../interfaces/{ => tf}/int.tags.schema.tf | 0 43 files changed, 356 insertions(+), 606 deletions(-) rename docs/static/includes/interfaces/{ => bicep}/int.cmk.input.bicep (100%) create mode 100644 docs/static/includes/interfaces/bicep/int.cmk.udt.schema1.bicep create mode 100644 docs/static/includes/interfaces/bicep/int.cmk.udt.schema2.bicep rename docs/static/includes/interfaces/{ => bicep}/int.diag.input.bicep (100%) create mode 100644 docs/static/includes/interfaces/bicep/int.diag.udt.schema.bicep rename docs/static/includes/interfaces/{ => bicep}/int.locks.input.bicep (100%) rename docs/static/includes/interfaces/{ => bicep}/int.locks.udt.schema.bicep (67%) rename docs/static/includes/interfaces/{ => bicep}/int.mi.input.bicep (100%) rename docs/static/includes/interfaces/{ => bicep}/int.mi.udt.schema.bicep (69%) rename docs/static/includes/interfaces/{ => bicep}/int.pe.input.bicep (100%) create mode 100644 docs/static/includes/interfaces/bicep/int.pe.udt.schema1.bicep create mode 100644 docs/static/includes/interfaces/bicep/int.pe.udt.schema2.bicep rename docs/static/includes/interfaces/{ => bicep}/int.rbac.input.bicep (100%) rename docs/static/includes/interfaces/{ => bicep}/int.rbac.udt.schema.bicep (61%) rename docs/static/includes/interfaces/{ => bicep}/int.secExp.input.bicep (100%) rename docs/static/includes/interfaces/{ => bicep}/int.secExp.module.bicep (67%) rename docs/static/includes/interfaces/{ => bicep}/int.secExp.output.bicep (100%) rename docs/static/includes/interfaces/{ => bicep}/int.secExp.output.jsonFmt.json (100%) rename docs/static/includes/interfaces/{ => bicep}/int.secExp.udt.schema.bicep (93%) rename docs/static/includes/interfaces/{ => bicep}/int.tags.input.bicep (100%) rename docs/static/includes/interfaces/{ => bicep}/int.tags.udt.schema.bicep (100%) delete mode 100644 docs/static/includes/interfaces/int.cmk.udt.schema.bicep delete mode 100644 docs/static/includes/interfaces/int.diag.udt.schema.bicep delete mode 100644 docs/static/includes/interfaces/int.pe.udt.schema1.bicep delete mode 100644 docs/static/includes/interfaces/int.pe.udt.schema2.bicep rename docs/static/includes/interfaces/{ => tf}/int.cmk.input.tf (100%) rename docs/static/includes/interfaces/{ => tf}/int.cmk.schema.tf (100%) rename docs/static/includes/interfaces/{ => tf}/int.diag.input.tf (100%) rename docs/static/includes/interfaces/{ => tf}/int.diag.schema.tf (100%) rename docs/static/includes/interfaces/{ => tf}/int.locks.input.tf (100%) rename docs/static/includes/interfaces/{ => tf}/int.locks.schema.tf (100%) rename docs/static/includes/interfaces/{ => tf}/int.mi.input.tf (100%) rename docs/static/includes/interfaces/{ => tf}/int.mi.schema.tf (100%) rename docs/static/includes/interfaces/{ => tf}/int.pe.input.tf (100%) rename docs/static/includes/interfaces/{ => tf}/int.pe.schema.tf (100%) rename docs/static/includes/interfaces/{ => tf}/int.rbac.input.tf (100%) rename docs/static/includes/interfaces/{ => tf}/int.rbac.schema.tf (100%) rename docs/static/includes/interfaces/{ => tf}/int.tags.input.tf (100%) rename docs/static/includes/interfaces/{ => tf}/int.tags.schema.tf (100%) diff --git a/docs/content/specs-defs/specs/bicep/resource/interfaces.md b/docs/content/specs-defs/specs/bicep/resource/interfaces.md index 6e73d497d..ab3ce346b 100644 --- a/docs/content/specs-defs/specs/bicep/resource/interfaces.md +++ b/docs/content/specs-defs/specs/bicep/resource/interfaces.md @@ -20,10 +20,10 @@ Allowed values for logs and metric categories or category groups **MUST NOT** be {{< tabs "diag-settings" >}} {{< tab "Bicep User Defined Type, Parameter & Resource Example" >}} - {{< include file="/static/includes/interfaces/int.diag.udt.schema.bicep" language="bicep" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/bicep/int.diag.udt.schema.bicep" language="bicep" options="linenos=false" >}} {{< /tab >}} {{< tab "Bicep Input Example with Values" >}} - {{< include file="/static/includes/interfaces/int.diag.input.bicep" language="bicep" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/bicep/int.diag.input.bicep" language="bicep" options="linenos=false" >}} {{< /tab >}} {{< /tabs >}} @@ -39,10 +39,10 @@ In the provided example for Diagnostic Settings, both logs and metrics are enabl {{< tabs "role-assignments" >}} {{< tab "Bicep User Defined Type, Parameter & Resource Example" >}} - {{< include file="/static/includes/interfaces/int.rbac.udt.schema.bicep" language="bicep" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/bicep/int.rbac.udt.schema.bicep" language="bicep" options="linenos=false" >}} {{< /tab >}} {{< tab "Bicep Input Example with Values" >}} - {{< include file="/static/includes/interfaces/int.rbac.input.bicep" language="bicep" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/bicep/int.rbac.input.bicep" language="bicep" options="linenos=false" >}} {{< /tab >}} {{< /tabs >}} @@ -56,10 +56,10 @@ In the provided example for Diagnostic Settings, both logs and metrics are enabl {{< tabs "locks" >}} {{< tab "Bicep User Defined Type, Parameter & Resource Example" >}} - {{< include file="/static/includes/interfaces/int.locks.udt.schema.bicep" language="bicep" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/bicep/int.locks.udt.schema.bicep" language="bicep" options="linenos=false" >}} {{< /tab >}} {{< tab "Bicep Input Example with Values" >}} - {{< include file="/static/includes/interfaces/int.locks.input.bicep" language="bicep" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/bicep/int.locks.input.bicep" language="bicep" options="linenos=false" >}} {{< /tab >}} {{< /tabs >}} @@ -80,10 +80,10 @@ An example of this is a Key Vault module that has a Private Endpoints enabled. I {{< tabs "tags" >}} {{< tab "Bicep Parameter Example" >}} - {{< include file="/static/includes/interfaces/int.tags.udt.schema.bicep" language="bicep" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/bicep/int.tags.udt.schema.bicep" language="bicep" options="linenos=false" >}} {{< /tab >}} {{< tab "Bicep Input Example with Values" >}} - {{< include file="/static/includes/interfaces/int.tags.input.bicep" language="bicep" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/bicep/int.tags.input.bicep" language="bicep" options="linenos=false" >}} {{< /tab >}} {{< /tabs >}} @@ -100,10 +100,10 @@ An example of this is a Key Vault module that has a Private Endpoints enabled. I {{< tabs "managed-identities" >}} {{< tab "Bicep User Defined Type, Parameter & Resource Example" >}} - {{< include file="/static/includes/interfaces/int.mi.udt.schema.bicep" language="bicep" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/bicep/int.mi.udt.schema.bicep" language="bicep" options="linenos=false" >}} {{< /tab >}} {{< tab "Bicep Input Example with Values" >}} - {{< include file="/static/includes/interfaces/int.mi.input.bicep" language="bicep" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/bicep/int.mi.input.bicep" language="bicep" options="linenos=false" >}} {{< /tab >}} {{< /tabs >}} @@ -122,14 +122,14 @@ An example of this is a Key Vault module that has a Private Endpoints enabled. I Please note that you will need to ensure that the User-Defined Types for [Role Assignments](#role-assignments) & [Locks](#resource-locks) also are present in your module file for this interface to work correctly. {{< /hint >}} {{< expand "➕ Variant 1: A default service (`groupId`) can be assumed - e.g., for services that only have one private endpoint type)" "expand/collapse" >}} - {{< include file="/static/includes/interfaces/int.pe.udt.schema1.bicep" language="bicep" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/bicep/int.pe.udt.schema1.bicep" language="bicep" options="linenos=false" >}} {{< /expand >}} {{< expand "➕ Variant 2: A default service (`groupId`) cannot be assumed - e.g., for services that have more than one private endpoint type, like a Storage Account (blob, file, etc.)" "expand/collapse" >}} - {{< include file="/static/includes/interfaces/int.pe.udt.schema2.bicep" language="bicep" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/bicep/int.pe.udt.schema2.bicep" language="bicep" options="linenos=false" >}} {{< /expand >}} {{< /tab >}} {{< tab "Bicep Input Example with Values" >}} - {{< include file="/static/includes/interfaces/int.pe.input.bicep" language="bicep" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/bicep/int.pe.input.bicep" language="bicep" options="linenos=false" >}} {{< /tab >}} {{< /tabs >}} @@ -148,10 +148,15 @@ An example of this is a Key Vault module that has a Private Endpoints enabled. I {{< tabs "cmk" >}} {{< tab "Bicep User Defined Type, Parameter & Resource Example" >}} - {{< include file="/static/includes/interfaces/int.cmk.udt.schema.bicep" language="bicep" options="linenos=false" >}} + {{< expand "➕ Variant 1: The resource does not support auto-key-rotation" "expand/collapse" >}} + {{< include file="/static/includes/interfaces/bicep/int.cmk.udt.schema1.bicep" language="bicep" options="linenos=false" >}} + {{< /expand >}} + {{< expand "➕ Variant 2: The resource does support auto-key-rotation" "expand/collapse" >}} + {{< include file="/static/includes/interfaces/bicep/int.cmk.udt.schema2.bicep" language="bicep" options="linenos=false" >}} + {{< /expand >}} {{< /tab >}} {{< tab "Bicep Input Example with Values" >}} - {{< include file="/static/includes/interfaces/int.cmk.input.bicep" language="bicep" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/bicep/int.cmk.input.bicep" language="bicep" options="linenos=false" >}} {{< /tab >}} {{< /tabs >}} @@ -174,21 +179,21 @@ The feature must be implemented as per the below schema. Diversions are only all {{< /hint >}} -{{< tabs "diag-settings" >}} +{{< tabs "secret-export" >}} {{< tab "Bicep User Defined Type, Parameter & Resource Example" >}} - {{< include file="/static/includes/interfaces/int.secExp.udt.schema.bicep" language="bicep" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/bicep/int.secExp.udt.schema.bicep" language="bicep" options="linenos=false" >}} {{< /tab >}} {{< tab "Bicep Input Example with Values" >}} - {{< include file="/static/includes/interfaces/int.secExp.input.bicep" language="bicep" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/bicep/int.secExp.input.bicep" language="bicep" options="linenos=false" >}} {{< /tab >}} {{< tab "[modules/keyVaultExport.bicep] file" >}} - {{< include file="/static/includes/interfaces/int.secExp.module.bicep" language="bicep" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/bicep/int.secExp.module.bicep" language="bicep" options="linenos=false" >}} {{< /tab >}} {{< tab "Output Usage Example" >}} When using a module that implements the above interface, you can access its outputs for example in the following ways: - {{< include file="/static/includes/interfaces/int.secExp.output.bicep" language="bicep" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/bicep/int.secExp.output.bicep" language="bicep" options="linenos=false" >}} Which returns a JSON-formatted output like - {{< include file="/static/includes/interfaces/int.secExp.output.jsonFmt.json" language="json" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/bicep/int.secExp.output.jsonFmt.json" language="json" options="linenos=false" >}} {{< /tab >}} {{< /tabs >}} diff --git a/docs/content/specs-defs/specs/legacy/bicep/interfaces.md b/docs/content/specs-defs/specs/legacy/bicep/interfaces.md index 219c5c8b0..2ba57c409 100644 --- a/docs/content/specs-defs/specs/legacy/bicep/interfaces.md +++ b/docs/content/specs-defs/specs/legacy/bicep/interfaces.md @@ -41,17 +41,17 @@ The feature must be implemented as per the below schema. Diversions are only all {{< tabs "diag-settings" >}} {{< tab "Bicep User Defined Type, Parameter & Resource Example" >}} - {{< include file="/static/includes/interfaces/int.secExp.udt.schema.bicep" language="bicep" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/bicep/int.secExp.udt.schema.bicep" language="bicep" options="linenos=false" >}} {{< /tab >}} {{< tab "Bicep Input Example with Values" >}} - {{< include file="/static/includes/interfaces/int.secExp.input.bicep" language="bicep" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/bicep/int.secExp.input.bicep" language="bicep" options="linenos=false" >}} {{< /tab >}} {{< tab "[modules/keyVaultExport.bicep] file" >}} - {{< include file="/static/includes/interfaces/int.secExp.module.bicep" language="bicep" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/bicep/int.secExp.module.bicep" language="bicep" options="linenos=false" >}} {{< /tab >}} {{< tab "Output Usage Example" >}} When using a module that implements the above interface, you can access its outputs for example in the following ways: - {{< include file="/static/includes/interfaces/int.secExp.output.bicep" language="bicep" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/bicep/int.secExp.output.bicep" language="bicep" options="linenos=false" >}} Which returns a JSON-formatted output like {{< include file="/static/includes/interfaces/int.secExp.output.jsonFmt.json" language="json" options="linenos=false" >}} {{< /tab >}} diff --git a/docs/content/specs-defs/specs/legacy/shared/interfaces.md b/docs/content/specs-defs/specs/legacy/shared/interfaces.md index c7ebd3383..a7c5ece28 100644 --- a/docs/content/specs-defs/specs/legacy/shared/interfaces.md +++ b/docs/content/specs-defs/specs/legacy/shared/interfaces.md @@ -32,16 +32,16 @@ Allowed values for logs and metric categories or category groups **MUST NOT** be {{< tabs "diag-settings" >}} {{< tab "Bicep User Defined Type, Parameter & Resource Example" >}} - {{< include file="/static/includes/interfaces/int.diag.udt.schema.bicep" language="bicep" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/bicep/int.diag.udt.schema.bicep" language="bicep" options="linenos=false" >}} {{< /tab >}} {{< tab "Bicep Input Example with Values" >}} - {{< include file="/static/includes/interfaces/int.diag.input.bicep" language="bicep" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/bicep/int.diag.input.bicep" language="bicep" options="linenos=false" >}} {{< /tab >}} {{< tab "Terraform Variable Declaration" >}} - {{< include file="/static/includes/interfaces/int.diag.schema.tf" language="terraform" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/tf/int.diag.schema.tf" language="terraform" options="linenos=false" >}} {{< /tab >}} {{< tab "Terraform Input Example with Values" >}} - {{< include file="/static/includes/interfaces/int.diag.input.tf" language="terraform" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/tf/int.diag.input.tf" language="terraform" options="linenos=false" >}} {{< /tab >}} {{< /tabs >}} @@ -57,16 +57,16 @@ In the provided example for Diagnostic Settings, both logs and metrics are enabl {{< tabs "role-assignments" >}} {{< tab "Bicep User Defined Type, Parameter & Resource Example" >}} - {{< include file="/static/includes/interfaces/int.rbac.udt.schema.bicep" language="bicep" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/bicep/int.rbac.udt.schema.bicep" language="bicep" options="linenos=false" >}} {{< /tab >}} {{< tab "Bicep Input Example with Values" >}} - {{< include file="/static/includes/interfaces/int.rbac.input.bicep" language="bicep" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/bicep/int.rbac.input.bicep" language="bicep" options="linenos=false" >}} {{< /tab >}} {{< tab "Terraform Variable Declaration" >}} - {{< include file="/static/includes/interfaces/int.rbac.schema.tf" language="terraform" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/tf/int.rbac.schema.tf" language="terraform" options="linenos=false" >}} {{< /tab >}} {{< tab "Terraform Input Example with Values" >}} - {{< include file="/static/includes/interfaces/int.rbac.input.tf" language="terraform" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/tf/int.rbac.input.tf" language="terraform" options="linenos=false" >}} {{< /tab >}} {{< /tabs >}} @@ -80,16 +80,16 @@ In the provided example for Diagnostic Settings, both logs and metrics are enabl {{< tabs "locks" >}} {{< tab "Bicep User Defined Type, Parameter & Resource Example" >}} - {{< include file="/static/includes/interfaces/int.locks.udt.schema.bicep" language="bicep" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/bicep/int.locks.udt.schema.bicep" language="bicep" options="linenos=false" >}} {{< /tab >}} {{< tab "Bicep Input Example with Values" >}} - {{< include file="/static/includes/interfaces/int.locks.input.bicep" language="bicep" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/bicep/int.locks.input.bicep" language="bicep" options="linenos=false" >}} {{< /tab >}} {{< tab "Terraform Variable Declaration" >}} - {{< include file="/static/includes/interfaces/int.locks.schema.tf" language="terraform" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/tf/int.locks.schema.tf" language="terraform" options="linenos=false" >}} {{< /tab >}} {{< tab "Terraform Input Example with Values" >}} - {{< include file="/static/includes/interfaces/int.locks.input.tf" language="terraform" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/tf/int.locks.input.tf" language="terraform" options="linenos=false" >}} {{< /tab >}} {{< /tabs >}} @@ -116,16 +116,16 @@ In Terraform, locks become part of the resource graph and suitable `depends_on` {{< tabs "tags" >}} {{< tab "Bicep Parameter Example" >}} - {{< include file="/static/includes/interfaces/int.tags.udt.schema.bicep" language="bicep" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/bicep/int.tags.udt.schema.bicep" language="bicep" options="linenos=false" >}} {{< /tab >}} {{< tab "Bicep Input Example with Values" >}} - {{< include file="/static/includes/interfaces/int.tags.input.bicep" language="bicep" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/bicep/int.tags.input.bicep" language="bicep" options="linenos=false" >}} {{< /tab >}} {{< tab "Terraform Variable Declaration" >}} - {{< include file="/static/includes/interfaces/int.tags.schema.tf" language="terraform" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/tf/int.tags.schema.tf" language="terraform" options="linenos=false" >}} {{< /tab >}} {{< tab "Terraform Input Example with Values" >}} - {{< include file="/static/includes/interfaces/int.tags.input.tf" language="terraform" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/tf/int.tags.input.tf" language="terraform" options="linenos=false" >}} {{< /tab >}} {{< /tabs >}} @@ -142,16 +142,16 @@ In Terraform, locks become part of the resource graph and suitable `depends_on` {{< tabs "managed-identities" >}} {{< tab "Bicep User Defined Type, Parameter & Resource Example" >}} - {{< include file="/static/includes/interfaces/int.mi.udt.schema.bicep" language="bicep" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/bicep/int.mi.udt.schema.bicep" language="bicep" options="linenos=false" >}} {{< /tab >}} {{< tab "Bicep Input Example with Values" >}} - {{< include file="/static/includes/interfaces/int.mi.input.bicep" language="bicep" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/bicep/int.mi.input.bicep" language="bicep" options="linenos=false" >}} {{< /tab >}} {{< tab "Terraform Variable Declaration" >}} - {{< include file="/static/includes/interfaces/int.mi.schema.tf" language="terraform" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/tf/int.mi.schema.tf" language="terraform" options="linenos=false" >}} {{< /tab >}} {{< tab "Terraform Input Example with Values" >}} - {{< include file="/static/includes/interfaces/int.mi.input.tf" language="terraform" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/tf/int.mi.input.tf" language="terraform" options="linenos=false" >}} {{< /tab >}} {{< /tabs >}} @@ -172,20 +172,20 @@ In Terraform, locks become part of the resource graph and suitable `depends_on` Please note that you will need to ensure that the User-Defined Types for [Role Assignments](#role-assignments) & [Locks](#resource-locks) also are present in your module file for this interface to work correctly. {{< /hint >}} {{< expand "➕ Variant 1: A default service (`groupId`) can be assumed - e.g., for services that only have one private endpoint type)" "expand/collapse" >}} - {{< include file="/static/includes/interfaces/int.pe.udt.schema1.bicep" language="bicep" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/bicep/int.pe.udt.schema1.bicep" language="bicep" options="linenos=false" >}} {{< /expand >}} {{< expand "➕ Variant 2: A default service (`groupId`) cannot be assumed - e.g., for services that have more than one private endpoint type, like a Storage Account (blob, file, etc.)" "expand/collapse" >}} - {{< include file="/static/includes/interfaces/int.pe.udt.schema2.bicep" language="bicep" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/bicep/int.pe.udt.schema2.bicep" language="bicep" options="linenos=false" >}} {{< /expand >}} {{< /tab >}} {{< tab "Bicep Input Example with Values" >}} - {{< include file="/static/includes/interfaces/int.pe.input.bicep" language="bicep" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/bicep/int.pe.input.bicep" language="bicep" options="linenos=false" >}} {{< /tab >}} {{< tab "Terraform Variable Declaration" >}} - {{< include file="/static/includes/interfaces/int.pe.schema.tf" language="terraform" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/tf/int.pe.schema.tf" language="terraform" options="linenos=false" >}} {{< /tab >}} {{< tab "Terraform Input Example with Values" >}} - {{< include file="/static/includes/interfaces/int.pe.input.tf" language="terraform" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/tf/int.pe.input.tf" language="terraform" options="linenos=false" >}} {{< /tab >}} {{< /tabs >}} @@ -204,16 +204,16 @@ In Terraform, locks become part of the resource graph and suitable `depends_on` {{< tabs "cmk" >}} {{< tab "Bicep User Defined Type, Parameter & Resource Example" >}} - {{< include file="/static/includes/interfaces/int.cmk.udt.schema.bicep" language="bicep" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/bicep/int.cmk.udt.schema.bicep" language="bicep" options="linenos=false" >}} {{< /tab >}} {{< tab "Bicep Input Example with Values" >}} - {{< include file="/static/includes/interfaces/int.cmk.input.bicep" language="bicep" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/bicep/int.cmk.input.bicep" language="bicep" options="linenos=false" >}} {{< /tab >}} {{< tab "Terraform Variable Declaration" >}} - {{< include file="/static/includes/interfaces/int.cmk.schema.tf" language="terraform" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/tf/int.cmk.schema.tf" language="terraform" options="linenos=false" >}} {{< /tab >}} {{< tab "Terraform Input Example with Values" >}} - {{< include file="/static/includes/interfaces/int.cmk.input.tf" language="terraform" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/tf/int.cmk.input.tf" language="terraform" options="linenos=false" >}} {{< /tab >}} {{< /tabs >}} diff --git a/docs/content/specs-defs/specs/terraform/resource/interfaces.md b/docs/content/specs-defs/specs/terraform/resource/interfaces.md index 0323de056..51ea15b66 100644 --- a/docs/content/specs-defs/specs/terraform/resource/interfaces.md +++ b/docs/content/specs-defs/specs/terraform/resource/interfaces.md @@ -20,10 +20,10 @@ Allowed values for logs and metric categories or category groups **MUST NOT** be {{< tabs "diag-settings" >}} {{< tab "Terraform Variable Declaration" >}} - {{< include file="/static/includes/interfaces/int.diag.schema.tf" language="terraform" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/tf/int.diag.schema.tf" language="terraform" options="linenos=false" >}} {{< /tab >}} {{< tab "Terraform Input Example with Values" >}} - {{< include file="/static/includes/interfaces/int.diag.input.tf" language="terraform" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/tf/int.diag.input.tf" language="terraform" options="linenos=false" >}} {{< /tab >}} {{< /tabs >}} @@ -39,10 +39,10 @@ In the provided example for Diagnostic Settings, both logs and metrics are enabl {{< tabs "role-assignments" >}} {{< tab "Terraform Variable Declaration" >}} - {{< include file="/static/includes/interfaces/int.rbac.schema.tf" language="terraform" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/tf/int.rbac.schema.tf" language="terraform" options="linenos=false" >}} {{< /tab >}} {{< tab "Terraform Input Example with Values" >}} - {{< include file="/static/includes/interfaces/int.rbac.input.tf" language="terraform" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/tf/int.rbac.input.tf" language="terraform" options="linenos=false" >}} {{< /tab >}} {{< /tabs >}} @@ -56,10 +56,10 @@ In the provided example for Diagnostic Settings, both logs and metrics are enabl {{< tabs "locks" >}} {{< tab "Terraform Variable Declaration" >}} - {{< include file="/static/includes/interfaces/int.locks.schema.tf" language="terraform" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/tf/int.locks.schema.tf" language="terraform" options="linenos=false" >}} {{< /tab >}} {{< tab "Terraform Input Example with Values" >}} - {{< include file="/static/includes/interfaces/int.locks.input.tf" language="terraform" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/tf/int.locks.input.tf" language="terraform" options="linenos=false" >}} {{< /tab >}} {{< /tabs >}} @@ -86,10 +86,10 @@ In Terraform, locks become part of the resource graph and suitable `depends_on` {{< tabs "tags" >}} {{< tab "Terraform Variable Declaration" >}} - {{< include file="/static/includes/interfaces/int.tags.schema.tf" language="terraform" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/tf/int.tags.schema.tf" language="terraform" options="linenos=false" >}} {{< /tab >}} {{< tab "Terraform Input Example with Values" >}} - {{< include file="/static/includes/interfaces/int.tags.input.tf" language="terraform" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/tf/int.tags.input.tf" language="terraform" options="linenos=false" >}} {{< /tab >}} {{< /tabs >}} @@ -106,10 +106,10 @@ In Terraform, locks become part of the resource graph and suitable `depends_on` {{< tabs "managed-identities" >}} {{< tab "Terraform Variable Declaration" >}} - {{< include file="/static/includes/interfaces/int.mi.schema.tf" language="terraform" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/tf/int.mi.schema.tf" language="terraform" options="linenos=false" >}} {{< /tab >}} {{< tab "Terraform Input Example with Values" >}} - {{< include file="/static/includes/interfaces/int.mi.input.tf" language="terraform" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/tf/int.mi.input.tf" language="terraform" options="linenos=false" >}} {{< /tab >}} {{< /tabs >}} @@ -125,25 +125,11 @@ In Terraform, locks become part of the resource graph and suitable `depends_on` ## Private Endpoints {{< tabs "private-endpoints" >}} - {{< tab "Bicep User Defined Type, Parameter & Resource Example" >}} - {{< hint type=note >}} - Please note that you will need to ensure that the User-Defined Types for [Role Assignments](#role-assignments) & [Locks](#resource-locks) also are present in your module file for this interface to work correctly. - {{< /hint >}} - {{< expand "➕ Variant 1: A default service (`groupId`) can be assumed - e.g., for services that only have one private endpoint type)" "expand/collapse" >}} - {{< include file="/static/includes/interfaces/int.pe.udt.schema1.bicep" language="bicep" options="linenos=false" >}} - {{< /expand >}} - {{< expand "➕ Variant 2: A default service (`groupId`) cannot be assumed - e.g., for services that have more than one private endpoint type, like a Storage Account (blob, file, etc.)" "expand/collapse" >}} - {{< include file="/static/includes/interfaces/int.pe.udt.schema2.bicep" language="bicep" options="linenos=false" >}} - {{< /expand >}} - {{< /tab >}} - {{< tab "Bicep Input Example with Values" >}} - {{< include file="/static/includes/interfaces/int.pe.input.bicep" language="bicep" options="linenos=false" >}} - {{< /tab >}} {{< tab "Terraform Variable Declaration" >}} - {{< include file="/static/includes/interfaces/int.pe.schema.tf" language="terraform" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/tf/int.pe.schema.tf" language="terraform" options="linenos=false" >}} {{< /tab >}} {{< tab "Terraform Input Example with Values" >}} - {{< include file="/static/includes/interfaces/int.pe.input.tf" language="terraform" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/tf/int.pe.input.tf" language="terraform" options="linenos=false" >}} {{< /tab >}} {{< /tabs >}} @@ -162,10 +148,10 @@ In Terraform, locks become part of the resource graph and suitable `depends_on` {{< tabs "cmk" >}} {{< tab "Terraform Variable Declaration" >}} - {{< include file="/static/includes/interfaces/int.cmk.schema.tf" language="terraform" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/tf/int.cmk.schema.tf" language="terraform" options="linenos=false" >}} {{< /tab >}} {{< tab "Terraform Input Example with Values" >}} - {{< include file="/static/includes/interfaces/int.cmk.input.tf" language="terraform" options="linenos=false" >}} + {{< include file="/static/includes/interfaces/tf/int.cmk.input.tf" language="terraform" options="linenos=false" >}} {{< /tab >}} {{< /tabs >}} diff --git a/docs/static/includes/interfaces/int.cmk.input.bicep b/docs/static/includes/interfaces/bicep/int.cmk.input.bicep similarity index 100% rename from docs/static/includes/interfaces/int.cmk.input.bicep rename to docs/static/includes/interfaces/bicep/int.cmk.input.bicep diff --git a/docs/static/includes/interfaces/bicep/int.cmk.udt.schema1.bicep b/docs/static/includes/interfaces/bicep/int.cmk.udt.schema1.bicep new file mode 100644 index 000000000..22c901abd --- /dev/null +++ b/docs/static/includes/interfaces/bicep/int.cmk.udt.schema1.bicep @@ -0,0 +1,61 @@ +// ============== // +// Parameters // +// ============== // + +import { customerManagedKeyType } from 'br/public:avm/utl/types/avm-common-types:0.4.0' +@description('Optional. The customer managed key definition.') +param customerManagedKey customerManagedKeyType? + +// ============= // +// Resources // +// ============= // + +resource cMKKeyVault 'Microsoft.KeyVault/vaults@2023-02-01' existing = if (!empty(customerManagedKey.?keyVaultResourceId)) { + name: last(split((customerManagedKey.?keyVaultResourceId ?? 'dummyVault'), '/')) + scope: resourceGroup( + split((customerManagedKey.?keyVaultResourceId ?? '//'), '/')[2], + split((customerManagedKey.?keyVaultResourceId ?? '////'), '/')[4] + ) + + resource cMKKey 'keys@2023-02-01' existing = if (!empty(customerManagedKey.?keyVaultResourceId) && !empty(customerManagedKey.?keyName)) { + name: customerManagedKey.?keyName ?? 'dummyKey' + } +} + +resource cMKUserAssignedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' existing = if (!empty(customerManagedKey.?userAssignedIdentityResourceId)) { + name: last(split(customerManagedKey.?userAssignedIdentityResourceId ?? 'dummyMsi', '/')) + scope: resourceGroup( + split((customerManagedKey.?userAssignedIdentityResourceId ?? '//'), '/')[2], + split((customerManagedKey.?userAssignedIdentityResourceId ?? '////'), '/')[4] + ) +} + +resource >singularMainResourceType< '>providerNamespaceresourceType<@>apiVersion<' = { + name: '>exampleResource<' + properties: { + ... // other properties + encryption: !empty(customerManagedKey) + ? { + keySource: 'Microsoft.KeyVault' + keyVaultProperties: { + keyVaultUri: cMKKeyVault.properties.vaultUri + keyName: customerManagedKey!.keyName + keyVersion: !empty(customerManagedKey.?keyVersion ?? '') + ? customerManagedKey!.keyVersion + : last(split(cMKKeyVault::cMKKey.properties.keyUriWithVersion, '/')) + keyIdentifier: !empty(customerManagedKey.?keyVersion ?? '') + ? '${cMKKeyVault::cMKKey.properties.keyUri}/${customerManagedKey!.keyVersion}' + : cMKKeyVault::cMKKey.properties.keyUriWithVersion + identityClientId: !empty(customerManagedKey.?userAssignedIdentityResourceId ?? '') + ? cMKUserAssignedIdentity.properties.clientId + : null + identity: !empty(customerManagedKey.?userAssignedIdentityResourceId) + ? { + userAssignedIdentity: cMKUserAssignedIdentity.id + } + : null + } + } + : null + } +} diff --git a/docs/static/includes/interfaces/bicep/int.cmk.udt.schema2.bicep b/docs/static/includes/interfaces/bicep/int.cmk.udt.schema2.bicep new file mode 100644 index 000000000..79f154c54 --- /dev/null +++ b/docs/static/includes/interfaces/bicep/int.cmk.udt.schema2.bicep @@ -0,0 +1,64 @@ +// ============== // +// Parameters // +// ============== // +import { customerManagedKeyWithAutoRotateType } from 'br/public:avm/utl/types/avm-common-types:0.4.0' +@description('Optional. The customer managed key definition.') +param customerManagedKey customerManagedKeyWithAutoRotateType? + +// ============= // +// Resources // +// ============= // + +resource cMKKeyVault 'Microsoft.KeyVault/vaults@2023-02-01' existing = if (!empty(customerManagedKey.?keyVaultResourceId)) { + name: last(split((customerManagedKey.?keyVaultResourceId ?? 'dummyVault'), '/')) + scope: resourceGroup( + split((customerManagedKey.?keyVaultResourceId ?? '//'), '/')[2], + split((customerManagedKey.?keyVaultResourceId ?? '////'), '/')[4] + ) + + resource cMKKey 'keys@2023-02-01' existing = if (!empty(customerManagedKey.?keyVaultResourceId) && !empty(customerManagedKey.?keyName)) { + name: customerManagedKey.?keyName ?? 'dummyKey' + } +} + +resource cMKUserAssignedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' existing = if (!empty(customerManagedKey.?userAssignedIdentityResourceId)) { + name: last(split(customerManagedKey.?userAssignedIdentityResourceId ?? 'dummyMsi', '/')) + scope: resourceGroup( + split((customerManagedKey.?userAssignedIdentityResourceId ?? '//'), '/')[2], + split((customerManagedKey.?userAssignedIdentityResourceId ?? '////'), '/')[4] + ) +} + +resource >singularMainResourceType< '>providerNamespaceresourceType<@>apiVersion<' = { + name: '>exampleResource<' + properties: { + ... // other properties + encryption: !empty(customerManagedKey) + ? { + keySource: 'Microsoft.KeyVault' + keyVaultProperties: { + keyVaultUri: cMKKeyVault.properties.vaultUri + keyName: customerManagedKey!.keyName + keyVersion: !empty(customerManagedKey.?keyVersion ?? '') + ? customerManagedKey!.keyVersion + : (customerManagedKey.?autoRotationEnabled ?? true) + ? null + : last(split(cMKKeyVault::cMKKey.properties.keyUriWithVersion, '/')) + keyIdentifier: !empty(customerManagedKey.?keyVersion ?? '') + ? '${cMKKeyVault::cMKKey.properties.keyUri}/${customerManagedKey!.keyVersion}' + : (customerManagedKey.?autoRotationEnabled ?? true) + ? cMKKeyVault::cMKKey.properties.keyUri + : cMKKeyVault::cMKKey.properties.keyUriWithVersion + identityClientId: !empty(customerManagedKey.?userAssignedIdentityResourceId ?? '') + ? cMKUserAssignedIdentity.properties.clientId + : null + identity: !empty(customerManagedKey.?userAssignedIdentityResourceId) + ? { + userAssignedIdentity: cMKUserAssignedIdentity.id + } + : null + } + } + : null + } +} diff --git a/docs/static/includes/interfaces/int.diag.input.bicep b/docs/static/includes/interfaces/bicep/int.diag.input.bicep similarity index 100% rename from docs/static/includes/interfaces/int.diag.input.bicep rename to docs/static/includes/interfaces/bicep/int.diag.input.bicep diff --git a/docs/static/includes/interfaces/bicep/int.diag.udt.schema.bicep b/docs/static/includes/interfaces/bicep/int.diag.udt.schema.bicep new file mode 100644 index 000000000..43091552b --- /dev/null +++ b/docs/static/includes/interfaces/bicep/int.diag.udt.schema.bicep @@ -0,0 +1,35 @@ + +// ============== // +// Parameters // +// ============== // + +import { diagnosticSettingFullType } from 'br/public:avm/utl/types/avm-common-types:0.4.0' +@description('Optional. The diagnostic settings of the service.') +param diagnosticSettings diagnosticSettingFullType[]? + +// ============= // +// Resources // +// ============= // + +resource >singularMainResourceType<_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = [for (diagnosticSetting, index) in (diagnosticSettings ?? []): { + name: diagnosticSetting.?name ?? '${name}-diagnosticSettings' + properties: { + storageAccountId: diagnosticSetting.?storageAccountResourceId + workspaceId: diagnosticSetting.?workspaceResourceId + eventHubAuthorizationRuleId: diagnosticSetting.?eventHubAuthorizationRuleResourceId + eventHubName: diagnosticSetting.?eventHubName + metrics: [for group in (diagnosticSetting.?metricCategories ?? [ { category: 'AllMetrics' } ]): { + category: group.category + enabled: group.?enabled ?? true + timeGrain: null + }] + logs: [for group in (diagnosticSetting.?logCategoriesAndGroups ?? [ { categoryGroup: 'allLogs' } ]): { + categoryGroup: group.?categoryGroup + category: group.?category + enabled: group.?enabled ?? true + }] + marketplacePartnerId: diagnosticSetting.?marketplacePartnerResourceId + logAnalyticsDestinationType: diagnosticSetting.?logAnalyticsDestinationType + } + scope: >singularMainResourceType< +}] diff --git a/docs/static/includes/interfaces/int.locks.input.bicep b/docs/static/includes/interfaces/bicep/int.locks.input.bicep similarity index 100% rename from docs/static/includes/interfaces/int.locks.input.bicep rename to docs/static/includes/interfaces/bicep/int.locks.input.bicep diff --git a/docs/static/includes/interfaces/int.locks.udt.schema.bicep b/docs/static/includes/interfaces/bicep/int.locks.udt.schema.bicep similarity index 67% rename from docs/static/includes/interfaces/int.locks.udt.schema.bicep rename to docs/static/includes/interfaces/bicep/int.locks.udt.schema.bicep index 02c2d05c1..b3e4267af 100644 --- a/docs/static/includes/interfaces/int.locks.udt.schema.bicep +++ b/docs/static/includes/interfaces/bicep/int.locks.udt.schema.bicep @@ -3,8 +3,9 @@ // Parameters // // ============== // +import { lockType } from 'br/public:avm/utl/types/avm-common-types:0.4.0' @description('Optional. The lock settings of the service.') -param lock lockType +param lock lockType? // ============= // // Resources // @@ -18,15 +19,3 @@ resource >singularMainResourceType<_lock 'Microsoft.Authorization/locks@2020-05- } scope: >singularMainResourceType< } - -// =============== // -// Definitions // -// =============== // - -type lockType = { - @description('Optional. Specify the name of lock.') - name: string? - - @description('Optional. Specify the type of lock.') - kind: ('CanNotDelete' | 'ReadOnly' | 'None')? -}? diff --git a/docs/static/includes/interfaces/int.mi.input.bicep b/docs/static/includes/interfaces/bicep/int.mi.input.bicep similarity index 100% rename from docs/static/includes/interfaces/int.mi.input.bicep rename to docs/static/includes/interfaces/bicep/int.mi.input.bicep diff --git a/docs/static/includes/interfaces/int.mi.udt.schema.bicep b/docs/static/includes/interfaces/bicep/int.mi.udt.schema.bicep similarity index 69% rename from docs/static/includes/interfaces/int.mi.udt.schema.bicep rename to docs/static/includes/interfaces/bicep/int.mi.udt.schema.bicep index 34d38b67c..855c661ef 100644 --- a/docs/static/includes/interfaces/int.mi.udt.schema.bicep +++ b/docs/static/includes/interfaces/bicep/int.mi.udt.schema.bicep @@ -3,8 +3,9 @@ // Parameters // // ============== // +import { managedIdentityAllType } from 'br/public:avm/utl/types/avm-common-types:0.4.0' @description('Optional. The managed identity definition for this resource.') -param managedIdentities managedIdentitiesType +param managedIdentities managedIdentityAllType? // ============= // // Variables // @@ -33,16 +34,4 @@ resource >singularMainResourceType< '>providerNamespaceresourceType<@>apiVers // =========== // @description('The principal ID of the system assigned identity.') -output systemAssignedMIPrincipalId string = >singularMainResourceType<.?identity.?principalId ?? '' - -// =============== // -// Definitions // -// =============== // - -type managedIdentitiesType = { - @description('Optional. Enables system assigned managed identity on the resource.') - systemAssigned: bool? - - @description('Optional. The resource ID(s) to assign to the resource. Required if a user assigned identity is used for encryption.') - userAssignedResourceIds: string[]? -}? +output systemAssignedMIPrincipalId string? = >singularMainResourceType<.?identity.?principalId diff --git a/docs/static/includes/interfaces/int.pe.input.bicep b/docs/static/includes/interfaces/bicep/int.pe.input.bicep similarity index 100% rename from docs/static/includes/interfaces/int.pe.input.bicep rename to docs/static/includes/interfaces/bicep/int.pe.input.bicep diff --git a/docs/static/includes/interfaces/bicep/int.pe.udt.schema1.bicep b/docs/static/includes/interfaces/bicep/int.pe.udt.schema1.bicep new file mode 100644 index 000000000..7d5bcc771 --- /dev/null +++ b/docs/static/includes/interfaces/bicep/int.pe.udt.schema1.bicep @@ -0,0 +1,55 @@ + +// ============== // +// Parameters // +// ============== // + +import { privateEndpointSingleServiceType } from 'br/public:avm/utl/types/avm-common-types:0.4.0' +@description('Optional. Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.') +param privateEndpoints privateEndpointSingleServiceType[]? + +// ============= // +// Resources // +// ============= // + +module >singularMainResourceType<_privateEndpoints 'br/public:avm/res/network/private-endpoint:X.Y.Z' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { + name: '${uniqueString(deployment().name, location)}->singularMainResourceType<-PrivateEndpoint-${index}' + scope: resourceGroup(privateEndpoint.?resourceGroupName ?? '') + params: { + // Variant 1: A default service can be assumed (i.e., for services that only have one private endpoint type) + name: privateEndpoint.?name ?? 'pep-${last(split(>singularMainResourceType<.id, '/'))}-${privateEndpoint.?service ?? '>defaultServiceName<'}-${index}' + privateLinkServiceConnections: privateEndpoint.?isManualConnection != true ? [ + { + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(>singularMainResourceType<.id, '/'))}-${privateEndpoint.?service ?? '>defaultServiceName<'}-${index}' + properties: { + privateLinkServiceId: >singularMainResourceType<.id + groupIds: [ + privateEndpoint.?service ?? '>defaultServiceName<' + ] + } + } + ] : null + manualPrivateLinkServiceConnections: privateEndpoint.?isManualConnection == true ? [ + { + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(>singularMainResourceType<.id, '/'))}-${privateEndpoint.?service ?? '>defaultServiceName<'}-${index}' + properties: { + privateLinkServiceId: >singularMainResourceType<.id + groupIds: [ + privateEndpoint.?service ?? '>defaultServiceName<' + ] + requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' + } + } + ] : null + subnetResourceId: privateEndpoint.subnetResourceId + enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry + location: privateEndpoint.?location ?? reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location + lock: privateEndpoint.?lock ?? lock + privateDnsZoneGroup: privateEndpoint.?privateDnsZoneGroup + roleAssignments: privateEndpoint.?roleAssignments + tags: privateEndpoint.?tags ?? tags + customDnsConfigs: privateEndpoint.?customDnsConfigs + ipConfigurations: privateEndpoint.?ipConfigurations + applicationSecurityGroupResourceIds: privateEndpoint.?applicationSecurityGroupResourceIds + customNetworkInterfaceName: privateEndpoint.?customNetworkInterfaceName + } +}] diff --git a/docs/static/includes/interfaces/bicep/int.pe.udt.schema2.bicep b/docs/static/includes/interfaces/bicep/int.pe.udt.schema2.bicep new file mode 100644 index 000000000..a49a23b4b --- /dev/null +++ b/docs/static/includes/interfaces/bicep/int.pe.udt.schema2.bicep @@ -0,0 +1,55 @@ + +// ============== // +// Parameters // +// ============== // + +import { privateEndpointMultiServiceType } from 'br/public:avm/utl/types/avm-common-types:0.4.0' +@description('Optional. Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.') +param privateEndpoints privateEndpointMultiServiceType[]? + +// ============= // +// Resources // +// ============= // + +module >singularMainResourceType<_privateEndpoints 'br/public:avm/res/network/private-endpoint:X.Y.Z' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { + name: '${uniqueString(deployment().name, location)}->singularMainResourceType<-PrivateEndpoint-${index}' + scope: resourceGroup(privateEndpoint.?resourceGroupName ?? '') + params: { + // Variant 2: A default service cannot be assumed (i.e., for services that have more than one private endpoint type, like Storage Account) + name: privateEndpoint.?name ?? 'pep-${last(split(>singularMainResourceType<.id, '/'))}-${privateEndpoint.service}-${index}' + privateLinkServiceConnections: privateEndpoint.?isManualConnection != true ? [ + { + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(>singularMainResourceType<.id, '/'))}-${privateEndpoint.service}-${index}' + properties: { + privateLinkServiceId: >singularMainResourceType<.id + groupIds: [ + privateEndpoint.service + ] + } + } + ] : null + manualPrivateLinkServiceConnections: privateEndpoint.?isManualConnection == true ? [ + { + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(>singularMainResourceType<.id, '/'))}-${privateEndpoint.service}-${index}' + properties: { + privateLinkServiceId: >singularMainResourceType<.id + groupIds: [ + privateEndpoint.service + ] + requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' + } + } + ] : null + subnetResourceId: privateEndpoint.subnetResourceId + enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry + location: privateEndpoint.?location ?? reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location + lock: privateEndpoint.?lock ?? lock + privateDnsZoneGroup: privateEndpoint.?privateDnsZoneGroup + roleAssignments: privateEndpoint.?roleAssignments + tags: privateEndpoint.?tags ?? tags + customDnsConfigs: privateEndpoint.?customDnsConfigs + ipConfigurations: privateEndpoint.?ipConfigurations + applicationSecurityGroupResourceIds: privateEndpoint.?applicationSecurityGroupResourceIds + customNetworkInterfaceName: privateEndpoint.?customNetworkInterfaceName + } +}] diff --git a/docs/static/includes/interfaces/int.rbac.input.bicep b/docs/static/includes/interfaces/bicep/int.rbac.input.bicep similarity index 100% rename from docs/static/includes/interfaces/int.rbac.input.bicep rename to docs/static/includes/interfaces/bicep/int.rbac.input.bicep diff --git a/docs/static/includes/interfaces/int.rbac.udt.schema.bicep b/docs/static/includes/interfaces/bicep/int.rbac.udt.schema.bicep similarity index 61% rename from docs/static/includes/interfaces/int.rbac.udt.schema.bicep rename to docs/static/includes/interfaces/bicep/int.rbac.udt.schema.bicep index 1f956a806..9277a7e26 100644 --- a/docs/static/includes/interfaces/int.rbac.udt.schema.bicep +++ b/docs/static/includes/interfaces/bicep/int.rbac.udt.schema.bicep @@ -3,8 +3,9 @@ // Parameters // // ============== // +import { roleAssignmentType } from 'br/public:avm/utl/types/avm-common-types:0.4.0' @description('Optional. Array of role assignments to create.') -param roleAssignments roleAssignmentType +param roleAssignments roleAssignmentType[]? // ============= // // Variables // @@ -46,33 +47,3 @@ resource >singularMainResourceType<_roleAssignments 'Microsoft.Authorization/rol scope: >singularMainResourceType< } ] - -// =============== // -// Definitions // -// =============== // - -type roleAssignmentType = { - @description('Optional. The name (as GUID) of the role assignment. If not provided, a GUID will be generated.') - name: string? - - @description('Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') - roleDefinitionIdOrName: string - - @description('Required. The principal ID of the principal (user/group/identity) to assign the role to.') - principalId: string - - @description('Optional. The principal type of the assigned principal ID.') - principalType: ('ServicePrincipal' | 'Group' | 'User' | 'ForeignGroup' | 'Device')? - - @description('Optional. The description of the role assignment.') - description: string? - - @description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container".') - condition: string? - - @description('Optional. Version of the condition.') - conditionVersion: '2.0'? - - @description('Optional. The Resource Id of the delegated managed identity resource.') - delegatedManagedIdentityResourceId: string? -}[]? diff --git a/docs/static/includes/interfaces/int.secExp.input.bicep b/docs/static/includes/interfaces/bicep/int.secExp.input.bicep similarity index 100% rename from docs/static/includes/interfaces/int.secExp.input.bicep rename to docs/static/includes/interfaces/bicep/int.secExp.input.bicep diff --git a/docs/static/includes/interfaces/int.secExp.module.bicep b/docs/static/includes/interfaces/bicep/int.secExp.module.bicep similarity index 67% rename from docs/static/includes/interfaces/int.secExp.module.bicep rename to docs/static/includes/interfaces/bicep/int.secExp.module.bicep index 5875b0d11..fa73ff153 100644 --- a/docs/static/includes/interfaces/int.secExp.module.bicep +++ b/docs/static/includes/interfaces/bicep/int.secExp.module.bicep @@ -6,6 +6,7 @@ @description('Required. The name of the Key Vault to set the secrets in.') param keyVaultName string +import { secretToSetType } from 'br/public:avm/utl/types/avm-common-types:0.4.0' @description('Required. The secrets to set in the Key Vault.') param secretsToSet secretToSetType[] @@ -31,33 +32,13 @@ resource secrets 'Microsoft.KeyVault/vaults/secrets@2023-07-01' = [ // Outputs // // =========== // +import { secretSetOutputType } from 'br/public:avm/utl/types/avm-common-types:0.3.0' @description('The references to the secrets exported to the provided Key Vault.') -output secretsSet secretSetType[] = [ +output secretsSet secretSetOutputType[] = [ #disable-next-line outputs-should-not-contain-secrets // Only returning the references, not a secret value for index in range(0, length(secretsToSet ?? [])): { secretResourceId: secrets[index].id secretUri: secrets[index].properties.secretUri + secretUriWithVersion: secrets[index].properties.secretUriWithVersion } ] - -// =============== // -// Definitions // -// =============== // - -@export() -type secretSetType = { - @description('The resourceId of the exported secret.') - secretResourceId: string - - @description('The secret URI of the exported secret.') - secretUri: string -} - -type secretToSetType = { - @description('Required. The name of the secret to set.') - name: string - - @description('Required. The value of the secret to set.') - @secure() - value: string -} diff --git a/docs/static/includes/interfaces/int.secExp.output.bicep b/docs/static/includes/interfaces/bicep/int.secExp.output.bicep similarity index 100% rename from docs/static/includes/interfaces/int.secExp.output.bicep rename to docs/static/includes/interfaces/bicep/int.secExp.output.bicep diff --git a/docs/static/includes/interfaces/int.secExp.output.jsonFmt.json b/docs/static/includes/interfaces/bicep/int.secExp.output.jsonFmt.json similarity index 100% rename from docs/static/includes/interfaces/int.secExp.output.jsonFmt.json rename to docs/static/includes/interfaces/bicep/int.secExp.output.jsonFmt.json diff --git a/docs/static/includes/interfaces/int.secExp.udt.schema.bicep b/docs/static/includes/interfaces/bicep/int.secExp.udt.schema.bicep similarity index 93% rename from docs/static/includes/interfaces/int.secExp.udt.schema.bicep rename to docs/static/includes/interfaces/bicep/int.secExp.udt.schema.bicep index b5ac203cf..ba783a6e8 100644 --- a/docs/static/includes/interfaces/int.secExp.udt.schema.bicep +++ b/docs/static/includes/interfaces/bicep/int.secExp.udt.schema.bicep @@ -45,6 +45,7 @@ module secretsExport 'modules/keyVaultExport.bicep' = if (secretsExportConfigura // Outputs // // =========== // +import { secretsOutputType } from 'br/public:avm/utl/types/avm-common-types:0.4.0' @description('A hashtable of references to the secrets exported to the provided Key Vault. The key of each reference is each secret\'s name.') output exportedSecrets secretsOutputType = (secretsExportConfiguration != null) ? toObject(secretsExport.outputs.secretsSet, secret => last(split(secret.secretResourceId, '/')), secret => secret) @@ -54,6 +55,7 @@ output exportedSecrets secretsOutputType = (secretsExportConfiguration != null) // Definitions // // =============== // +@export() type secretsExportConfigurationType = { @description('Required. The resource ID of the key vault where to store the secrets of this module.') keyVaultResourceId: string @@ -66,9 +68,3 @@ type secretsExportConfigurationType = { // (...) } - -import { secretSetType } from 'modules/keyVaultExport.bicep' -type secretsOutputType = { - @description('An exported secret\'s references.') - *: secretSetType -} diff --git a/docs/static/includes/interfaces/int.tags.input.bicep b/docs/static/includes/interfaces/bicep/int.tags.input.bicep similarity index 100% rename from docs/static/includes/interfaces/int.tags.input.bicep rename to docs/static/includes/interfaces/bicep/int.tags.input.bicep diff --git a/docs/static/includes/interfaces/int.tags.udt.schema.bicep b/docs/static/includes/interfaces/bicep/int.tags.udt.schema.bicep similarity index 100% rename from docs/static/includes/interfaces/int.tags.udt.schema.bicep rename to docs/static/includes/interfaces/bicep/int.tags.udt.schema.bicep diff --git a/docs/static/includes/interfaces/int.cmk.udt.schema.bicep b/docs/static/includes/interfaces/int.cmk.udt.schema.bicep deleted file mode 100644 index 9c360fc73..000000000 --- a/docs/static/includes/interfaces/int.cmk.udt.schema.bicep +++ /dev/null @@ -1,63 +0,0 @@ - -// ============== // -// Parameters // -// ============== // - -@description('Optional. The customer managed key definition.') -param customerManagedKey customerManagedKeyType - -// ============= // -// Resources // -// ============= // - -resource cMKKeyVault 'Microsoft.KeyVault/vaults@2023-02-01' existing = if (!empty(customerManagedKey.?keyVaultResourceId)) { - name: last(split((customerManagedKey.?keyVaultResourceId ?? 'dummyVault'), '/')) - scope: resourceGroup(split((customerManagedKey.?keyVaultResourceId ?? '//'), '/')[2], split((customerManagedKey.?keyVaultResourceId ?? '////'), '/')[4]) - - resource cMKKey 'keys@2023-02-01' existing = if (!empty(customerManagedKey.?keyVaultResourceId) && !empty(customerManagedKey.?keyName)) { - name: customerManagedKey.?keyName ?? 'dummyKey' - } -} - -resource cMKUserAssignedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' existing = if (!empty(customerManagedKey.?userAssignedIdentityResourceId)) { - name: last(split(customerManagedKey.?userAssignedIdentityResourceId ?? 'dummyMsi', '/')) - scope: resourceGroup(split((customerManagedKey.?userAssignedIdentityResourceId ?? '//'), '/')[2], split((customerManagedKey.?userAssignedIdentityResourceId ?? '////'), '/')[4]) -} - -resource >singularMainResourceType< '>providerNamespaceresourceType<@>apiVersion<' = { - name: '>exampleResource<' - properties: { - ... // other properties - encryption: !empty(customerManagedKey) ? { - keySource: 'Microsoft.KeyVault' - keyVaultProperties: { - keyVaultUri: cMKKeyVault.properties.vaultUri - keyName: customerManagedKey!.keyName - keyVersion: !empty(customerManagedKey.?keyVersion ?? '') ? customerManagedKey!.keyVersion : last(split(cMKKeyVault::cMKKey.properties.keyUriWithVersion, '/')) - keyIdentifier: !empty(customerManagedKey.?keyVersion ?? '') ? '${cMKKeyVault::cMKKey.properties.keyUri}/${customerManagedKey!.keyVersion}' : cMKKeyVault::cMKKey.properties.keyUriWithVersion - identityClientId: !empty(customerManagedKey.?userAssignedIdentityResourceId ?? '') ? cMKUserAssignedIdentity.properties.clientId : null - identity: !empty(customerManagedKey.?userAssignedIdentityResourceId) ? { - userAssignedIdentity: cMKUserAssignedIdentity.id - } : null - } - } : null - } -} - -// =============== // -// Definitions // -// =============== // - -type customerManagedKeyType = { - @description('Required. The resource ID of a key vault to reference a customer managed key for encryption from.') - keyVaultResourceId: string - - @description('Required. The name of the customer managed key to use for encryption.') - keyName: string - - @description('Optional. The version of the customer managed key to reference for encryption. If not provided, using \'latest\'.') - keyVersion: string? - - @description('Optional. User assigned identity to use when fetching the customer managed key. Required if no system assigned identity is available for use.') - userAssignedIdentityResourceId: string? -}? diff --git a/docs/static/includes/interfaces/int.diag.udt.schema.bicep b/docs/static/includes/interfaces/int.diag.udt.schema.bicep deleted file mode 100644 index 3dc3ad398..000000000 --- a/docs/static/includes/interfaces/int.diag.udt.schema.bicep +++ /dev/null @@ -1,82 +0,0 @@ - -// ============== // -// Parameters // -// ============== // - -@description('Optional. The diagnostic settings of the service.') -param diagnosticSettings diagnosticSettingType - -// ============= // -// Resources // -// ============= // - -resource >singularMainResourceType<_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = [for (diagnosticSetting, index) in (diagnosticSettings ?? []): { - name: diagnosticSetting.?name ?? '${name}-diagnosticSettings' - properties: { - storageAccountId: diagnosticSetting.?storageAccountResourceId - workspaceId: diagnosticSetting.?workspaceResourceId - eventHubAuthorizationRuleId: diagnosticSetting.?eventHubAuthorizationRuleResourceId - eventHubName: diagnosticSetting.?eventHubName - metrics: [for group in (diagnosticSetting.?metricCategories ?? [ { category: 'AllMetrics' } ]): { - category: group.category - enabled: group.?enabled ?? true - timeGrain: null - }] - logs: [for group in (diagnosticSetting.?logCategoriesAndGroups ?? [ { categoryGroup: 'allLogs' } ]): { - categoryGroup: group.?categoryGroup - category: group.?category - enabled: group.?enabled ?? true - }] - marketplacePartnerId: diagnosticSetting.?marketplacePartnerResourceId - logAnalyticsDestinationType: diagnosticSetting.?logAnalyticsDestinationType - } - scope: >singularMainResourceType< -}] - -// =============== // -// Definitions // -// =============== // - -type diagnosticSettingType = { - @description('Optional. The name of diagnostic setting.') - name: string? - - @description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to `[]` to disable log collection.') - logCategoriesAndGroups: { - @description('Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here.') - category: string? - - @description('Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to `allLogs` to collect all logs.') - categoryGroup: string? - - @description('Optional. Enable or disable the category explicitly. Default is `true`.') - enabled: bool? - }[]? - - @description('Optional. The name of metrics that will be streamed. "allMetrics" includes all possible metrics for the resource. Set to `[]` to disable metric collection.') - metricCategories: { - @description('Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to `AllMetrics` to collect all metrics.') - category: string - - @description('Optional. Enable or disable the category explicitly. Default is `true`.') - enabled: bool? - }[]? - - @description('Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type.') - logAnalyticsDestinationType: ('Dedicated' | 'AzureDiagnostics')? - - @description('Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.') - workspaceResourceId: string? - - @description('Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.') - storageAccountResourceId: string? - - @description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') - eventHubAuthorizationRuleResourceId: string? - - @description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.') - eventHubName: string? - - @description('Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs.') - marketplacePartnerResourceId: string? -}[]? diff --git a/docs/static/includes/interfaces/int.pe.udt.schema1.bicep b/docs/static/includes/interfaces/int.pe.udt.schema1.bicep deleted file mode 100644 index 66472228d..000000000 --- a/docs/static/includes/interfaces/int.pe.udt.schema1.bicep +++ /dev/null @@ -1,146 +0,0 @@ - -// ============== // -// Parameters // -// ============== // - -@description('Optional. Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.') -param privateEndpoints privateEndpointType - -// ============= // -// Resources // -// ============= // - -module >singularMainResourceType<_privateEndpoints 'br/public:avm/res/network/private-endpoint:X.Y.Z' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { - name: '${uniqueString(deployment().name, location)}->singularMainResourceType<-PrivateEndpoint-${index}' - scope: resourceGroup(privateEndpoint.?resourceGroupName ?? '') - params: { - // Variant 1: A default service can be assumed (i.e., for services that only have one private endpoint type) - name: privateEndpoint.?name ?? 'pep-${last(split(>singularMainResourceType<.id, '/'))}-${privateEndpoint.?service ?? '>defaultServiceName<'}-${index}' - privateLinkServiceConnections: privateEndpoint.?isManualConnection != true ? [ - { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(>singularMainResourceType<.id, '/'))}-${privateEndpoint.?service ?? '>defaultServiceName<'}-${index}' - properties: { - privateLinkServiceId: >singularMainResourceType<.id - groupIds: [ - privateEndpoint.?service ?? '>defaultServiceName<' - ] - } - } - ] : null - manualPrivateLinkServiceConnections: privateEndpoint.?isManualConnection == true ? [ - { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(>singularMainResourceType<.id, '/'))}-${privateEndpoint.?service ?? '>defaultServiceName<'}-${index}' - properties: { - privateLinkServiceId: >singularMainResourceType<.id - groupIds: [ - privateEndpoint.?service ?? '>defaultServiceName<' - ] - requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' - } - } - ] : null - subnetResourceId: privateEndpoint.subnetResourceId - enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry - location: privateEndpoint.?location ?? reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location - lock: privateEndpoint.?lock ?? lock - privateDnsZoneGroup: privateEndpoint.?privateDnsZoneGroup - roleAssignments: privateEndpoint.?roleAssignments - tags: privateEndpoint.?tags ?? tags - customDnsConfigs: privateEndpoint.?customDnsConfigs - ipConfigurations: privateEndpoint.?ipConfigurations - applicationSecurityGroupResourceIds: privateEndpoint.?applicationSecurityGroupResourceIds - customNetworkInterfaceName: privateEndpoint.?customNetworkInterfaceName - } -}] - -// =============== // -// Definitions // -// =============== // - -type privateEndpointType = { - @description('Optional. The name of the private endpoint.') - name: string? - - @description('Optional. The location to deploy the private endpoint to.') - location: string? - - @description('Optional. The name of the private link connection to create.') - privateLinkServiceConnectionName: string? - - // Variant 1: A default service can be assumed (i.e., for services that only have one private endpoint type) - @description('Optional. The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory".') - service: string? - - @description('Required. Resource ID of the subnet where the endpoint needs to be created.') - subnetResourceId: string - - @description('Optional. The private DNS zone group to configure for the private endpoint.') - privateDnsZoneGroup: { - @description('Optional. The name of the Private DNS Zone Group.') - name: string? - - @description('Required. The private DNS zone groups to associate the private endpoint. A DNS zone group can support up to 5 DNS zones.') - privateDnsZoneGroupConfigs: { - @description('Optional. The name of the private DNS zone group config.') - name: string? - - @description('Required. The resource id of the private DNS zone.') - privateDnsZoneResourceId: string - }[] - }? - - @description('Optional. If Manual Private Link Connection is required.') - isManualConnection: bool? - - @description('Optional. A message passed to the owner of the remote resource with the manual connection request.') - @maxLength(140) - manualConnectionRequestMessage: string? - - @description('Optional. Custom DNS configurations.') - customDnsConfigs: { - @description('Optional. FQDN that resolves to private endpoint IP address.') - fqdn: string? - - @description('Required. A list of private IP addresses of the private endpoint.') - ipAddresses: string[] - }[]? - - @description('Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints.') - ipConfigurations: { - @description('Required. The name of the resource that is unique within a resource group.') - name: string - - @description('Required. Properties of private endpoint IP configurations.') - properties: { - @description('Required. The ID of a group obtained from the remote resource that this private endpoint should connect to.') - groupId: string - - @description('Required. The member name of a group obtained from the remote resource that this private endpoint should connect to.') - memberName: string - - @description('Required. A private IP address obtained from the private endpoint\'s subnet.') - privateIPAddress: string - } - }[]? - - @description('Optional. Application security groups in which the private endpoint IP configuration is included.') - applicationSecurityGroupResourceIds: string[]? - - @description('Optional. The custom name of the network interface attached to the private endpoint.') - customNetworkInterfaceName: string? - - @description('Optional. Specify the type of lock.') - lock: lockType? - - @description('Optional. Array of role assignments to create.') - roleAssignments: roleAssignmentType[]? - - @description('Optional. Tags to be applied on all resources/resource groups in this deployment.') - tags: object? - - @description('Optional. Enable/Disable usage telemetry for module.') - enableTelemetry: bool? - - @description('Optional. Specify if you want to deploy the Private Endpoint into a different resource group than the main resource.') - resourceGroupName: string? -}[]? diff --git a/docs/static/includes/interfaces/int.pe.udt.schema2.bicep b/docs/static/includes/interfaces/int.pe.udt.schema2.bicep deleted file mode 100644 index 1b65f3938..000000000 --- a/docs/static/includes/interfaces/int.pe.udt.schema2.bicep +++ /dev/null @@ -1,146 +0,0 @@ - -// ============== // -// Parameters // -// ============== // - -@description('Optional. Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.') -param privateEndpoints privateEndpointType - -// ============= // -// Resources // -// ============= // - -module >singularMainResourceType<_privateEndpoints 'br/public:avm/res/network/private-endpoint:X.Y.Z' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { - name: '${uniqueString(deployment().name, location)}->singularMainResourceType<-PrivateEndpoint-${index}' - scope: resourceGroup(privateEndpoint.?resourceGroupName ?? '') - params: { - // Variant 2: A default service cannot be assumed (i.e., for services that have more than one private endpoint type, like Storage Account) - name: privateEndpoint.?name ?? 'pep-${last(split(>singularMainResourceType<.id, '/'))}-${privateEndpoint.service}-${index}' - privateLinkServiceConnections: privateEndpoint.?isManualConnection != true ? [ - { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(>singularMainResourceType<.id, '/'))}-${privateEndpoint.service}-${index}' - properties: { - privateLinkServiceId: >singularMainResourceType<.id - groupIds: [ - privateEndpoint.service - ] - } - } - ] : null - manualPrivateLinkServiceConnections: privateEndpoint.?isManualConnection == true ? [ - { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(>singularMainResourceType<.id, '/'))}-${privateEndpoint.service}-${index}' - properties: { - privateLinkServiceId: >singularMainResourceType<.id - groupIds: [ - privateEndpoint.service - ] - requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' - } - } - ] : null - subnetResourceId: privateEndpoint.subnetResourceId - enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry - location: privateEndpoint.?location ?? reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location - lock: privateEndpoint.?lock ?? lock - privateDnsZoneGroup: privateEndpoint.?privateDnsZoneGroup - roleAssignments: privateEndpoint.?roleAssignments - tags: privateEndpoint.?tags ?? tags - customDnsConfigs: privateEndpoint.?customDnsConfigs - ipConfigurations: privateEndpoint.?ipConfigurations - applicationSecurityGroupResourceIds: privateEndpoint.?applicationSecurityGroupResourceIds - customNetworkInterfaceName: privateEndpoint.?customNetworkInterfaceName - } -}] - -// =============== // -// Definitions // -// =============== // - -type privateEndpointType = { - @description('Optional. The name of the private endpoint.') - name: string? - - @description('Optional. The location to deploy the private endpoint to.') - location: string? - - @description('Optional. The name of the private link connection to create.') - privateLinkServiceConnectionName: string? - - // Variant 2: A default subresource cannot be assumed (i.e., for services that have more than one subresource, like Storage Account with Blob (blob, table, queue, file, ...) - @description('Required. The subresource to deploy the private endpoint for. For example "blob", "table", "queue" or "file".') - service: string - - @description('Required. Resource ID of the subnet where the endpoint needs to be created.') - subnetResourceId: string - - @description('Optional. The private DNS zone group to configure for the private endpoint.') - privateDnsZoneGroup: { - @description('Optional. The name of the Private DNS Zone Group.') - name: string? - - @description('Required. The private DNS zone groups to associate the private endpoint. A DNS zone group can support up to 5 DNS zones.') - privateDnsZoneGroupConfigs: { - @description('Optional. The name of the private DNS zone group config.') - name: string? - - @description('Required. The resource id of the private DNS zone.') - privateDnsZoneResourceId: string - }[] - }? - - @description('Optional. If Manual Private Link Connection is required.') - isManualConnection: bool? - - @description('Optional. A message passed to the owner of the remote resource with the manual connection request.') - @maxLength(140) - manualConnectionRequestMessage: string? - - @description('Optional. Custom DNS configurations.') - customDnsConfigs: { - @description('Optional. FQDN that resolves to private endpoint IP address.') - fqdn: string? - - @description('Required. A list of private IP addresses of the private endpoint.') - ipAddresses: string[] - }[]? - - @description('Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints.') - ipConfigurations: { - @description('Required. The name of the resource that is unique within a resource group.') - name: string - - @description('Required. Properties of private endpoint IP configurations.') - properties: { - @description('Required. The ID of a group obtained from the remote resource that this private endpoint should connect to.') - groupId: string - - @description('Required. The member name of a group obtained from the remote resource that this private endpoint should connect to.') - memberName: string - - @description('Required. A private IP address obtained from the private endpoint\'s subnet.') - privateIPAddress: string - } - }[]? - - @description('Optional. Application security groups in which the private endpoint IP configuration is included.') - applicationSecurityGroupResourceIds: string[]? - - @description('Optional. The custom name of the network interface attached to the private endpoint.') - customNetworkInterfaceName: string? - - @description('Optional. Specify the type of lock.') - lock: lockType? - - @description('Optional. Array of role assignments to create.') - roleAssignments: roleAssignmentType[]? - - @description('Optional. Tags to be applied on all resources/resource groups in this deployment.') - tags: object? - - @description('Optional. Enable/Disable usage telemetry for module.') - enableTelemetry: bool? - - @description('Optional. Specify if you want to deploy the Private Endpoint into a different resource group than the main resource.') - resourceGroupName: string? -}[]? diff --git a/docs/static/includes/interfaces/int.cmk.input.tf b/docs/static/includes/interfaces/tf/int.cmk.input.tf similarity index 100% rename from docs/static/includes/interfaces/int.cmk.input.tf rename to docs/static/includes/interfaces/tf/int.cmk.input.tf diff --git a/docs/static/includes/interfaces/int.cmk.schema.tf b/docs/static/includes/interfaces/tf/int.cmk.schema.tf similarity index 100% rename from docs/static/includes/interfaces/int.cmk.schema.tf rename to docs/static/includes/interfaces/tf/int.cmk.schema.tf diff --git a/docs/static/includes/interfaces/int.diag.input.tf b/docs/static/includes/interfaces/tf/int.diag.input.tf similarity index 100% rename from docs/static/includes/interfaces/int.diag.input.tf rename to docs/static/includes/interfaces/tf/int.diag.input.tf diff --git a/docs/static/includes/interfaces/int.diag.schema.tf b/docs/static/includes/interfaces/tf/int.diag.schema.tf similarity index 100% rename from docs/static/includes/interfaces/int.diag.schema.tf rename to docs/static/includes/interfaces/tf/int.diag.schema.tf diff --git a/docs/static/includes/interfaces/int.locks.input.tf b/docs/static/includes/interfaces/tf/int.locks.input.tf similarity index 100% rename from docs/static/includes/interfaces/int.locks.input.tf rename to docs/static/includes/interfaces/tf/int.locks.input.tf diff --git a/docs/static/includes/interfaces/int.locks.schema.tf b/docs/static/includes/interfaces/tf/int.locks.schema.tf similarity index 100% rename from docs/static/includes/interfaces/int.locks.schema.tf rename to docs/static/includes/interfaces/tf/int.locks.schema.tf diff --git a/docs/static/includes/interfaces/int.mi.input.tf b/docs/static/includes/interfaces/tf/int.mi.input.tf similarity index 100% rename from docs/static/includes/interfaces/int.mi.input.tf rename to docs/static/includes/interfaces/tf/int.mi.input.tf diff --git a/docs/static/includes/interfaces/int.mi.schema.tf b/docs/static/includes/interfaces/tf/int.mi.schema.tf similarity index 100% rename from docs/static/includes/interfaces/int.mi.schema.tf rename to docs/static/includes/interfaces/tf/int.mi.schema.tf diff --git a/docs/static/includes/interfaces/int.pe.input.tf b/docs/static/includes/interfaces/tf/int.pe.input.tf similarity index 100% rename from docs/static/includes/interfaces/int.pe.input.tf rename to docs/static/includes/interfaces/tf/int.pe.input.tf diff --git a/docs/static/includes/interfaces/int.pe.schema.tf b/docs/static/includes/interfaces/tf/int.pe.schema.tf similarity index 100% rename from docs/static/includes/interfaces/int.pe.schema.tf rename to docs/static/includes/interfaces/tf/int.pe.schema.tf diff --git a/docs/static/includes/interfaces/int.rbac.input.tf b/docs/static/includes/interfaces/tf/int.rbac.input.tf similarity index 100% rename from docs/static/includes/interfaces/int.rbac.input.tf rename to docs/static/includes/interfaces/tf/int.rbac.input.tf diff --git a/docs/static/includes/interfaces/int.rbac.schema.tf b/docs/static/includes/interfaces/tf/int.rbac.schema.tf similarity index 100% rename from docs/static/includes/interfaces/int.rbac.schema.tf rename to docs/static/includes/interfaces/tf/int.rbac.schema.tf diff --git a/docs/static/includes/interfaces/int.tags.input.tf b/docs/static/includes/interfaces/tf/int.tags.input.tf similarity index 100% rename from docs/static/includes/interfaces/int.tags.input.tf rename to docs/static/includes/interfaces/tf/int.tags.input.tf diff --git a/docs/static/includes/interfaces/int.tags.schema.tf b/docs/static/includes/interfaces/tf/int.tags.schema.tf similarity index 100% rename from docs/static/includes/interfaces/int.tags.schema.tf rename to docs/static/includes/interfaces/tf/int.tags.schema.tf From cf72496865ce2cdd764e28d58099083d5d29e12a Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Wed, 27 Nov 2024 22:27:47 +0100 Subject: [PATCH 2/4] Updated docs --- .../resource/non-functional/BCPRMNFR2.md | 46 +++++++++++++++++++ .../bicep/shared/non-functional/BCPNFR1.md | 4 +- .../bicep/shared/non-functional/BCPNFR18.md | 38 +++++++++++++++ .../bicep/shared/non-functional/BCPNFR19.md | 37 +++++++++++++++ .../bicep/shared/non-functional/BCPNFR20.md | 31 +++++++++++++ .../bicep/shared/non-functional/BCPNFR21.md | 41 +++++++++++++++++ .../bicep/shared/non-functional/BCPNFR9.md | 42 +++++++++++++++++ 7 files changed, 237 insertions(+), 2 deletions(-) create mode 100644 docs/content/specs-defs/includes/bicep/resource/non-functional/BCPRMNFR2.md create mode 100644 docs/content/specs-defs/includes/bicep/shared/non-functional/BCPNFR18.md create mode 100644 docs/content/specs-defs/includes/bicep/shared/non-functional/BCPNFR19.md create mode 100644 docs/content/specs-defs/includes/bicep/shared/non-functional/BCPNFR20.md create mode 100644 docs/content/specs-defs/includes/bicep/shared/non-functional/BCPNFR21.md create mode 100644 docs/content/specs-defs/includes/bicep/shared/non-functional/BCPNFR9.md diff --git a/docs/content/specs-defs/includes/bicep/resource/non-functional/BCPRMNFR2.md b/docs/content/specs-defs/includes/bicep/resource/non-functional/BCPRMNFR2.md new file mode 100644 index 000000000..b52ea0c09 --- /dev/null +++ b/docs/content/specs-defs/includes/bicep/resource/non-functional/BCPRMNFR2.md @@ -0,0 +1,46 @@ +--- +title: BCPRMNFR2 - User-defined types - AVM-Common-Types +url: /spec/BCPRMNFR2 +geekdocNav: true +geekdocAlign: left +geekdocAnchor: true +type: posts +tags: [ + Class-Resource, # MULTIPLE VALUES: this can be "Class-Resource" AND/OR "Class-Pattern" AND/OR "Class-Utility" + Type-NonFunctional, # SINGLE VALUE: this can be "Type-Functional" OR "Type-NonFunctional" + Category-Inputs/Outputs, # SINGLE VALUE: this can be "Category-Testing" OR "Category-Telemetry" OR "Category-Contribution/Support" OR "Category-Documentation" OR "Category-CodeStyle" OR "Category-Naming/Composition" OR "Category-Inputs/Outputs" OR "Category-Release/Publishing" Language-Bicep, # MULTIPLE VALUES: this can be "Language-Bicep" AND/OR "Language-Terraform" + Severity-MUST, # SINGLE VALUE: this can be "Severity-MUST" OR "Severity-SHOULD" OR "Severity-MAY" + Persona-Owner, # MULTIPLE VALUES: this can be "Persona-Owner" AND/OR "Persona-Contributor" + Persona-Contributor, # MULTIPLE VALUES: this can be "Persona-Owner" AND/OR "Persona-Contributor" + Lifecycle-BAU, # SINGLE VALUE: this can be "Lifecycle-Initial" OR "Lifecycle-BAU" OR "Lifecycle-EOL" + Validation-TBD # SINGLE VALUE: this can be "Validation-Manual" OR "Validation-CI/Informational" OR "CI/Enforced" +] +priority: 13010 +--- + +#### ID: BCPRMNFR2 - Category: User-defined types - AVM-Common-Types + +When implementing any of the [shared](/Azure-Verified-Modules/specs/shared/interfaces) or [Bicep-specific](/Azure-Verified-Modules/specs/bicep/interfaces) AVM interface variants you MUST import their User-defined type (UDT) via the published [AVM-Common-Types](https://github.com/Azure/bicep-registry-modules/tree/main/avm/utl/types/avm-common-types) module. + +When doing so, each type MUST be imported separately, right above the parameter or output that uses it. + +```bicep +import { roleAssignmentType } from 'br/public:avm/utl/types/avm-common-types:*.*.*' +@description('Optional. Array of role assignments to create.') +param roleAssignments roleAssignmentType[]? +import { diagnosticSettingFullType } from 'br/public:avm/utl/types/avm-common-types:*.*.*' +@description('Optional. The diagnostic settings of the service.') +param diagnosticSettings diagnosticSettingFullType[]? +``` + +Importing them individually as opposed to one common block has several benefits such as +- Individual versioning of types +- If you must update the version for one type, you're not exposed to unexpected changes to other types + +{{< hint type=important >}} + +The `import (...)` block MUST not be added in between a parameter's definition and its metadata. Doing so breaks the metadata's binding to the parameter in question. + +{{< /hint >}} + +Finally, you should check for version updates regularly to ensure the resource module stays consistent with the specs. If the used AVM-Common-Types runs stale, the CI may eventually fail the module's static tests. \ No newline at end of file diff --git a/docs/content/specs-defs/includes/bicep/shared/non-functional/BCPNFR1.md b/docs/content/specs-defs/includes/bicep/shared/non-functional/BCPNFR1.md index 9bc978ff7..45ecf2b1e 100644 --- a/docs/content/specs-defs/includes/bicep/shared/non-functional/BCPNFR1.md +++ b/docs/content/specs-defs/includes/bicep/shared/non-functional/BCPNFR1.md @@ -1,5 +1,5 @@ --- -title: BCPNFR1 - Data Types +title: BCPNFR1 - User-defined types - General url: /spec/BCPNFR1 geekdocNav: true geekdocAlign: left @@ -20,7 +20,7 @@ tags: [ priority: 11010 --- -#### ID: BCPNFR1 - Category: Inputs - Data Types +#### ID: BCPNFR1 - Category: Inputs - User-defined types - General To simplify the consumption experience for module consumers when interacting with complex data types input parameters, mainly objects and arrays, the Bicep feature of [User-Defined Types](https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/user-defined-data-types) **MUST** be used and declared. diff --git a/docs/content/specs-defs/includes/bicep/shared/non-functional/BCPNFR18.md b/docs/content/specs-defs/includes/bicep/shared/non-functional/BCPNFR18.md new file mode 100644 index 000000000..c153ffd0f --- /dev/null +++ b/docs/content/specs-defs/includes/bicep/shared/non-functional/BCPNFR18.md @@ -0,0 +1,38 @@ +--- +title: BCPNFR18 - User-defined types - Specification +url: /spec/BCPNFR18 +geekdocNav: true +geekdocAlign: left +geekdocAnchor: true +type: posts +tags: [ + Class-Resource, # MULTIPLE VALUES: this can be "Class-Resource" AND/OR "Class-Pattern" AND/OR "Class-Utility" + Class-Pattern, # MULTIPLE VALUES: this can be "Class-Resource" AND/OR "Class-Pattern" AND/OR "Class-Utility" + Type-NonFunctional, # SINGLE VALUE: this can be "Type-Functional" OR "Type-NonFunctional" + Category-Inputs/Outputs, # SINGLE VALUE: this can be "Category-Testing" OR "Category-Telemetry" OR "Category-Contribution/Support" OR "Category-Documentation" OR "Category-CodeStyle" OR "Category-Naming/Composition" OR "Category-Inputs/Outputs" OR "Category-Release/Publishing" + Language-Bicep, # MULTIPLE VALUES: this can be "Language-Bicep" AND/OR "Language-Terraform" + Severity-MUST, # SINGLE VALUE: this can be "Severity-MUST" OR "Severity-SHOULD" OR "Severity-MAY" + Persona-Owner, # MULTIPLE VALUES: this can be "Persona-Owner" AND/OR "Persona-Contributor" + Persona-Contributor, # MULTIPLE VALUES: this can be "Persona-Owner" AND/OR "Persona-Contributor" + Lifecycle-BAU, # SINGLE VALUE: this can be "Lifecycle-Initial" OR "Lifecycle-BAU" OR "Lifecycle-EOL" + Validation-TBD # SINGLE VALUE: this can be "Validation-Manual" OR "Validation-CI/Informational" OR "CI/Enforced" +] +priority: 11010 +--- + +#### ID: BCPNFR18 - Category: User-defined types - Specification + +User-defined types (UDTs) MUST always be singular and non-nullable. The configuration of either should instead be done directly at the parameter or output that uses the type. + +For example, instead of +```bicep +param subnets subnetsType +type subnetsType = { ... }[]? +``` +the type should instead be defined like +```bicep +param subnets subnetType[]? +type subnetType = { ... } +``` + +The primary reason for this requirement is clarity. If not defined directly at the parameter or output, a user would always be required to check the type to understand how e.g., a parameter is expected. \ No newline at end of file diff --git a/docs/content/specs-defs/includes/bicep/shared/non-functional/BCPNFR19.md b/docs/content/specs-defs/includes/bicep/shared/non-functional/BCPNFR19.md new file mode 100644 index 000000000..08bd677f5 --- /dev/null +++ b/docs/content/specs-defs/includes/bicep/shared/non-functional/BCPNFR19.md @@ -0,0 +1,37 @@ +--- +title: BCPNFR19 - User-defined types - Naming +url: /spec/BCPNFR18 +geekdocNav: true +geekdocAlign: left +geekdocAnchor: true +type: posts +tags: [ + Class-Resource, # MULTIPLE VALUES: this can be "Class-Resource" AND/OR "Class-Pattern" AND/OR "Class-Utility" + Class-Pattern, # MULTIPLE VALUES: this can be "Class-Resource" AND/OR "Class-Pattern" AND/OR "Class-Utility" + Type-NonFunctional, # SINGLE VALUE: this can be "Type-Functional" OR "Type-NonFunctional" + Category-Inputs/Outputs, # SINGLE VALUE: this can be "Category-Testing" OR "Category-Telemetry" OR "Category-Contribution/Support" OR "Category-Documentation" OR "Category-CodeStyle" OR "Category-Naming/Composition" OR "Category-Inputs/Outputs" OR "Category-Release/Publishing" + Category-Naming/Composition, # SINGLE VALUE: this can be "Category-Testing" OR "Category-Telemetry" OR "Category-Contribution/Support" OR "Category-Documentation" OR "Category-CodeStyle" OR "Category-Naming/Composition" OR "Category-Inputs/Outputs" OR "Category-Release/Publishing" + Language-Bicep, # MULTIPLE VALUES: this can be "Language-Bicep" AND/OR "Language-Terraform" + Severity-MUST, # SINGLE VALUE: this can be "Severity-MUST" OR "Severity-SHOULD" OR "Severity-MAY" + Persona-Owner, # MULTIPLE VALUES: this can be "Persona-Owner" AND/OR "Persona-Contributor" + Persona-Contributor, # MULTIPLE VALUES: this can be "Persona-Owner" AND/OR "Persona-Contributor" + Lifecycle-BAU, # SINGLE VALUE: this can be "Lifecycle-Initial" OR "Lifecycle-BAU" OR "Lifecycle-EOL" + Validation-TBD # SINGLE VALUE: this can be "Validation-Manual" OR "Validation-CI/Informational" OR "CI/Enforced" +] +priority: 11010 +--- + +#### ID: BCPNFR19 - Category: User-defined types - Naming + +User-defined types (UDTs) MUST always end with the suffix `(...)Type` to make them obvious to users. In addition it is recommended to extend the suffix to `(...)OutputType` if a UDT is exclusively used for outputs. +```bicep +type subnet = { ... } // Wrong +type subnetType = { ... } // Correct +type subnetOutputType = { ... } // Correct, if used only for outputs +``` + +Since User-defined types (UDTs) MUST always be singular as per [BCPNFR18](#id-bcpnfr18---category-user-defined-types---specification), their naming should reflect this and also be singular. +```bicep +type subnetsType = { ... } // Wrong +type subnetType = { ... } // Correct +``` \ No newline at end of file diff --git a/docs/content/specs-defs/includes/bicep/shared/non-functional/BCPNFR20.md b/docs/content/specs-defs/includes/bicep/shared/non-functional/BCPNFR20.md new file mode 100644 index 000000000..f9a6278d7 --- /dev/null +++ b/docs/content/specs-defs/includes/bicep/shared/non-functional/BCPNFR20.md @@ -0,0 +1,31 @@ +--- +title: BCPNFR20 - User-defined types - Export +url: /spec/BCPNFR20 +geekdocNav: true +geekdocAlign: left +geekdocAnchor: true +type: posts +tags: [ + Class-Resource, # MULTIPLE VALUES: this can be "Class-Resource" AND/OR "Class-Pattern" AND/OR "Class-Utility" + Class-Pattern, # MULTIPLE VALUES: this can be "Class-Resource" AND/OR "Class-Pattern" AND/OR "Class-Utility" + Type-NonFunctional, # SINGLE VALUE: this can be "Type-Functional" OR "Type-NonFunctional" + Category-Inputs/Outputs, # SINGLE VALUE: this can be "Category-Testing" OR "Category-Telemetry" OR "Category-Contribution/Support" OR "Category-Documentation" OR "Category-CodeStyle" OR "Category-Naming/Composition" OR "Category-Inputs/Outputs" OR "Category-Release/Publishing" + Language-Bicep, # MULTIPLE VALUES: this can be "Language-Bicep" AND/OR "Language-Terraform" + Severity-MUST, # SINGLE VALUE: this can be "Severity-MUST" OR "Severity-SHOULD" OR "Severity-MAY" + Persona-Owner, # MULTIPLE VALUES: this can be "Persona-Owner" AND/OR "Persona-Contributor" + Persona-Contributor, # MULTIPLE VALUES: this can be "Persona-Owner" AND/OR "Persona-Contributor" + Lifecycle-BAU, # SINGLE VALUE: this can be "Lifecycle-Initial" OR "Lifecycle-BAU" OR "Lifecycle-EOL" + Validation-TBD # SINGLE VALUE: this can be "Validation-Manual" OR "Validation-CI/Informational" OR "CI/Enforced" +] +priority: 11010 +--- + +#### ID: BCPNFR20 - Category: User-defined types - Export + +User-defined types (UDTs) SHOULD always be exported via the `@export()` annotation in every template they're implemented in. +```bicep +@export() +type subnetType = { ... } +``` + +Doing so has the benefit that other (e.g., parent) modules can import them and as such reduce code duplication. Also, if the module itself is published, users of the Public Bicep Registry can import the types independently of the module itself. One example where this can be useful is a pattern module that may re-use the same interface when referencing a module from the registry. \ No newline at end of file diff --git a/docs/content/specs-defs/includes/bicep/shared/non-functional/BCPNFR21.md b/docs/content/specs-defs/includes/bicep/shared/non-functional/BCPNFR21.md new file mode 100644 index 000000000..bc54e8059 --- /dev/null +++ b/docs/content/specs-defs/includes/bicep/shared/non-functional/BCPNFR21.md @@ -0,0 +1,41 @@ +--- +title: BCPNFR21 - User-defined types - Decorators +url: /spec/BCPNFR21 +geekdocNav: true +geekdocAlign: left +geekdocAnchor: true +type: posts +tags: [ + Class-Resource, # MULTIPLE VALUES: this can be "Class-Resource" AND/OR "Class-Pattern" AND/OR "Class-Utility" + Class-Pattern, # MULTIPLE VALUES: this can be "Class-Resource" AND/OR "Class-Pattern" AND/OR "Class-Utility" + Type-NonFunctional, # SINGLE VALUE: this can be "Type-Functional" OR "Type-NonFunctional" + Category-Inputs/Outputs, # SINGLE VALUE: this can be "Category-Testing" OR "Category-Telemetry" OR "Category-Contribution/Support" OR "Category-Documentation" OR "Category-CodeStyle" OR "Category-Naming/Composition" OR "Category-Inputs/Outputs" OR "Category-Release/Publishing" + Language-Bicep, # MULTIPLE VALUES: this can be "Language-Bicep" AND/OR "Language-Terraform" + Severity-MUST, # SINGLE VALUE: this can be "Severity-MUST" OR "Severity-SHOULD" OR "Severity-MAY" + Persona-Owner, # MULTIPLE VALUES: this can be "Persona-Owner" AND/OR "Persona-Contributor" + Persona-Contributor, # MULTIPLE VALUES: this can be "Persona-Owner" AND/OR "Persona-Contributor" + Lifecycle-BAU, # SINGLE VALUE: this can be "Lifecycle-Initial" OR "Lifecycle-BAU" OR "Lifecycle-EOL" + Validation-TBD # SINGLE VALUE: this can be "Validation-Manual" OR "Validation-CI/Informational" OR "CI/Enforced" +] +priority: 11010 +--- + +#### ID: BCPNFR21 - Category: User-defined types - Decorators + +Similar to [BCPNFR9](#id-bcpnfr9---category-inputs---decorators), User-defined types MUST implement certain [decorators](https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/parameters#use-decorators), while they SHOULD others. + +Decorators that MUST be implemented are `description` & `secure` (if sensitive). This is true for every property of the type, as well as the type itself. +Decorators that SHOULD be implemented include but are not limited to `allowed`, `minValue`, `maxValue`, `minLength` & `maxLength` as they have a big impact on the module's usability. + +```bicep +@desciption('My type''s description.') +type myType = { + @description('Optional. The threshold of your resource.') + @minValue(1) + @maxValue(10) + threshold: int? + + @description('Required. The SKU of your resource.') + sku: ('Basic' | 'Premium' | 'Standard') +} +``` \ No newline at end of file diff --git a/docs/content/specs-defs/includes/bicep/shared/non-functional/BCPNFR9.md b/docs/content/specs-defs/includes/bicep/shared/non-functional/BCPNFR9.md new file mode 100644 index 000000000..734120314 --- /dev/null +++ b/docs/content/specs-defs/includes/bicep/shared/non-functional/BCPNFR9.md @@ -0,0 +1,42 @@ +--- +title: BCPNFR9 - Inputs - Decorators +url: /spec/BCPNFR9 +geekdocNav: true +geekdocAlign: left +geekdocAnchor: true +type: posts +tags: [ + Class-Resource, # MULTIPLE VALUES: this can be "Class-Resource" AND/OR "Class-Pattern" AND/OR "Class-Utility" + Class-Pattern, # MULTIPLE VALUES: this can be "Class-Resource" AND/OR "Class-Pattern" AND/OR "Class-Utility" + Type-NonFunctional, # SINGLE VALUE: this can be "Type-Functional" OR "Type-NonFunctional" + Category-Inputs/Outputs, # SINGLE VALUE: this can be "Category-Testing" OR "Category-Telemetry" OR "Category-Contribution/Support" OR "Category-Documentation" OR "Category-CodeStyle" OR "Category-Naming/Composition" OR "Category-Inputs/Outputs" OR "Category-Release/Publishing" + Language-Bicep, # MULTIPLE VALUES: this can be "Language-Bicep" AND/OR "Language-Terraform" + Severity-MUST, # SINGLE VALUE: this can be "Severity-MUST" OR "Severity-SHOULD" OR "Severity-MAY" + Persona-Owner, # MULTIPLE VALUES: this can be "Persona-Owner" AND/OR "Persona-Contributor" + Persona-Contributor, # MULTIPLE VALUES: this can be "Persona-Owner" AND/OR "Persona-Contributor" + Lifecycle-BAU, # SINGLE VALUE: this can be "Lifecycle-Initial" OR "Lifecycle-BAU" OR "Lifecycle-EOL" + Validation-TBD # SINGLE VALUE: this can be "Validation-Manual" OR "Validation-CI/Informational" OR "CI/Enforced" +] +priority: 11010 +--- + +#### ID: BCPNFR9 - Category: Inputs - Decorators + +Input parameters MUST make use of certain [decorators](https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/parameters#use-decorators), while they SHOULD make use of others whenever possible. + +Decorators that MUST always be implemented are `description` & `secure` (if sensitive). +Decorators that SHOULD always be implemented include but are not limited to `allowed`, `minValue`, `maxValue`, `minLength` & `maxLength` as they have a big impact on the module's usability. + +```bicep +@description('Optional. The threshold of your resource.') +@minValue(1) +@maxValue(10) +param threshold: int? +@description('Required. The SKU of your resource.') +@allowed([ +'Basic' +'Premium' +'Standard' +]) +param sku string +``` From 0cae562f2fd7660e59029249c05ff986959dcf97 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Wed, 11 Dec 2024 23:18:13 +0100 Subject: [PATCH 3/4] Update to latest --- .../interfaces/bicep/int.cmk.input.bicep | 6 --- .../interfaces/bicep/int.diag.input.bicep | 24 --------- .../bicep/int.diag.udt.schema.bicep | 35 ------------ .../interfaces/bicep/int.mi.input.bicep | 7 --- .../interfaces/bicep/int.mi.udt.schema.bicep | 41 -------------- .../interfaces/bicep/int.pe.input.bicep | 53 ------------------- 6 files changed, 166 deletions(-) delete mode 100644 docs/static/includes/interfaces/bicep/int.cmk.input.bicep delete mode 100644 docs/static/includes/interfaces/bicep/int.diag.input.bicep delete mode 100644 docs/static/includes/interfaces/bicep/int.diag.udt.schema.bicep delete mode 100644 docs/static/includes/interfaces/bicep/int.mi.input.bicep delete mode 100644 docs/static/includes/interfaces/bicep/int.mi.udt.schema.bicep delete mode 100644 docs/static/includes/interfaces/bicep/int.pe.input.bicep diff --git a/docs/static/includes/interfaces/bicep/int.cmk.input.bicep b/docs/static/includes/interfaces/bicep/int.cmk.input.bicep deleted file mode 100644 index 82490e1b9..000000000 --- a/docs/static/includes/interfaces/bicep/int.cmk.input.bicep +++ /dev/null @@ -1,6 +0,0 @@ -customerManagedKey: { - keyVaultResourceId: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{keyVaultName}' - keyName: '{keyName}' - keyVersion: '{keyVersion}' - userAssignedIdentityResourceId: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{uamiName}' -} diff --git a/docs/static/includes/interfaces/bicep/int.diag.input.bicep b/docs/static/includes/interfaces/bicep/int.diag.input.bicep deleted file mode 100644 index bd93e9add..000000000 --- a/docs/static/includes/interfaces/bicep/int.diag.input.bicep +++ /dev/null @@ -1,24 +0,0 @@ -diagnosticSettings: [ - { - name: 'diagSetting1' - logCategoriesAndGroups: [ - { - category: 'AzurePolicyEvaluationDetails' - } - { - category: 'AuditEvent' - } - ] - metricCategories: [ - { - category: 'AllMetrics' - } - ] - logAnalyticsDestinationType: 'Dedicated' - workspaceResourceId: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}' - storageAccountResourceId: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Storage/storageAccounts/{storageAccountName}' - eventHubAuthorizationRuleResourceId: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.EventHub/namespaces/{namespaceName}/eventhubs/{eventHubName}/authorizationrules/{authorizationRuleName}' - eventHubName: '{eventHubName}' - marketplacePartnerResourceId: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{partnerResourceProvider}/{partnerResourceType}/{partnerResourceName}' - } -] diff --git a/docs/static/includes/interfaces/bicep/int.diag.udt.schema.bicep b/docs/static/includes/interfaces/bicep/int.diag.udt.schema.bicep deleted file mode 100644 index 43091552b..000000000 --- a/docs/static/includes/interfaces/bicep/int.diag.udt.schema.bicep +++ /dev/null @@ -1,35 +0,0 @@ - -// ============== // -// Parameters // -// ============== // - -import { diagnosticSettingFullType } from 'br/public:avm/utl/types/avm-common-types:0.4.0' -@description('Optional. The diagnostic settings of the service.') -param diagnosticSettings diagnosticSettingFullType[]? - -// ============= // -// Resources // -// ============= // - -resource >singularMainResourceType<_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = [for (diagnosticSetting, index) in (diagnosticSettings ?? []): { - name: diagnosticSetting.?name ?? '${name}-diagnosticSettings' - properties: { - storageAccountId: diagnosticSetting.?storageAccountResourceId - workspaceId: diagnosticSetting.?workspaceResourceId - eventHubAuthorizationRuleId: diagnosticSetting.?eventHubAuthorizationRuleResourceId - eventHubName: diagnosticSetting.?eventHubName - metrics: [for group in (diagnosticSetting.?metricCategories ?? [ { category: 'AllMetrics' } ]): { - category: group.category - enabled: group.?enabled ?? true - timeGrain: null - }] - logs: [for group in (diagnosticSetting.?logCategoriesAndGroups ?? [ { categoryGroup: 'allLogs' } ]): { - categoryGroup: group.?categoryGroup - category: group.?category - enabled: group.?enabled ?? true - }] - marketplacePartnerId: diagnosticSetting.?marketplacePartnerResourceId - logAnalyticsDestinationType: diagnosticSetting.?logAnalyticsDestinationType - } - scope: >singularMainResourceType< -}] diff --git a/docs/static/includes/interfaces/bicep/int.mi.input.bicep b/docs/static/includes/interfaces/bicep/int.mi.input.bicep deleted file mode 100644 index 13faaa7cc..000000000 --- a/docs/static/includes/interfaces/bicep/int.mi.input.bicep +++ /dev/null @@ -1,7 +0,0 @@ -managedIdentities: { - systemAssigned: true - userAssignedResourceIds: [ - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}' - '/subscriptions/{subscriptionId2}/resourceGroups/{resourceGroupName2}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName2}' - ] -} diff --git a/docs/static/includes/interfaces/bicep/int.mi.udt.schema.bicep b/docs/static/includes/interfaces/bicep/int.mi.udt.schema.bicep deleted file mode 100644 index 26f51f69d..000000000 --- a/docs/static/includes/interfaces/bicep/int.mi.udt.schema.bicep +++ /dev/null @@ -1,41 +0,0 @@ - -// ============== // -// Parameters // -// ============== // - -<<<<<<<< HEAD:docs/static/includes/interfaces/bicep/int.mi.udt.schema.bicep -import { managedIdentityAllType } from 'br/public:avm/utl/types/avm-common-types:0.4.0' -======== -import { managedIdentityAllType } from 'br/public:avm/utl/types/avm-common-types:>version<' ->>>>>>>> main:docs/static/includes/interfaces/bicep/int.mi.udt.schema1.bicep -@description('Optional. The managed identity definition for this resource.') -param managedIdentities managedIdentityAllType? - -// ============= // -// Variables // -// ============= // - -var formattedUserAssignedIdentities = reduce(map((managedIdentities.?userAssignedResourceIds ?? []), (id) => { '${id}': {} }), {}, (cur, next) => union(cur, next)) // Converts the flat array to an object like { '${id1}': {}, '${id2}': {} } -var identity = !empty(managedIdentities) ? { - type: (managedIdentities.?systemAssigned ?? false) ? (!empty(managedIdentities.?userAssignedResourceIds ?? {}) ? 'SystemAssigned,UserAssigned' : 'SystemAssigned') : (!empty(managedIdentities.?userAssignedResourceIds ?? {}) ? 'UserAssigned' : null) - userAssignedIdentities: !empty(formattedUserAssignedIdentities) ? formattedUserAssignedIdentities : null -} : null - -// ============= // -// Resources // -// ============= // - -resource >singularMainResourceType< '>providerNamespaceresourceType<@>apiVersion<' = { - name: name - identity: identity - properties: { - ... // other properties - } -} - -// =========== // -// Outputs // -// =========== // - -@description('The principal ID of the system assigned identity.') -output systemAssignedMIPrincipalId string? = >singularMainResourceType<.?identity.?principalId diff --git a/docs/static/includes/interfaces/bicep/int.pe.input.bicep b/docs/static/includes/interfaces/bicep/int.pe.input.bicep deleted file mode 100644 index 5360f17a8..000000000 --- a/docs/static/includes/interfaces/bicep/int.pe.input.bicep +++ /dev/null @@ -1,53 +0,0 @@ -privateEndpoints: { - { - name: 'myPeName' - privateLinkServiceConnectionName: 'myPrivateLinkConnectionName' - lock: 'CanNotDelete' - tags: { - 'hidden-title': 'This is visible in the resource name' - } - subnetResourceId: '/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRg/providers/Microsoft.Network/virtualNetworks/myVnet/subnets/mysubnet' - applicationSecurityGroupResourceIds: [ - '/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRg/providers/Microsoft.Network/applicationSecurityGroups/myAsg' - ] - privateDnsZoneGroup: { - privateDnsZoneGroupConfigs: [ - { - name: 'config' - privateDnsZoneResourceId: '/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRg/providers/Microsoft.Network/privateDnsZones/myZone' - } - ] - } - customDnsConfigs: [ - { - fqdn: 'fqdn1.example.com' - ipAddresses: [ - '10.0.0.1', - '10.0.0.2' - ] - } - ] - networkInterfaceName: 'nic1' - ipConfigurations: [ - { - name: 'ipconfig1' - groupId: 'vault' - memberName: 'default' - privateIpAddress: '10.0.0.7' - } - ] - roleAssignments: [ - { - roleDefinitionIdOrName: 'Owner' - principalId: '11111111-1111-1111-1111-111111111111' - principalType: 'ServicePrincipal' - } - { - roleDefinitionIdOrName: subscriptionResourceId('Microsoft.Authorization/roleDefinitions','acdd72a7-3385-48ef-bd42-f606fba81ae7') - principalId: '11111111-1111-1111-1111-111111111111' - principalType: 'ServicePrincipal' - } - ] - resourceGroupName: 'mySecondaryRg' - } -} From 5048e154a0cdbae0c4d3c40fdf99ccd1d0e5497f Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Wed, 11 Dec 2024 23:18:56 +0100 Subject: [PATCH 4/4] Update to latest --- .../static/includes/interfaces/bicep/int.mi.udt.schema1.bicep | 4 ---- 1 file changed, 4 deletions(-) diff --git a/docs/static/includes/interfaces/bicep/int.mi.udt.schema1.bicep b/docs/static/includes/interfaces/bicep/int.mi.udt.schema1.bicep index 26f51f69d..091cf1ad2 100644 --- a/docs/static/includes/interfaces/bicep/int.mi.udt.schema1.bicep +++ b/docs/static/includes/interfaces/bicep/int.mi.udt.schema1.bicep @@ -3,11 +3,7 @@ // Parameters // // ============== // -<<<<<<<< HEAD:docs/static/includes/interfaces/bicep/int.mi.udt.schema.bicep -import { managedIdentityAllType } from 'br/public:avm/utl/types/avm-common-types:0.4.0' -======== import { managedIdentityAllType } from 'br/public:avm/utl/types/avm-common-types:>version<' ->>>>>>>> main:docs/static/includes/interfaces/bicep/int.mi.udt.schema1.bicep @description('Optional. The managed identity definition for this resource.') param managedIdentities managedIdentityAllType?