fix: Several Storage Account fixes included replacement for #1508 - `…

…avm/res/storage/storage-account` (#1987) ## Description ported changes from #1508 following comment from core team and fblix  Fixes #1508 Closes #1674 Closes #1731 Closes #1385 Closes #1346 ## Pipeline Reference  | Pipeline | | -------- | | [![avm.res.storage.storage-account](https://github.com/ChrisSidebotham/bicep-registry-modules/actions/workflows/avm.res.storage.storage-account.yml/badge.svg?branch=storage-fix)](https://github.com/ChrisSidebotham/bicep-registry-modules/actions/workflows/avm.res.storage.storage-account.yml) | ## Type of Change  - [ ] Update to CI Environment or utlities (Non-module effecting changes) - [x] Azure Verified Module updates: - [ ] Bugfix containing backwards compatible bug fixes, and I have NOT bumped the MAJOR or MINOR version in `version.json`: - [ ] Someone has opened a bug report issue, and I have included "Closes #{bug_report_issue_number}" in the PR description. - [ ] The bug was found by the module author, and no one has opened an issue to report it yet. - [x] Feature update backwards compatible feature updates, and I have bumped the MINOR version in `version.json`. - [ ] Breaking changes and I have bumped the MAJOR version in `version.json`. - [ ] Update to documentation ## Checklist - [x] I'm sure there are no other open Pull Requests for the same update/change (#1508 is open but should be abandoned) - [x] I have run `Set-AVMModule` locally to generate the supporting module files. - [x] My corresponding pipelines / checks run clean and green without any errors or warnings
Azure · May 22, 2024 · de3e67d · de3e67d
1 parent 4d86f23
commit de3e67d
Show file tree

Hide file tree

Showing 32 changed files with 1,025 additions and 792 deletions.
diff --git a/avm/res/storage/storage-account/README.md b/avm/res/storage/storage-account/README.md
diff --git a/avm/res/storage/storage-account/blob-service/README.md b/avm/res/storage/storage-account/blob-service/README.md
@@ -34,7 +34,7 @@ This module deploys a Storage Account Blob Service.
 | :-- | :-- | :-- |
 | [`automaticSnapshotPolicyEnabled`](#parameter-automaticsnapshotpolicyenabled) | bool | Automatic Snapshot is enabled if set to true. |
 | [`changeFeedEnabled`](#parameter-changefeedenabled) | bool | The blob service properties for change feed events. Indicates whether change feed event logging is enabled for the Blob service. |
-| [`changeFeedRetentionInDays`](#parameter-changefeedretentionindays) | int | Indicates whether change feed event logging is enabled for the Blob service. Indicates the duration of changeFeed retention in days. A "0" value indicates an infinite retention of the change feed. |
+| [`changeFeedRetentionInDays`](#parameter-changefeedretentionindays) | int | Indicates whether change feed event logging is enabled for the Blob service. Indicates the duration of changeFeed retention in days. If left blank, it indicates an infinite retention of the change feed. |
 | [`containerDeleteRetentionPolicyAllowPermanentDelete`](#parameter-containerdeleteretentionpolicyallowpermanentdelete) | bool | This property when set to true allows deletion of the soft deleted blob versions and snapshots. This property cannot be used with blob restore policy. This property only applies to blob service and does not apply to containers or file share. |
 | [`containerDeleteRetentionPolicyDays`](#parameter-containerdeleteretentionpolicydays) | int | Indicates the number of days that the deleted item should be retained. |
 | [`containerDeleteRetentionPolicyEnabled`](#parameter-containerdeleteretentionpolicyenabled) | bool | The blob service properties for container soft delete. Indicates whether DeleteRetentionPolicy is enabled. |
@@ -75,7 +75,7 @@ The blob service properties for change feed events. Indicates whether change fee
 
 ### Parameter: `changeFeedRetentionInDays`
 
-Indicates whether change feed event logging is enabled for the Blob service. Indicates the duration of changeFeed retention in days. A "0" value indicates an infinite retention of the change feed.
+Indicates whether change feed event logging is enabled for the Blob service. Indicates the duration of changeFeed retention in days. If left blank, it indicates an infinite retention of the change feed.
 
 - Required: No
 - Type: int

diff --git a/avm/res/storage/storage-account/blob-service/container/immutability-policy/main.json b/avm/res/storage/storage-account/blob-service/container/immutability-policy/main.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.26.170.59819",
-      "templateHash": "12849754295459852309"
+      "version": "0.27.1.19265",
+      "templateHash": "7418870035820197377"
     },
     "name": "Storage Account Blob Container Immutability Policies",
     "description": "This module deploys a Storage Account Blob Container Immutability Policy.",

diff --git a/avm/res/storage/storage-account/blob-service/container/main.json b/avm/res/storage/storage-account/blob-service/container/main.json
@@ -5,8 +5,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.26.170.59819",
-      "templateHash": "3805384021483033369"
+      "version": "0.27.1.19265",
+      "templateHash": "7167285049910521671"
     },
     "name": "Storage Account Blob Containers",
     "description": "This module deploys a Storage Account Blob Container.",
@@ -274,8 +274,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.26.170.59819",
-              "templateHash": "12849754295459852309"
+              "version": "0.27.1.19265",
+              "templateHash": "7418870035820197377"
             },
             "name": "Storage Account Blob Container Immutability Policies",
             "description": "This module deploys a Storage Account Blob Container Immutability Policy.",

diff --git a/avm/res/storage/storage-account/blob-service/main.bicep b/avm/res/storage/storage-account/blob-service/main.bicep
@@ -12,9 +12,9 @@ param automaticSnapshotPolicyEnabled bool = false
 @description('Optional. The blob service properties for change feed events. Indicates whether change feed event logging is enabled for the Blob service.')
 param changeFeedEnabled bool = false
 
-@minValue(0)
+@minValue(1)
 @maxValue(146000)
-@description('Optional. Indicates whether change feed event logging is enabled for the Blob service. Indicates the duration of changeFeed retention in days. A "0" value indicates an infinite retention of the change feed.')
+@description('Optional. Indicates whether change feed event logging is enabled for the Blob service. Indicates the duration of changeFeed retention in days. If left blank, it indicates an infinite retention of the change feed.')
 param changeFeedRetentionInDays int?
 
 @description('Optional. The blob service properties for container soft delete. Indicates whether DeleteRetentionPolicy is enabled.')
@@ -76,14 +76,18 @@ resource blobServices 'Microsoft.Storage/storageAccounts/blobServices@2022-09-01
   parent: storageAccount
   properties: {
     automaticSnapshotPolicyEnabled: automaticSnapshotPolicyEnabled
-    changeFeed: changeFeedEnabled ? {
-      enabled: true
-      retentionInDays: changeFeedRetentionInDays
-    } : null
+    changeFeed: changeFeedEnabled
+      ? {
+          enabled: true
+          retentionInDays: changeFeedRetentionInDays
+        }
+      : null
     containerDeleteRetentionPolicy: {
       enabled: containerDeleteRetentionPolicyEnabled
       days: containerDeleteRetentionPolicyDays
-      allowPermanentDelete: containerDeleteRetentionPolicyEnabled == true ? containerDeleteRetentionPolicyAllowPermanentDelete : null
+      allowPermanentDelete: containerDeleteRetentionPolicyEnabled == true
+        ? containerDeleteRetentionPolicyAllowPermanentDelete
+        : null
     }
     cors: {
       corsRules: corsRules
@@ -95,57 +99,69 @@ resource blobServices 'Microsoft.Storage/storageAccounts/blobServices@2022-09-01
       allowPermanentDelete: deleteRetentionPolicyEnabled && deleteRetentionPolicyAllowPermanentDelete ? true : null
     }
     isVersioningEnabled: isVersioningEnabled
-    lastAccessTimeTrackingPolicy: storageAccount.kind != 'Storage' ? {
-      enable: lastAccessTimeTrackingPolicyEnabled
-      name: lastAccessTimeTrackingPolicyEnabled == true ? 'AccessTimeTracking' : null
-      trackingGranularityInDays: lastAccessTimeTrackingPolicyEnabled == true ? 1 : null
-    } : null
-    restorePolicy: restorePolicyEnabled ? {
-      enabled: true
-      days: restorePolicyDays
-    } : null
+    lastAccessTimeTrackingPolicy: storageAccount.kind != 'Storage'
+      ? {
+          enable: lastAccessTimeTrackingPolicyEnabled
+          name: lastAccessTimeTrackingPolicyEnabled == true ? 'AccessTimeTracking' : null
+          trackingGranularityInDays: lastAccessTimeTrackingPolicyEnabled == true ? 1 : null
+        }
+      : null
+    restorePolicy: restorePolicyEnabled
+      ? {
+          enabled: true
+          days: restorePolicyDays
+        }
+      : null
   }
 }
 
-resource blobServices_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = [for (diagnosticSetting, index) in (diagnosticSettings ?? []): {
-  name: diagnosticSetting.?name ?? '${name}-diagnosticSettings'
-  properties: {
-    storageAccountId: diagnosticSetting.?storageAccountResourceId
-    workspaceId: diagnosticSetting.?workspaceResourceId
-    eventHubAuthorizationRuleId: diagnosticSetting.?eventHubAuthorizationRuleResourceId
-    eventHubName: diagnosticSetting.?eventHubName
-    metrics: [for group in (diagnosticSetting.?metricCategories ?? [ { category: 'AllMetrics' } ]): {
-      category: group.category
-      enabled: group.?enabled ?? true
-      timeGrain: null
-    }]
-    logs: [for group in (diagnosticSetting.?logCategoriesAndGroups ?? [ { categoryGroup: 'allLogs' } ]): {
-      categoryGroup: group.?categoryGroup
-      category: group.?category
-      enabled: group.?enabled ?? true
-    }]
-    marketplacePartnerId: diagnosticSetting.?marketplacePartnerResourceId
-    logAnalyticsDestinationType: diagnosticSetting.?logAnalyticsDestinationType
+resource blobServices_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = [
+  for (diagnosticSetting, index) in (diagnosticSettings ?? []): {
+    name: diagnosticSetting.?name ?? '${name}-diagnosticSettings'
+    properties: {
+      storageAccountId: diagnosticSetting.?storageAccountResourceId
+      workspaceId: diagnosticSetting.?workspaceResourceId
+      eventHubAuthorizationRuleId: diagnosticSetting.?eventHubAuthorizationRuleResourceId
+      eventHubName: diagnosticSetting.?eventHubName
+      metrics: [
+        for group in (diagnosticSetting.?metricCategories ?? [{ category: 'AllMetrics' }]): {
+          category: group.category
+          enabled: group.?enabled ?? true
+          timeGrain: null
+        }
+      ]
+      logs: [
+        for group in (diagnosticSetting.?logCategoriesAndGroups ?? [{ categoryGroup: 'allLogs' }]): {
+          categoryGroup: group.?categoryGroup
+          category: group.?category
+          enabled: group.?enabled ?? true
+        }
+      ]
+      marketplacePartnerId: diagnosticSetting.?marketplacePartnerResourceId
+      logAnalyticsDestinationType: diagnosticSetting.?logAnalyticsDestinationType
+    }
+    scope: blobServices
   }
-  scope: blobServices
-}]
-
-module blobServices_container 'container/main.bicep' = [for (container, index) in (containers ?? []): {
-  name: '${deployment().name}-Container-${index}'
-  params: {
-    storageAccountName: storageAccount.name
-    name: container.name
-    defaultEncryptionScope: container.?defaultEncryptionScope
-    denyEncryptionScopeOverride: container.?denyEncryptionScopeOverride
-    enableNfsV3AllSquash: container.?enableNfsV3AllSquash
-    enableNfsV3RootSquash: container.?enableNfsV3RootSquash
-    immutableStorageWithVersioningEnabled: container.?immutableStorageWithVersioningEnabled
-    metadata: container.?metadata
-    publicAccess: container.?publicAccess
-    roleAssignments: container.?roleAssignments
-    immutabilityPolicyProperties: container.?immutabilityPolicyProperties
+]
+
+module blobServices_container 'container/main.bicep' = [
+  for (container, index) in (containers ?? []): {
+    name: '${deployment().name}-Container-${index}'
+    params: {
+      storageAccountName: storageAccount.name
+      name: container.name
+      defaultEncryptionScope: container.?defaultEncryptionScope
+      denyEncryptionScopeOverride: container.?denyEncryptionScopeOverride
+      enableNfsV3AllSquash: container.?enableNfsV3AllSquash
+      enableNfsV3RootSquash: container.?enableNfsV3RootSquash
+      immutableStorageWithVersioningEnabled: container.?immutableStorageWithVersioningEnabled
+      metadata: container.?metadata
+      publicAccess: container.?publicAccess
+      roleAssignments: container.?roleAssignments
+      immutabilityPolicyProperties: container.?immutabilityPolicyProperties
+    }
   }
-}]
+]
 
 @description('The name of the deployed blob service.')
 output name string = blobServices.name

diff --git a/avm/res/storage/storage-account/blob-service/main.json b/avm/res/storage/storage-account/blob-service/main.json
@@ -5,8 +5,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.26.170.59819",
-      "templateHash": "7278814029590745003"
+      "version": "0.27.1.19265",
+      "templateHash": "14376792680036937652"
     },
     "name": "Storage Account blob Services",
     "description": "This module deploys a Storage Account Blob Service.",
@@ -159,10 +159,10 @@
     "changeFeedRetentionInDays": {
       "type": "int",
       "nullable": true,
-      "minValue": 0,
+      "minValue": 1,
       "maxValue": 146000,
       "metadata": {
-        "description": "Optional. Indicates whether change feed event logging is enabled for the Blob service. Indicates the duration of changeFeed retention in days. A \"0\" value indicates an infinite retention of the change feed."
+        "description": "Optional. Indicates whether change feed event logging is enabled for the Blob service. Indicates the duration of changeFeed retention in days. If left blank, it indicates an infinite retention of the change feed."
       }
     },
     "containerDeleteRetentionPolicyEnabled": {
@@ -403,8 +403,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.26.170.59819",
-              "templateHash": "3805384021483033369"
+              "version": "0.27.1.19265",
+              "templateHash": "7167285049910521671"
             },
             "name": "Storage Account Blob Containers",
             "description": "This module deploys a Storage Account Blob Container.",
@@ -672,8 +672,8 @@
                   "metadata": {
                     "_generator": {
                       "name": "bicep",
-                      "version": "0.26.170.59819",
-                      "templateHash": "12849754295459852309"
+                      "version": "0.27.1.19265",
+                      "templateHash": "7418870035820197377"
                     },
                     "name": "Storage Account Blob Container Immutability Policies",
                     "description": "This module deploys a Storage Account Blob Container Immutability Policy.",

diff --git a/avm/res/storage/storage-account/file-service/README.md b/avm/res/storage/storage-account/file-service/README.md
@@ -15,7 +15,7 @@ This module deploys a Storage Account File Share Service.
 | Resource Type | API Version |
 | :-- | :-- |
 | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) |
-| `Microsoft.Storage/storageAccounts/fileServices` | [2021-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-09-01/storageAccounts/fileServices) |
+| `Microsoft.Storage/storageAccounts/fileServices` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Storage/storageAccounts/fileServices) |
 | `Microsoft.Storage/storageAccounts/fileServices/shares` | [2023-01-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Storage/2023-01-01/storageAccounts/fileServices/shares) |
 
 ## Parameters

diff --git a/avm/res/storage/storage-account/file-service/main.bicep b/avm/res/storage/storage-account/file-service/main.bicep
@@ -26,11 +26,11 @@ param shares array?
 
 var defaultShareAccessTier = storageAccount.kind == 'FileStorage' ? 'Premium' : 'TransactionOptimized' // default share accessTier depends on the Storage Account kind: 'Premium' for 'FileStorage' kind, 'TransactionOptimized' otherwise
 
-resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' existing = {
+resource storageAccount 'Microsoft.Storage/storageAccounts@2023-04-01' existing = {
   name: storageAccountName
 }
 
-resource fileServices 'Microsoft.Storage/storageAccounts/fileServices@2021-09-01' = {
+resource fileServices 'Microsoft.Storage/storageAccounts/fileServices@2023-04-01' = {
   name: name
   parent: storageAccount
   properties: {
@@ -39,42 +39,50 @@ resource fileServices 'Microsoft.Storage/storageAccounts/fileServices@2021-09-01
   }
 }
 
-resource fileServices_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = [for (diagnosticSetting, index) in (diagnosticSettings ?? []): {
-  name: diagnosticSetting.?name ?? '${name}-diagnosticSettings'
-  properties: {
-    storageAccountId: diagnosticSetting.?storageAccountResourceId
-    workspaceId: diagnosticSetting.?workspaceResourceId
-    eventHubAuthorizationRuleId: diagnosticSetting.?eventHubAuthorizationRuleResourceId
-    eventHubName: diagnosticSetting.?eventHubName
-    metrics: [for group in (diagnosticSetting.?metricCategories ?? [ { category: 'AllMetrics' } ]): {
-      category: group.category
-      enabled: group.?enabled ?? true
-      timeGrain: null
-    }]
-    logs: [for group in (diagnosticSetting.?logCategoriesAndGroups ?? [ { categoryGroup: 'allLogs' } ]): {
-      categoryGroup: group.?categoryGroup
-      category: group.?category
-      enabled: group.?enabled ?? true
-    }]
-    marketplacePartnerId: diagnosticSetting.?marketplacePartnerResourceId
-    logAnalyticsDestinationType: diagnosticSetting.?logAnalyticsDestinationType
+resource fileServices_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = [
+  for (diagnosticSetting, index) in (diagnosticSettings ?? []): {
+    name: diagnosticSetting.?name ?? '${name}-diagnosticSettings'
+    properties: {
+      storageAccountId: diagnosticSetting.?storageAccountResourceId
+      workspaceId: diagnosticSetting.?workspaceResourceId
+      eventHubAuthorizationRuleId: diagnosticSetting.?eventHubAuthorizationRuleResourceId
+      eventHubName: diagnosticSetting.?eventHubName
+      metrics: [
+        for group in (diagnosticSetting.?metricCategories ?? [{ category: 'AllMetrics' }]): {
+          category: group.category
+          enabled: group.?enabled ?? true
+          timeGrain: null
+        }
+      ]
+      logs: [
+        for group in (diagnosticSetting.?logCategoriesAndGroups ?? [{ categoryGroup: 'allLogs' }]): {
+          categoryGroup: group.?categoryGroup
+          category: group.?category
+          enabled: group.?enabled ?? true
+        }
+      ]
+      marketplacePartnerId: diagnosticSetting.?marketplacePartnerResourceId
+      logAnalyticsDestinationType: diagnosticSetting.?logAnalyticsDestinationType
+    }
+    scope: fileServices
   }
-  scope: fileServices
-}]
-
-module fileServices_shares 'share/main.bicep' = [for (share, index) in (shares ?? []): {
-  name: '${deployment().name}-shares-${index}'
-  params: {
-    storageAccountName: storageAccount.name
-    fileServicesName: fileServices.name
-    name: share.name
-    accessTier: share.?accessTier ?? defaultShareAccessTier
-    enabledProtocols: share.?enabledProtocols
-    rootSquash: share.?rootSquash
-    shareQuota: share.?shareQuota
-    roleAssignments: share.?roleAssignments
+]
+
+module fileServices_shares 'share/main.bicep' = [
+  for (share, index) in (shares ?? []): {
+    name: '${deployment().name}-shares-${index}'
+    params: {
+      storageAccountName: storageAccount.name
+      fileServicesName: fileServices.name
+      name: share.name
+      accessTier: share.?accessTier ?? defaultShareAccessTier
+      enabledProtocols: share.?enabledProtocols
+      rootSquash: share.?rootSquash
+      shareQuota: share.?shareQuota
+      roleAssignments: share.?roleAssignments
+    }
   }
-}]
+]
 
 @description('The name of the deployed file share service.')
 output name string = fileServices.name