From 535e01b92536c426b5c1b6e572bced72c356e2e4 Mon Sep 17 00:00:00 2001 From: Chinedum Echeta <60179183+cecheta@users.noreply.github.com> Date: Wed, 10 Jul 2024 17:26:54 +0000 Subject: [PATCH] Update docs --- avm/ptn/ai-platform/baseline/README.md | 387 +++++++++++++++++++------ avm/ptn/ai-platform/baseline/main.json | 351 +++++++++++++++++----- 2 files changed, 573 insertions(+), 165 deletions(-) diff --git a/avm/ptn/ai-platform/baseline/README.md b/avm/ptn/ai-platform/baseline/README.md index 887c4e3a6de..b2a4304124e 100644 --- a/avm/ptn/ai-platform/baseline/README.md +++ b/avm/ptn/ai-platform/baseline/README.md @@ -115,32 +115,54 @@ module baseline 'br/public:avm/ptn/ai-platform/baseline:' = { name: 'baselineDeployment' params: { // Required parameters - name: '' + name: 'aipbmax' // Non-required parameters - keyVaultEnablePurgeProtection: false - storageAccountAllowSharedKeyAccess: true - workspaceComputes: [ - { - computeType: 'ComputeInstance' - description: 'Default' - location: '' - name: '' - properties: { - vmSize: 'STANDARD_DS11_V2' + applicationInsightsSettings: { + name: 'dep-appi-aipbmax' + } + containerRegistrySettings: { + name: 'depcraipbmax' + trustPolicyStatus: 'disabled' + } + keyVaultSettings: { + enablePurgeProtection: false + name: '' + } + logAnalyticsSettings: { + name: 'dep-log-aipbmax' + } + managedIdentitySettings: { + name: 'dep-id-aipbmax' + } + storageAccountSettings: { + allowSharedKeyAccess: true + name: 'depstaipbmax' + } + workspaceHubSettings: { + computes: [ + { + computeType: 'ComputeInstance' + description: 'Default' + location: '' + name: '' + properties: { + vmSize: 'STANDARD_DS11_V2' + } + sku: 'Standard' } - sku: 'Standard' - } - ] - workspaceNetworkIsolationMode: 'AllowOnlyApprovedOutbound' - workspaceNetworkOutboundRules: { - rule1: { - category: 'UserDefined' - destination: { - serviceResourceId: '' - sparkEnabled: true - subresourceTarget: 'blob' + ] + name: 'dep-hub-aipbmax' + networkIsolationMode: 'AllowOnlyApprovedOutbound' + networkOutboundRules: { + rule1: { + category: 'UserDefined' + destination: { + serviceResourceId: '' + sparkEnabled: true + subresourceTarget: 'blob' + } + type: 'PrivateEndpoint' } - type: 'PrivateEndpoint' } } } @@ -161,42 +183,68 @@ module baseline 'br/public:avm/ptn/ai-platform/baseline:' = { "parameters": { // Required parameters "name": { - "value": "" + "value": "aipbmax" }, // Non-required parameters - "keyVaultEnablePurgeProtection": { - "value": false + "applicationInsightsSettings": { + "value": { + "name": "dep-appi-aipbmax" + } }, - "storageAccountAllowSharedKeyAccess": { - "value": true + "containerRegistrySettings": { + "value": { + "name": "depcraipbmax", + "trustPolicyStatus": "disabled" + } }, - "workspaceComputes": { - "value": [ - { - "computeType": "ComputeInstance", - "description": "Default", - "location": "", - "name": "", - "properties": { - "vmSize": "STANDARD_DS11_V2" - }, - "sku": "Standard" - } - ] + "keyVaultSettings": { + "value": { + "enablePurgeProtection": false, + "name": "" + } }, - "workspaceNetworkIsolationMode": { - "value": "AllowOnlyApprovedOutbound" + "logAnalyticsSettings": { + "value": { + "name": "dep-log-aipbmax" + } }, - "workspaceNetworkOutboundRules": { + "managedIdentitySettings": { "value": { - "rule1": { - "category": "UserDefined", - "destination": { - "serviceResourceId": "", - "sparkEnabled": true, - "subresourceTarget": "blob" - }, - "type": "PrivateEndpoint" + "name": "dep-id-aipbmax" + } + }, + "storageAccountSettings": { + "value": { + "allowSharedKeyAccess": true, + "name": "depstaipbmax" + } + }, + "workspaceHubSettings": { + "value": { + "computes": [ + { + "computeType": "ComputeInstance", + "description": "Default", + "location": "", + "name": "", + "properties": { + "vmSize": "STANDARD_DS11_V2" + }, + "sku": "Standard" + } + ], + "name": "dep-hub-aipbmax", + "networkIsolationMode": "AllowOnlyApprovedOutbound", + "networkOutboundRules": { + "rule1": { + "category": "UserDefined", + "destination": { + "serviceResourceId": "", + "sparkEnabled": true, + "subresourceTarget": "blob" + }, + "type": "PrivateEndpoint" + } } } } @@ -227,15 +275,17 @@ module baseline 'br/public:avm/ptn/ai-platform/baseline:' = { Env: 'test' 'hidden-title': 'This is visible in the resource name' } - workspaceNetworkIsolationMode: 'AllowOnlyApprovedOutbound' - workspaceNetworkOutboundRules: { - rule: { - category: 'UserDefined' - destination: { - serviceResourceId: '' - subresourceTarget: 'blob' + workspaceHubSettings: { + networkIsolationMode: 'AllowOnlyApprovedOutbound' + networkOutboundRules: { + rule: { + category: 'UserDefined' + destination: { + serviceResourceId: '' + subresourceTarget: 'blob' + } + type: 'PrivateEndpoint' } - type: 'PrivateEndpoint' } } } @@ -265,18 +315,18 @@ module baseline 'br/public:avm/ptn/ai-platform/baseline:' = { "hidden-title": "This is visible in the resource name" } }, - "workspaceNetworkIsolationMode": { - "value": "AllowOnlyApprovedOutbound" - }, - "workspaceNetworkOutboundRules": { + "workspaceHubSettings": { "value": { - "rule": { - "category": "UserDefined", - "destination": { - "serviceResourceId": "", - "subresourceTarget": "blob" - }, - "type": "PrivateEndpoint" + "networkIsolationMode": "AllowOnlyApprovedOutbound", + "networkOutboundRules": { + "rule": { + "category": "UserDefined", + "destination": { + "serviceResourceId": "", + "subresourceTarget": "blob" + }, + "type": "PrivateEndpoint" + } } } } @@ -300,15 +350,16 @@ module baseline 'br/public:avm/ptn/ai-platform/baseline:' = { | Parameter | Type | Description | | :-- | :-- | :-- | -| [`containerRegistryTrustPolicyStatus`](#parameter-containerregistrytrustpolicystatus) | string | Whether the trust policy is enabled for the container registry. | +| [`applicationInsightsSettings`](#parameter-applicationinsightssettings) | object | Settings for Application Insights. | +| [`containerRegistrySettings`](#parameter-containerregistrysettings) | object | Settings for the container registry. | | [`enableTelemetry`](#parameter-enabletelemetry) | bool | Enable/Disable usage telemetry for module. | -| [`keyVaultEnablePurgeProtection`](#parameter-keyvaultenablepurgeprotection) | bool | Provide 'true' to enable Key Vault's purge protection feature. | +| [`keyVaultSettings`](#parameter-keyvaultsettings) | object | Settings for the key vault. | | [`location`](#parameter-location) | string | Location for all Resources. | -| [`storageAccountAllowSharedKeyAccess`](#parameter-storageaccountallowsharedkeyaccess) | bool | Indicates whether the storage account permits requests to be authorized with the account access key via Shared Key. If false, then all requests, including shared access signatures, must be authorized with Microsoft Entra ID. The default value is null, which is equivalent to true. | +| [`logAnalyticsSettings`](#parameter-loganalyticssettings) | object | Settings for the Log Analytics workspace. | +| [`managedIdentitySettings`](#parameter-managedidentitysettings) | object | Settings for the user-assigned managed identity. | +| [`storageAccountSettings`](#parameter-storageaccountsettings) | object | Settings for the storage account. | | [`tags`](#parameter-tags) | object | Resource tags. | -| [`workspaceComputes`](#parameter-workspacecomputes) | array | Computes to create and attach to the workspace hub. | -| [`workspaceNetworkIsolationMode`](#parameter-workspacenetworkisolationmode) | string | The network isolation mode of the workspace hub. | -| [`workspaceNetworkOutboundRules`](#parameter-workspacenetworkoutboundrules) | object | The outbound rules for the managed network of the workspace hub. | +| [`workspaceHubSettings`](#parameter-workspacehubsettings) | object | Settings for the AI Studio workspace hub. | ### Parameter: `name` @@ -317,13 +368,53 @@ Alphanumberic suffix to use for resource naming. - Required: Yes - Type: string -### Parameter: `containerRegistryTrustPolicyStatus` +### Parameter: `applicationInsightsSettings` + +Settings for Application Insights. + +- Required: No +- Type: object + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-applicationinsightssettingsname) | string | The name of the Application Insights resource. | + +### Parameter: `applicationInsightsSettings.name` + +The name of the Application Insights resource. + +- Required: No +- Type: string + +### Parameter: `containerRegistrySettings` + +Settings for the container registry. + +- Required: No +- Type: object + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-containerregistrysettingsname) | string | The name of the container registry. | +| [`trustPolicyStatus`](#parameter-containerregistrysettingstrustpolicystatus) | string | Whether the trust policy is enabled for the container registry. Defaults to 'enabled'. | + +### Parameter: `containerRegistrySettings.name` + +The name of the container registry. + +- Required: No +- Type: string + +### Parameter: `containerRegistrySettings.trustPolicyStatus` -Whether the trust policy is enabled for the container registry. +Whether the trust policy is enabled for the container registry. Defaults to 'enabled'. - Required: No - Type: string -- Default: `'enabled'` - Allowed: ```Bicep [ @@ -340,13 +431,33 @@ Enable/Disable usage telemetry for module. - Type: bool - Default: `True` -### Parameter: `keyVaultEnablePurgeProtection` +### Parameter: `keyVaultSettings` -Provide 'true' to enable Key Vault's purge protection feature. +Settings for the key vault. + +- Required: No +- Type: object + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enablePurgeProtection`](#parameter-keyvaultsettingsenablepurgeprotection) | bool | Provide 'true' to enable Key Vault's purge protection feature. Defaults to 'true'. | +| [`name`](#parameter-keyvaultsettingsname) | string | The name of the key vault. | + +### Parameter: `keyVaultSettings.enablePurgeProtection` + +Provide 'true' to enable Key Vault's purge protection feature. Defaults to 'true'. - Required: No - Type: bool -- Default: `True` + +### Parameter: `keyVaultSettings.name` + +The name of the key vault. + +- Required: No +- Type: string ### Parameter: `location` @@ -356,13 +467,73 @@ Location for all Resources. - Type: string - Default: `[resourceGroup().location]` -### Parameter: `storageAccountAllowSharedKeyAccess` +### Parameter: `logAnalyticsSettings` + +Settings for the Log Analytics workspace. + +- Required: No +- Type: object + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-loganalyticssettingsname) | string | The name of the Log Analytics workspace. | + +### Parameter: `logAnalyticsSettings.name` -Indicates whether the storage account permits requests to be authorized with the account access key via Shared Key. If false, then all requests, including shared access signatures, must be authorized with Microsoft Entra ID. The default value is null, which is equivalent to true. +The name of the Log Analytics workspace. + +- Required: No +- Type: string + +### Parameter: `managedIdentitySettings` + +Settings for the user-assigned managed identity. + +- Required: No +- Type: object + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-managedidentitysettingsname) | string | The name of the user-assigned managed identity. | + +### Parameter: `managedIdentitySettings.name` + +The name of the user-assigned managed identity. + +- Required: No +- Type: string + +### Parameter: `storageAccountSettings` + +Settings for the storage account. + +- Required: No +- Type: object + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`allowSharedKeyAccess`](#parameter-storageaccountsettingsallowsharedkeyaccess) | bool | Indicates whether the storage account permits requests to be authorized with the account access key via Shared Key. If false, then all requests, including shared access signatures, must be authorized with Microsoft Entra ID. Defaults to 'false'. | +| [`name`](#parameter-storageaccountsettingsname) | string | The name of the storage account. | + +### Parameter: `storageAccountSettings.allowSharedKeyAccess` + +Indicates whether the storage account permits requests to be authorized with the account access key via Shared Key. If false, then all requests, including shared access signatures, must be authorized with Microsoft Entra ID. Defaults to 'false'. - Required: No - Type: bool -- Default: `False` + +### Parameter: `storageAccountSettings.name` + +The name of the storage account. + +- Required: No +- Type: string ### Parameter: `tags` @@ -371,21 +542,42 @@ Resource tags. - Required: No - Type: object -### Parameter: `workspaceComputes` +### Parameter: `workspaceHubSettings` + +Settings for the AI Studio workspace hub. + +- Required: No +- Type: object + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`computes`](#parameter-workspacehubsettingscomputes) | array | Computes to create and attach to the workspace hub. | +| [`name`](#parameter-workspacehubsettingsname) | string | The name of the AI Studio workspace hub. | +| [`networkIsolationMode`](#parameter-workspacehubsettingsnetworkisolationmode) | string | The network isolation mode of the workspace hub. Defaults to 'AllowInternetOutbound'. | +| [`networkOutboundRules`](#parameter-workspacehubsettingsnetworkoutboundrules) | object | The outbound rules for the managed network of the workspace hub. | + +### Parameter: `workspaceHubSettings.computes` Computes to create and attach to the workspace hub. - Required: No - Type: array -- Default: `[]` -### Parameter: `workspaceNetworkIsolationMode` +### Parameter: `workspaceHubSettings.name` + +The name of the AI Studio workspace hub. + +- Required: No +- Type: string + +### Parameter: `workspaceHubSettings.networkIsolationMode` -The network isolation mode of the workspace hub. +The network isolation mode of the workspace hub. Defaults to 'AllowInternetOutbound'. - Required: No - Type: string -- Default: `'AllowInternetOutbound'` - Allowed: ```Bicep [ @@ -394,7 +586,7 @@ The network isolation mode of the workspace hub. ] ``` -### Parameter: `workspaceNetworkOutboundRules` +### Parameter: `workspaceHubSettings.networkOutboundRules` The outbound rules for the managed network of the workspace hub. @@ -405,9 +597,9 @@ The outbound rules for the managed network of the workspace hub. | Parameter | Type | Description | | :-- | :-- | :-- | -| [`>Any_other_property<`](#parameter-workspacenetworkoutboundrules>any_other_property<) | object | The outbound rule. The name of the rule is the object key. | +| [`>Any_other_property<`](#parameter-workspacehubsettingsnetworkoutboundrules>any_other_property<) | object | The outbound rule. The name of the rule is the object key. | -### Parameter: `workspaceNetworkOutboundRules.>Any_other_property<` +### Parameter: `workspaceHubSettings.networkOutboundRules.>Any_other_property<` The outbound rule. The name of the rule is the object key. @@ -419,12 +611,19 @@ The outbound rule. The name of the rule is the object key. | Output | Type | Description | | :-- | :-- | :-- | +| `applicationInsightsApplicationId` | string | The application ID of the application insights component. | +| `applicationInsightsConnectionString` | string | The connection string of the application insights component. | +| `applicationInsightsInstrumentationKey` | string | The instrumentation key of the application insights component. | +| `applicationInsightsName` | string | The name of the application insights component. | +| `applicationInsightsResourceId` | string | The resource ID of the application insights component. | | `containerRegistryName` | string | The name of the container registry. | | `containerRegistryResourceId` | string | The resource ID of the container registry. | | `keyVaultName` | string | The name of the key vault. | | `keyVaultResourceId` | string | The resource ID of the key vault. | | `keyVaultUri` | string | The URI of the key vault. | | `location` | string | The location the module was deployed to. | +| `logAnalyticsWorkspaceName` | string | The name of the log analytics workspace. | +| `logAnalyticsWorkspaceResourceId` | string | The resource ID of the log analytics workspace. | | `managedIdentityClientId` | string | The client ID of the user assigned managed identity. | | `managedIdentityName` | string | The name of the user assigned managed identity. | | `managedIdentityPrincipalId` | string | The principal ID of the user assigned managed identity. | diff --git a/avm/ptn/ai-platform/baseline/main.json b/avm/ptn/ai-platform/baseline/main.json index d27e389978a..5192a299149 100644 --- a/avm/ptn/ai-platform/baseline/main.json +++ b/avm/ptn/ai-platform/baseline/main.json @@ -6,13 +6,153 @@ "_generator": { "name": "bicep", "version": "0.28.1.47646", - "templateHash": "16876481582099285129" + "templateHash": "10362412508456263694" }, "name": "AI Platform Baseline", "description": "This module provides a secure and scalable environment for deploying AI applications on Azure.\nThe module encompasses all essential components required for building, managing, and observing AI solutions, including a machine learning workspace, observability tools, and necessary data management services.\nBy integrating with Microsoft Entra ID for secure identity management and utilizing private endpoints for services like Key Vault and Blob Storage, the module ensures secure communication and data access.", "owner": "Azure/module-maintainers" }, "definitions": { + "managedIdentitySettingType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name of the user-assigned managed identity." + } + } + }, + "nullable": true + }, + "logAnalyticsSettingType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name of the Log Analytics workspace." + } + } + }, + "nullable": true + }, + "keyVaultSettingType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name of the key vault." + } + }, + "enablePurgeProtection": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Provide 'true' to enable Key Vault's purge protection feature. Defaults to 'true'." + } + } + }, + "nullable": true + }, + "storageAccountSettingType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name of the storage account." + } + }, + "allowSharedKeyAccess": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Indicates whether the storage account permits requests to be authorized with the account access key via Shared Key. If false, then all requests, including shared access signatures, must be authorized with Microsoft Entra ID. Defaults to 'false'." + } + } + }, + "nullable": true + }, + "containerRegistrySettingType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name of the container registry." + } + }, + "trustPolicyStatus": { + "type": "string", + "allowedValues": [ + "disabled", + "enabled" + ], + "nullable": true, + "metadata": { + "description": "Optional. Whether the trust policy is enabled for the container registry. Defaults to 'enabled'." + } + } + }, + "nullable": true + }, + "applicationInsightsSettingType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name of the Application Insights resource." + } + } + }, + "nullable": true + }, + "workspaceHubSettingType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name of the AI Studio workspace hub." + } + }, + "computes": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. Computes to create and attach to the workspace hub." + } + }, + "networkIsolationMode": { + "type": "string", + "allowedValues": [ + "AllowInternetOutbound", + "AllowOnlyApprovedOutbound" + ], + "nullable": true, + "metadata": { + "description": "Optional. The network isolation mode of the workspace hub. Defaults to 'AllowInternetOutbound'." + } + }, + "networkOutboundRules": { + "$ref": "#/definitions/networkOutboundRuleType", + "metadata": { + "description": "Optional. The outbound rules for the managed network of the workspace hub." + } + } + }, + "nullable": true + }, "OutboundRuleType": { "type": "object", "discriminator": { @@ -58,7 +198,7 @@ ], "nullable": true, "metadata": { - "description": "" + "description": "Optional. Category of a managed network Outbound Rule of the workspace hub." } } } @@ -112,7 +252,7 @@ ], "nullable": true, "metadata": { - "description": "" + "description": "Optional. Category of a managed network Outbound Rule of the workspace hub." } } } @@ -171,12 +311,12 @@ ], "nullable": true, "metadata": { - "description": "" + "description": "Optional. Category of a managed network Outbound Rule of the workspace hub." } } } }, - "workspaceNetworkOutboundRuleType": { + "networkOutboundRuleType": { "type": "object", "properties": {}, "additionalProperties": { @@ -220,53 +360,46 @@ "description": "Optional. Enable/Disable usage telemetry for module." } }, - "containerRegistryTrustPolicyStatus": { - "type": "string", - "defaultValue": "enabled", - "allowedValues": [ - "disabled", - "enabled" - ], + "managedIdentitySettings": { + "$ref": "#/definitions/managedIdentitySettingType", "metadata": { - "description": "Optional. Whether the trust policy is enabled for the container registry." + "description": "Optional. Settings for the user-assigned managed identity." } }, - "keyVaultEnablePurgeProtection": { - "type": "bool", - "defaultValue": true, + "logAnalyticsSettings": { + "$ref": "#/definitions/logAnalyticsSettingType", "metadata": { - "description": "Optional. Provide 'true' to enable Key Vault's purge protection feature." + "description": "Optional. Settings for the Log Analytics workspace." } }, - "storageAccountAllowSharedKeyAccess": { - "type": "bool", - "defaultValue": false, + "keyVaultSettings": { + "$ref": "#/definitions/keyVaultSettingType", "metadata": { - "description": "Optional. Indicates whether the storage account permits requests to be authorized with the account access key via Shared Key. If false, then all requests, including shared access signatures, must be authorized with Microsoft Entra ID. The default value is null, which is equivalent to true." + "description": "Optional. Settings for the key vault." } }, - "workspaceComputes": { - "type": "array", - "defaultValue": [], + "storageAccountSettings": { + "$ref": "#/definitions/storageAccountSettingType", "metadata": { - "description": "Optional. Computes to create and attach to the workspace hub." + "description": "Optional. Settings for the storage account." } }, - "workspaceNetworkIsolationMode": { - "type": "string", - "defaultValue": "AllowInternetOutbound", - "allowedValues": [ - "AllowInternetOutbound", - "AllowOnlyApprovedOutbound" - ], + "containerRegistrySettings": { + "$ref": "#/definitions/containerRegistrySettingType", "metadata": { - "description": "Optional. The network isolation mode of the workspace hub." + "description": "Optional. Settings for the container registry." } }, - "workspaceNetworkOutboundRules": { - "$ref": "#/definitions/workspaceNetworkOutboundRuleType", + "applicationInsightsSettings": { + "$ref": "#/definitions/applicationInsightsSettingType", "metadata": { - "description": "Optional. The outbound rules for the managed network of the workspace hub." + "description": "Optional. Settings for Application Insights." + } + }, + "workspaceHubSettings": { + "$ref": "#/definitions/workspaceHubSettingType", + "metadata": { + "description": "Optional. Settings for the AI Studio workspace hub." } } }, @@ -294,30 +427,17 @@ "managedIdentity": { "type": "Microsoft.ManagedIdentity/userAssignedIdentities", "apiVersion": "2023-01-31", - "name": "[format('id-{0}', parameters('name'))]", + "name": "[coalesce(tryGet(parameters('managedIdentitySettings'), 'name'), format('id-{0}', parameters('name')))]", "location": "[parameters('location')]", "tags": "[parameters('tags')]" }, "logAnalyticsWorkspace": { "type": "Microsoft.OperationalInsights/workspaces", "apiVersion": "2023-09-01", - "name": "[format('log-{0}', parameters('name'))]", + "name": "[coalesce(tryGet(parameters('logAnalyticsSettings'), 'name'), format('log-{0}', parameters('name')))]", "location": "[parameters('location')]", "tags": "[parameters('tags')]" }, - "resourceGroup_roleAssignment": { - "type": "Microsoft.Authorization/roleAssignments", - "apiVersion": "2022-04-01", - "name": "[guid(resourceGroup().id, parameters('name'))]", - "properties": { - "roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", - "principalId": "[reference('managedIdentity').principalId]" - }, - "dependsOn": [ - "keyVault", - "managedIdentity" - ] - }, "keyVault": { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -329,7 +449,7 @@ "mode": "Incremental", "parameters": { "name": { - "value": "[format('kv-{0}', parameters('name'))]" + "value": "[coalesce(tryGet(parameters('keyVaultSettings'), 'name'), format('kv-{0}', parameters('name')))]" }, "location": { "value": "[parameters('location')]" @@ -359,10 +479,14 @@ "value": "Disabled" }, "enablePurgeProtection": { - "value": "[parameters('keyVaultEnablePurgeProtection')]" + "value": "[coalesce(tryGet(parameters('keyVaultSettings'), 'enablePurgeProtection'), true())]" }, "roleAssignments": { "value": [ + { + "principalId": "[reference('managedIdentity').principalId]", + "roleDefinitionIdOrName": "Contributor" + }, { "principalId": "[reference('managedIdentity').principalId]", "roleDefinitionIdOrName": "Key Vault Administrator" @@ -372,7 +496,7 @@ "diagnosticSettings": { "value": [ { - "workspaceResourceId": "[resourceId('Microsoft.OperationalInsights/workspaces', format('log-{0}', parameters('name')))]", + "workspaceResourceId": "[resourceId('Microsoft.OperationalInsights/workspaces', coalesce(tryGet(parameters('logAnalyticsSettings'), 'name'), format('log-{0}', parameters('name'))))]", "logCategoriesAndGroups": [ { "category": "AuditEvent", @@ -3130,7 +3254,7 @@ "mode": "Incremental", "parameters": { "name": { - "value": "[format('st{0}', parameters('name'))]" + "value": "[coalesce(tryGet(parameters('storageAccountSettings'), 'name'), format('st{0}', parameters('name')))]" }, "location": { "value": "[parameters('location')]" @@ -3142,10 +3266,10 @@ "value": false }, "allowSharedKeyAccess": { - "value": "[parameters('storageAccountAllowSharedKeyAccess')]" + "value": "[coalesce(tryGet(parameters('storageAccountSettings'), 'allowSharedKeyAccess'), false())]" }, "defaultToOAuthAuthentication": { - "value": "[not(parameters('storageAccountAllowSharedKeyAccess'))]" + "value": "[not(coalesce(tryGet(parameters('storageAccountSettings'), 'allowSharedKeyAccess'), false()))]" }, "publicNetworkAccess": { "value": "Disabled" @@ -3158,6 +3282,10 @@ }, "roleAssignments": { "value": [ + { + "principalId": "[reference('managedIdentity').principalId]", + "roleDefinitionIdOrName": "Contributor" + }, { "principalId": "[reference('managedIdentity').principalId]", "roleDefinitionIdOrName": "Storage Blob Data Contributor" @@ -7822,7 +7950,7 @@ "mode": "Incremental", "parameters": { "name": { - "value": "[format('cr{0}', parameters('name'))]" + "value": "[coalesce(tryGet(parameters('containerRegistrySettings'), 'name'), format('cr{0}', parameters('name')))]" }, "acrSku": { "value": "Premium" @@ -7843,7 +7971,19 @@ "value": "Enabled" }, "trustPolicyStatus": { - "value": "[parameters('containerRegistryTrustPolicyStatus')]" + "value": "[coalesce(tryGet(parameters('containerRegistrySettings'), 'trustPolicyStatus'), 'enabled')]" + }, + "roleAssignments": { + "value": [ + { + "principalId": "[reference('managedIdentity').principalId]", + "roleDefinitionIdOrName": "Contributor" + }, + { + "principalId": "[reference('managedIdentity').principalId]", + "roleDefinitionIdOrName": "AcrPull" + } + ] }, "tags": { "value": "[parameters('tags')]" @@ -9964,7 +10104,10 @@ } } } - } + }, + "dependsOn": [ + "managedIdentity" + ] }, "applicationInsights": { "type": "Microsoft.Resources/deployments", @@ -9977,7 +10120,7 @@ "mode": "Incremental", "parameters": { "name": { - "value": "[format('appi-{0}', parameters('name'))]" + "value": "[coalesce(tryGet(parameters('applicationInsightsSettings'), 'name'), format('appi-{0}', parameters('name')))]" }, "location": { "value": "[parameters('location')]" @@ -9989,7 +10132,15 @@ "value": "[parameters('enableTelemetry')]" }, "workspaceResourceId": { - "value": "[resourceId('Microsoft.OperationalInsights/workspaces', format('log-{0}', parameters('name')))]" + "value": "[resourceId('Microsoft.OperationalInsights/workspaces', coalesce(tryGet(parameters('logAnalyticsSettings'), 'name'), format('log-{0}', parameters('name'))))]" + }, + "roleAssignments": { + "value": [ + { + "principalId": "[reference('managedIdentity').principalId]", + "roleDefinitionIdOrName": "Contributor" + } + ] }, "tags": { "value": "[parameters('tags')]" @@ -10590,7 +10741,8 @@ } }, "dependsOn": [ - "logAnalyticsWorkspace" + "logAnalyticsWorkspace", + "managedIdentity" ] }, "workspaceHub": { @@ -10604,7 +10756,7 @@ "mode": "Incremental", "parameters": { "name": { - "value": "[format('hub-{0}', parameters('name'))]" + "value": "[coalesce(tryGet(parameters('workspaceHubSettings'), 'name'), format('hub-{0}', parameters('name')))]" }, "sku": { "value": "Standard" @@ -10638,25 +10790,33 @@ "managedIdentities": { "value": { "userAssignedResourceIds": [ - "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('id-{0}', parameters('name')))]" + "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', coalesce(tryGet(parameters('managedIdentitySettings'), 'name'), format('id-{0}', parameters('name'))))]" ] } }, "primaryUserAssignedIdentity": { - "value": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('id-{0}', parameters('name')))]" + "value": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', coalesce(tryGet(parameters('managedIdentitySettings'), 'name'), format('id-{0}', parameters('name'))))]" }, "computes": { - "value": "[parameters('workspaceComputes')]" + "value": "[tryGet(parameters('workspaceHubSettings'), 'computes')]" }, "managedNetworkSettings": { "value": { - "isolationMode": "[parameters('workspaceNetworkIsolationMode')]", - "outboundRules": "[parameters('workspaceNetworkOutboundRules')]" + "isolationMode": "[coalesce(tryGet(parameters('workspaceHubSettings'), 'networkIsolationMode'), 'AllowInternetOutbound')]", + "outboundRules": "[tryGet(parameters('workspaceHubSettings'), 'networkOutboundRules')]" } }, "systemDatastoresAuthMode": { "value": "identity" }, + "roleAssignments": { + "value": [ + { + "principalId": "[reference('managedIdentity').principalId]", + "roleDefinitionIdOrName": "Contributor" + } + ] + }, "tags": { "value": "[parameters('tags')]" } @@ -12801,19 +12961,68 @@ }, "value": "[parameters('location')]" }, + "applicationInsightsResourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the application insights component." + }, + "value": "[reference('applicationInsights').outputs.resourceId.value]" + }, + "applicationInsightsName": { + "type": "string", + "metadata": { + "description": "The name of the application insights component." + }, + "value": "[reference('applicationInsights').outputs.name.value]" + }, + "applicationInsightsApplicationId": { + "type": "string", + "metadata": { + "description": "The application ID of the application insights component." + }, + "value": "[reference('applicationInsights').outputs.applicationId.value]" + }, + "applicationInsightsInstrumentationKey": { + "type": "string", + "metadata": { + "description": "The instrumentation key of the application insights component." + }, + "value": "[reference('applicationInsights').outputs.instrumentationKey.value]" + }, + "applicationInsightsConnectionString": { + "type": "string", + "metadata": { + "description": "The connection string of the application insights component." + }, + "value": "[reference('applicationInsights').outputs.connectionString.value]" + }, + "logAnalyticsWorkspaceResourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the log analytics workspace." + }, + "value": "[resourceId('Microsoft.OperationalInsights/workspaces', coalesce(tryGet(parameters('logAnalyticsSettings'), 'name'), format('log-{0}', parameters('name'))))]" + }, + "logAnalyticsWorkspaceName": { + "type": "string", + "metadata": { + "description": "The name of the log analytics workspace." + }, + "value": "[coalesce(tryGet(parameters('logAnalyticsSettings'), 'name'), format('log-{0}', parameters('name')))]" + }, "managedIdentityResourceId": { "type": "string", "metadata": { "description": "The resource ID of the user assigned managed identity." }, - "value": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('id-{0}', parameters('name')))]" + "value": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', coalesce(tryGet(parameters('managedIdentitySettings'), 'name'), format('id-{0}', parameters('name'))))]" }, "managedIdentityName": { "type": "string", "metadata": { "description": "The name of the user assigned managed identity." }, - "value": "[format('id-{0}', parameters('name'))]" + "value": "[coalesce(tryGet(parameters('managedIdentitySettings'), 'name'), format('id-{0}', parameters('name')))]" }, "managedIdentityPrincipalId": { "type": "string",