Skip to content

Commit

Permalink
[Modules] Updated identities to UDT as per AVM specs - Batch 2 (#4240)
Browse files Browse the repository at this point in the history
* Wiki update - systemAssignedMIPrincipalId output

* Dev Test Lab - removed redundant output

* Web Site - aligned slotSystemAssignedMIPrincipalIds output name

* Upated ditital twins module

* Digital twins - updated readme and arm of child modules

* Digital twins - fixed identities of the endpoints

* Digital twins - ARM Update

* Restored original settingy.yml

* Upated Synapse Workspace module

* Digital Twins: added systemAssignedMIPrincipalId output and corresponding test
  • Loading branch information
krbar authored Nov 14, 2023
1 parent 199a3c3 commit f265ed1
Show file tree
Hide file tree
Showing 24 changed files with 543 additions and 305 deletions.
2 changes: 1 addition & 1 deletion docs/wiki/The library - Module design.md
Original file line number Diff line number Diff line change
Expand Up @@ -563,7 +563,7 @@ While exceptions might be needed, the following guidance should be followed as m
- `name`
- `resourceId`
- `resourceGroupName` for modules that are deployed at resource group scope
- `systemAssignedPrincipalId` for all modules that support managed identities
- `systemAssignedMIPrincipalId` for all modules that support system-assigned managed identities
- `location` for all modules where the primary resource has a location property
- Add a `@description('...')` annotation with meaningful description to each output.
Expand Down
1 change: 0 additions & 1 deletion modules/dev-test-lab/lab/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -1561,7 +1561,6 @@ Resource Group allocation for virtual machines. If left empty, virtual machines
| `resourceGroupName` | string | The resource group the lab was deployed into. |
| `resourceId` | string | The resource ID of the lab. |
| `systemAssignedMIPrincipalId` | string | The principal ID of the system assigned identity. |
| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. |
| `uniqueIdentifier` | string | The unique identifier for the lab. Used to track tags that the lab applies to each resource that it creates. |

## Cross-referenced modules
Expand Down
3 changes: 0 additions & 3 deletions modules/dev-test-lab/lab/main.bicep
Original file line number Diff line number Diff line change
Expand Up @@ -303,9 +303,6 @@ resource lab_roleAssignments 'Microsoft.Authorization/roleAssignments@2022-04-01
scope: lab
}]

@description('The principal ID of the system assigned identity.')
output systemAssignedPrincipalId string = lab.identity.principalId

@description('The unique identifier for the lab. Used to track tags that the lab applies to each resource that it creates.')
output uniqueIdentifier string = lab.properties.uniqueIdentifier

Expand Down
35 changes: 14 additions & 21 deletions modules/dev-test-lab/lab/main.json
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.22.6.54827",
"templateHash": "14947280208542929227"
"version": "0.23.1.45101",
"templateHash": "16810111400681874654"
},
"name": "DevTest Labs",
"description": "This module deploys a DevTest Lab.",
Expand Down Expand Up @@ -483,8 +483,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.22.6.54827",
"templateHash": "8382075673072622254"
"version": "0.23.1.45101",
"templateHash": "15407797032940609921"
},
"name": "DevTest Lab Virtual Networks",
"description": "This module deploys a DevTest Lab Virtual Network.\r\n\r\nLab virtual machines must be deployed into a virtual network. This resource type allows configuring the virtual network and subnet settings used for the lab virtual machines.",
Expand Down Expand Up @@ -656,8 +656,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.22.6.54827",
"templateHash": "7402281637422771358"
"version": "0.23.1.45101",
"templateHash": "9914622679648067397"
},
"name": "DevTest Lab Policy Sets Policies",
"description": "This module deploys a DevTest Lab Policy Sets Policy.\r\n\r\nDevTest lab policies are used to modify the lab settings such as only allowing certain VM Size SKUs, marketplace image types, number of VMs allowed per user and other settings.",
Expand Down Expand Up @@ -861,8 +861,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.22.6.54827",
"templateHash": "10592511541548002212"
"version": "0.23.1.45101",
"templateHash": "12981849767656574818"
},
"name": "DevTest Lab Schedules",
"description": "This module deploys a DevTest Lab Schedule.\r\n\r\nLab schedules are used to modify the settings for auto-shutdown, auto-start for lab virtual machines.",
Expand Down Expand Up @@ -1085,8 +1085,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.22.6.54827",
"templateHash": "5225332129791836269"
"version": "0.23.1.45101",
"templateHash": "18307130406875558192"
},
"name": "DevTest Lab Notification Channels",
"description": "This module deploys a DevTest Lab Notification Channel.\r\n\r\nNotification channels are used by the schedule resource type in order to send notifications or events to email addresses and/or webhooks.",
Expand Down Expand Up @@ -1269,8 +1269,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.22.6.54827",
"templateHash": "12165020180713564819"
"version": "0.23.1.45101",
"templateHash": "2347337632859394324"
},
"name": "DevTest Lab Artifact Sources",
"description": "This module deploys a DevTest Lab Artifact Source.\r\n\r\nAn artifact source allows you to create custom artifacts for the VMs in the lab, or use Azure Resource Manager templates to create a custom test environment. You must add a private Git repository for the artifacts or Resource Manager templates that your team creates. The repository can be hosted on GitHub or on Azure DevOps Services.",
Expand Down Expand Up @@ -1485,8 +1485,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.22.6.54827",
"templateHash": "12104430168487418019"
"version": "0.23.1.45101",
"templateHash": "12516166788941938286"
},
"name": "DevTest Lab Costs",
"description": "This module deploys a DevTest Lab Cost.\r\n\r\nManage lab costs by setting a spending target that can be viewed in the Monthly Estimated Cost Trend chart. DevTest Labs can send a notification when spending reaches the specified target threshold.",
Expand Down Expand Up @@ -1789,13 +1789,6 @@
}
},
"outputs": {
"systemAssignedPrincipalId": {
"type": "string",
"metadata": {
"description": "The principal ID of the system assigned identity."
},
"value": "[reference('lab', '2018-10-15-preview', 'full').identity.principalId]"
},
"uniqueIdentifier": {
"type": "string",
"metadata": {
Expand Down
118 changes: 78 additions & 40 deletions modules/digital-twins/digital-twins-instance/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -121,12 +121,20 @@ module digitalTwinsInstance 'br:bicep/modules/digital-twins.digital-twins-instan
authenticationType: 'IdentityBased'
endpointUri: '<endpointUri>'
entityPath: '<entityPath>'
userAssignedIdentity: '<userAssignedIdentity>'
managedIdentities: {
userAssignedResourceId: '<userAssignedResourceId>'
}
}
lock: {
kind: 'CanNotDelete'
name: 'myCustomLockName'
}
managedIdentities: {
systemAssigned: true
userAssignedResourcesIds: [
'<managedIdentityResourceId>'
]
}
privateEndpoints: [
{
privateDnsZoneResourceIds: [
Expand All @@ -146,16 +154,15 @@ module digitalTwinsInstance 'br:bicep/modules/digital-twins.digital-twins-instan
authenticationType: 'IdentityBased'
endpointUri: '<endpointUri>'
entityPath: '<entityPath>'
userAssignedIdentity: '<userAssignedIdentity>'
managedIdentities: {
userAssignedResourceId: '<userAssignedResourceId>'
}
}
tags: {
Environment: 'Non-Prod'
'hidden-title': 'This is visible in the resource name'
Role: 'DeploymentValidation'
}
userAssignedIdentities: {
'<managedIdentityResourceId>': {}
}
}
}
```
Expand Down Expand Up @@ -207,7 +214,9 @@ module digitalTwinsInstance 'br:bicep/modules/digital-twins.digital-twins-instan
"authenticationType": "IdentityBased",
"endpointUri": "<endpointUri>",
"entityPath": "<entityPath>",
"userAssignedIdentity": "<userAssignedIdentity>"
"managedIdentities": {
"userAssignedResourceId": "<userAssignedResourceId>"
}
}
},
"lock": {
Expand All @@ -216,6 +225,14 @@ module digitalTwinsInstance 'br:bicep/modules/digital-twins.digital-twins-instan
"name": "myCustomLockName"
}
},
"managedIdentities": {
"value": {
"systemAssigned": true,
"userAssignedResourcesIds": [
"<managedIdentityResourceId>"
]
}
},
"privateEndpoints": {
"value": [
{
Expand All @@ -240,7 +257,9 @@ module digitalTwinsInstance 'br:bicep/modules/digital-twins.digital-twins-instan
"authenticationType": "IdentityBased",
"endpointUri": "<endpointUri>",
"entityPath": "<entityPath>",
"userAssignedIdentity": "<userAssignedIdentity>"
"managedIdentities": {
"userAssignedResourceId": "<userAssignedResourceId>"
}
}
},
"tags": {
Expand All @@ -249,11 +268,6 @@ module digitalTwinsInstance 'br:bicep/modules/digital-twins.digital-twins-instan
"hidden-title": "This is visible in the resource name",
"Role": "DeploymentValidation"
}
},
"userAssignedIdentities": {
"value": {
"<managedIdentityResourceId>": {}
}
}
}
}
Expand Down Expand Up @@ -301,12 +315,19 @@ module digitalTwinsInstance 'br:bicep/modules/digital-twins.digital-twins-instan
authenticationType: 'IdentityBased'
endpointUri: '<endpointUri>'
entityPath: '<entityPath>'
userAssignedIdentity: '<userAssignedIdentity>'
managedIdentities: {
userAssignedResourceId: '<userAssignedResourceId>'
}
}
lock: {
kind: 'CanNotDelete'
name: 'myCustomLockName'
}
managedIdentities: {
userAssignedResourcesIds: [
'<managedIdentityResourceId>'
]
}
privateEndpoints: [
{
privateDnsZoneResourceIds: [
Expand All @@ -326,16 +347,15 @@ module digitalTwinsInstance 'br:bicep/modules/digital-twins.digital-twins-instan
authenticationType: 'IdentityBased'
endpointUri: '<endpointUri>'
entityPath: '<entityPath>'
userAssignedIdentity: '<userAssignedIdentity>'
managedIdentities: {
userAssignedResourceId: '<userAssignedResourceId>'
}
}
tags: {
Environment: 'Non-Prod'
'hidden-title': 'This is visible in the resource name'
Role: 'DeploymentValidation'
}
userAssignedIdentities: {
'<managedIdentityResourceId>': {}
}
}
}
```
Expand Down Expand Up @@ -387,7 +407,9 @@ module digitalTwinsInstance 'br:bicep/modules/digital-twins.digital-twins-instan
"authenticationType": "IdentityBased",
"endpointUri": "<endpointUri>",
"entityPath": "<entityPath>",
"userAssignedIdentity": "<userAssignedIdentity>"
"managedIdentities": {
"userAssignedResourceId": "<userAssignedResourceId>"
}
}
},
"lock": {
Expand All @@ -396,6 +418,13 @@ module digitalTwinsInstance 'br:bicep/modules/digital-twins.digital-twins-instan
"name": "myCustomLockName"
}
},
"managedIdentities": {
"value": {
"userAssignedResourcesIds": [
"<managedIdentityResourceId>"
]
}
},
"privateEndpoints": {
"value": [
{
Expand All @@ -420,7 +449,9 @@ module digitalTwinsInstance 'br:bicep/modules/digital-twins.digital-twins-instan
"authenticationType": "IdentityBased",
"endpointUri": "<endpointUri>",
"entityPath": "<entityPath>",
"userAssignedIdentity": "<userAssignedIdentity>"
"managedIdentities": {
"userAssignedResourceId": "<userAssignedResourceId>"
}
}
},
"tags": {
Expand All @@ -429,11 +460,6 @@ module digitalTwinsInstance 'br:bicep/modules/digital-twins.digital-twins-instan
"hidden-title": "This is visible in the resource name",
"Role": "DeploymentValidation"
}
},
"userAssignedIdentities": {
"value": {
"<managedIdentityResourceId>": {}
}
}
}
}
Expand Down Expand Up @@ -461,13 +487,12 @@ module digitalTwinsInstance 'br:bicep/modules/digital-twins.digital-twins-instan
| [`eventHubEndpoint`](#parameter-eventhubendpoint) | object | Event Hub Endpoint. |
| [`location`](#parameter-location) | string | Location for all resources. |
| [`lock`](#parameter-lock) | object | The lock settings of the service. |
| [`managedIdentities`](#parameter-managedidentities) | object | The managed identity definition for this resource. |
| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. |
| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. |
| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
| [`serviceBusEndpoint`](#parameter-servicebusendpoint) | object | Service Bus Endpoint. |
| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. |
| [`tags`](#parameter-tags) | object | Resource tags. |
| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. |

### Parameter: `diagnosticSettings`

Expand Down Expand Up @@ -639,6 +664,32 @@ Optional. Specify the name of lock.
- Required: No
- Type: string

### Parameter: `managedIdentities`

The managed identity definition for this resource.
- Required: No
- Type: object


| Name | Required | Type | Description |
| :-- | :-- | :--| :-- |
| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | No | bool | Optional. Enables system assigned managed identity on the resource. |
| [`userAssignedResourcesIds`](#parameter-managedidentitiesuserassignedresourcesids) | No | array | Optional. The resource ID(s) to assign to the resource. |

### Parameter: `managedIdentities.systemAssigned`

Optional. Enables system assigned managed identity on the resource.

- Required: No
- Type: bool

### Parameter: `managedIdentities.userAssignedResourcesIds`

Optional. The resource ID(s) to assign to the resource.

- Required: No
- Type: array

### Parameter: `name`

The name of the Digital Twin Instance.
Expand Down Expand Up @@ -933,26 +984,12 @@ Service Bus Endpoint.
- Type: object
- Default: `{}`

### Parameter: `systemAssignedIdentity`

Enables system assigned managed identity on the resource.
- Required: No
- Type: bool
- Default: `False`

### Parameter: `tags`

Resource tags.
- Required: No
- Type: object

### Parameter: `userAssignedIdentities`

The ID(s) to assign to the resource.
- Required: No
- Type: object
- Default: `{}`


## Outputs

Expand All @@ -963,6 +1000,7 @@ The ID(s) to assign to the resource.
| `name` | string | The name of the Digital Twins Instance. |
| `resourceGroupName` | string | The name of the resource group the resource was created in. |
| `resourceId` | string | The resource ID of the Digital Twins Instance. |
| `systemAssignedMIPrincipalId` | string | The principal ID of the system assigned identity. |

## Cross-referenced modules

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.22.6.54827",
"templateHash": "15429197908359098698"
"version": "0.23.1.45101",
"templateHash": "17503518990299492663"
},
"name": "Digital Twins Instance Event Grid Endpoints",
"description": "This module deploys a Digital Twins Instance Event Grid Endpoint.",
Expand Down
Loading

0 comments on commit f265ed1

Please sign in to comment.