From c12dc1b47896098effdd5cba8a5d457f91055e77 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebastian=20Gr=C3=A4f?= Date: Sun, 25 Feb 2024 18:20:31 +1000 Subject: [PATCH 01/29] PE adjustments (#1070) ## Description Currently testing all multi-PE services as per https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-overview#private-link-resource Private-link resource name | Resource type | Sub-resources -- | -- | -- Azure Automation | Microsoft.Automation/automationAccounts | Webhook, DSCAndHybridWorker Azure Backup | Microsoft.RecoveryServices/vaults | AzureBackup, AzureSiteRecovery Azure Batch | Microsoft.Batch/batchAccounts | batchAccount, nodeManagement Azure Cosmos DB | Microsoft.AzureCosmosDB/databaseAccounts | SQL, MongoDB, Cassandra, Gremlin, Table Azure Databricks | Microsoft.Databricks/workspaces | databricks_ui_api, browser_authentication Azure Media Services | Microsoft.Media/mediaservices | keydelivery, liveevent, streamingendpoint Azure Storage | Microsoft.Storage/storageAccounts | Blob (blob, blob_secondary)Table (table, table_secondary)Queue (queue, queue_secondary)File (file, file_secondary)Web (web, web_secondary)Dfs (dfs, dfs_secondary) Azure Synapse Analytics | Microsoft.Synapse/workspaces | Sql, SqlOnDemand, Dev Closes - https://github.com/Azure/Azure-Verified-Modules/issues/620 - https://github.com/Azure/bicep-registry-modules/issues/962 - https://github.com/Azure/bicep-registry-modules/issues/946 - https://github.com/Azure/bicep-registry-modules/issues/1042 AVM Issues - https://github.com/Azure/Azure-Verified-Modules/pull/621 ## Pipeline Reference | Pipeline | | -------- | | [![avm.res.automation.automation-account](https://github.com/segraef/bicep-registry-modules/actions/workflows/avm.res.automation.automation-account.yml/badge.svg?branch=fix%2Fpe-schema)](https://github.com/segraef/bicep-registry-modules/actions/workflows/avm.res.automation.automation-account.yml) | | [![avm.res.batch.batch-account](https://github.com/segraef/bicep-registry-modules/actions/workflows/avm.res.batch.batch-account.yml/badge.svg?branch=fix%2Fpe-schema)](https://github.com/segraef/bicep-registry-modules/actions/workflows/avm.res.batch.batch-account.yml)| | [![avm.res.databricks.workspace](https://github.com/segraef/bicep-registry-modules/actions/workflows/avm.res.databricks.workspace.yml/badge.svg?branch=fix%2Fpe-schema)](https://github.com/segraef/bicep-registry-modules/actions/workflows/avm.res.databricks.workspace.yml)| | [![avm.res.document-db.database-account](https://github.com/segraef/bicep-registry-modules/actions/workflows/avm.res.document-db.database-account.yml/badge.svg?branch=fix%2Fpe-schema)](https://github.com/segraef/bicep-registry-modules/actions/workflows/avm.res.document-db.database-account.yml)| | [![avm.res.storage.storage-account](https://github.com/segraef/bicep-registry-modules/actions/workflows/avm.res.storage.storage-account.yml/badge.svg?branch=fix%2Fpe-schema)](https://github.com/segraef/bicep-registry-modules/actions/workflows/avm.res.storage.storage-account.yml)| | [![avm.res.synapse.workspace](https://github.com/segraef/bicep-registry-modules/actions/workflows/avm.res.synapse.workspace.yml/badge.svg?branch=fix%2Fpe-schema)](https://github.com/segraef/bicep-registry-modules/actions/workflows/avm.res.synapse.workspace.yml) | ## Type of Change - [ ] Update to CI Environment or utlities (Non-module effecting changes) - [x] Azure Verified Module updates: - [ ] Bugfix containing backwards compatible bug fixes, and I have NOT bumped the MAJOR or MINOR version in `version.json`: - [x] Someone has opened a bug report issue, and I have included "Closes #{bug_report_issue_number}" in the PR description. - [ ] The bug was found by the module author, and no one has opened an issue to report it yet. - [x] Feature update backwards compatible feature updates, and I have bumped the MINOR version in `version.json`. - [ ] Breaking changes and I have bumped the MAJOR version in `version.json`. - [x] Update to documentation ## Checklist - [x] I'm sure there are no other open Pull Requests for the same update/change - [x] I have run `Set-AVMModule` locally to generate the supporting module files. - [x] My corresponding pipelines / checks run clean and green without any errors or warnings --------- Co-authored-by: Kris Baranek --- .../automation/automation-account/README.md | 20 ++-- .../automation-account/job-schedule/main.json | 4 +- .../automation/automation-account/main.bicep | 36 +++++--- .../automation/automation-account/main.json | 81 ++++++++--------- .../automation-account/module/main.json | 4 +- .../automation-account/runbook/main.json | 4 +- .../automation-account/schedule/main.json | 4 +- .../software-update-configuration/main.json | 4 +- .../automation-account/variable/main.json | 4 +- .../automation-account/version.json | 4 +- avm/res/batch/batch-account/README.md | 60 +++++++++--- avm/res/batch/batch-account/main.bicep | 36 +++++--- avm/res/batch/batch-account/main.json | 48 ++++------ .../tests/e2e/max/main.test.bicep | 13 +++ .../tests/e2e/waf-aligned/main.test.bicep | 1 + avm/res/batch/batch-account/version.json | 4 +- avm/res/databricks/workspace/README.md | 50 +++++++--- avm/res/databricks/workspace/main.bicep | 38 +++++--- avm/res/databricks/workspace/main.json | 52 +++++------ .../tests/e2e/max/dependencies.bicep | 2 +- .../workspace/tests/e2e/max/main.test.bicep | 8 ++ .../tests/e2e/waf-aligned/dependencies.bicep | 2 +- .../tests/e2e/waf-aligned/main.test.bicep | 1 + avm/res/databricks/workspace/version.json | 2 +- .../document-db/database-account/README.md | 20 ++-- .../gremlin-database/graph/main.json | 4 +- .../gremlin-database/main.json | 8 +- .../document-db/database-account/main.bicep | 34 +++++-- .../document-db/database-account/main.json | 71 +++++++-------- .../mongodb-database/collection/main.json | 4 +- .../mongodb-database/main.json | 8 +- .../sql-database/container/main.json | 4 +- .../database-account/sql-database/main.json | 8 +- .../document-db/database-account/version.json | 4 +- .../operational-insights/workspace/main.bicep | 2 +- .../operational-insights/workspace/main.json | 4 +- avm/res/storage/storage-account/README.md | 86 +++++++++++++++++- .../container/immutability-policy/main.json | 4 +- .../blob-service/container/main.json | 8 +- .../storage-account/blob-service/main.json | 12 +-- .../storage-account/file-service/main.json | 12 +-- .../file-service/share/main.json | 8 +- .../storage-account/local-user/main.json | 4 +- avm/res/storage/storage-account/main.bicep | 30 ++++-- avm/res/storage/storage-account/main.json | 91 +++++++++---------- .../management-policy/main.json | 4 +- .../storage-account/queue-service/main.json | 8 +- .../queue-service/queue/main.json | 4 +- .../storage-account/table-service/main.json | 8 +- .../table-service/table/main.json | 4 +- .../tests/e2e/max/main.test.bicep | 35 +++++++ avm/res/storage/storage-account/version.json | 4 +- avm/res/synapse/workspace/README.md | 80 +++++++++++++--- .../workspace/integration-runtime/main.json | 4 +- avm/res/synapse/workspace/key/main.json | 4 +- avm/res/synapse/workspace/main.bicep | 42 ++++++--- avm/res/synapse/workspace/main.json | 71 +++++++-------- .../workspace/tests/e2e/max/main.test.bicep | 24 +++++ avm/res/synapse/workspace/version.json | 4 +- 59 files changed, 770 insertions(+), 434 deletions(-) diff --git a/avm/res/automation/automation-account/README.md b/avm/res/automation/automation-account/README.md index 43a4f43ccf..89cd146346 100644 --- a/avm/res/automation/automation-account/README.md +++ b/avm/res/automation/automation-account/README.md @@ -1420,7 +1420,7 @@ Configuration details for private endpoints. For security reasons, it is recomme | Parameter | Type | Description | | :-- | :-- | :-- | -| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | +| [`service`](#parameter-privateendpointsservice) | string | The subresource to deploy the private endpoint for. For example "blob", "table", "queue" or "file". | | [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | string | Resource ID of the subnet where the endpoint needs to be created. | **Optional parameters** @@ -1432,9 +1432,10 @@ Configuration details for private endpoints. For security reasons, it is recomme | [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | | [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | | [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | +| [`isManualConnection`](#parameter-privateendpointsismanualconnection) | bool | If Manual Private Link Connection is required. | | [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | | [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | -| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | +| [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars. | | [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | | [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | | [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | @@ -1443,7 +1444,7 @@ Configuration details for private endpoints. For security reasons, it is recomme ### Parameter: `privateEndpoints.service` -The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". +The subresource to deploy the private endpoint for. For example "blob", "table", "queue" or "file". - Required: Yes - Type: string @@ -1561,6 +1562,13 @@ A private ip address obtained from the private endpoint's subnet. - Required: Yes - Type: string +### Parameter: `privateEndpoints.isManualConnection` + +If Manual Private Link Connection is required. + +- Required: No +- Type: bool + ### Parameter: `privateEndpoints.location` The location to deploy the private endpoint to. @@ -1604,12 +1612,12 @@ Specify the name of lock. - Required: No - Type: string -### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` +### Parameter: `privateEndpoints.manualConnectionRequestMessage` -Manual PrivateLink Service Connections. +A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars. - Required: No -- Type: array +- Type: string ### Parameter: `privateEndpoints.name` diff --git a/avm/res/automation/automation-account/job-schedule/main.json b/avm/res/automation/automation-account/job-schedule/main.json index 170fa3ee8a..0dabd80bb5 100644 --- a/avm/res/automation/automation-account/job-schedule/main.json +++ b/avm/res/automation/automation-account/job-schedule/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "4183701486282199551" + "version": "0.24.24.22086", + "templateHash": "14246826935635972197" }, "name": "Automation Account Job Schedules", "description": "This module deploys an Azure Automation Account Job Schedule.", diff --git a/avm/res/automation/automation-account/main.bicep b/avm/res/automation/automation-account/main.bicep index 512aa2354a..37f5e9e3bf 100644 --- a/avm/res/automation/automation-account/main.bicep +++ b/avm/res/automation/automation-account/main.bicep @@ -331,31 +331,42 @@ resource automationAccount_diagnosticSettings 'Microsoft.Insights/diagnosticSett module automationAccount_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.3.1' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-automationAccount-PrivateEndpoint-${index}' params: { - privateLinkServiceConnections: [ + name: privateEndpoint.?name ?? 'pep-${last(split(automationAccount.id, '/'))}-${privateEndpoint.service}-${index}' + privateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections != true ? [ { - name: name + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(automationAccount.id, '/'))}-${privateEndpoint.service}-${index}' properties: { privateLinkServiceId: automationAccount.id groupIds: [ - privateEndpoint.?service ?? 'automationaccount' + privateEndpoint.service ] } } - ] - name: privateEndpoint.?name ?? 'pep-${last(split(automationAccount.id, '/'))}-${privateEndpoint.?service ?? privateEndpoint.service}-${index}' + ] : null + manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ + { + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(automationAccount.id, '/'))}-${privateEndpoint.service}-${index}' + properties: { + privateLinkServiceId: automationAccount.id + groupIds: [ + privateEndpoint.service + ] + requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' + } + } + ] : null subnetResourceId: privateEndpoint.subnetResourceId + enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry location: privateEndpoint.?location ?? reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location lock: privateEndpoint.?lock ?? lock privateDnsZoneGroupName: privateEndpoint.?privateDnsZoneGroupName privateDnsZoneResourceIds: privateEndpoint.?privateDnsZoneResourceIds roleAssignments: privateEndpoint.?roleAssignments tags: privateEndpoint.?tags ?? tags - manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections customDnsConfigs: privateEndpoint.?customDnsConfigs ipConfigurations: privateEndpoint.?ipConfigurations applicationSecurityGroupResourceIds: privateEndpoint.?applicationSecurityGroupResourceIds customNetworkInterfaceName: privateEndpoint.?customNetworkInterfaceName - enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry } }] @@ -438,7 +449,7 @@ type privateEndpointType = { @description('Optional. The location to deploy the private endpoint to.') location: string? - @description('Required. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob".') + @description('Required. The subresource to deploy the private endpoint for. For example "blob", "table", "queue" or "file".') service: string @description('Required. Resource ID of the subnet where the endpoint needs to be created.') @@ -450,6 +461,12 @@ type privateEndpointType = { @description('Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.') privateDnsZoneResourceIds: string[]? + @description('Optional. If Manual Private Link Connection is required.') + isManualConnection: bool? + + @description('Optional. A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars.') + manualConnectionRequestMessage: string? + @description('Optional. Custom DNS configurations.') customDnsConfigs: { @description('Required. Fqdn that resolves to private endpoint ip address.') @@ -492,9 +509,6 @@ type privateEndpointType = { @description('Optional. Tags to be applied on all resources/resource groups in this deployment.') tags: object? - @description('Optional. Manual PrivateLink Service Connections.') - manualPrivateLinkServiceConnections: array? - @description('Optional. Enable/Disable usage telemetry for module.') enableTelemetry: bool? }[]? diff --git a/avm/res/automation/automation-account/main.json b/avm/res/automation/automation-account/main.json index 0a24cab446..88f18107e4 100644 --- a/avm/res/automation/automation-account/main.json +++ b/avm/res/automation/automation-account/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "3223894986476226816" + "version": "0.24.24.22086", + "templateHash": "14118178153874910817" }, "name": "Automation Accounts", "description": "This module deploys an Azure Automation Account.", @@ -149,7 +149,7 @@ "service": { "type": "string", "metadata": { - "description": "Required. The service (sub-) type to deploy the private endpoint for. For example \"vault\" or \"blob\"." + "description": "Required. The subresource to deploy the private endpoint for. For example \"blob\", \"table\", \"queue\" or \"file\"." } }, "subnetResourceId": { @@ -175,6 +175,20 @@ "description": "Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones." } }, + "isManualConnection": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. If Manual Private Link Connection is required." + } + }, + "manualConnectionRequestMessage": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars." + } + }, "customDnsConfigs": { "type": "array", "items": { @@ -283,13 +297,6 @@ "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." } }, - "manualPrivateLinkServiceConnections": { - "type": "array", - "nullable": true, - "metadata": { - "description": "Optional. Manual PrivateLink Service Connections." - } - }, "enableTelemetry": { "type": "bool", "nullable": true, @@ -808,8 +815,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "4277151232699761913" + "version": "0.24.24.22086", + "templateHash": "6758949567913452110" }, "name": "Automation Account Modules", "description": "This module deploys an Azure Automation Account Module.", @@ -950,8 +957,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "15445244253525012229" + "version": "0.24.24.22086", + "templateHash": "17013504570786383965" }, "name": "Automation Account Schedules", "description": "This module deploys an Azure Automation Account Schedule.", @@ -1129,8 +1136,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "16141039584915226874" + "version": "0.24.24.22086", + "templateHash": "12519596207626057781" }, "name": "Automation Account Runbooks", "description": "This module deploys an Azure Automation Account Runbook.", @@ -1329,8 +1336,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "4183701486282199551" + "version": "0.24.24.22086", + "templateHash": "14246826935635972197" }, "name": "Automation Account Job Schedules", "description": "This module deploys an Azure Automation Account Job Schedule.", @@ -1457,8 +1464,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "15605588341437540157" + "version": "0.24.24.22086", + "templateHash": "162568846997583805" }, "name": "Automation Account Variables", "description": "This module deploys an Azure Automation Account Variable.", @@ -1572,8 +1579,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "14301767156435143002" + "version": "0.24.24.22086", + "templateHash": "6280157469343577004" }, "name": "Log Analytics Workspace Linked Services", "description": "This module deploys a Log Analytics Workspace Linked Service.", @@ -1891,8 +1898,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "6467431009828483672" + "version": "0.24.24.22086", + "templateHash": "6362006893081858637" }, "name": "Automation Account Software Update Configurations", "description": "This module deploys an Azure Automation Account Software Update Configuration.", @@ -2310,25 +2317,17 @@ }, "mode": "Incremental", "parameters": { - "privateLinkServiceConnections": { - "value": [ - { - "name": "[parameters('name')]", - "properties": { - "privateLinkServiceId": "[resourceId('Microsoft.Automation/automationAccounts', parameters('name'))]", - "groupIds": [ - "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'automationaccount')]" - ] - } - } - ] - }, "name": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.Automation/automationAccounts', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service), copyIndex()))]" + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.Automation/automationAccounts', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex()))]" }, + "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Automation/automationAccounts', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Automation/automationAccounts', parameters('name')), 'groupIds', createArray(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service))))), createObject('value', null()))]", + "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Automation/automationAccounts', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Automation/automationAccounts', parameters('name')), 'groupIds', createArray(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, + "enableTelemetry": { + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'enableTelemetry'), parameters('enableTelemetry'))]" + }, "location": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'location'), reference(split(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location)]" }, @@ -2347,9 +2346,6 @@ "tags": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'tags'), parameters('tags'))]" }, - "manualPrivateLinkServiceConnections": { - "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections')]" - }, "customDnsConfigs": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customDnsConfigs')]" }, @@ -2361,9 +2357,6 @@ }, "customNetworkInterfaceName": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customNetworkInterfaceName')]" - }, - "enableTelemetry": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'enableTelemetry'), parameters('enableTelemetry'))]" } }, "template": { diff --git a/avm/res/automation/automation-account/module/main.json b/avm/res/automation/automation-account/module/main.json index c151060111..4baf87c834 100644 --- a/avm/res/automation/automation-account/module/main.json +++ b/avm/res/automation/automation-account/module/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "4277151232699761913" + "version": "0.24.24.22086", + "templateHash": "6758949567913452110" }, "name": "Automation Account Modules", "description": "This module deploys an Azure Automation Account Module.", diff --git a/avm/res/automation/automation-account/runbook/main.json b/avm/res/automation/automation-account/runbook/main.json index 0761a0bce4..a3a4fe2e0b 100644 --- a/avm/res/automation/automation-account/runbook/main.json +++ b/avm/res/automation/automation-account/runbook/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "16141039584915226874" + "version": "0.24.24.22086", + "templateHash": "12519596207626057781" }, "name": "Automation Account Runbooks", "description": "This module deploys an Azure Automation Account Runbook.", diff --git a/avm/res/automation/automation-account/schedule/main.json b/avm/res/automation/automation-account/schedule/main.json index 26dfa7ca29..5ce4bf8737 100644 --- a/avm/res/automation/automation-account/schedule/main.json +++ b/avm/res/automation/automation-account/schedule/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "15445244253525012229" + "version": "0.24.24.22086", + "templateHash": "17013504570786383965" }, "name": "Automation Account Schedules", "description": "This module deploys an Azure Automation Account Schedule.", diff --git a/avm/res/automation/automation-account/software-update-configuration/main.json b/avm/res/automation/automation-account/software-update-configuration/main.json index e6d98f28da..dbe061896d 100644 --- a/avm/res/automation/automation-account/software-update-configuration/main.json +++ b/avm/res/automation/automation-account/software-update-configuration/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "6467431009828483672" + "version": "0.24.24.22086", + "templateHash": "6362006893081858637" }, "name": "Automation Account Software Update Configurations", "description": "This module deploys an Azure Automation Account Software Update Configuration.", diff --git a/avm/res/automation/automation-account/variable/main.json b/avm/res/automation/automation-account/variable/main.json index ec55c87f17..d6213254ee 100644 --- a/avm/res/automation/automation-account/variable/main.json +++ b/avm/res/automation/automation-account/variable/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "15605588341437540157" + "version": "0.24.24.22086", + "templateHash": "162568846997583805" }, "name": "Automation Account Variables", "description": "This module deploys an Azure Automation Account Variable.", diff --git a/avm/res/automation/automation-account/version.json b/avm/res/automation/automation-account/version.json index 83083db694..9481fea58e 100644 --- a/avm/res/automation/automation-account/version.json +++ b/avm/res/automation/automation-account/version.json @@ -1,7 +1,7 @@ { "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.1", + "version": "0.2", "pathFilters": [ "./main.json" ] -} \ No newline at end of file +} diff --git a/avm/res/batch/batch-account/README.md b/avm/res/batch/batch-account/README.md index b7a08c4390..b7db1151a3 100644 --- a/avm/res/batch/batch-account/README.md +++ b/avm/res/batch/batch-account/README.md @@ -260,6 +260,19 @@ module batchAccount 'br/public:avm/res/batch/batch-account:' = { roleDefinitionIdOrName: '' } ] + service: 'batchAccount' + subnetResourceId: '' + tags: { + Environment: 'Non-Prod' + 'hidden-title': 'This is visible in the resource name' + Role: 'DeploymentValidation' + } + } + { + privateDnsZoneResourceIds: [ + '' + ] + service: 'nodeManagement' subnetResourceId: '' tags: { Environment: 'Non-Prod' @@ -395,6 +408,19 @@ module batchAccount 'br/public:avm/res/batch/batch-account:' = { "roleDefinitionIdOrName": "" } ], + "service": "batchAccount", + "subnetResourceId": "", + "tags": { + "Environment": "Non-Prod", + "hidden-title": "This is visible in the resource name", + "Role": "DeploymentValidation" + } + }, + { + "privateDnsZoneResourceIds": [ + "" + ], + "service": "nodeManagement", "subnetResourceId": "", "tags": { "Environment": "Non-Prod", @@ -482,6 +508,7 @@ module batchAccount 'br/public:avm/res/batch/batch-account:' = { privateDnsZoneResourceIds: [ '' ] + service: 'batchAccount' subnetResourceId: '' } ] @@ -549,6 +576,7 @@ module batchAccount 'br/public:avm/res/batch/batch-account:' = { "privateDnsZoneResourceIds": [ "" ], + "service": "batchAccount", "subnetResourceId": "" } ] @@ -1022,6 +1050,7 @@ Configuration details for private endpoints. For security reasons, it is recomme | Parameter | Type | Description | | :-- | :-- | :-- | +| [`service`](#parameter-privateendpointsservice) | string | The subresource to deploy the private endpoint for. For example "blob", "table", "queue" or "file". | | [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | string | Resource ID of the subnet where the endpoint needs to be created. | **Optional parameters** @@ -1033,16 +1062,23 @@ Configuration details for private endpoints. For security reasons, it is recomme | [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | | [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | | [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | +| [`isManualConnection`](#parameter-privateendpointsismanualconnection) | bool | If Manual Private Link Connection is required. | | [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | | [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | -| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | +| [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars. | | [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | | [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. | | [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | | [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | -| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | | [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | +### Parameter: `privateEndpoints.service` + +The subresource to deploy the private endpoint for. For example "blob", "table", "queue" or "file". + +- Required: Yes +- Type: string + ### Parameter: `privateEndpoints.subnetResourceId` Resource ID of the subnet where the endpoint needs to be created. @@ -1156,6 +1192,13 @@ A private IP address obtained from the private endpoint's subnet. - Required: Yes - Type: string +### Parameter: `privateEndpoints.isManualConnection` + +If Manual Private Link Connection is required. + +- Required: No +- Type: bool + ### Parameter: `privateEndpoints.location` The location to deploy the private endpoint to. @@ -1199,12 +1242,12 @@ Specify the name of lock. - Required: No - Type: string -### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` +### Parameter: `privateEndpoints.manualConnectionRequestMessage` -Manual PrivateLink Service Connections. +A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars. - Required: No -- Type: array +- Type: string ### Parameter: `privateEndpoints.name` @@ -1316,13 +1359,6 @@ The principal type of the assigned principal ID. ] ``` -### Parameter: `privateEndpoints.service` - -The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". - -- Required: No -- Type: string - ### Parameter: `privateEndpoints.tags` Tags to be applied on all resources/resource groups in this deployment. diff --git a/avm/res/batch/batch-account/main.bicep b/avm/res/batch/batch-account/main.bicep index 4326c505b0..ac9d025dee 100644 --- a/avm/res/batch/batch-account/main.bicep +++ b/avm/res/batch/batch-account/main.bicep @@ -204,18 +204,30 @@ resource batchAccount_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@ module batchAccount_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.3.1' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-BatchAccount-PrivateEndpoint-${index}' params: { - privateLinkServiceConnections: [ + name: privateEndpoint.?name ?? 'pep-${last(split(batchAccount.id, '/'))}-${privateEndpoint.service}-${index}' + privateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections != true ? [ { - name: name + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(batchAccount.id, '/'))}-${privateEndpoint.service}-${index}' properties: { privateLinkServiceId: batchAccount.id groupIds: [ - privateEndpoint.?service ?? 'batchAccount' + privateEndpoint.service ] } } - ] - name: privateEndpoint.?name ?? 'pep-${last(split(batchAccount.id, '/'))}-${privateEndpoint.?service ?? 'batchAccount'}-${index}' + ] : null + manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ + { + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(batchAccount.id, '/'))}-${privateEndpoint.service}-${index}' + properties: { + privateLinkServiceId: batchAccount.id + groupIds: [ + privateEndpoint.service + ] + requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' + } + } + ] : null subnetResourceId: privateEndpoint.subnetResourceId enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry location: privateEndpoint.?location ?? reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location @@ -224,7 +236,6 @@ module batchAccount_privateEndpoints 'br/public:avm/res/network/private-endpoint privateDnsZoneResourceIds: privateEndpoint.?privateDnsZoneResourceIds roleAssignments: privateEndpoint.?roleAssignments tags: privateEndpoint.?tags ?? tags - manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections customDnsConfigs: privateEndpoint.?customDnsConfigs ipConfigurations: privateEndpoint.?ipConfigurations applicationSecurityGroupResourceIds: privateEndpoint.?applicationSecurityGroupResourceIds @@ -339,8 +350,8 @@ type privateEndpointType = { @description('Optional. The location to deploy the private endpoint to.') location: string? - @description('Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob".') - service: string? + @description('Required. The subresource to deploy the private endpoint for. For example "blob", "table", "queue" or "file".') + service: string @description('Required. Resource ID of the subnet where the endpoint needs to be created.') subnetResourceId: string @@ -351,6 +362,12 @@ type privateEndpointType = { @description('Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.') privateDnsZoneResourceIds: string[]? + @description('Optional. If Manual Private Link Connection is required.') + isManualConnection: bool? + + @description('Optional. A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars.') + manualConnectionRequestMessage: string? + @description('Optional. Custom DNS configurations.') customDnsConfigs: { @description('Required. Fqdn that resolves to private endpoint IP address.') @@ -393,9 +410,6 @@ type privateEndpointType = { @description('Optional. Tags to be applied on all resources/resource groups in this deployment.') tags: object? - @description('Optional. Manual PrivateLink Service Connections.') - manualPrivateLinkServiceConnections: array? - @description('Optional. Enable/Disable usage telemetry for module.') enableTelemetry: bool? }[]? diff --git a/avm/res/batch/batch-account/main.json b/avm/res/batch/batch-account/main.json index 3731161e53..5ade13aabe 100644 --- a/avm/res/batch/batch-account/main.json +++ b/avm/res/batch/batch-account/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "2397736043296643387" + "version": "0.24.24.22086", + "templateHash": "18272738624063996498" }, "name": "Batch Accounts", "description": "This module deploys a Batch Account.", @@ -220,9 +220,8 @@ }, "service": { "type": "string", - "nullable": true, "metadata": { - "description": "Optional. The service (sub-) type to deploy the private endpoint for. For example \"vault\" or \"blob\"." + "description": "Required. The subresource to deploy the private endpoint for. For example \"blob\", \"table\", \"queue\" or \"file\"." } }, "subnetResourceId": { @@ -248,6 +247,20 @@ "description": "Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones." } }, + "isManualConnection": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. If Manual Private Link Connection is required." + } + }, + "manualConnectionRequestMessage": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars." + } + }, "customDnsConfigs": { "type": "array", "items": { @@ -357,13 +370,6 @@ "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." } }, - "manualPrivateLinkServiceConnections": { - "type": "array", - "nullable": true, - "metadata": { - "description": "Optional. Manual PrivateLink Service Connections." - } - }, "enableTelemetry": { "type": "bool", "nullable": true, @@ -826,22 +832,11 @@ }, "mode": "Incremental", "parameters": { - "privateLinkServiceConnections": { - "value": [ - { - "name": "[parameters('name')]", - "properties": { - "privateLinkServiceId": "[resourceId('Microsoft.Batch/batchAccounts', parameters('name'))]", - "groupIds": [ - "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'batchAccount')]" - ] - } - } - ] - }, "name": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.Batch/batchAccounts', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'batchAccount'), copyIndex()))]" + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.Batch/batchAccounts', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex()))]" }, + "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Batch/batchAccounts', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Batch/batchAccounts', parameters('name')), 'groupIds', createArray(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service))))), createObject('value', null()))]", + "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Batch/batchAccounts', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Batch/batchAccounts', parameters('name')), 'groupIds', createArray(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, @@ -866,9 +861,6 @@ "tags": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'tags'), parameters('tags'))]" }, - "manualPrivateLinkServiceConnections": { - "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections')]" - }, "customDnsConfigs": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customDnsConfigs')]" }, diff --git a/avm/res/batch/batch-account/tests/e2e/max/main.test.bicep b/avm/res/batch/batch-account/tests/e2e/max/main.test.bicep index 1a31a13cce..20a5ba7c3b 100644 --- a/avm/res/batch/batch-account/tests/e2e/max/main.test.bicep +++ b/avm/res/batch/batch-account/tests/e2e/max/main.test.bicep @@ -87,6 +87,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' privateDnsZoneResourceIds: [ nestedDependencies.outputs.privateDNSZoneResourceId ] + service: 'batchAccount' subnetResourceId: nestedDependencies.outputs.subnetResourceId tags: { 'hidden-title': 'This is visible in the resource name' @@ -124,6 +125,18 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' } ] } + { + privateDnsZoneResourceIds: [ + nestedDependencies.outputs.privateDNSZoneResourceId + ] + service: 'nodeManagement' + subnetResourceId: nestedDependencies.outputs.subnetResourceId + tags: { + 'hidden-title': 'This is visible in the resource name' + Environment: 'Non-Prod' + Role: 'DeploymentValidation' + } + } ] networkProfile: { accountAccess: { diff --git a/avm/res/batch/batch-account/tests/e2e/waf-aligned/main.test.bicep b/avm/res/batch/batch-account/tests/e2e/waf-aligned/main.test.bicep index f66d2bac7a..3dcc035248 100644 --- a/avm/res/batch/batch-account/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/batch/batch-account/tests/e2e/waf-aligned/main.test.bicep @@ -86,6 +86,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' privateDnsZoneResourceIds: [ nestedDependencies.outputs.privateDNSZoneResourceId ] + service: 'batchAccount' subnetResourceId: nestedDependencies.outputs.subnetResourceId } ] diff --git a/avm/res/batch/batch-account/version.json b/avm/res/batch/batch-account/version.json index c177b1bb58..96236a61ba 100644 --- a/avm/res/batch/batch-account/version.json +++ b/avm/res/batch/batch-account/version.json @@ -1,7 +1,7 @@ { "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.3", + "version": "0.4", "pathFilters": [ "./main.json" ] -} \ No newline at end of file +} diff --git a/avm/res/databricks/workspace/README.md b/avm/res/databricks/workspace/README.md index 1afe94cb26..6cb17f06d0 100644 --- a/avm/res/databricks/workspace/README.md +++ b/avm/res/databricks/workspace/README.md @@ -145,12 +145,20 @@ module workspace 'br/public:avm/res/databricks/workspace:' = { privateDnsZoneResourceIds: [ '' ] + service: 'databricks_ui_api' subnetResourceId: '' tags: { Environment: 'Non-Prod' Role: 'DeploymentValidation' } } + { + privateDnsZoneResourceIds: [ + '' + ] + service: 'browser_authentication' + subnetResourceId: '' + } ] publicIpName: 'nat-gw-public-ip' publicNetworkAccess: 'Disabled' @@ -280,11 +288,19 @@ module workspace 'br/public:avm/res/databricks/workspace:' = { "privateDnsZoneResourceIds": [ "" ], + "service": "databricks_ui_api", "subnetResourceId": "", "tags": { "Environment": "Non-Prod", "Role": "DeploymentValidation" } + }, + { + "privateDnsZoneResourceIds": [ + "" + ], + "service": "browser_authentication", + "subnetResourceId": "" } ] }, @@ -407,6 +423,7 @@ module workspace 'br/public:avm/res/databricks/workspace:' = { privateDnsZoneResourceIds: [ '' ] + service: 'databricks_ui_api' subnetResourceId: '' tags: { Environment: 'Non-Prod' @@ -525,6 +542,7 @@ module workspace 'br/public:avm/res/databricks/workspace:' = { "privateDnsZoneResourceIds": [ "" ], + "service": "databricks_ui_api", "subnetResourceId": "", "tags": { "Environment": "Non-Prod", @@ -980,6 +998,7 @@ Configuration details for private endpoints. For security reasons, it is recomme | Parameter | Type | Description | | :-- | :-- | :-- | +| [`service`](#parameter-privateendpointsservice) | string | The subresource to deploy the private endpoint for. For example "blob", "table", "queue" or "file". | | [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | string | Resource ID of the subnet where the endpoint needs to be created. | **Optional parameters** @@ -991,16 +1010,23 @@ Configuration details for private endpoints. For security reasons, it is recomme | [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | | [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | | [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | +| [`isManualConnection`](#parameter-privateendpointsismanualconnection) | bool | If Manual Private Link Connection is required. | | [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | | [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | -| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | +| [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars. | | [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | | [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. | | [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | | [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | -| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | | [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | +### Parameter: `privateEndpoints.service` + +The subresource to deploy the private endpoint for. For example "blob", "table", "queue" or "file". + +- Required: Yes +- Type: string + ### Parameter: `privateEndpoints.subnetResourceId` Resource ID of the subnet where the endpoint needs to be created. @@ -1114,6 +1140,13 @@ A private IP address obtained from the private endpoint's subnet. - Required: Yes - Type: string +### Parameter: `privateEndpoints.isManualConnection` + +If Manual Private Link Connection is required. + +- Required: No +- Type: bool + ### Parameter: `privateEndpoints.location` The location to deploy the private endpoint to. @@ -1157,12 +1190,12 @@ Specify the name of lock. - Required: No - Type: string -### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` +### Parameter: `privateEndpoints.manualConnectionRequestMessage` -Manual PrivateLink Service Connections. +A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars. - Required: No -- Type: array +- Type: string ### Parameter: `privateEndpoints.name` @@ -1274,13 +1307,6 @@ The principal type of the assigned principal ID. ] ``` -### Parameter: `privateEndpoints.service` - -The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". - -- Required: No -- Type: string - ### Parameter: `privateEndpoints.tags` Tags to be applied on all resources/resource groups in this deployment. diff --git a/avm/res/databricks/workspace/main.bicep b/avm/res/databricks/workspace/main.bicep index 5a9190ab0f..6da8e23bad 100644 --- a/avm/res/databricks/workspace/main.bicep +++ b/avm/res/databricks/workspace/main.bicep @@ -287,21 +287,34 @@ resource workspace_roleAssignments 'Microsoft.Authorization/roleAssignments@2022 scope: workspace }] +@batchSize(1) module workspace_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.3.3' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-Databricks-PrivateEndpoint-${index}' params: { - privateLinkServiceConnections: [ + name: privateEndpoint.?name ?? 'pep-${last(split(workspace.id, '/'))}-${privateEndpoint.service}-${index}' + privateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections != true ? [ { - name: name + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(workspace.id, '/'))}-${privateEndpoint.service}-${index}' properties: { privateLinkServiceId: workspace.id groupIds: [ - privateEndpoint.?service ?? 'databricks_ui_api' + privateEndpoint.service ] } } - ] - name: privateEndpoint.?name ?? 'pep-${last(split(workspace.id, '/'))}-${privateEndpoint.?service ?? 'databricks_ui_api'}-${index}' + ] : null + manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ + { + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(workspace.id, '/'))}-${privateEndpoint.service}-${index}' + properties: { + privateLinkServiceId: workspace.id + groupIds: [ + privateEndpoint.service + ] + requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' + } + } + ] : null subnetResourceId: privateEndpoint.subnetResourceId enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry location: privateEndpoint.?location ?? reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location @@ -310,7 +323,6 @@ module workspace_privateEndpoints 'br/public:avm/res/network/private-endpoint:0. privateDnsZoneResourceIds: privateEndpoint.?privateDnsZoneResourceIds roleAssignments: privateEndpoint.?roleAssignments tags: privateEndpoint.?tags ?? tags - manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections customDnsConfigs: privateEndpoint.?customDnsConfigs ipConfigurations: privateEndpoint.?ipConfigurations applicationSecurityGroupResourceIds: privateEndpoint.?applicationSecurityGroupResourceIds @@ -361,15 +373,14 @@ type lockType = { }? type privateEndpointType = { - @description('Optional. The name of the private endpoint.') name: string? @description('Optional. The location to deploy the private endpoint to.') location: string? - @description('Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob".') - service: string? + @description('Required. The subresource to deploy the private endpoint for. For example "blob", "table", "queue" or "file".') + service: string @description('Required. Resource ID of the subnet where the endpoint needs to be created.') subnetResourceId: string @@ -380,6 +391,12 @@ type privateEndpointType = { @description('Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.') privateDnsZoneResourceIds: string[]? + @description('Optional. If Manual Private Link Connection is required.') + isManualConnection: bool? + + @description('Optional. A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars.') + manualConnectionRequestMessage: string? + @description('Optional. Custom DNS configurations.') customDnsConfigs: { @description('Required. Fqdn that resolves to private endpoint IP address.') @@ -422,9 +439,6 @@ type privateEndpointType = { @description('Optional. Tags to be applied on all resources/resource groups in this deployment.') tags: object? - @description('Optional. Manual PrivateLink Service Connections.') - manualPrivateLinkServiceConnections: array? - @description('Optional. Enable/Disable usage telemetry for module.') enableTelemetry: bool? }[]? diff --git a/avm/res/databricks/workspace/main.json b/avm/res/databricks/workspace/main.json index 03e8fa6cbb..748a3df265 100644 --- a/avm/res/databricks/workspace/main.json +++ b/avm/res/databricks/workspace/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "7710672223855991692" + "version": "0.24.24.22086", + "templateHash": "18173040551879229242" }, "name": "Azure Databricks Workspaces", "description": "This module deploys an Azure Databricks Workspace.", @@ -59,9 +59,8 @@ }, "service": { "type": "string", - "nullable": true, "metadata": { - "description": "Optional. The service (sub-) type to deploy the private endpoint for. For example \"vault\" or \"blob\"." + "description": "Required. The subresource to deploy the private endpoint for. For example \"blob\", \"table\", \"queue\" or \"file\"." } }, "subnetResourceId": { @@ -87,6 +86,20 @@ "description": "Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones." } }, + "isManualConnection": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. If Manual Private Link Connection is required." + } + }, + "manualConnectionRequestMessage": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars." + } + }, "customDnsConfigs": { "type": "array", "items": { @@ -195,13 +208,6 @@ "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." } }, - "manualPrivateLinkServiceConnections": { - "type": "array", - "nullable": true, - "metadata": { - "description": "Optional. Manual PrivateLink Service Connections." - } - }, "enableTelemetry": { "type": "bool", "nullable": true, @@ -814,7 +820,9 @@ "workspace_privateEndpoints": { "copy": { "name": "workspace_privateEndpoints", - "count": "[length(coalesce(parameters('privateEndpoints'), createArray()))]" + "count": "[length(coalesce(parameters('privateEndpoints'), createArray()))]", + "mode": "serial", + "batchSize": 1 }, "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -825,22 +833,11 @@ }, "mode": "Incremental", "parameters": { - "privateLinkServiceConnections": { - "value": [ - { - "name": "[parameters('name')]", - "properties": { - "privateLinkServiceId": "[resourceId('Microsoft.Databricks/workspaces', parameters('name'))]", - "groupIds": [ - "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'databricks_ui_api')]" - ] - } - } - ] - }, "name": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.Databricks/workspaces', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'databricks_ui_api'), copyIndex()))]" + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.Databricks/workspaces', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex()))]" }, + "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Databricks/workspaces', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Databricks/workspaces', parameters('name')), 'groupIds', createArray(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service))))), createObject('value', null()))]", + "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Databricks/workspaces', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Databricks/workspaces', parameters('name')), 'groupIds', createArray(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, @@ -865,9 +862,6 @@ "tags": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'tags'), parameters('tags'))]" }, - "manualPrivateLinkServiceConnections": { - "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections')]" - }, "customDnsConfigs": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customDnsConfigs')]" }, diff --git a/avm/res/databricks/workspace/tests/e2e/max/dependencies.bicep b/avm/res/databricks/workspace/tests/e2e/max/dependencies.bicep index 9a8c73e3f6..dfc69285ca 100644 --- a/avm/res/databricks/workspace/tests/e2e/max/dependencies.bicep +++ b/avm/res/databricks/workspace/tests/e2e/max/dependencies.bicep @@ -94,7 +94,7 @@ resource keyPermissions 'Microsoft.Authorization/roleAssignments@2022-04-01' = { name: guid('msi-${keyVault::key.id}-${location}-${managedIdentity.id}-Key-Key-Vault-Crypto-User-RoleAssignment') scope: keyVault::key properties: { - principalId: '711330f9-cfad-4b10-a462-d82faa92027d' // AzureDatabricks Enterprise Application Object Id (Note: this is tenant specific) + principalId: '09ef9f59-e7b6-422e-84e4-508cfc8d64e7' // '711330f9-cfad-4b10-a462-d82faa92027d' // AzureDatabricks Enterprise Application Object Id (Note: this is tenant specific) roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '12338af0-0e69-4776-bea7-57ae8d297424') // Key Vault Crypto User principalType: 'ServicePrincipal' } diff --git a/avm/res/databricks/workspace/tests/e2e/max/main.test.bicep b/avm/res/databricks/workspace/tests/e2e/max/main.test.bicep index 818deb76c8..596f8857c5 100644 --- a/avm/res/databricks/workspace/tests/e2e/max/main.test.bicep +++ b/avm/res/databricks/workspace/tests/e2e/max/main.test.bicep @@ -151,12 +151,20 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' privateDnsZoneResourceIds: [ nestedDependencies.outputs.privateDNSZoneResourceId ] + service: 'databricks_ui_api' subnetResourceId: nestedDependencies.outputs.defaultSubnetResourceId tags: { Environment: 'Non-Prod' Role: 'DeploymentValidation' } } + { + privateDnsZoneResourceIds: [ + nestedDependencies.outputs.privateDNSZoneResourceId + ] + subnetResourceId: nestedDependencies.outputs.defaultSubnetResourceId + service: 'browser_authentication' + } ] managedResourceGroupResourceId: '${subscription().id}/resourceGroups/rg-${resourceGroupName}-managed' requireInfrastructureEncryption: true diff --git a/avm/res/databricks/workspace/tests/e2e/waf-aligned/dependencies.bicep b/avm/res/databricks/workspace/tests/e2e/waf-aligned/dependencies.bicep index 9a8c73e3f6..dfc69285ca 100644 --- a/avm/res/databricks/workspace/tests/e2e/waf-aligned/dependencies.bicep +++ b/avm/res/databricks/workspace/tests/e2e/waf-aligned/dependencies.bicep @@ -94,7 +94,7 @@ resource keyPermissions 'Microsoft.Authorization/roleAssignments@2022-04-01' = { name: guid('msi-${keyVault::key.id}-${location}-${managedIdentity.id}-Key-Key-Vault-Crypto-User-RoleAssignment') scope: keyVault::key properties: { - principalId: '711330f9-cfad-4b10-a462-d82faa92027d' // AzureDatabricks Enterprise Application Object Id (Note: this is tenant specific) + principalId: '09ef9f59-e7b6-422e-84e4-508cfc8d64e7' // '711330f9-cfad-4b10-a462-d82faa92027d' // AzureDatabricks Enterprise Application Object Id (Note: this is tenant specific) roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '12338af0-0e69-4776-bea7-57ae8d297424') // Key Vault Crypto User principalType: 'ServicePrincipal' } diff --git a/avm/res/databricks/workspace/tests/e2e/waf-aligned/main.test.bicep b/avm/res/databricks/workspace/tests/e2e/waf-aligned/main.test.bicep index 056d003a65..e2542b585e 100644 --- a/avm/res/databricks/workspace/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/databricks/workspace/tests/e2e/waf-aligned/main.test.bicep @@ -134,6 +134,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' privateDnsZoneResourceIds: [ nestedDependencies.outputs.privateDNSZoneResourceId ] + service: 'databricks_ui_api' subnetResourceId: nestedDependencies.outputs.defaultSubnetResourceId tags: { Environment: 'Non-Prod' diff --git a/avm/res/databricks/workspace/version.json b/avm/res/databricks/workspace/version.json index 7fa401bdf7..9481fea58e 100644 --- a/avm/res/databricks/workspace/version.json +++ b/avm/res/databricks/workspace/version.json @@ -1,6 +1,6 @@ { "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.1", + "version": "0.2", "pathFilters": [ "./main.json" ] diff --git a/avm/res/document-db/database-account/README.md b/avm/res/document-db/database-account/README.md index beb99218f9..ed6069fbc2 100644 --- a/avm/res/document-db/database-account/README.md +++ b/avm/res/document-db/database-account/README.md @@ -2046,7 +2046,7 @@ Configuration details for private endpoints. For security reasons, it is recomme | Parameter | Type | Description | | :-- | :-- | :-- | -| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | +| [`service`](#parameter-privateendpointsservice) | string | The subresource to deploy the private endpoint for. For example "blob", "table", "queue" or "file". | | [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | string | Resource ID of the subnet where the endpoint needs to be created. | **Optional parameters** @@ -2058,9 +2058,10 @@ Configuration details for private endpoints. For security reasons, it is recomme | [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | | [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | | [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | +| [`isManualConnection`](#parameter-privateendpointsismanualconnection) | bool | If Manual Private Link Connection is required. | | [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | | [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | -| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | +| [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars. | | [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | | [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | | [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | @@ -2069,7 +2070,7 @@ Configuration details for private endpoints. For security reasons, it is recomme ### Parameter: `privateEndpoints.service` -The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". +The subresource to deploy the private endpoint for. For example "blob", "table", "queue" or "file". - Required: Yes - Type: string @@ -2187,6 +2188,13 @@ A private ip address obtained from the private endpoint's subnet. - Required: Yes - Type: string +### Parameter: `privateEndpoints.isManualConnection` + +If Manual Private Link Connection is required. + +- Required: No +- Type: bool + ### Parameter: `privateEndpoints.location` The location to deploy the private endpoint to. @@ -2230,12 +2238,12 @@ Specify the name of lock. - Required: No - Type: string -### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` +### Parameter: `privateEndpoints.manualConnectionRequestMessage` -Manual PrivateLink Service Connections. +A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars. - Required: No -- Type: array +- Type: string ### Parameter: `privateEndpoints.name` diff --git a/avm/res/document-db/database-account/gremlin-database/graph/main.json b/avm/res/document-db/database-account/gremlin-database/graph/main.json index 531189986d..1483098c2e 100644 --- a/avm/res/document-db/database-account/gremlin-database/graph/main.json +++ b/avm/res/document-db/database-account/gremlin-database/graph/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "4078462189838201163" + "version": "0.24.24.22086", + "templateHash": "14243370867444327055" }, "name": "DocumentDB Database Accounts Gremlin Databases Graphs", "description": "This module deploys a DocumentDB Database Accounts Gremlin Database Graph.", diff --git a/avm/res/document-db/database-account/gremlin-database/main.json b/avm/res/document-db/database-account/gremlin-database/main.json index 1ff6b48baa..e64ef29612 100644 --- a/avm/res/document-db/database-account/gremlin-database/main.json +++ b/avm/res/document-db/database-account/gremlin-database/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "5227237801347888732" + "version": "0.24.24.22086", + "templateHash": "2617432375264179405" }, "name": "DocumentDB Database Account Gremlin Databases", "description": "This module deploys a Gremlin Database within a CosmosDB Account.", @@ -109,8 +109,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "4078462189838201163" + "version": "0.24.24.22086", + "templateHash": "14243370867444327055" }, "name": "DocumentDB Database Accounts Gremlin Databases Graphs", "description": "This module deploys a DocumentDB Database Accounts Gremlin Database Graph.", diff --git a/avm/res/document-db/database-account/main.bicep b/avm/res/document-db/database-account/main.bicep index e472d947fc..f7efedebb6 100644 --- a/avm/res/document-db/database-account/main.bicep +++ b/avm/res/document-db/database-account/main.bicep @@ -320,18 +320,30 @@ module databaseAccount_gremlinDatabases 'gremlin-database/main.bicep' = [for gre module databaseAccount_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.3.1' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-databaseAccount-PrivateEndpoint-${index}' params: { - privateLinkServiceConnections: [ + name: privateEndpoint.?name ?? 'pep-${last(split(databaseAccount.id, '/'))}-${privateEndpoint.service}-${index}' + privateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections != true ? [ { - name: name + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(databaseAccount.id, '/'))}-${privateEndpoint.service}-${index}' properties: { privateLinkServiceId: databaseAccount.id groupIds: [ - privateEndpoint.?service ?? 'Sql' + privateEndpoint.service ] } } - ] - name: privateEndpoint.?name ?? 'pep-${last(split(databaseAccount.id, '/'))}-${privateEndpoint.?service ?? 'vault'}-${index}' + ] : null + manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ + { + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(databaseAccount.id, '/'))}-${privateEndpoint.service}-${index}' + properties: { + privateLinkServiceId: databaseAccount.id + groupIds: [ + privateEndpoint.service + ] + requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' + } + } + ] : null subnetResourceId: privateEndpoint.subnetResourceId enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry location: privateEndpoint.?location ?? reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location @@ -340,7 +352,6 @@ module databaseAccount_privateEndpoints 'br/public:avm/res/network/private-endpo privateDnsZoneResourceIds: privateEndpoint.?privateDnsZoneResourceIds roleAssignments: privateEndpoint.?roleAssignments tags: privateEndpoint.?tags ?? tags - manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections customDnsConfigs: privateEndpoint.?customDnsConfigs ipConfigurations: privateEndpoint.?ipConfigurations applicationSecurityGroupResourceIds: privateEndpoint.?applicationSecurityGroupResourceIds @@ -413,7 +424,7 @@ type privateEndpointType = { @description('Optional. The location to deploy the private endpoint to.') location: string? - @description('Required. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob".') + @description('Required. The subresource to deploy the private endpoint for. For example "blob", "table", "queue" or "file".') service: string @description('Required. Resource ID of the subnet where the endpoint needs to be created.') @@ -425,6 +436,12 @@ type privateEndpointType = { @description('Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.') privateDnsZoneResourceIds: string[]? + @description('Optional. If Manual Private Link Connection is required.') + isManualConnection: bool? + + @description('Optional. A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars.') + manualConnectionRequestMessage: string? + @description('Optional. Custom DNS configurations.') customDnsConfigs: { @description('Required. Fqdn that resolves to private endpoint ip address.') @@ -467,9 +484,6 @@ type privateEndpointType = { @description('Optional. Tags to be applied on all resources/resource groups in this deployment.') tags: object? - @description('Optional. Manual PrivateLink Service Connections.') - manualPrivateLinkServiceConnections: array? - @description('Optional. Enable/Disable usage telemetry for module.') enableTelemetry: bool? }[]? diff --git a/avm/res/document-db/database-account/main.json b/avm/res/document-db/database-account/main.json index 454bcda8db..0c94146f28 100644 --- a/avm/res/document-db/database-account/main.json +++ b/avm/res/document-db/database-account/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "14608365683973460476" + "version": "0.24.24.22086", + "templateHash": "8692130573137948509" }, "name": "DocumentDB Database Accounts", "description": "This module deploys a DocumentDB Database Account.", @@ -149,7 +149,7 @@ "service": { "type": "string", "metadata": { - "description": "Required. The service (sub-) type to deploy the private endpoint for. For example \"vault\" or \"blob\"." + "description": "Required. The subresource to deploy the private endpoint for. For example \"blob\", \"table\", \"queue\" or \"file\"." } }, "subnetResourceId": { @@ -175,6 +175,20 @@ "description": "Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones." } }, + "isManualConnection": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. If Manual Private Link Connection is required." + } + }, + "manualConnectionRequestMessage": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars." + } + }, "customDnsConfigs": { "type": "array", "items": { @@ -283,13 +297,6 @@ "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." } }, - "manualPrivateLinkServiceConnections": { - "type": "array", - "nullable": true, - "metadata": { - "description": "Optional. Manual PrivateLink Service Connections." - } - }, "enableTelemetry": { "type": "bool", "nullable": true, @@ -841,8 +848,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "3371007626132936503" + "version": "0.24.24.22086", + "templateHash": "6855947757310197808" }, "name": "DocumentDB Database Account SQL Databases", "description": "This module deploys a SQL Database in a CosmosDB Account.", @@ -956,8 +963,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "15407611441750959399" + "version": "0.24.24.22086", + "templateHash": "6680377134811820539" }, "name": "DocumentDB Database Account SQL Database Containers", "description": "This module deploys a SQL Database Container in a CosmosDB Account.", @@ -1196,8 +1203,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "5538920636867167805" + "version": "0.24.24.22086", + "templateHash": "5366984101532329712" }, "name": "DocumentDB Database Account MongoDB Databases", "description": "This module deploys a MongoDB Database within a CosmosDB Account.", @@ -1299,8 +1306,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "12727124123085683569" + "version": "0.24.24.22086", + "templateHash": "10065636031063619686" }, "name": "DocumentDB Database Account MongoDB Database Collections", "description": "This module deploys a MongoDB Database Collection.", @@ -1455,8 +1462,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "5227237801347888732" + "version": "0.24.24.22086", + "templateHash": "2617432375264179405" }, "name": "DocumentDB Database Account Gremlin Databases", "description": "This module deploys a Gremlin Database within a CosmosDB Account.", @@ -1559,8 +1566,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "4078462189838201163" + "version": "0.24.24.22086", + "templateHash": "14243370867444327055" }, "name": "DocumentDB Database Accounts Gremlin Databases Graphs", "description": "This module deploys a DocumentDB Database Accounts Gremlin Database Graph.", @@ -1715,22 +1722,11 @@ }, "mode": "Incremental", "parameters": { - "privateLinkServiceConnections": { - "value": [ - { - "name": "[parameters('name')]", - "properties": { - "privateLinkServiceId": "[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('name'))]", - "groupIds": [ - "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'Sql')]" - ] - } - } - ] - }, "name": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'vault'), copyIndex()))]" + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex()))]" }, + "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('name')), 'groupIds', createArray(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service))))), createObject('value', null()))]", + "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('name')), 'groupIds', createArray(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, @@ -1755,9 +1751,6 @@ "tags": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'tags'), parameters('tags'))]" }, - "manualPrivateLinkServiceConnections": { - "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections')]" - }, "customDnsConfigs": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customDnsConfigs')]" }, diff --git a/avm/res/document-db/database-account/mongodb-database/collection/main.json b/avm/res/document-db/database-account/mongodb-database/collection/main.json index 925b996e85..10a7d6e4ca 100644 --- a/avm/res/document-db/database-account/mongodb-database/collection/main.json +++ b/avm/res/document-db/database-account/mongodb-database/collection/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "12727124123085683569" + "version": "0.24.24.22086", + "templateHash": "10065636031063619686" }, "name": "DocumentDB Database Account MongoDB Database Collections", "description": "This module deploys a MongoDB Database Collection.", diff --git a/avm/res/document-db/database-account/mongodb-database/main.json b/avm/res/document-db/database-account/mongodb-database/main.json index 549aa6394d..8a15ed3962 100644 --- a/avm/res/document-db/database-account/mongodb-database/main.json +++ b/avm/res/document-db/database-account/mongodb-database/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "5538920636867167805" + "version": "0.24.24.22086", + "templateHash": "5366984101532329712" }, "name": "DocumentDB Database Account MongoDB Databases", "description": "This module deploys a MongoDB Database within a CosmosDB Account.", @@ -108,8 +108,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "12727124123085683569" + "version": "0.24.24.22086", + "templateHash": "10065636031063619686" }, "name": "DocumentDB Database Account MongoDB Database Collections", "description": "This module deploys a MongoDB Database Collection.", diff --git a/avm/res/document-db/database-account/sql-database/container/main.json b/avm/res/document-db/database-account/sql-database/container/main.json index 18ea3e8513..2714d00e36 100644 --- a/avm/res/document-db/database-account/sql-database/container/main.json +++ b/avm/res/document-db/database-account/sql-database/container/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "15407611441750959399" + "version": "0.24.24.22086", + "templateHash": "6680377134811820539" }, "name": "DocumentDB Database Account SQL Database Containers", "description": "This module deploys a SQL Database Container in a CosmosDB Account.", diff --git a/avm/res/document-db/database-account/sql-database/main.json b/avm/res/document-db/database-account/sql-database/main.json index e57bc190b0..0d5900963a 100644 --- a/avm/res/document-db/database-account/sql-database/main.json +++ b/avm/res/document-db/database-account/sql-database/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "3371007626132936503" + "version": "0.24.24.22086", + "templateHash": "6855947757310197808" }, "name": "DocumentDB Database Account SQL Databases", "description": "This module deploys a SQL Database in a CosmosDB Account.", @@ -120,8 +120,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "15407611441750959399" + "version": "0.24.24.22086", + "templateHash": "6680377134811820539" }, "name": "DocumentDB Database Account SQL Database Containers", "description": "This module deploys a SQL Database Container in a CosmosDB Account.", diff --git a/avm/res/document-db/database-account/version.json b/avm/res/document-db/database-account/version.json index 83083db694..9481fea58e 100644 --- a/avm/res/document-db/database-account/version.json +++ b/avm/res/document-db/database-account/version.json @@ -1,7 +1,7 @@ { "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.1", + "version": "0.2", "pathFilters": [ "./main.json" ] -} \ No newline at end of file +} diff --git a/avm/res/operational-insights/workspace/main.bicep b/avm/res/operational-insights/workspace/main.bicep index 01b7730ac3..65633ee945 100644 --- a/avm/res/operational-insights/workspace/main.bicep +++ b/avm/res/operational-insights/workspace/main.bicep @@ -100,7 +100,7 @@ param enableTelemetry bool = true var formattedUserAssignedIdentities = reduce(map((managedIdentities.?userAssignedResourceIds ?? []), (id) => { '${id}': {} }), {}, (cur, next) => union(cur, next)) // Converts the flat array to an object like { '${id1}': {}, '${id2}': {} } var identity = !empty(managedIdentities) ? { - type: (managedIdentities.?systemAssigned ?? false) ? 'SystemAssigned' : (!empty(managedIdentities.?userAssignedResourceIds ?? {}) ? 'UserAssigned' : null) + type: (managedIdentities.?systemAssigned ?? false) ? 'SystemAssigned' : (!empty(managedIdentities.?userAssignedResourceIds ?? {}) ? 'UserAssigned' : 'None') userAssignedIdentities: !empty(formattedUserAssignedIdentities) ? formattedUserAssignedIdentities : null } : null diff --git a/avm/res/operational-insights/workspace/main.json b/avm/res/operational-insights/workspace/main.json index ea15eff51a..5454adbe9f 100644 --- a/avm/res/operational-insights/workspace/main.json +++ b/avm/res/operational-insights/workspace/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "12917492270750322539" + "templateHash": "1772646426483930212" }, "name": "Log Analytics Workspaces", "description": "This module deploys a Log Analytics Workspace.", @@ -438,7 +438,7 @@ }, "variables": { "formattedUserAssignedIdentities": "[reduce(map(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createArray()), lambda('id', createObject(format('{0}', lambdaVariables('id')), createObject()))), createObject(), lambda('cur', 'next', union(lambdaVariables('cur'), lambdaVariables('next'))))]", - "identity": "[if(not(empty(parameters('managedIdentities'))), createObject('type', if(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), 'SystemAssigned', if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createObject()))), 'UserAssigned', null())), 'userAssignedIdentities', if(not(empty(variables('formattedUserAssignedIdentities'))), variables('formattedUserAssignedIdentities'), null())), null())]", + "identity": "[if(not(empty(parameters('managedIdentities'))), createObject('type', if(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), 'SystemAssigned', if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createObject()))), 'UserAssigned', 'None')), 'userAssignedIdentities', if(not(empty(variables('formattedUserAssignedIdentities'))), variables('formattedUserAssignedIdentities'), null())), null())]", "builtInRoleNames": { "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", "Log Analytics Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293')]", diff --git a/avm/res/storage/storage-account/README.md b/avm/res/storage/storage-account/README.md index 485c01acbc..7831a99e68 100644 --- a/avm/res/storage/storage-account/README.md +++ b/avm/res/storage/storage-account/README.md @@ -325,6 +325,41 @@ module storageAccount 'br/public:avm/res/storage/storage-account:' = { Role: 'DeploymentValidation' } } + { + privateDnsZoneResourceIds: [ + '' + ] + service: 'table' + subnetResourceId: '' + } + { + privateDnsZoneResourceIds: [ + '' + ] + service: 'queue' + subnetResourceId: '' + } + { + privateDnsZoneResourceIds: [ + '' + ] + service: 'file' + subnetResourceId: '' + } + { + privateDnsZoneResourceIds: [ + '' + ] + service: 'web' + subnetResourceId: '' + } + { + privateDnsZoneResourceIds: [ + '' + ] + service: 'dfs' + subnetResourceId: '' + } ] queueServices: { diagnosticSettings: [ @@ -715,6 +750,41 @@ module storageAccount 'br/public:avm/res/storage/storage-account:' = { "hidden-title": "This is visible in the resource name", "Role": "DeploymentValidation" } + }, + { + "privateDnsZoneResourceIds": [ + "" + ], + "service": "table", + "subnetResourceId": "" + }, + { + "privateDnsZoneResourceIds": [ + "" + ], + "service": "queue", + "subnetResourceId": "" + }, + { + "privateDnsZoneResourceIds": [ + "" + ], + "service": "file", + "subnetResourceId": "" + }, + { + "privateDnsZoneResourceIds": [ + "" + ], + "service": "web", + "subnetResourceId": "" + }, + { + "privateDnsZoneResourceIds": [ + "" + ], + "service": "dfs", + "subnetResourceId": "" } ] }, @@ -2397,9 +2467,10 @@ Configuration details for private endpoints. For security reasons, it is recomme | [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | | [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | | [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | +| [`isManualConnection`](#parameter-privateendpointsismanualconnection) | bool | Manual PrivateLink Service Connections. | | [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | | [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | -| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | +| [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | The name of the request message for manual approval. | | [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | | [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | | [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | @@ -2526,6 +2597,13 @@ A private ip address obtained from the private endpoint's subnet. - Required: Yes - Type: string +### Parameter: `privateEndpoints.isManualConnection` + +Manual PrivateLink Service Connections. + +- Required: No +- Type: bool + ### Parameter: `privateEndpoints.location` The location to deploy the private endpoint to. @@ -2569,12 +2647,12 @@ Specify the name of lock. - Required: No - Type: string -### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` +### Parameter: `privateEndpoints.manualConnectionRequestMessage` -Manual PrivateLink Service Connections. +The name of the request message for manual approval. - Required: No -- Type: array +- Type: string ### Parameter: `privateEndpoints.name` diff --git a/avm/res/storage/storage-account/blob-service/container/immutability-policy/main.json b/avm/res/storage/storage-account/blob-service/container/immutability-policy/main.json index ac3bd2c129..c5f31a243f 100644 --- a/avm/res/storage/storage-account/blob-service/container/immutability-policy/main.json +++ b/avm/res/storage/storage-account/blob-service/container/immutability-policy/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "10329548264889228160" + "version": "0.24.24.22086", + "templateHash": "15441426428461937893" }, "name": "Storage Account Blob Container Immutability Policies", "description": "This module deploys a Storage Account Blob Container Immutability Policy.", diff --git a/avm/res/storage/storage-account/blob-service/container/main.json b/avm/res/storage/storage-account/blob-service/container/main.json index 3f3a51ac90..d74b756e4a 100644 --- a/avm/res/storage/storage-account/blob-service/container/main.json +++ b/avm/res/storage/storage-account/blob-service/container/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "11351273351916968732" + "version": "0.24.24.22086", + "templateHash": "1429761296615247722" }, "name": "Storage Account Blob Containers", "description": "This module deploys a Storage Account Blob Container.", @@ -274,8 +274,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "10329548264889228160" + "version": "0.24.24.22086", + "templateHash": "15441426428461937893" }, "name": "Storage Account Blob Container Immutability Policies", "description": "This module deploys a Storage Account Blob Container Immutability Policy.", diff --git a/avm/res/storage/storage-account/blob-service/main.json b/avm/res/storage/storage-account/blob-service/main.json index 46429e3bb4..e96c5fb150 100644 --- a/avm/res/storage/storage-account/blob-service/main.json +++ b/avm/res/storage/storage-account/blob-service/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "4746835745355709536" + "version": "0.24.24.22086", + "templateHash": "1171033307374205653" }, "name": "Storage Account blob Services", "description": "This module deploys a Storage Account Blob Service.", @@ -403,8 +403,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "11351273351916968732" + "version": "0.24.24.22086", + "templateHash": "1429761296615247722" }, "name": "Storage Account Blob Containers", "description": "This module deploys a Storage Account Blob Container.", @@ -672,8 +672,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "10329548264889228160" + "version": "0.24.24.22086", + "templateHash": "15441426428461937893" }, "name": "Storage Account Blob Container Immutability Policies", "description": "This module deploys a Storage Account Blob Container Immutability Policy.", diff --git a/avm/res/storage/storage-account/file-service/main.json b/avm/res/storage/storage-account/file-service/main.json index b2d1773a8a..bb79cc960a 100644 --- a/avm/res/storage/storage-account/file-service/main.json +++ b/avm/res/storage/storage-account/file-service/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "5288106279947156711" + "version": "0.24.24.22086", + "templateHash": "9233391743581137624" }, "name": "Storage Account File Share Services", "description": "This module deploys a Storage Account File Share Service.", @@ -286,8 +286,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "2026482374148202879" + "version": "0.24.24.22086", + "templateHash": "11243515252529303304" }, "name": "Storage Account File Shares", "description": "This module deploys a Storage Account File Share.", @@ -486,8 +486,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "15595600813016932186" + "version": "0.24.24.22086", + "templateHash": "17643632023108067837" } }, "parameters": { diff --git a/avm/res/storage/storage-account/file-service/share/main.json b/avm/res/storage/storage-account/file-service/share/main.json index 4d6e95dba4..13705f6f2d 100644 --- a/avm/res/storage/storage-account/file-service/share/main.json +++ b/avm/res/storage/storage-account/file-service/share/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "2026482374148202879" + "version": "0.24.24.22086", + "templateHash": "11243515252529303304" }, "name": "Storage Account File Shares", "description": "This module deploys a Storage Account File Share.", @@ -205,8 +205,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "15595600813016932186" + "version": "0.24.24.22086", + "templateHash": "17643632023108067837" } }, "parameters": { diff --git a/avm/res/storage/storage-account/local-user/main.json b/avm/res/storage/storage-account/local-user/main.json index 5044c80422..ac7889af2b 100644 --- a/avm/res/storage/storage-account/local-user/main.json +++ b/avm/res/storage/storage-account/local-user/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "17117452291389534361" + "version": "0.24.24.22086", + "templateHash": "414567084253124464" }, "name": "Storage Account Local Users", "description": "This module deploys a Storage Account Local User, which is used for SFTP authentication.", diff --git a/avm/res/storage/storage-account/main.bicep b/avm/res/storage/storage-account/main.bicep index 71526893d3..10778ec337 100644 --- a/avm/res/storage/storage-account/main.bicep +++ b/avm/res/storage/storage-account/main.bicep @@ -355,9 +355,10 @@ resource storageAccount_roleAssignments 'Microsoft.Authorization/roleAssignments module storageAccount_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.3.1' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-StorageAccount-PrivateEndpoint-${index}' params: { - privateLinkServiceConnections: [ + name: privateEndpoint.?name ?? 'pep-${last(split(storageAccount.id, '/'))}-${privateEndpoint.service}-${index}' + privateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections != true ? [ { - name: name + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(storageAccount.id, '/'))}-${privateEndpoint.service}-${index}' properties: { privateLinkServiceId: storageAccount.id groupIds: [ @@ -365,8 +366,19 @@ module storageAccount_privateEndpoints 'br/public:avm/res/network/private-endpoi ] } } - ] - name: privateEndpoint.?name ?? 'pep-${last(split(storageAccount.id, '/'))}-${privateEndpoint.service}-${index}' + ] : null + manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ + { + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(storageAccount.id, '/'))}-${privateEndpoint.service}-${index}' + properties: { + privateLinkServiceId: storageAccount.id + groupIds: [ + privateEndpoint.service + ] + requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' + } + } + ] : null subnetResourceId: privateEndpoint.subnetResourceId enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry location: privateEndpoint.?location ?? reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location @@ -375,7 +387,6 @@ module storageAccount_privateEndpoints 'br/public:avm/res/network/private-endpoi privateDnsZoneResourceIds: privateEndpoint.?privateDnsZoneResourceIds roleAssignments: privateEndpoint.?roleAssignments tags: privateEndpoint.?tags ?? tags - manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections customDnsConfigs: privateEndpoint.?customDnsConfigs ipConfigurations: privateEndpoint.?ipConfigurations applicationSecurityGroupResourceIds: privateEndpoint.?applicationSecurityGroupResourceIds @@ -564,6 +575,12 @@ type privateEndpointType = { @description('Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.') privateDnsZoneResourceIds: string[]? + @description('Optional. Manual PrivateLink Service Connections.') + isManualConnection: bool? + + @description('Optional. The name of the request message for manual approval.') + manualConnectionRequestMessage: string? + @description('Optional. Custom DNS configurations.') customDnsConfigs: { @description('Required. Fqdn that resolves to private endpoint ip address.') @@ -606,9 +623,6 @@ type privateEndpointType = { @description('Optional. Tags to be applied on all resources/resource groups in this deployment.') tags: object? - @description('Optional. Manual PrivateLink Service Connections.') - manualPrivateLinkServiceConnections: array? - @description('Optional. Enable/Disable usage telemetry for module.') enableTelemetry: bool? }[]? diff --git a/avm/res/storage/storage-account/main.json b/avm/res/storage/storage-account/main.json index fc67003c5b..04600ad432 100644 --- a/avm/res/storage/storage-account/main.json +++ b/avm/res/storage/storage-account/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "10189933879993819158" + "version": "0.24.24.22086", + "templateHash": "14648230293508240755" }, "name": "Storage Accounts", "description": "This module deploys a Storage Account.", @@ -227,6 +227,20 @@ "description": "Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones." } }, + "isManualConnection": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Manual PrivateLink Service Connections." + } + }, + "manualConnectionRequestMessage": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name of the request message for manual approval." + } + }, "customDnsConfigs": { "type": "array", "items": { @@ -335,13 +349,6 @@ "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." } }, - "manualPrivateLinkServiceConnections": { - "type": "array", - "nullable": true, - "metadata": { - "description": "Optional. Manual PrivateLink Service Connections." - } - }, "enableTelemetry": { "type": "bool", "nullable": true, @@ -995,22 +1002,11 @@ }, "mode": "Incremental", "parameters": { - "privateLinkServiceConnections": { - "value": [ - { - "name": "[parameters('name')]", - "properties": { - "privateLinkServiceId": "[resourceId('Microsoft.Storage/storageAccounts', parameters('name'))]", - "groupIds": [ - "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service]" - ] - } - } - ] - }, "name": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.Storage/storageAccounts', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex()))]" }, + "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Storage/storageAccounts', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Storage/storageAccounts', parameters('name')), 'groupIds', createArray(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service))))), createObject('value', null()))]", + "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Storage/storageAccounts', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Storage/storageAccounts', parameters('name')), 'groupIds', createArray(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, @@ -1035,9 +1031,6 @@ "tags": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'tags'), parameters('tags'))]" }, - "manualPrivateLinkServiceConnections": { - "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections')]" - }, "customDnsConfigs": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customDnsConfigs')]" }, @@ -1673,8 +1666,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "774635646248081518" + "version": "0.24.24.22086", + "templateHash": "17360500138014235250" }, "name": "Storage Account Management Policies", "description": "This module deploys a Storage Account Management Policy.", @@ -1783,8 +1776,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "17117452291389534361" + "version": "0.24.24.22086", + "templateHash": "414567084253124464" }, "name": "Storage Account Local Users", "description": "This module deploys a Storage Account Local User, which is used for SFTP authentication.", @@ -2001,8 +1994,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "4746835745355709536" + "version": "0.24.24.22086", + "templateHash": "1171033307374205653" }, "name": "Storage Account blob Services", "description": "This module deploys a Storage Account Blob Service.", @@ -2399,8 +2392,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "11351273351916968732" + "version": "0.24.24.22086", + "templateHash": "1429761296615247722" }, "name": "Storage Account Blob Containers", "description": "This module deploys a Storage Account Blob Container.", @@ -2668,8 +2661,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "10329548264889228160" + "version": "0.24.24.22086", + "templateHash": "15441426428461937893" }, "name": "Storage Account Blob Container Immutability Policies", "description": "This module deploys a Storage Account Blob Container Immutability Policy.", @@ -2847,8 +2840,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "5288106279947156711" + "version": "0.24.24.22086", + "templateHash": "9233391743581137624" }, "name": "Storage Account File Share Services", "description": "This module deploys a Storage Account File Share Service.", @@ -3128,8 +3121,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "2026482374148202879" + "version": "0.24.24.22086", + "templateHash": "11243515252529303304" }, "name": "Storage Account File Shares", "description": "This module deploys a Storage Account File Share.", @@ -3328,8 +3321,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "15595600813016932186" + "version": "0.24.24.22086", + "templateHash": "17643632023108067837" } }, "parameters": { @@ -3597,8 +3590,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "14446905482734328346" + "version": "0.24.24.22086", + "templateHash": "10823351122551411657" }, "name": "Storage Account Queue Services", "description": "This module deploys a Storage Account Queue Service.", @@ -3842,8 +3835,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "12411465246702614738" + "version": "0.24.24.22086", + "templateHash": "11104056744955032379" }, "name": "Storage Account Queues", "description": "This module deploys a Storage Account Queue.", @@ -4099,8 +4092,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "14471460242481977546" + "version": "0.24.24.22086", + "templateHash": "2077261761360434847" }, "name": "Storage Account Table Services", "description": "This module deploys a Storage Account Table Service.", @@ -4341,8 +4334,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "8824223095963877860" + "version": "0.24.24.22086", + "templateHash": "981180809348713884" }, "name": "Storage Account Table", "description": "This module deploys a Storage Account Table.", diff --git a/avm/res/storage/storage-account/management-policy/main.json b/avm/res/storage/storage-account/management-policy/main.json index 3e1730f09b..3a0a924bdb 100644 --- a/avm/res/storage/storage-account/management-policy/main.json +++ b/avm/res/storage/storage-account/management-policy/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "774635646248081518" + "version": "0.24.24.22086", + "templateHash": "17360500138014235250" }, "name": "Storage Account Management Policies", "description": "This module deploys a Storage Account Management Policy.", diff --git a/avm/res/storage/storage-account/queue-service/main.json b/avm/res/storage/storage-account/queue-service/main.json index aae35c5012..4956f26ae7 100644 --- a/avm/res/storage/storage-account/queue-service/main.json +++ b/avm/res/storage/storage-account/queue-service/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "14446905482734328346" + "version": "0.24.24.22086", + "templateHash": "10823351122551411657" }, "name": "Storage Account Queue Services", "description": "This module deploys a Storage Account Queue Service.", @@ -250,8 +250,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "12411465246702614738" + "version": "0.24.24.22086", + "templateHash": "11104056744955032379" }, "name": "Storage Account Queues", "description": "This module deploys a Storage Account Queue.", diff --git a/avm/res/storage/storage-account/queue-service/queue/main.json b/avm/res/storage/storage-account/queue-service/queue/main.json index 6ad5c15435..888b7f01b5 100644 --- a/avm/res/storage/storage-account/queue-service/queue/main.json +++ b/avm/res/storage/storage-account/queue-service/queue/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "12411465246702614738" + "version": "0.24.24.22086", + "templateHash": "11104056744955032379" }, "name": "Storage Account Queues", "description": "This module deploys a Storage Account Queue.", diff --git a/avm/res/storage/storage-account/table-service/main.json b/avm/res/storage/storage-account/table-service/main.json index 4b2089447c..17ea7814f7 100644 --- a/avm/res/storage/storage-account/table-service/main.json +++ b/avm/res/storage/storage-account/table-service/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "14471460242481977546" + "version": "0.24.24.22086", + "templateHash": "2077261761360434847" }, "name": "Storage Account Table Services", "description": "This module deploys a Storage Account Table Service.", @@ -247,8 +247,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "8824223095963877860" + "version": "0.24.24.22086", + "templateHash": "981180809348713884" }, "name": "Storage Account Table", "description": "This module deploys a Storage Account Table.", diff --git a/avm/res/storage/storage-account/table-service/table/main.json b/avm/res/storage/storage-account/table-service/table/main.json index c87d417e99..f8f1671b71 100644 --- a/avm/res/storage/storage-account/table-service/table/main.json +++ b/avm/res/storage/storage-account/table-service/table/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "8824223095963877860" + "version": "0.24.24.22086", + "templateHash": "981180809348713884" }, "name": "Storage Account Table", "description": "This module deploys a Storage Account Table.", diff --git a/avm/res/storage/storage-account/tests/e2e/max/main.test.bicep b/avm/res/storage/storage-account/tests/e2e/max/main.test.bicep index 9690de9fbc..757062c60e 100644 --- a/avm/res/storage/storage-account/tests/e2e/max/main.test.bicep +++ b/avm/res/storage/storage-account/tests/e2e/max/main.test.bicep @@ -90,6 +90,41 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } + { + privateDnsZoneResourceIds: [ + nestedDependencies.outputs.privateDNSZoneResourceId + ] + subnetResourceId: nestedDependencies.outputs.subnetResourceId + service: 'table' + } + { + privateDnsZoneResourceIds: [ + nestedDependencies.outputs.privateDNSZoneResourceId + ] + subnetResourceId: nestedDependencies.outputs.subnetResourceId + service: 'queue' + } + { + privateDnsZoneResourceIds: [ + nestedDependencies.outputs.privateDNSZoneResourceId + ] + subnetResourceId: nestedDependencies.outputs.subnetResourceId + service: 'file' + } + { + privateDnsZoneResourceIds: [ + nestedDependencies.outputs.privateDNSZoneResourceId + ] + subnetResourceId: nestedDependencies.outputs.subnetResourceId + service: 'web' + } + { + privateDnsZoneResourceIds: [ + nestedDependencies.outputs.privateDNSZoneResourceId + ] + subnetResourceId: nestedDependencies.outputs.subnetResourceId + service: 'dfs' + } ] networkAcls: { bypass: 'AzureServices' diff --git a/avm/res/storage/storage-account/version.json b/avm/res/storage/storage-account/version.json index e42c3d9e5f..35040975ae 100644 --- a/avm/res/storage/storage-account/version.json +++ b/avm/res/storage/storage-account/version.json @@ -1,7 +1,7 @@ { "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.6", + "version": "0.7", "pathFilters": [ "./main.json" ] -} \ No newline at end of file +} diff --git a/avm/res/synapse/workspace/README.md b/avm/res/synapse/workspace/README.md index 3c3cea9256..40f298488e 100644 --- a/avm/res/synapse/workspace/README.md +++ b/avm/res/synapse/workspace/README.md @@ -390,6 +390,30 @@ module workspace 'br/public:avm/res/synapse/workspace:' = { Role: 'DeploymentValidation' } } + { + privateDnsZoneResourceIds: [ + '' + ] + service: 'SqlOnDemand' + subnetResourceId: '' + tags: { + Environment: 'Non-Prod' + 'hidden-title': 'This is visible in the resource name' + Role: 'DeploymentValidation' + } + } + { + privateDnsZoneResourceIds: [ + '' + ] + service: 'Dev' + subnetResourceId: '' + tags: { + Environment: 'Non-Prod' + 'hidden-title': 'This is visible in the resource name' + Role: 'DeploymentValidation' + } + } ] roleAssignments: [ { @@ -494,6 +518,30 @@ module workspace 'br/public:avm/res/synapse/workspace:' = { "hidden-title": "This is visible in the resource name", "Role": "DeploymentValidation" } + }, + { + "privateDnsZoneResourceIds": [ + "" + ], + "service": "SqlOnDemand", + "subnetResourceId": "", + "tags": { + "Environment": "Non-Prod", + "hidden-title": "This is visible in the resource name", + "Role": "DeploymentValidation" + } + }, + { + "privateDnsZoneResourceIds": [ + "" + ], + "service": "Dev", + "subnetResourceId": "", + "tags": { + "Environment": "Non-Prod", + "hidden-title": "This is visible in the resource name", + "Role": "DeploymentValidation" + } } ] }, @@ -1063,7 +1111,7 @@ Configuration details for private endpoints. For security reasons, it is recomme | Parameter | Type | Description | | :-- | :-- | :-- | -| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | +| [`service`](#parameter-privateendpointsservice) | string | The subresource to deploy the private endpoint for. For example "blob", "table", "queue" or "file". | | [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | string | Resource ID of the subnet where the endpoint needs to be created. | **Optional parameters** @@ -1075,9 +1123,10 @@ Configuration details for private endpoints. For security reasons, it is recomme | [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | | [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | | [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | +| [`isManualConnection`](#parameter-privateendpointsismanualconnection) | bool | If Manual Private Link Connection is required. | | [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | | [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | -| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | +| [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars. | | [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | | [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | | [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | @@ -1086,7 +1135,7 @@ Configuration details for private endpoints. For security reasons, it is recomme ### Parameter: `privateEndpoints.service` -The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". +The subresource to deploy the private endpoint for. For example "blob", "table", "queue" or "file". - Required: Yes - Type: string @@ -1116,19 +1165,19 @@ Custom DNS configurations. | Parameter | Type | Description | | :-- | :-- | :-- | -| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | string | Fqdn that resolves to private endpoint ip address. | -| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | array | A list of private ip addresses of the private endpoint. | +| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | string | Fqdn that resolves to private endpoint IP address. | +| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | array | A list of private IP addresses of the private endpoint. | ### Parameter: `privateEndpoints.customDnsConfigs.fqdn` -Fqdn that resolves to private endpoint ip address. +Fqdn that resolves to private endpoint IP address. - Required: No - Type: string ### Parameter: `privateEndpoints.customDnsConfigs.ipAddresses` -A list of private ip addresses of the private endpoint. +A list of private IP addresses of the private endpoint. - Required: Yes - Type: array @@ -1181,7 +1230,7 @@ Properties of private endpoint IP configurations. | :-- | :-- | :-- | | [`groupId`](#parameter-privateendpointsipconfigurationspropertiesgroupid) | string | The ID of a group obtained from the remote resource that this private endpoint should connect to. | | [`memberName`](#parameter-privateendpointsipconfigurationspropertiesmembername) | string | The member name of a group obtained from the remote resource that this private endpoint should connect to. | -| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | string | A private ip address obtained from the private endpoint's subnet. | +| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | string | A private IP address obtained from the private endpoint's subnet. | ### Parameter: `privateEndpoints.ipConfigurations.properties.groupId` @@ -1199,11 +1248,18 @@ The member name of a group obtained from the remote resource that this private e ### Parameter: `privateEndpoints.ipConfigurations.properties.privateIPAddress` -A private ip address obtained from the private endpoint's subnet. +A private IP address obtained from the private endpoint's subnet. - Required: Yes - Type: string +### Parameter: `privateEndpoints.isManualConnection` + +If Manual Private Link Connection is required. + +- Required: No +- Type: bool + ### Parameter: `privateEndpoints.location` The location to deploy the private endpoint to. @@ -1247,12 +1303,12 @@ Specify the name of lock. - Required: No - Type: string -### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` +### Parameter: `privateEndpoints.manualConnectionRequestMessage` -Manual PrivateLink Service Connections. +A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars. - Required: No -- Type: array +- Type: string ### Parameter: `privateEndpoints.name` diff --git a/avm/res/synapse/workspace/integration-runtime/main.json b/avm/res/synapse/workspace/integration-runtime/main.json index 97a5e64866..03114a39ba 100644 --- a/avm/res/synapse/workspace/integration-runtime/main.json +++ b/avm/res/synapse/workspace/integration-runtime/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "7739107907804712060" + "version": "0.24.24.22086", + "templateHash": "5925144887906209420" }, "name": "Synapse Workspace Integration Runtimes", "description": "This module deploys a Synapse Workspace Integration Runtime.", diff --git a/avm/res/synapse/workspace/key/main.json b/avm/res/synapse/workspace/key/main.json index 85aed99df5..f14f2c84df 100644 --- a/avm/res/synapse/workspace/key/main.json +++ b/avm/res/synapse/workspace/key/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "2498604793784722860" + "version": "0.24.24.22086", + "templateHash": "15811131631744837887" }, "name": "Synapse Workspaces Keys", "description": "This module deploys a Synapse Workspaces Key.", diff --git a/avm/res/synapse/workspace/main.bicep b/avm/res/synapse/workspace/main.bicep index d54a6fa3c5..823a0a3dc6 100644 --- a/avm/res/synapse/workspace/main.bicep +++ b/avm/res/synapse/workspace/main.bicep @@ -257,31 +257,42 @@ resource workspace_roleAssignments 'Microsoft.Authorization/roleAssignments@2022 module workspace_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.3.1' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-workspace-PrivateEndpoint-${index}' params: { - privateLinkServiceConnections: [ + name: privateEndpoint.?name ?? 'pep-${last(split(workspace.id, '/'))}-${privateEndpoint.service}-${index}' + privateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections != true ? [ { - name: name + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(workspace.id, '/'))}-${privateEndpoint.service}-${index}' properties: { privateLinkServiceId: workspace.id groupIds: [ - privateEndpoint.?service ?? 'SQL' + privateEndpoint.service ] } } - ] - name: privateEndpoint.?name ?? 'pep-${last(split(workspace.id, '/'))}-${privateEndpoint.?service ?? privateEndpoint.service}-${index}' + ] : null + manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ + { + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(workspace.id, '/'))}-${privateEndpoint.service}-${index}' + properties: { + privateLinkServiceId: workspace.id + groupIds: [ + privateEndpoint.service + ] + requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' + } + } + ] : null subnetResourceId: privateEndpoint.subnetResourceId + enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry location: privateEndpoint.?location ?? reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location lock: privateEndpoint.?lock ?? lock privateDnsZoneGroupName: privateEndpoint.?privateDnsZoneGroupName privateDnsZoneResourceIds: privateEndpoint.?privateDnsZoneResourceIds roleAssignments: privateEndpoint.?roleAssignments tags: privateEndpoint.?tags ?? tags - manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections customDnsConfigs: privateEndpoint.?customDnsConfigs ipConfigurations: privateEndpoint.?ipConfigurations applicationSecurityGroupResourceIds: privateEndpoint.?applicationSecurityGroupResourceIds customNetworkInterfaceName: privateEndpoint.?customNetworkInterfaceName - enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry } }] @@ -370,7 +381,7 @@ type privateEndpointType = { @description('Optional. The location to deploy the private endpoint to.') location: string? - @description('Required. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob".') + @description('Required. The subresource to deploy the private endpoint for. For example "blob", "table", "queue" or "file".') service: string @description('Required. Resource ID of the subnet where the endpoint needs to be created.') @@ -382,12 +393,18 @@ type privateEndpointType = { @description('Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.') privateDnsZoneResourceIds: string[]? + @description('Optional. If Manual Private Link Connection is required.') + isManualConnection: bool? + + @description('Optional. A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars.') + manualConnectionRequestMessage: string? + @description('Optional. Custom DNS configurations.') customDnsConfigs: { - @description('Required. Fqdn that resolves to private endpoint ip address.') + @description('Required. Fqdn that resolves to private endpoint IP address.') fqdn: string? - @description('Required. A list of private ip addresses of the private endpoint.') + @description('Required. A list of private IP addresses of the private endpoint.') ipAddresses: string[] }[]? @@ -404,7 +421,7 @@ type privateEndpointType = { @description('Required. The member name of a group obtained from the remote resource that this private endpoint should connect to.') memberName: string - @description('Required. A private ip address obtained from the private endpoint\'s subnet.') + @description('Required. A private IP address obtained from the private endpoint\'s subnet.') privateIPAddress: string } }[]? @@ -424,9 +441,6 @@ type privateEndpointType = { @description('Optional. Tags to be applied on all resources/resource groups in this deployment.') tags: object? - @description('Optional. Manual PrivateLink Service Connections.') - manualPrivateLinkServiceConnections: array? - @description('Optional. Enable/Disable usage telemetry for module.') enableTelemetry: bool? }[]? diff --git a/avm/res/synapse/workspace/main.json b/avm/res/synapse/workspace/main.json index 1d1b1b6994..c5d4473836 100644 --- a/avm/res/synapse/workspace/main.json +++ b/avm/res/synapse/workspace/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "13895345816421777976" + "version": "0.24.24.22086", + "templateHash": "7944657056081864299" }, "name": "Synapse Workspaces", "description": "This module deploys a Synapse Workspace.", @@ -141,7 +141,7 @@ "service": { "type": "string", "metadata": { - "description": "Required. The service (sub-) type to deploy the private endpoint for. For example \"vault\" or \"blob\"." + "description": "Required. The subresource to deploy the private endpoint for. For example \"blob\", \"table\", \"queue\" or \"file\"." } }, "subnetResourceId": { @@ -167,6 +167,20 @@ "description": "Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones." } }, + "isManualConnection": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. If Manual Private Link Connection is required." + } + }, + "manualConnectionRequestMessage": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars." + } + }, "customDnsConfigs": { "type": "array", "items": { @@ -176,7 +190,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Required. Fqdn that resolves to private endpoint ip address." + "description": "Required. Fqdn that resolves to private endpoint IP address." } }, "ipAddresses": { @@ -185,7 +199,7 @@ "type": "string" }, "metadata": { - "description": "Required. A list of private ip addresses of the private endpoint." + "description": "Required. A list of private IP addresses of the private endpoint." } } } @@ -224,7 +238,7 @@ "privateIPAddress": { "type": "string", "metadata": { - "description": "Required. A private ip address obtained from the private endpoint's subnet." + "description": "Required. A private IP address obtained from the private endpoint's subnet." } } }, @@ -275,13 +289,6 @@ "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." } }, - "manualPrivateLinkServiceConnections": { - "type": "array", - "nullable": true, - "metadata": { - "description": "Optional. Manual PrivateLink Service Connections." - } - }, "enableTelemetry": { "type": "bool", "nullable": true, @@ -789,8 +796,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "7739107907804712060" + "version": "0.24.24.22086", + "templateHash": "5925144887906209420" }, "name": "Synapse Workspace Integration Runtimes", "description": "This module deploys a Synapse Workspace Integration Runtime.", @@ -887,8 +894,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "16862202180408198277" + "version": "0.24.24.22086", + "templateHash": "17058954208193213785" } }, "parameters": { @@ -975,8 +982,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "2498604793784722860" + "version": "0.24.24.22086", + "templateHash": "15811131631744837887" }, "name": "Synapse Workspaces Keys", "description": "This module deploys a Synapse Workspaces Key.", @@ -1064,25 +1071,17 @@ }, "mode": "Incremental", "parameters": { - "privateLinkServiceConnections": { - "value": [ - { - "name": "[parameters('name')]", - "properties": { - "privateLinkServiceId": "[resourceId('Microsoft.Synapse/workspaces', parameters('name'))]", - "groupIds": [ - "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'SQL')]" - ] - } - } - ] - }, "name": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.Synapse/workspaces', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service), copyIndex()))]" + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.Synapse/workspaces', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex()))]" }, + "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Synapse/workspaces', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Synapse/workspaces', parameters('name')), 'groupIds', createArray(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service))))), createObject('value', null()))]", + "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Synapse/workspaces', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Synapse/workspaces', parameters('name')), 'groupIds', createArray(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, + "enableTelemetry": { + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'enableTelemetry'), parameters('enableTelemetry'))]" + }, "location": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'location'), reference(split(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location)]" }, @@ -1101,9 +1100,6 @@ "tags": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'tags'), parameters('tags'))]" }, - "manualPrivateLinkServiceConnections": { - "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections')]" - }, "customDnsConfigs": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customDnsConfigs')]" }, @@ -1115,9 +1111,6 @@ }, "customNetworkInterfaceName": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customNetworkInterfaceName')]" - }, - "enableTelemetry": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'enableTelemetry'), parameters('enableTelemetry'))]" } }, "template": { diff --git a/avm/res/synapse/workspace/tests/e2e/max/main.test.bicep b/avm/res/synapse/workspace/tests/e2e/max/main.test.bicep index 623225fb1d..f96f1e9699 100644 --- a/avm/res/synapse/workspace/tests/e2e/max/main.test.bicep +++ b/avm/res/synapse/workspace/tests/e2e/max/main.test.bicep @@ -106,6 +106,30 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } + { + privateDnsZoneResourceIds: [ + nestedDependencies.outputs.privateDNSZoneResourceId + ] + service: 'SqlOnDemand' + subnetResourceId: nestedDependencies.outputs.subnetResourceId + tags: { + 'hidden-title': 'This is visible in the resource name' + Environment: 'Non-Prod' + Role: 'DeploymentValidation' + } + } + { + privateDnsZoneResourceIds: [ + nestedDependencies.outputs.privateDNSZoneResourceId + ] + service: 'Dev' + subnetResourceId: nestedDependencies.outputs.subnetResourceId + tags: { + 'hidden-title': 'This is visible in the resource name' + Environment: 'Non-Prod' + Role: 'DeploymentValidation' + } + } ] managedVirtualNetwork: true integrationRuntimes: [ diff --git a/avm/res/synapse/workspace/version.json b/avm/res/synapse/workspace/version.json index 83083db694..9481fea58e 100644 --- a/avm/res/synapse/workspace/version.json +++ b/avm/res/synapse/workspace/version.json @@ -1,7 +1,7 @@ { "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.1", + "version": "0.2", "pathFilters": [ "./main.json" ] -} \ No newline at end of file +} From 3a2572a9691478968f0c6fc11dfb9bd4a7978f15 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sun, 25 Feb 2024 09:21:42 +0100 Subject: [PATCH 02/29] Update to latest --- avm/res/databricks/workspace/tests/e2e/max/dependencies.bicep | 2 +- .../workspace/tests/e2e/waf-aligned/dependencies.bicep | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/avm/res/databricks/workspace/tests/e2e/max/dependencies.bicep b/avm/res/databricks/workspace/tests/e2e/max/dependencies.bicep index dfc69285ca..9a8c73e3f6 100644 --- a/avm/res/databricks/workspace/tests/e2e/max/dependencies.bicep +++ b/avm/res/databricks/workspace/tests/e2e/max/dependencies.bicep @@ -94,7 +94,7 @@ resource keyPermissions 'Microsoft.Authorization/roleAssignments@2022-04-01' = { name: guid('msi-${keyVault::key.id}-${location}-${managedIdentity.id}-Key-Key-Vault-Crypto-User-RoleAssignment') scope: keyVault::key properties: { - principalId: '09ef9f59-e7b6-422e-84e4-508cfc8d64e7' // '711330f9-cfad-4b10-a462-d82faa92027d' // AzureDatabricks Enterprise Application Object Id (Note: this is tenant specific) + principalId: '711330f9-cfad-4b10-a462-d82faa92027d' // AzureDatabricks Enterprise Application Object Id (Note: this is tenant specific) roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '12338af0-0e69-4776-bea7-57ae8d297424') // Key Vault Crypto User principalType: 'ServicePrincipal' } diff --git a/avm/res/databricks/workspace/tests/e2e/waf-aligned/dependencies.bicep b/avm/res/databricks/workspace/tests/e2e/waf-aligned/dependencies.bicep index dfc69285ca..9a8c73e3f6 100644 --- a/avm/res/databricks/workspace/tests/e2e/waf-aligned/dependencies.bicep +++ b/avm/res/databricks/workspace/tests/e2e/waf-aligned/dependencies.bicep @@ -94,7 +94,7 @@ resource keyPermissions 'Microsoft.Authorization/roleAssignments@2022-04-01' = { name: guid('msi-${keyVault::key.id}-${location}-${managedIdentity.id}-Key-Key-Vault-Crypto-User-RoleAssignment') scope: keyVault::key properties: { - principalId: '09ef9f59-e7b6-422e-84e4-508cfc8d64e7' // '711330f9-cfad-4b10-a462-d82faa92027d' // AzureDatabricks Enterprise Application Object Id (Note: this is tenant specific) + principalId: '711330f9-cfad-4b10-a462-d82faa92027d' // AzureDatabricks Enterprise Application Object Id (Note: this is tenant specific) roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '12338af0-0e69-4776-bea7-57ae8d297424') // Key Vault Crypto User principalType: 'ServicePrincipal' } From f510b1261659ee9782011c6e618b30f509711a56 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sun, 25 Feb 2024 10:01:06 +0100 Subject: [PATCH 03/29] Several fixes --- .../automation/automation-account/main.bicep | 2 +- avm/res/batch/batch-account/main.bicep | 2 +- avm/res/cache/redis/main.bicep | 29 ++++++++++----- avm/res/cognitive-services/account/main.bicep | 30 +++++++++++----- .../container-registry/registry/main.bicep | 36 +++++++++++++------ avm/res/data-factory/factory/main.bicep | 36 +++++++++++++------ avm/res/databricks/workspace/main.bicep | 2 +- .../host-pool/main.bicep | 4 +-- .../workspace/main.bicep | 2 +- .../document-db/database-account/main.bicep | 2 +- avm/res/event-grid/domain/README.md | 2 +- avm/res/event-grid/domain/main.bicep | 21 ++++++----- avm/res/event-grid/topic/README.md | 2 +- avm/res/event-grid/topic/main.bicep | 21 ++++++----- .../insights/private-link-scope/main.bicep | 21 ++++++----- avm/res/key-vault/vault/main.bicep | 14 ++++---- avm/res/search/search-service/main.bicep | 21 ++++++----- avm/res/service-bus/namespace/main.bicep | 15 ++++---- avm/res/sql/server/main.bicep | 14 ++++---- avm/res/storage/storage-account/main.bicep | 2 +- avm/res/synapse/private-link-hub/main.bicep | 2 +- avm/res/synapse/workspace/main.bicep | 2 +- avm/res/web/site/main.bicep | 21 ++++++----- avm/res/web/site/slot/main.bicep | 21 ++++++----- avm/res/web/static-site/main.bicep | 21 ++++++----- 25 files changed, 214 insertions(+), 131 deletions(-) diff --git a/avm/res/automation/automation-account/main.bicep b/avm/res/automation/automation-account/main.bicep index 37f5e9e3bf..6328047193 100644 --- a/avm/res/automation/automation-account/main.bicep +++ b/avm/res/automation/automation-account/main.bicep @@ -328,7 +328,7 @@ resource automationAccount_diagnosticSettings 'Microsoft.Insights/diagnosticSett scope: automationAccount }] -module automationAccount_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.3.1' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { +module automationAccount_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-automationAccount-PrivateEndpoint-${index}' params: { name: privateEndpoint.?name ?? 'pep-${last(split(automationAccount.id, '/'))}-${privateEndpoint.service}-${index}' diff --git a/avm/res/batch/batch-account/main.bicep b/avm/res/batch/batch-account/main.bicep index ac9d025dee..c439fbe5b1 100644 --- a/avm/res/batch/batch-account/main.bicep +++ b/avm/res/batch/batch-account/main.bicep @@ -201,7 +201,7 @@ resource batchAccount_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@ scope: batchAccount }] -module batchAccount_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.3.1' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { +module batchAccount_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-BatchAccount-PrivateEndpoint-${index}' params: { name: privateEndpoint.?name ?? 'pep-${last(split(batchAccount.id, '/'))}-${privateEndpoint.service}-${index}' diff --git a/avm/res/cache/redis/main.bicep b/avm/res/cache/redis/main.bicep index de47057248..3ab8a092e0 100644 --- a/avm/res/cache/redis/main.bicep +++ b/avm/res/cache/redis/main.bicep @@ -213,9 +213,10 @@ resource redis_roleAssignments 'Microsoft.Authorization/roleAssignments@2022-04- scope: redis }] -module redis_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.3.1' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { +module redis_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-KeyVault-PrivateEndpoint-${index}' params: { + name: privateEndpoint.?name ?? 'pep-${last(split(redis.id, '/'))}-${privateEndpoint.?service ?? 'redisCache'}-${index}' privateLinkServiceConnections: [ { name: name @@ -227,7 +228,18 @@ module redis_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.3.1' } } ] - name: privateEndpoint.?name ?? 'pep-${last(split(redis.id, '/'))}-${privateEndpoint.?service ?? 'redisCache'}-${index}' + manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ + { + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(redis.id, '/'))}-${privateEndpoint.service}-${index}' + properties: { + privateLinkServiceId: redis.id + groupIds: [ + privateEndpoint.?service ?? 'redisCache' + ] + requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' + } + } + ] : null subnetResourceId: privateEndpoint.subnetResourceId enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry location: privateEndpoint.?location ?? reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location @@ -236,7 +248,6 @@ module redis_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.3.1' privateDnsZoneResourceIds: privateEndpoint.?privateDnsZoneResourceIds roleAssignments: privateEndpoint.?roleAssignments tags: privateEndpoint.?tags ?? tags - manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections customDnsConfigs: privateEndpoint.?customDnsConfigs ipConfigurations: privateEndpoint.?ipConfigurations applicationSecurityGroupResourceIds: privateEndpoint.?applicationSecurityGroupResourceIds @@ -289,14 +300,13 @@ type lockType = { }? type privateEndpointType = { - @description('Optional. The name of the private endpoint.') name: string? @description('Optional. The location to deploy the private endpoint to.') location: string? - @description('Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob".') + @description('Optional. The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory".') service: string? @description('Required. Resource ID of the subnet where the endpoint needs to be created.') @@ -308,6 +318,12 @@ type privateEndpointType = { @description('Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.') privateDnsZoneResourceIds: string[]? + @description('Optional. If Manual Private Link Connection is required.') + isManualConnection: bool? + + @description('Optional. A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars.') + manualConnectionRequestMessage: string? + @description('Optional. Custom DNS configurations.') customDnsConfigs: { @description('Required. Fqdn that resolves to private endpoint IP address.') @@ -350,9 +366,6 @@ type privateEndpointType = { @description('Optional. Tags to be applied on all resources/resource groups in this deployment.') tags: object? - @description('Optional. Manual PrivateLink Service Connections.') - manualPrivateLinkServiceConnections: array? - @description('Optional. Enable/Disable usage telemetry for module.') enableTelemetry: bool? }[]? diff --git a/avm/res/cognitive-services/account/main.bicep b/avm/res/cognitive-services/account/main.bicep index 05149ac191..fb8f3d43f4 100644 --- a/avm/res/cognitive-services/account/main.bicep +++ b/avm/res/cognitive-services/account/main.bicep @@ -265,9 +265,10 @@ resource cognitiveService_diagnosticSettings 'Microsoft.Insights/diagnosticSetti scope: cognitiveService }] -module cognitiveService_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.3.1' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { +module cognitiveService_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-CognitiveService-PrivateEndpoint-${index}' params: { + name: privateEndpoint.?name ?? 'pep-${last(split(cognitiveService.id, '/'))}-${privateEndpoint.?service ?? 'account'}-${index}' privateLinkServiceConnections: [ { name: name @@ -279,7 +280,18 @@ module cognitiveService_privateEndpoints 'br/public:avm/res/network/private-endp } } ] - name: privateEndpoint.?name ?? 'pep-${last(split(cognitiveService.id, '/'))}-${privateEndpoint.?service ?? 'account'}-${index}' + manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ + { + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(cognitiveService.id, '/'))}-${privateEndpoint.service}-${index}' + properties: { + privateLinkServiceId: cognitiveService.id + groupIds: [ + privateEndpoint.?service ?? 'account' + ] + requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' + } + } + ] : null subnetResourceId: privateEndpoint.subnetResourceId enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry location: privateEndpoint.?location ?? reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location @@ -288,7 +300,6 @@ module cognitiveService_privateEndpoints 'br/public:avm/res/network/private-endp privateDnsZoneResourceIds: privateEndpoint.?privateDnsZoneResourceIds roleAssignments: privateEndpoint.?roleAssignments tags: privateEndpoint.?tags ?? tags - manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections customDnsConfigs: privateEndpoint.?customDnsConfigs ipConfigurations: privateEndpoint.?ipConfigurations applicationSecurityGroupResourceIds: privateEndpoint.?applicationSecurityGroupResourceIds @@ -406,7 +417,7 @@ type privateEndpointType = { @description('Optional. The location to deploy the private endpoint to.') location: string? - @description('Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob".') + @description('Optional. The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory".') service: string? @description('Required. Resource ID of the subnet where the endpoint needs to be created.') @@ -418,6 +429,12 @@ type privateEndpointType = { @description('Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.') privateDnsZoneResourceIds: string[]? + @description('Optional. If Manual Private Link Connection is required.') + isManualConnection: bool? + + @description('Optional. A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars.') + manualConnectionRequestMessage: string? + @description('Optional. Custom DNS configurations.') customDnsConfigs: { @description('Required. Fqdn that resolves to private endpoint IP address.') @@ -455,14 +472,11 @@ type privateEndpointType = { lock: lockType @description('Optional. Array of role assignments to create.') - roleAssignments: roleAssignmentType? + roleAssignments: roleAssignmentType @description('Optional. Tags to be applied on all resources/resource groups in this deployment.') tags: object? - @description('Optional. Manual PrivateLink Service Connections.') - manualPrivateLinkServiceConnections: array? - @description('Optional. Enable/Disable usage telemetry for module.') enableTelemetry: bool? }[]? diff --git a/avm/res/container-registry/registry/main.bicep b/avm/res/container-registry/registry/main.bicep index 8c33bc7154..af7efe5678 100644 --- a/avm/res/container-registry/registry/main.bicep +++ b/avm/res/container-registry/registry/main.bicep @@ -334,9 +334,10 @@ resource registry_roleAssignments 'Microsoft.Authorization/roleAssignments@2022- scope: registry }] -module registry_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.3.2' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { +module registry_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-registry-PrivateEndpoint-${index}' params: { + name: privateEndpoint.?name ?? 'pep-${last(split(registry.id, '/'))}-${privateEndpoint.?service ?? 'registry'}-${index}' privateLinkServiceConnections: [ { name: name @@ -348,7 +349,18 @@ module registry_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.3 } } ] - name: privateEndpoint.?name ?? 'pep-${last(split(registry.id, '/'))}-${privateEndpoint.?service ?? 'registry'}-${index}' + manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ + { + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(registry.id, '/'))}-${privateEndpoint.service}-${index}' + properties: { + privateLinkServiceId: registry.id + groupIds: [ + privateEndpoint.service ?? 'registry' + ] + requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' + } + } + ] : null subnetResourceId: privateEndpoint.subnetResourceId enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry location: privateEndpoint.?location ?? reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location @@ -357,7 +369,6 @@ module registry_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.3 privateDnsZoneResourceIds: privateEndpoint.?privateDnsZoneResourceIds roleAssignments: privateEndpoint.?roleAssignments tags: privateEndpoint.?tags ?? tags - manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections customDnsConfigs: privateEndpoint.?customDnsConfigs ipConfigurations: privateEndpoint.?ipConfigurations applicationSecurityGroupResourceIds: privateEndpoint.?applicationSecurityGroupResourceIds @@ -433,24 +444,30 @@ type privateEndpointType = { @description('Optional. The location to deploy the private endpoint to.') location: string? - @description('Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob".') + @description('Optional. The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory".') service: string? @description('Required. Resource ID of the subnet where the endpoint needs to be created.') subnetResourceId: string - @description('Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided.') + @description('Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided.') privateDnsZoneGroupName: string? @description('Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.') privateDnsZoneResourceIds: string[]? + @description('Optional. If Manual Private Link Connection is required.') + isManualConnection: bool? + + @description('Optional. A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars.') + manualConnectionRequestMessage: string? + @description('Optional. Custom DNS configurations.') customDnsConfigs: { - @description('Required. Fqdn that resolves to private endpoint ip address.') + @description('Required. Fqdn that resolves to private endpoint IP address.') fqdn: string? - @description('Required. A list of private ip addresses of the private endpoint.') + @description('Required. A list of private IP addresses of the private endpoint.') ipAddresses: string[] }[]? @@ -467,7 +484,7 @@ type privateEndpointType = { @description('Required. The member name of a group obtained from the remote resource that this private endpoint should connect to.') memberName: string - @description('Required. A private ip address obtained from the private endpoint\'s subnet.') + @description('Required. A private IP address obtained from the private endpoint\'s subnet.') privateIPAddress: string } }[]? @@ -487,9 +504,6 @@ type privateEndpointType = { @description('Optional. Tags to be applied on all resources/resource groups in this deployment.') tags: object? - @description('Optional. Manual PrivateLink Service Connections.') - manualPrivateLinkServiceConnections: array? - @description('Optional. Enable/Disable usage telemetry for module.') enableTelemetry: bool? }[]? diff --git a/avm/res/data-factory/factory/main.bicep b/avm/res/data-factory/factory/main.bicep index 77562721b6..4530413a41 100644 --- a/avm/res/data-factory/factory/main.bicep +++ b/avm/res/data-factory/factory/main.bicep @@ -226,9 +226,10 @@ resource dataFactory_roleAssignments 'Microsoft.Authorization/roleAssignments@20 scope: dataFactory }] -module dataFactory_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.3.2' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { +module dataFactory_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-dataFactory-PrivateEndpoint-${index}' params: { + name: privateEndpoint.?name ?? 'pep-${last(split(dataFactory.id, '/'))}-${privateEndpoint.?service ?? 'dataFactory'}-${index}' privateLinkServiceConnections: [ { name: name @@ -240,7 +241,18 @@ module dataFactory_privateEndpoints 'br/public:avm/res/network/private-endpoint: } } ] - name: privateEndpoint.?name ?? 'pep-${last(split(dataFactory.id, '/'))}-${privateEndpoint.?service ?? 'dataFactory'}-${index}' + manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ + { + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(dataFactory.id, '/'))}-${privateEndpoint.service}-${index}' + properties: { + privateLinkServiceId: dataFactory.id + groupIds: [ + privateEndpoint.service ?? 'dataFactory' + ] + requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' + } + } + ] : null subnetResourceId: privateEndpoint.subnetResourceId location: privateEndpoint.?location ?? reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location lock: privateEndpoint.?lock ?? lock @@ -249,7 +261,6 @@ module dataFactory_privateEndpoints 'br/public:avm/res/network/private-endpoint: privateDnsZoneResourceIds: privateEndpoint.?privateDnsZoneResourceIds roleAssignments: privateEndpoint.?roleAssignments tags: privateEndpoint.?tags ?? tags - manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections customDnsConfigs: privateEndpoint.?customDnsConfigs ipConfigurations: privateEndpoint.?ipConfigurations applicationSecurityGroupResourceIds: privateEndpoint.?applicationSecurityGroupResourceIds @@ -322,24 +333,30 @@ type privateEndpointType = { @description('Optional. The location to deploy the private endpoint to.') location: string? - @description('Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob".') + @description('Optional. The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory".') service: string? @description('Required. Resource ID of the subnet where the endpoint needs to be created.') subnetResourceId: string - @description('Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided.') + @description('Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided.') privateDnsZoneGroupName: string? @description('Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.') privateDnsZoneResourceIds: string[]? + @description('Optional. If Manual Private Link Connection is required.') + isManualConnection: bool? + + @description('Optional. A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars.') + manualConnectionRequestMessage: string? + @description('Optional. Custom DNS configurations.') customDnsConfigs: { - @description('Required. Fqdn that resolves to private endpoint ip address.') + @description('Required. Fqdn that resolves to private endpoint IP address.') fqdn: string? - @description('Required. A list of private ip addresses of the private endpoint.') + @description('Required. A list of private IP addresses of the private endpoint.') ipAddresses: string[] }[]? @@ -356,7 +373,7 @@ type privateEndpointType = { @description('Required. The member name of a group obtained from the remote resource that this private endpoint should connect to.') memberName: string - @description('Required. A private ip address obtained from the private endpoint\'s subnet.') + @description('Required. A private IP address obtained from the private endpoint\'s subnet.') privateIPAddress: string } }[]? @@ -376,9 +393,6 @@ type privateEndpointType = { @description('Optional. Tags to be applied on all resources/resource groups in this deployment.') tags: object? - @description('Optional. Manual PrivateLink Service Connections.') - manualPrivateLinkServiceConnections: array? - @description('Optional. Enable/Disable usage telemetry for module.') enableTelemetry: bool? }[]? diff --git a/avm/res/databricks/workspace/main.bicep b/avm/res/databricks/workspace/main.bicep index 6da8e23bad..0c0cda5772 100644 --- a/avm/res/databricks/workspace/main.bicep +++ b/avm/res/databricks/workspace/main.bicep @@ -288,7 +288,7 @@ resource workspace_roleAssignments 'Microsoft.Authorization/roleAssignments@2022 }] @batchSize(1) -module workspace_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.3.3' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { +module workspace_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-Databricks-PrivateEndpoint-${index}' params: { name: privateEndpoint.?name ?? 'pep-${last(split(workspace.id, '/'))}-${privateEndpoint.service}-${index}' diff --git a/avm/res/desktop-virtualization/host-pool/main.bicep b/avm/res/desktop-virtualization/host-pool/main.bicep index 9e4cb17472..793e014923 100644 --- a/avm/res/desktop-virtualization/host-pool/main.bicep +++ b/avm/res/desktop-virtualization/host-pool/main.bicep @@ -196,13 +196,13 @@ resource hostPool 'Microsoft.DesktopVirtualization/hostPools@2023-09-05' = { } } -module hostPool_privateEndpoints 'br/public:avm-res-network-privateendpoint:0.1.1' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { +module hostPool_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-HostPool-PrivateEndpoint-${index}' params: { + name: privateEndpoint.?name ?? 'pep-${last(split(hostPool.id, '/'))}-${privateEndpoint.?service ?? 'connection'}-${index}' groupIds: [ privateEndpoint.?service ?? 'connection' ] - name: privateEndpoint.?name ?? 'pep-${last(split(hostPool.id, '/'))}-${privateEndpoint.?service ?? 'connection'}-${index}' serviceResourceId: hostPool.id subnetResourceId: privateEndpoint.subnetResourceId enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry diff --git a/avm/res/desktop-virtualization/workspace/main.bicep b/avm/res/desktop-virtualization/workspace/main.bicep index 76b833e555..d7addcf8fc 100644 --- a/avm/res/desktop-virtualization/workspace/main.bicep +++ b/avm/res/desktop-virtualization/workspace/main.bicep @@ -90,7 +90,7 @@ resource workspace 'Microsoft.DesktopVirtualization/workspaces@2022-10-14-previe } } -module workspace_privateEndpoints 'br/public:avm-res-network-privateendpoint:0.1.1' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { +module workspace_privateEndpoints 'br/public:avm-res-network-privateendpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-Workspace-PrivateEndpoint-${index}' params: { groupIds: [ diff --git a/avm/res/document-db/database-account/main.bicep b/avm/res/document-db/database-account/main.bicep index f7efedebb6..3bf4f1a604 100644 --- a/avm/res/document-db/database-account/main.bicep +++ b/avm/res/document-db/database-account/main.bicep @@ -317,7 +317,7 @@ module databaseAccount_gremlinDatabases 'gremlin-database/main.bicep' = [for gre } }] -module databaseAccount_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.3.1' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { +module databaseAccount_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-databaseAccount-PrivateEndpoint-${index}' params: { name: privateEndpoint.?name ?? 'pep-${last(split(databaseAccount.id, '/'))}-${privateEndpoint.service}-${index}' diff --git a/avm/res/event-grid/domain/README.md b/avm/res/event-grid/domain/README.md index 10afb3de29..af3e336ac1 100644 --- a/avm/res/event-grid/domain/README.md +++ b/avm/res/event-grid/domain/README.md @@ -1250,7 +1250,7 @@ This section gives you an overview of all local-referenced module files (i.e., o | Reference | Type | | :-- | :-- | -| `br/public:avm-res-network-privateendpoint:0.1.1` | Remote reference | +| `br/public:avm-res-network-privateendpoint:0.4.0` | Remote reference | ## Data Collection diff --git a/avm/res/event-grid/domain/main.bicep b/avm/res/event-grid/domain/main.bicep index 7cf3d9fa9e..b9a5b86f6d 100644 --- a/avm/res/event-grid/domain/main.bicep +++ b/avm/res/event-grid/domain/main.bicep @@ -143,7 +143,7 @@ resource domain_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-0 scope: domain }] -module domain_privateEndpoints 'br/public:avm-res-network-privateendpoint:0.1.1' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { +module domain_privateEndpoints 'br/public:avm-res-network-privateendpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-domain-PrivateEndpoint-${index}' params: { groupIds: [ @@ -246,24 +246,30 @@ type privateEndpointType = { @description('Optional. The location to deploy the private endpoint to.') location: string? - @description('Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob".') + @description('Optional. The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory".') service: string? @description('Required. Resource ID of the subnet where the endpoint needs to be created.') subnetResourceId: string - @description('Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided.') + @description('Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided.') privateDnsZoneGroupName: string? @description('Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.') privateDnsZoneResourceIds: string[]? + @description('Optional. If Manual Private Link Connection is required.') + isManualConnection: bool? + + @description('Optional. A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars.') + manualConnectionRequestMessage: string? + @description('Optional. Custom DNS configurations.') customDnsConfigs: { - @description('Required. Fqdn that resolves to private endpoint ip address.') + @description('Required. Fqdn that resolves to private endpoint IP address.') fqdn: string? - @description('Required. A list of private ip addresses of the private endpoint.') + @description('Required. A list of private IP addresses of the private endpoint.') ipAddresses: string[] }[]? @@ -280,7 +286,7 @@ type privateEndpointType = { @description('Required. The member name of a group obtained from the remote resource that this private endpoint should connect to.') memberName: string - @description('Required. A private ip address obtained from the private endpoint\'s subnet.') + @description('Required. A private IP address obtained from the private endpoint\'s subnet.') privateIPAddress: string } }[]? @@ -300,9 +306,6 @@ type privateEndpointType = { @description('Optional. Tags to be applied on all resources/resource groups in this deployment.') tags: object? - @description('Optional. Manual PrivateLink Service Connections.') - manualPrivateLinkServiceConnections: array? - @description('Optional. Enable/Disable usage telemetry for module.') enableTelemetry: bool? }[]? diff --git a/avm/res/event-grid/topic/README.md b/avm/res/event-grid/topic/README.md index 8ec0604200..8bfb703f81 100644 --- a/avm/res/event-grid/topic/README.md +++ b/avm/res/event-grid/topic/README.md @@ -1337,7 +1337,7 @@ This section gives you an overview of all local-referenced module files (i.e., o | Reference | Type | | :-- | :-- | -| `br/public:avm-res-network-privateendpoint:0.1.1` | Remote reference | +| `br/public:avm-res-network-privateendpoint:0.4.0` | Remote reference | ## Data Collection diff --git a/avm/res/event-grid/topic/main.bicep b/avm/res/event-grid/topic/main.bicep index f6ce5a84bf..83088a80b3 100644 --- a/avm/res/event-grid/topic/main.bicep +++ b/avm/res/event-grid/topic/main.bicep @@ -145,7 +145,7 @@ resource topic_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05 scope: topic }] -module topic_privateEndpoints 'br/public:avm-res-network-privateendpoint:0.1.1' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { +module topic_privateEndpoints 'br/public:avm-res-network-privateendpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-topic-PrivateEndpoint-${index}' params: { groupIds: [ @@ -248,24 +248,30 @@ type privateEndpointType = { @description('Optional. The location to deploy the private endpoint to.') location: string? - @description('Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob".') + @description('Optional. The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory".') service: string? @description('Required. Resource ID of the subnet where the endpoint needs to be created.') subnetResourceId: string - @description('Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided.') + @description('Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided.') privateDnsZoneGroupName: string? @description('Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.') privateDnsZoneResourceIds: string[]? + @description('Optional. If Manual Private Link Connection is required.') + isManualConnection: bool? + + @description('Optional. A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars.') + manualConnectionRequestMessage: string? + @description('Optional. Custom DNS configurations.') customDnsConfigs: { - @description('Required. Fqdn that resolves to private endpoint ip address.') + @description('Required. Fqdn that resolves to private endpoint IP address.') fqdn: string? - @description('Required. A list of private ip addresses of the private endpoint.') + @description('Required. A list of private IP addresses of the private endpoint.') ipAddresses: string[] }[]? @@ -282,7 +288,7 @@ type privateEndpointType = { @description('Required. The member name of a group obtained from the remote resource that this private endpoint should connect to.') memberName: string - @description('Required. A private ip address obtained from the private endpoint\'s subnet.') + @description('Required. A private IP address obtained from the private endpoint\'s subnet.') privateIPAddress: string } }[]? @@ -302,9 +308,6 @@ type privateEndpointType = { @description('Optional. Tags to be applied on all resources/resource groups in this deployment.') tags: object? - @description('Optional. Manual PrivateLink Service Connections.') - manualPrivateLinkServiceConnections: array? - @description('Optional. Enable/Disable usage telemetry for module.') enableTelemetry: bool? }[]? diff --git a/avm/res/insights/private-link-scope/main.bicep b/avm/res/insights/private-link-scope/main.bicep index bd1a98c4be..0dea2fdb0b 100644 --- a/avm/res/insights/private-link-scope/main.bicep +++ b/avm/res/insights/private-link-scope/main.bicep @@ -103,7 +103,7 @@ resource privateLinkScope_lock 'Microsoft.Authorization/locks@2020-05-01' = if ( scope: privateLinkScope } -module privateLinkScope_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.3.1' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { +module privateLinkScope_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-PrivateLinkScope-PrivateEndpoint-${index}' params: { privateLinkServiceConnections: [ @@ -202,24 +202,30 @@ type privateEndpointType = { @description('Optional. The location to deploy the private endpoint to.') location: string? - @description('Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob".') + @description('Optional. The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory".') service: string? @description('Required. Resource ID of the subnet where the endpoint needs to be created.') subnetResourceId: string - @description('Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided.') + @description('Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided.') privateDnsZoneGroupName: string? @description('Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.') privateDnsZoneResourceIds: string[]? + @description('Optional. If Manual Private Link Connection is required.') + isManualConnection: bool? + + @description('Optional. A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars.') + manualConnectionRequestMessage: string? + @description('Optional. Custom DNS configurations.') customDnsConfigs: { - @description('Required. Fqdn that resolves to private endpoint ip address.') + @description('Required. Fqdn that resolves to private endpoint IP address.') fqdn: string? - @description('Required. A list of private ip addresses of the private endpoint.') + @description('Required. A list of private IP addresses of the private endpoint.') ipAddresses: string[] }[]? @@ -236,7 +242,7 @@ type privateEndpointType = { @description('Required. The member name of a group obtained from the remote resource that this private endpoint should connect to.') memberName: string - @description('Required. A private ip address obtained from the private endpoint\'s subnet.') + @description('Required. A private IP address obtained from the private endpoint\'s subnet.') privateIPAddress: string } }[]? @@ -256,9 +262,6 @@ type privateEndpointType = { @description('Optional. Tags to be applied on all resources/resource groups in this deployment.') tags: object? - @description('Optional. Manual PrivateLink Service Connections.') - manualPrivateLinkServiceConnections: array? - @description('Optional. Enable/Disable usage telemetry for module.') enableTelemetry: bool? }[]? diff --git a/avm/res/key-vault/vault/main.bicep b/avm/res/key-vault/vault/main.bicep index 55a5bc90f2..0bbe5c963c 100644 --- a/avm/res/key-vault/vault/main.bicep +++ b/avm/res/key-vault/vault/main.bicep @@ -236,7 +236,7 @@ module keyVault_keys 'key/main.bicep' = [for (key, index) in (keys ?? []): { } }] -module keyVault_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.3.1' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { +module keyVault_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-KeyVault-PrivateEndpoint-${index}' params: { privateLinkServiceConnections: [ @@ -371,14 +371,13 @@ type roleAssignmentType = { }[]? type privateEndpointType = { - @description('Optional. The name of the private endpoint.') name: string? @description('Optional. The location to deploy the private endpoint to.') location: string? - @description('Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob".') + @description('Optional. The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory".') service: string? @description('Required. Resource ID of the subnet where the endpoint needs to be created.') @@ -390,6 +389,12 @@ type privateEndpointType = { @description('Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.') privateDnsZoneResourceIds: string[]? + @description('Optional. If Manual Private Link Connection is required.') + isManualConnection: bool? + + @description('Optional. A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars.') + manualConnectionRequestMessage: string? + @description('Optional. Custom DNS configurations.') customDnsConfigs: { @description('Required. Fqdn that resolves to private endpoint IP address.') @@ -432,9 +437,6 @@ type privateEndpointType = { @description('Optional. Tags to be applied on all resources/resource groups in this deployment.') tags: object? - @description('Optional. Manual PrivateLink Service Connections.') - manualPrivateLinkServiceConnections: array? - @description('Optional. Enable/Disable usage telemetry for module.') enableTelemetry: bool? }[]? diff --git a/avm/res/search/search-service/main.bicep b/avm/res/search/search-service/main.bicep index 41841fe704..0102a01eef 100644 --- a/avm/res/search/search-service/main.bicep +++ b/avm/res/search/search-service/main.bicep @@ -198,7 +198,7 @@ resource searchService_roleAssignments 'Microsoft.Authorization/roleAssignments@ scope: searchService }] -module searchService_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.3.1' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { +module searchService_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-searchService-PrivateEndpoint-${index}' params: { privateLinkServiceConnections: [ @@ -311,24 +311,30 @@ type privateEndpointType = { @description('Optional. The location to deploy the private endpoint to.') location: string? - @description('Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob".') + @description('Optional. The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory".') service: string? @description('Required. Resource ID of the subnet where the endpoint needs to be created.') subnetResourceId: string - @description('Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided.') + @description('Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided.') privateDnsZoneGroupName: string? @description('Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.') privateDnsZoneResourceIds: string[]? + @description('Optional. If Manual Private Link Connection is required.') + isManualConnection: bool? + + @description('Optional. A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars.') + manualConnectionRequestMessage: string? + @description('Optional. Custom DNS configurations.') customDnsConfigs: { - @description('Required. Fqdn that resolves to private endpoint ip address.') + @description('Required. Fqdn that resolves to private endpoint IP address.') fqdn: string? - @description('Required. A list of private ip addresses of the private endpoint.') + @description('Required. A list of private IP addresses of the private endpoint.') ipAddresses: string[] }[]? @@ -345,7 +351,7 @@ type privateEndpointType = { @description('Required. The member name of a group obtained from the remote resource that this private endpoint should connect to.') memberName: string - @description('Required. A private ip address obtained from the private endpoint\'s subnet.') + @description('Required. A private IP address obtained from the private endpoint\'s subnet.') privateIPAddress: string } }[]? @@ -365,9 +371,6 @@ type privateEndpointType = { @description('Optional. Tags to be applied on all resources/resource groups in this deployment.') tags: object? - @description('Optional. Manual PrivateLink Service Connections.') - manualPrivateLinkServiceConnections: array? - @description('Optional. Enable/Disable usage telemetry for module.') enableTelemetry: bool? }[]? diff --git a/avm/res/service-bus/namespace/main.bicep b/avm/res/service-bus/namespace/main.bicep index e519393cc1..a248cfa170 100644 --- a/avm/res/service-bus/namespace/main.bicep +++ b/avm/res/service-bus/namespace/main.bicep @@ -300,7 +300,7 @@ resource serviceBusNamespace_diagnosticSettings 'Microsoft.Insights/diagnosticSe scope: serviceBusNamespace }] -module serviceBusNamespace_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.3.1' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { +module serviceBusNamespace_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-serviceBusNamespace-PrivateEndpoint-${index}' params: { privateLinkServiceConnections: [ @@ -410,18 +410,24 @@ type privateEndpointType = { @description('Optional. The location to deploy the private endpoint to.') location: string? - @description('Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob".') + @description('Optional. The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory".') service: string? @description('Required. Resource ID of the subnet where the endpoint needs to be created.') subnetResourceId: string - @description('Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided.') + @description('Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided.') privateDnsZoneGroupName: string? @description('Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.') privateDnsZoneResourceIds: string[]? + @description('Optional. If Manual Private Link Connection is required.') + isManualConnection: bool? + + @description('Optional. A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars.') + manualConnectionRequestMessage: string? + @description('Optional. Custom DNS configurations.') customDnsConfigs: { @description('Required. Fqdn that resolves to private endpoint IP address.') @@ -464,9 +470,6 @@ type privateEndpointType = { @description('Optional. Tags to be applied on all resources/resource groups in this deployment.') tags: object? - @description('Optional. Manual PrivateLink Service Connections.') - manualPrivateLinkServiceConnections: array? - @description('Optional. Enable/Disable usage telemetry for module.') enableTelemetry: bool? }[]? diff --git a/avm/res/sql/server/main.bicep b/avm/res/sql/server/main.bicep index 9adb292dfa..c4a8a62b66 100644 --- a/avm/res/sql/server/main.bicep +++ b/avm/res/sql/server/main.bicep @@ -234,7 +234,7 @@ module server_elasticPools 'elastic-pool/main.bicep' = [for (elasticPool, index) } }] -module server_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.3.1' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { +module server_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-server-PrivateEndpoint-${index}' params: { privateLinkServiceConnections: [ @@ -399,14 +399,13 @@ type roleAssignmentType = { }[]? type privateEndpointType = { - @description('Optional. The name of the private endpoint.') name: string? @description('Optional. The location to deploy the private endpoint to.') location: string? - @description('Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob".') + @description('Optional. The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory".') service: string? @description('Required. Resource ID of the subnet where the endpoint needs to be created.') @@ -418,6 +417,12 @@ type privateEndpointType = { @description('Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.') privateDnsZoneResourceIds: string[]? + @description('Optional. If Manual Private Link Connection is required.') + isManualConnection: bool? + + @description('Optional. A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars.') + manualConnectionRequestMessage: string? + @description('Optional. Custom DNS configurations.') customDnsConfigs: { @description('Required. Fqdn that resolves to private endpoint IP address.') @@ -460,9 +465,6 @@ type privateEndpointType = { @description('Optional. Tags to be applied on all resources/resource groups in this deployment.') tags: object? - @description('Optional. Manual PrivateLink Service Connections.') - manualPrivateLinkServiceConnections: array? - @description('Optional. Enable/Disable usage telemetry for module.') enableTelemetry: bool? }[]? diff --git a/avm/res/storage/storage-account/main.bicep b/avm/res/storage/storage-account/main.bicep index 10778ec337..39dd0230a8 100644 --- a/avm/res/storage/storage-account/main.bicep +++ b/avm/res/storage/storage-account/main.bicep @@ -352,7 +352,7 @@ resource storageAccount_roleAssignments 'Microsoft.Authorization/roleAssignments scope: storageAccount }] -module storageAccount_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.3.1' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { +module storageAccount_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-StorageAccount-PrivateEndpoint-${index}' params: { name: privateEndpoint.?name ?? 'pep-${last(split(storageAccount.id, '/'))}-${privateEndpoint.service}-${index}' diff --git a/avm/res/synapse/private-link-hub/main.bicep b/avm/res/synapse/private-link-hub/main.bicep index ea2d80db82..12d9e3513b 100644 --- a/avm/res/synapse/private-link-hub/main.bicep +++ b/avm/res/synapse/private-link-hub/main.bicep @@ -81,7 +81,7 @@ resource privateLinkHub_roleAssignments 'Microsoft.Authorization/roleAssignments }] // Private Endpoints -module privateLinkHub_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.3.1' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { +module privateLinkHub_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-privateLinkHub-PrivateEndpoint-${index}' params: { privateLinkServiceConnections: [ diff --git a/avm/res/synapse/workspace/main.bicep b/avm/res/synapse/workspace/main.bicep index 823a0a3dc6..53e6f009bd 100644 --- a/avm/res/synapse/workspace/main.bicep +++ b/avm/res/synapse/workspace/main.bicep @@ -254,7 +254,7 @@ resource workspace_roleAssignments 'Microsoft.Authorization/roleAssignments@2022 }] // Endpoints -module workspace_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.3.1' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { +module workspace_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-workspace-PrivateEndpoint-${index}' params: { name: privateEndpoint.?name ?? 'pep-${last(split(workspace.id, '/'))}-${privateEndpoint.service}-${index}' diff --git a/avm/res/web/site/main.bicep b/avm/res/web/site/main.bicep index 7351a9a11f..2f325beae7 100644 --- a/avm/res/web/site/main.bicep +++ b/avm/res/web/site/main.bicep @@ -362,7 +362,7 @@ resource app_roleAssignments 'Microsoft.Authorization/roleAssignments@2022-04-01 scope: app }] -module app_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.3.2' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { +module app_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-app-PrivateEndpoint-${index}' params: { privateLinkServiceConnections: [ @@ -470,24 +470,30 @@ type privateEndpointType = { @description('Optional. The location to deploy the private endpoint to.') location: string? - @description('Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob".') + @description('Optional. The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory".') service: string? @description('Required. Resource ID of the subnet where the endpoint needs to be created.') subnetResourceId: string - @description('Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided.') + @description('Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided.') privateDnsZoneGroupName: string? @description('Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.') privateDnsZoneResourceIds: string[]? + @description('Optional. If Manual Private Link Connection is required.') + isManualConnection: bool? + + @description('Optional. A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars.') + manualConnectionRequestMessage: string? + @description('Optional. Custom DNS configurations.') customDnsConfigs: { - @description('Required. Fqdn that resolves to private endpoint ip address.') + @description('Required. Fqdn that resolves to private endpoint IP address.') fqdn: string? - @description('Required. A list of private ip addresses of the private endpoint.') + @description('Required. A list of private IP addresses of the private endpoint.') ipAddresses: string[] }[]? @@ -504,7 +510,7 @@ type privateEndpointType = { @description('Required. The member name of a group obtained from the remote resource that this private endpoint should connect to.') memberName: string - @description('Required. A private ip address obtained from the private endpoint\'s subnet.') + @description('Required. A private IP address obtained from the private endpoint\'s subnet.') privateIPAddress: string } }[]? @@ -524,9 +530,6 @@ type privateEndpointType = { @description('Optional. Tags to be applied on all resources/resource groups in this deployment.') tags: object? - @description('Optional. Manual PrivateLink Service Connections.') - manualPrivateLinkServiceConnections: array? - @description('Optional. Enable/Disable usage telemetry for module.') enableTelemetry: bool? }[]? diff --git a/avm/res/web/site/slot/main.bicep b/avm/res/web/site/slot/main.bicep index 9c91ea7372..367f32fbc2 100644 --- a/avm/res/web/site/slot/main.bicep +++ b/avm/res/web/site/slot/main.bicep @@ -295,7 +295,7 @@ resource slot_roleAssignments 'Microsoft.Authorization/roleAssignments@2022-04-0 scope: slot }] -module slot_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.3.2' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { +module slot_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-Slot-PrivateEndpoint-${index}' params: { privateLinkServiceConnections: [ @@ -391,24 +391,30 @@ type privateEndpointType = { @description('Optional. The location to deploy the private endpoint to.') location: string? - @description('Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob".') + @description('Optional. The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory".') service: string? @description('Required. Resource ID of the subnet where the endpoint needs to be created.') subnetResourceId: string - @description('Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided.') + @description('Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided.') privateDnsZoneGroupName: string? @description('Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.') privateDnsZoneResourceIds: string[]? + @description('Optional. If Manual Private Link Connection is required.') + isManualConnection: bool? + + @description('Optional. A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars.') + manualConnectionRequestMessage: string? + @description('Optional. Custom DNS configurations.') customDnsConfigs: { - @description('Required. Fqdn that resolves to private endpoint ip address.') + @description('Required. Fqdn that resolves to private endpoint IP address.') fqdn: string? - @description('Required. A list of private ip addresses of the private endpoint.') + @description('Required. A list of private IP addresses of the private endpoint.') ipAddresses: string[] }[]? @@ -425,7 +431,7 @@ type privateEndpointType = { @description('Required. The member name of a group obtained from the remote resource that this private endpoint should connect to.') memberName: string - @description('Required. A private ip address obtained from the private endpoint\'s subnet.') + @description('Required. A private IP address obtained from the private endpoint\'s subnet.') privateIPAddress: string } }[]? @@ -445,9 +451,6 @@ type privateEndpointType = { @description('Optional. Tags to be applied on all resources/resource groups in this deployment.') tags: object? - @description('Optional. Manual PrivateLink Service Connections.') - manualPrivateLinkServiceConnections: array? - @description('Optional. Enable/Disable usage telemetry for module.') enableTelemetry: bool? }[]? diff --git a/avm/res/web/static-site/main.bicep b/avm/res/web/static-site/main.bicep index 3cbc8d702b..c31a39647a 100644 --- a/avm/res/web/static-site/main.bicep +++ b/avm/res/web/static-site/main.bicep @@ -201,7 +201,7 @@ resource staticSite_roleAssignments 'Microsoft.Authorization/roleAssignments@202 scope: staticSite }] -module staticSite_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.3.1' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { +module staticSite_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-staticSite-PrivateEndpoint-${index}' params: { privateLinkServiceConnections: [ @@ -300,24 +300,30 @@ type privateEndpointType = { @description('Optional. The location to deploy the private endpoint to.') location: string? - @description('Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob".') + @description('Optional. The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory".') service: string? @description('Required. Resource ID of the subnet where the endpoint needs to be created.') subnetResourceId: string - @description('Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided.') + @description('Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided.') privateDnsZoneGroupName: string? @description('Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.') privateDnsZoneResourceIds: string[]? + @description('Optional. If Manual Private Link Connection is required.') + isManualConnection: bool? + + @description('Optional. A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars.') + manualConnectionRequestMessage: string? + @description('Optional. Custom DNS configurations.') customDnsConfigs: { - @description('Required. Fqdn that resolves to private endpoint ip address.') + @description('Required. Fqdn that resolves to private endpoint IP address.') fqdn: string? - @description('Required. A list of private ip addresses of the private endpoint.') + @description('Required. A list of private IP addresses of the private endpoint.') ipAddresses: string[] }[]? @@ -334,7 +340,7 @@ type privateEndpointType = { @description('Required. The member name of a group obtained from the remote resource that this private endpoint should connect to.') memberName: string - @description('Required. A private ip address obtained from the private endpoint\'s subnet.') + @description('Required. A private IP address obtained from the private endpoint\'s subnet.') privateIPAddress: string } }[]? @@ -354,9 +360,6 @@ type privateEndpointType = { @description('Optional. Tags to be applied on all resources/resource groups in this deployment.') tags: object? - @description('Optional. Manual PrivateLink Service Connections.') - manualPrivateLinkServiceConnections: array? - @description('Optional. Enable/Disable usage telemetry for module.') enableTelemetry: bool? }[]? From ef334ce881ae3e89c65fd8f31b9fd3ff9aa9edfa Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sun, 25 Feb 2024 11:05:54 +0100 Subject: [PATCH 04/29] More updates --- .../automation/automation-account/main.bicep | 3 +- avm/res/batch/batch-account/main.bicep | 3 +- avm/res/cache/redis/main.bicep | 3 +- avm/res/cognitive-services/account/main.bicep | 3 +- .../container-registry/registry/main.bicep | 3 +- avm/res/data-factory/factory/main.bicep | 3 +- avm/res/databricks/workspace/main.bicep | 3 +- .../host-pool/main.bicep | 42 ++++++++++++---- .../workspace/main.bicep | 44 ++++++++++++----- .../document-db/database-account/main.bicep | 3 +- avm/res/event-grid/domain/main.bicep | 37 ++++++++++---- avm/res/event-grid/topic/main.bicep | 37 ++++++++++---- .../insights/private-link-scope/main.bicep | 20 ++++++-- avm/res/key-vault/vault/main.bicep | 26 +++++++--- avm/res/search/search-service/main.bicep | 30 ++++++++---- avm/res/service-bus/namespace/main.bicep | 28 ++++++++--- avm/res/sql/server/main.bicep | 30 ++++++++---- avm/res/storage/storage-account/main.bicep | 3 +- avm/res/synapse/private-link-hub/main.bicep | 49 ++++++++++++------- avm/res/synapse/workspace/main.bicep | 3 +- avm/res/web/site/main.bicep | 28 ++++++++--- avm/res/web/site/slot/main.bicep | 24 ++++++--- avm/res/web/static-site/main.bicep | 28 ++++++++--- 23 files changed, 328 insertions(+), 125 deletions(-) diff --git a/avm/res/automation/automation-account/main.bicep b/avm/res/automation/automation-account/main.bicep index 6328047193..9db1af88c2 100644 --- a/avm/res/automation/automation-account/main.bicep +++ b/avm/res/automation/automation-account/main.bicep @@ -464,7 +464,8 @@ type privateEndpointType = { @description('Optional. If Manual Private Link Connection is required.') isManualConnection: bool? - @description('Optional. A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars.') + @description('Optional. A message passed to the owner of the remote resource with the manual connection request.') + @maxLength(140) manualConnectionRequestMessage: string? @description('Optional. Custom DNS configurations.') diff --git a/avm/res/batch/batch-account/main.bicep b/avm/res/batch/batch-account/main.bicep index c439fbe5b1..8d7cbddb36 100644 --- a/avm/res/batch/batch-account/main.bicep +++ b/avm/res/batch/batch-account/main.bicep @@ -365,7 +365,8 @@ type privateEndpointType = { @description('Optional. If Manual Private Link Connection is required.') isManualConnection: bool? - @description('Optional. A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars.') + @description('Optional. A message passed to the owner of the remote resource with the manual connection request.') + @maxLength(140) manualConnectionRequestMessage: string? @description('Optional. Custom DNS configurations.') diff --git a/avm/res/cache/redis/main.bicep b/avm/res/cache/redis/main.bicep index 3ab8a092e0..188af0cee6 100644 --- a/avm/res/cache/redis/main.bicep +++ b/avm/res/cache/redis/main.bicep @@ -321,7 +321,8 @@ type privateEndpointType = { @description('Optional. If Manual Private Link Connection is required.') isManualConnection: bool? - @description('Optional. A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars.') + @description('Optional. A message passed to the owner of the remote resource with the manual connection request.') + @maxLength(140) manualConnectionRequestMessage: string? @description('Optional. Custom DNS configurations.') diff --git a/avm/res/cognitive-services/account/main.bicep b/avm/res/cognitive-services/account/main.bicep index fb8f3d43f4..7f8b8856df 100644 --- a/avm/res/cognitive-services/account/main.bicep +++ b/avm/res/cognitive-services/account/main.bicep @@ -432,7 +432,8 @@ type privateEndpointType = { @description('Optional. If Manual Private Link Connection is required.') isManualConnection: bool? - @description('Optional. A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars.') + @description('Optional. A message passed to the owner of the remote resource with the manual connection request.') + @maxLength(140) manualConnectionRequestMessage: string? @description('Optional. Custom DNS configurations.') diff --git a/avm/res/container-registry/registry/main.bicep b/avm/res/container-registry/registry/main.bicep index af7efe5678..98f33b4364 100644 --- a/avm/res/container-registry/registry/main.bicep +++ b/avm/res/container-registry/registry/main.bicep @@ -459,7 +459,8 @@ type privateEndpointType = { @description('Optional. If Manual Private Link Connection is required.') isManualConnection: bool? - @description('Optional. A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars.') + @description('Optional. A message passed to the owner of the remote resource with the manual connection request.') + @maxLength(140) manualConnectionRequestMessage: string? @description('Optional. Custom DNS configurations.') diff --git a/avm/res/data-factory/factory/main.bicep b/avm/res/data-factory/factory/main.bicep index 4530413a41..b337667b46 100644 --- a/avm/res/data-factory/factory/main.bicep +++ b/avm/res/data-factory/factory/main.bicep @@ -348,7 +348,8 @@ type privateEndpointType = { @description('Optional. If Manual Private Link Connection is required.') isManualConnection: bool? - @description('Optional. A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars.') + @description('Optional. A message passed to the owner of the remote resource with the manual connection request.') + @maxLength(140) manualConnectionRequestMessage: string? @description('Optional. Custom DNS configurations.') diff --git a/avm/res/databricks/workspace/main.bicep b/avm/res/databricks/workspace/main.bicep index 0c0cda5772..dd88cb1e7c 100644 --- a/avm/res/databricks/workspace/main.bicep +++ b/avm/res/databricks/workspace/main.bicep @@ -394,7 +394,8 @@ type privateEndpointType = { @description('Optional. If Manual Private Link Connection is required.') isManualConnection: bool? - @description('Optional. A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars.') + @description('Optional. A message passed to the owner of the remote resource with the manual connection request.') + @maxLength(140) manualConnectionRequestMessage: string? @description('Optional. Custom DNS configurations.') diff --git a/avm/res/desktop-virtualization/host-pool/main.bicep b/avm/res/desktop-virtualization/host-pool/main.bicep index 793e014923..ea7b13dfd4 100644 --- a/avm/res/desktop-virtualization/host-pool/main.bicep +++ b/avm/res/desktop-virtualization/host-pool/main.bicep @@ -200,18 +200,37 @@ module hostPool_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4 name: '${uniqueString(deployment().name, location)}-HostPool-PrivateEndpoint-${index}' params: { name: privateEndpoint.?name ?? 'pep-${last(split(hostPool.id, '/'))}-${privateEndpoint.?service ?? 'connection'}-${index}' - groupIds: [ - privateEndpoint.?service ?? 'connection' + privateLinkServiceConnections: [ + { + name: name + properties: { + privateLinkServiceId: hostPool.id + groupIds: [ + privateEndpoint.?service ?? 'connection' + ] + } + } ] - serviceResourceId: hostPool.id + manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ + { + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(hostPool.id, '/'))}-${privateEndpoint.service}-${index}' + properties: { + privateLinkServiceId: hostPool.id + groupIds: [ + privateEndpoint.service ?? 'connection' + ] + requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' + } + } + ] : null subnetResourceId: privateEndpoint.subnetResourceId - enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry + location: privateEndpoint.?location ?? reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location lock: privateEndpoint.?lock ?? lock + enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry privateDnsZoneGroupName: privateEndpoint.?privateDnsZoneGroupName privateDnsZoneResourceIds: privateEndpoint.?privateDnsZoneResourceIds roleAssignments: privateEndpoint.?roleAssignments tags: privateEndpoint.?tags ?? tags - manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections customDnsConfigs: privateEndpoint.?customDnsConfigs ipConfigurations: privateEndpoint.?ipConfigurations applicationSecurityGroupResourceIds: privateEndpoint.?applicationSecurityGroupResourceIds @@ -335,14 +354,13 @@ type roleAssignmentType = { }[]? type privateEndpointType = { - @sys.description('Optional. The name of the private endpoint.') name: string? @sys.description('Optional. The location to deploy the private endpoint to.') location: string? - @sys.description('Optional. The service (sub-) type to deploy the private endpoint for. For example "connection".') + @sys.description('Optional. The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory".') service: string? @sys.description('Required. Resource ID of the subnet where the endpoint needs to be created.') @@ -354,6 +372,13 @@ type privateEndpointType = { @sys.description('Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.') privateDnsZoneResourceIds: string[]? + @sys.description('Optional. If Manual Private Link Connection is required.') + isManualConnection: bool? + + @sys.description('Optional. A message passed to the owner of the remote resource with the manual connection request.') + @maxLength(140) + manualConnectionRequestMessage: string? + @sys.description('Optional. Custom DNS configurations.') customDnsConfigs: { @sys.description('Required. Fqdn that resolves to private endpoint IP address.') @@ -396,9 +421,6 @@ type privateEndpointType = { @sys.description('Optional. Tags to be applied on all resources/resource groups in this deployment.') tags: object? - @sys.description('Optional. Manual PrivateLink Service Connections.') - manualPrivateLinkServiceConnections: array? - @sys.description('Optional. Enable/Disable usage telemetry for module.') enableTelemetry: bool? }[]? diff --git a/avm/res/desktop-virtualization/workspace/main.bicep b/avm/res/desktop-virtualization/workspace/main.bicep index d7addcf8fc..d07588b933 100644 --- a/avm/res/desktop-virtualization/workspace/main.bicep +++ b/avm/res/desktop-virtualization/workspace/main.bicep @@ -90,22 +90,41 @@ resource workspace 'Microsoft.DesktopVirtualization/workspaces@2022-10-14-previe } } -module workspace_privateEndpoints 'br/public:avm-res-network-privateendpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { +module workspace_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-Workspace-PrivateEndpoint-${index}' params: { - groupIds: [ - privateEndpoint.service + name: privateEndpoint.?name ?? 'pep-${last(split(workspace.id, '/'))}-${privateEndpoint.?service ?? 'connection'}-${index}' + privateLinkServiceConnections: [ + { + name: name + properties: { + privateLinkServiceId: workspace.id + groupIds: [ + privateEndpoint.?service ?? 'connection' + ] + } + } ] - name: privateEndpoint.?name ?? 'pep-${last(split(workspace.id, '/'))}-${privateEndpoint.?service}-${index}' - serviceResourceId: workspace.id + manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ + { + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(workspace.id, '/'))}-${privateEndpoint.service}-${index}' + properties: { + privateLinkServiceId: workspace.id + groupIds: [ + privateEndpoint.service ?? 'connection' + ] + requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' + } + } + ] : null subnetResourceId: privateEndpoint.subnetResourceId - enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry + location: privateEndpoint.?location ?? reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location lock: privateEndpoint.?lock ?? lock + enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry privateDnsZoneGroupName: privateEndpoint.?privateDnsZoneGroupName privateDnsZoneResourceIds: privateEndpoint.?privateDnsZoneResourceIds roleAssignments: privateEndpoint.?roleAssignments tags: privateEndpoint.?tags ?? tags - manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections customDnsConfigs: privateEndpoint.?customDnsConfigs ipConfigurations: privateEndpoint.?ipConfigurations applicationSecurityGroupResourceIds: privateEndpoint.?applicationSecurityGroupResourceIds @@ -227,7 +246,6 @@ type roleAssignmentType = { }[]? type privateEndpointType = { - @sys.description('Optional. The name of the private endpoint.') name: string? @@ -246,6 +264,13 @@ type privateEndpointType = { @sys.description('Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.') privateDnsZoneResourceIds: string[]? + @sys.description('Optional. If Manual Private Link Connection is required.') + isManualConnection: bool? + + @sys.description('Optional. A message passed to the owner of the remote resource with the manual connection request.') + @maxLength(140) + manualConnectionRequestMessage: string? + @sys.description('Optional. Custom DNS configurations.') customDnsConfigs: { @sys.description('Required. Fqdn that resolves to private endpoint IP address.') @@ -288,9 +313,6 @@ type privateEndpointType = { @sys.description('Optional. Tags to be applied on all resources/resource groups in this deployment.') tags: object? - @sys.description('Optional. Manual PrivateLink Service Connections.') - manualPrivateLinkServiceConnections: array? - @sys.description('Optional. Enable/Disable usage telemetry for module.') enableTelemetry: bool? }[]? diff --git a/avm/res/document-db/database-account/main.bicep b/avm/res/document-db/database-account/main.bicep index 3bf4f1a604..7adb1ac997 100644 --- a/avm/res/document-db/database-account/main.bicep +++ b/avm/res/document-db/database-account/main.bicep @@ -439,7 +439,8 @@ type privateEndpointType = { @description('Optional. If Manual Private Link Connection is required.') isManualConnection: bool? - @description('Optional. A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars.') + @description('Optional. A message passed to the owner of the remote resource with the manual connection request.') + @maxLength(140) manualConnectionRequestMessage: string? @description('Optional. Custom DNS configurations.') diff --git a/avm/res/event-grid/domain/main.bicep b/avm/res/event-grid/domain/main.bicep index b9a5b86f6d..85a25125e9 100644 --- a/avm/res/event-grid/domain/main.bicep +++ b/avm/res/event-grid/domain/main.bicep @@ -143,27 +143,45 @@ resource domain_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-0 scope: domain }] -module domain_privateEndpoints 'br/public:avm-res-network-privateendpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { - name: '${uniqueString(deployment().name, location)}-domain-PrivateEndpoint-${index}' +module domain_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { + name: '${uniqueString(deployment().name, location)}-Domain-PrivateEndpoint-${index}' params: { - groupIds: [ - privateEndpoint.?service ?? 'domain' - ] name: privateEndpoint.?name ?? 'pep-${last(split(domain.id, '/'))}-${privateEndpoint.?service ?? 'domain'}-${index}' - serviceResourceId: domain.id + privateLinkServiceConnections: [ + { + name: name + properties: { + privateLinkServiceId: domain.id + groupIds: [ + privateEndpoint.?service ?? 'domain' + ] + } + } + ] + manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ + { + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(domain.id, '/'))}-${privateEndpoint.service}-${index}' + properties: { + privateLinkServiceId: domain.id + groupIds: [ + privateEndpoint.service ?? 'domain' + ] + requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' + } + } + ] : null subnetResourceId: privateEndpoint.subnetResourceId location: privateEndpoint.?location ?? reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location lock: privateEndpoint.?lock ?? lock + enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry privateDnsZoneGroupName: privateEndpoint.?privateDnsZoneGroupName privateDnsZoneResourceIds: privateEndpoint.?privateDnsZoneResourceIds roleAssignments: privateEndpoint.?roleAssignments tags: privateEndpoint.?tags ?? tags - manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections customDnsConfigs: privateEndpoint.?customDnsConfigs ipConfigurations: privateEndpoint.?ipConfigurations applicationSecurityGroupResourceIds: privateEndpoint.?applicationSecurityGroupResourceIds customNetworkInterfaceName: privateEndpoint.?customNetworkInterfaceName - enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry } }] @@ -261,7 +279,8 @@ type privateEndpointType = { @description('Optional. If Manual Private Link Connection is required.') isManualConnection: bool? - @description('Optional. A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars.') + @description('Optional. A message passed to the owner of the remote resource with the manual connection request.') + @maxLength(140) manualConnectionRequestMessage: string? @description('Optional. Custom DNS configurations.') diff --git a/avm/res/event-grid/topic/main.bicep b/avm/res/event-grid/topic/main.bicep index 83088a80b3..450f055f47 100644 --- a/avm/res/event-grid/topic/main.bicep +++ b/avm/res/event-grid/topic/main.bicep @@ -145,27 +145,45 @@ resource topic_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05 scope: topic }] -module topic_privateEndpoints 'br/public:avm-res-network-privateendpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { - name: '${uniqueString(deployment().name, location)}-topic-PrivateEndpoint-${index}' +module topic_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { + name: '${uniqueString(deployment().name, location)}-Topic-PrivateEndpoint-${index}' params: { - groupIds: [ - privateEndpoint.?service ?? 'topic' - ] name: privateEndpoint.?name ?? 'pep-${last(split(topic.id, '/'))}-${privateEndpoint.?service ?? 'topic'}-${index}' - serviceResourceId: topic.id + privateLinkServiceConnections: [ + { + name: name + properties: { + privateLinkServiceId: topic.id + groupIds: [ + privateEndpoint.?service ?? 'topic' + ] + } + } + ] + manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ + { + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(topic.id, '/'))}-${privateEndpoint.service}-${index}' + properties: { + privateLinkServiceId: topic.id + groupIds: [ + privateEndpoint.service ?? 'topic' + ] + requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' + } + } + ] : null subnetResourceId: privateEndpoint.subnetResourceId location: privateEndpoint.?location ?? reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location lock: privateEndpoint.?lock ?? lock + enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry privateDnsZoneGroupName: privateEndpoint.?privateDnsZoneGroupName privateDnsZoneResourceIds: privateEndpoint.?privateDnsZoneResourceIds roleAssignments: privateEndpoint.?roleAssignments tags: privateEndpoint.?tags ?? tags - manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections customDnsConfigs: privateEndpoint.?customDnsConfigs ipConfigurations: privateEndpoint.?ipConfigurations applicationSecurityGroupResourceIds: privateEndpoint.?applicationSecurityGroupResourceIds customNetworkInterfaceName: privateEndpoint.?customNetworkInterfaceName - enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry } }] @@ -263,7 +281,8 @@ type privateEndpointType = { @description('Optional. If Manual Private Link Connection is required.') isManualConnection: bool? - @description('Optional. A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars.') + @description('Optional. A message passed to the owner of the remote resource with the manual connection request.') + @maxLength(140) manualConnectionRequestMessage: string? @description('Optional. Custom DNS configurations.') diff --git a/avm/res/insights/private-link-scope/main.bicep b/avm/res/insights/private-link-scope/main.bicep index 0dea2fdb0b..bc6f8b2a31 100644 --- a/avm/res/insights/private-link-scope/main.bicep +++ b/avm/res/insights/private-link-scope/main.bicep @@ -106,6 +106,7 @@ resource privateLinkScope_lock 'Microsoft.Authorization/locks@2020-05-01' = if ( module privateLinkScope_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-PrivateLinkScope-PrivateEndpoint-${index}' params: { + name: privateEndpoint.?name ?? 'pep-${last(split(privateLinkScope.id, '/'))}-${privateEndpoint.?service ?? 'azuremonitor'}-${index}' privateLinkServiceConnections: [ { name: name @@ -117,16 +118,26 @@ module privateLinkScope_privateEndpoints 'br/public:avm/res/network/private-endp } } ] - name: privateEndpoint.?name ?? 'pep-${last(split(privateLinkScope.id, '/'))}-${privateEndpoint.?service ?? 'azuremonitor'}-${index}' + manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ + { + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(privateLinkScope.id, '/'))}-${privateEndpoint.service}-${index}' + properties: { + privateLinkServiceId: privateLinkScope.id + groupIds: [ + privateEndpoint.service ?? 'azuremonitor' + ] + requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' + } + } + ] : null subnetResourceId: privateEndpoint.subnetResourceId - enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry location: privateEndpoint.?location ?? reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location lock: privateEndpoint.?lock ?? lock + enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry privateDnsZoneGroupName: privateEndpoint.?privateDnsZoneGroupName privateDnsZoneResourceIds: privateEndpoint.?privateDnsZoneResourceIds roleAssignments: privateEndpoint.?roleAssignments tags: privateEndpoint.?tags ?? tags - manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections customDnsConfigs: privateEndpoint.?customDnsConfigs ipConfigurations: privateEndpoint.?ipConfigurations applicationSecurityGroupResourceIds: privateEndpoint.?applicationSecurityGroupResourceIds @@ -217,7 +228,8 @@ type privateEndpointType = { @description('Optional. If Manual Private Link Connection is required.') isManualConnection: bool? - @description('Optional. A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars.') + @description('Optional. A message passed to the owner of the remote resource with the manual connection request.') + @maxLength(140) manualConnectionRequestMessage: string? @description('Optional. Custom DNS configurations.') diff --git a/avm/res/key-vault/vault/main.bicep b/avm/res/key-vault/vault/main.bicep index 0bbe5c963c..f4b161b4b8 100644 --- a/avm/res/key-vault/vault/main.bicep +++ b/avm/res/key-vault/vault/main.bicep @@ -239,18 +239,30 @@ module keyVault_keys 'key/main.bicep' = [for (key, index) in (keys ?? []): { module keyVault_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-KeyVault-PrivateEndpoint-${index}' params: { - privateLinkServiceConnections: [ + name: privateEndpoint.?name ?? 'pep-${last(split(keyVault.id, '/'))}-${privateEndpoint.service}-${index}' + privateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections != true ? [ { - name: name + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(keyVault.id, '/'))}-${privateEndpoint.service}-${index}' properties: { privateLinkServiceId: keyVault.id groupIds: [ - privateEndpoint.?service ?? 'vault' + privateEndpoint.service ?? 'vault' ] } } - ] - name: privateEndpoint.?name ?? 'pep-${last(split(keyVault.id, '/'))}-${privateEndpoint.?service ?? 'vault'}-${index}' + ] : null + manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ + { + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(keyVault.id, '/'))}-${privateEndpoint.service}-${index}' + properties: { + privateLinkServiceId: keyVault.id + groupIds: [ + privateEndpoint.service ?? 'vault' + ] + requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' + } + } + ] : null subnetResourceId: privateEndpoint.subnetResourceId enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry location: privateEndpoint.?location ?? reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location @@ -259,7 +271,6 @@ module keyVault_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4 privateDnsZoneResourceIds: privateEndpoint.?privateDnsZoneResourceIds roleAssignments: privateEndpoint.?roleAssignments tags: privateEndpoint.?tags ?? tags - manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections customDnsConfigs: privateEndpoint.?customDnsConfigs ipConfigurations: privateEndpoint.?ipConfigurations applicationSecurityGroupResourceIds: privateEndpoint.?applicationSecurityGroupResourceIds @@ -392,7 +403,8 @@ type privateEndpointType = { @description('Optional. If Manual Private Link Connection is required.') isManualConnection: bool? - @description('Optional. A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars.') + @description('Optional. A message passed to the owner of the remote resource with the manual connection request.') + @maxLength(140) manualConnectionRequestMessage: string? @description('Optional. Custom DNS configurations.') diff --git a/avm/res/search/search-service/main.bicep b/avm/res/search/search-service/main.bicep index 0102a01eef..150e15315e 100644 --- a/avm/res/search/search-service/main.bicep +++ b/avm/res/search/search-service/main.bicep @@ -199,33 +199,44 @@ resource searchService_roleAssignments 'Microsoft.Authorization/roleAssignments@ }] module searchService_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { - name: '${uniqueString(deployment().name, location)}-searchService-PrivateEndpoint-${index}' + name: '${uniqueString(deployment().name, location)}-SearchService-PrivateEndpoint-${index}' params: { - privateLinkServiceConnections: [ + name: privateEndpoint.?name ?? 'pep-${last(split(searchService.id, '/'))}-${privateEndpoint.service}-${index}' + privateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections != true ? [ { - name: name + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(searchService.id, '/'))}-${privateEndpoint.service}-${index}' properties: { privateLinkServiceId: searchService.id groupIds: [ - privateEndpoint.?service ?? 'searchService' + privateEndpoint.service ?? 'searchService' ] } } - ] - name: privateEndpoint.?name ?? 'pep-${last(split(searchService.id, '/'))}-${privateEndpoint.?service ?? 'searchService'}-${index}' + ] : null + manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ + { + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(searchService.id, '/'))}-${privateEndpoint.service}-${index}' + properties: { + privateLinkServiceId: searchService.id + groupIds: [ + privateEndpoint.service ?? 'searchService' + ] + requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' + } + } + ] : null subnetResourceId: privateEndpoint.subnetResourceId + enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry location: privateEndpoint.?location ?? reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location lock: privateEndpoint.?lock ?? lock privateDnsZoneGroupName: privateEndpoint.?privateDnsZoneGroupName privateDnsZoneResourceIds: privateEndpoint.?privateDnsZoneResourceIds roleAssignments: privateEndpoint.?roleAssignments tags: privateEndpoint.?tags ?? tags - manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections customDnsConfigs: privateEndpoint.?customDnsConfigs ipConfigurations: privateEndpoint.?ipConfigurations applicationSecurityGroupResourceIds: privateEndpoint.?applicationSecurityGroupResourceIds customNetworkInterfaceName: privateEndpoint.?customNetworkInterfaceName - enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry } }] @@ -326,7 +337,8 @@ type privateEndpointType = { @description('Optional. If Manual Private Link Connection is required.') isManualConnection: bool? - @description('Optional. A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars.') + @description('Optional. A message passed to the owner of the remote resource with the manual connection request.') + @maxLength(140) manualConnectionRequestMessage: string? @description('Optional. Custom DNS configurations.') diff --git a/avm/res/service-bus/namespace/main.bicep b/avm/res/service-bus/namespace/main.bicep index a248cfa170..60f496afca 100644 --- a/avm/res/service-bus/namespace/main.bicep +++ b/avm/res/service-bus/namespace/main.bicep @@ -301,20 +301,32 @@ resource serviceBusNamespace_diagnosticSettings 'Microsoft.Insights/diagnosticSe }] module serviceBusNamespace_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { - name: '${uniqueString(deployment().name, location)}-serviceBusNamespace-PrivateEndpoint-${index}' + name: '${uniqueString(deployment().name, location)}-ServiceBusNamespace-PrivateEndpoint-${index}' params: { - privateLinkServiceConnections: [ + name: privateEndpoint.?name ?? 'pep-${last(split(serviceBusNamespace.id, '/'))}-${privateEndpoint.service}-${index}' + privateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections != true ? [ { - name: name + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(serviceBusNamespace.id, '/'))}-${privateEndpoint.service}-${index}' properties: { privateLinkServiceId: serviceBusNamespace.id groupIds: [ - privateEndpoint.?service ?? 'namespace' + privateEndpoint.service ?? 'namespace' ] } } - ] - name: privateEndpoint.?name ?? 'pep-${last(split(serviceBusNamespace.id, '/'))}-${privateEndpoint.?service ?? 'vault'}-${index}' + ] : null + manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ + { + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(serviceBusNamespace.id, '/'))}-${privateEndpoint.service}-${index}' + properties: { + privateLinkServiceId: serviceBusNamespace.id + groupIds: [ + privateEndpoint.service ?? 'namespace' + ] + requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' + } + } + ] : null subnetResourceId: privateEndpoint.subnetResourceId enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry location: privateEndpoint.?location ?? reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location @@ -323,7 +335,6 @@ module serviceBusNamespace_privateEndpoints 'br/public:avm/res/network/private-e privateDnsZoneResourceIds: privateEndpoint.?privateDnsZoneResourceIds roleAssignments: privateEndpoint.?roleAssignments tags: privateEndpoint.?tags ?? tags - manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections customDnsConfigs: privateEndpoint.?customDnsConfigs ipConfigurations: privateEndpoint.?ipConfigurations applicationSecurityGroupResourceIds: privateEndpoint.?applicationSecurityGroupResourceIds @@ -425,7 +436,8 @@ type privateEndpointType = { @description('Optional. If Manual Private Link Connection is required.') isManualConnection: bool? - @description('Optional. A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars.') + @description('Optional. A message passed to the owner of the remote resource with the manual connection request.') + @maxLength(140) manualConnectionRequestMessage: string? @description('Optional. Custom DNS configurations.') diff --git a/avm/res/sql/server/main.bicep b/avm/res/sql/server/main.bicep index c4a8a62b66..b25e0e9ce0 100644 --- a/avm/res/sql/server/main.bicep +++ b/avm/res/sql/server/main.bicep @@ -235,33 +235,44 @@ module server_elasticPools 'elastic-pool/main.bicep' = [for (elasticPool, index) }] module server_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { - name: '${uniqueString(deployment().name, location)}-server-PrivateEndpoint-${index}' + name: '${uniqueString(deployment().name, location)}-Server-PrivateEndpoint-${index}' params: { - privateLinkServiceConnections: [ + name: privateEndpoint.?name ?? 'pep-${last(split(server.id, '/'))}-${privateEndpoint.service}-${index}' + privateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections != true ? [ { - name: name + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(server.id, '/'))}-${privateEndpoint.service}-${index}' properties: { privateLinkServiceId: server.id groupIds: [ - privateEndpoint.?service ?? 'sqlServer' + privateEndpoint.service ?? 'sqlServer' ] } } - ] - name: privateEndpoint.?name ?? 'pep-${last(split(server.id, '/'))}-${privateEndpoint.?service ?? 'sqlServer'}-${index}' + ] : null + manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ + { + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(server.id, '/'))}-${privateEndpoint.service}-${index}' + properties: { + privateLinkServiceId: server.id + groupIds: [ + privateEndpoint.service ?? 'sqlServer' + ] + requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' + } + } + ] : null subnetResourceId: privateEndpoint.subnetResourceId + enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry location: privateEndpoint.?location ?? reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location lock: privateEndpoint.?lock ?? lock privateDnsZoneGroupName: privateEndpoint.?privateDnsZoneGroupName privateDnsZoneResourceIds: privateEndpoint.?privateDnsZoneResourceIds roleAssignments: privateEndpoint.?roleAssignments tags: privateEndpoint.?tags ?? tags - manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections customDnsConfigs: privateEndpoint.?customDnsConfigs ipConfigurations: privateEndpoint.?ipConfigurations applicationSecurityGroupResourceIds: privateEndpoint.?applicationSecurityGroupResourceIds customNetworkInterfaceName: privateEndpoint.?customNetworkInterfaceName - enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry } }] @@ -420,7 +431,8 @@ type privateEndpointType = { @description('Optional. If Manual Private Link Connection is required.') isManualConnection: bool? - @description('Optional. A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars.') + @description('Optional. A message passed to the owner of the remote resource with the manual connection request.') + @maxLength(140) manualConnectionRequestMessage: string? @description('Optional. Custom DNS configurations.') diff --git a/avm/res/storage/storage-account/main.bicep b/avm/res/storage/storage-account/main.bicep index 39dd0230a8..4661701a94 100644 --- a/avm/res/storage/storage-account/main.bicep +++ b/avm/res/storage/storage-account/main.bicep @@ -578,7 +578,8 @@ type privateEndpointType = { @description('Optional. Manual PrivateLink Service Connections.') isManualConnection: bool? - @description('Optional. The name of the request message for manual approval.') + @description('Optional. A message passed to the owner of the remote resource with the manual connection request.') + @maxLength(140) manualConnectionRequestMessage: string? @description('Optional. Custom DNS configurations.') diff --git a/avm/res/synapse/private-link-hub/main.bicep b/avm/res/synapse/private-link-hub/main.bicep index 12d9e3513b..d9b19bcc7e 100644 --- a/avm/res/synapse/private-link-hub/main.bicep +++ b/avm/res/synapse/private-link-hub/main.bicep @@ -82,33 +82,44 @@ resource privateLinkHub_roleAssignments 'Microsoft.Authorization/roleAssignments // Private Endpoints module privateLinkHub_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { - name: '${uniqueString(deployment().name, location)}-privateLinkHub-PrivateEndpoint-${index}' + name: '${uniqueString(deployment().name, location)}-PrivateLinkHub-PrivateEndpoint-${index}' params: { - privateLinkServiceConnections: [ + name: privateEndpoint.?name ?? 'pep-${last(split(privateLinkHub.id, '/'))}-${privateEndpoint.service}-${index}' + privateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections != true ? [ { - name: name + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(privateLinkHub.id, '/'))}-${privateEndpoint.service}-${index}' properties: { privateLinkServiceId: privateLinkHub.id groupIds: [ - privateEndpoint.?service ?? 'privateLinkHubs' + privateEndpoint.service ?? 'privateLinkHubs' ] } } - ] - name: privateEndpoint.?name ?? 'pep-${last(split(privateLinkHub.id, '/'))}-${privateEndpoint.?service ?? privateEndpoint.service}-${index}' + ] : null + manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ + { + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(privateLinkHub.id, '/'))}-${privateEndpoint.service}-${index}' + properties: { + privateLinkServiceId: privateLinkHub.id + groupIds: [ + privateEndpoint.service ?? 'privateLinkHubs' + ] + requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' + } + } + ] : null subnetResourceId: privateEndpoint.subnetResourceId + enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry location: privateEndpoint.?location ?? reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location lock: privateEndpoint.?lock ?? lock privateDnsZoneGroupName: privateEndpoint.?privateDnsZoneGroupName privateDnsZoneResourceIds: privateEndpoint.?privateDnsZoneResourceIds roleAssignments: privateEndpoint.?roleAssignments tags: privateEndpoint.?tags ?? tags - manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections customDnsConfigs: privateEndpoint.?customDnsConfigs ipConfigurations: privateEndpoint.?ipConfigurations applicationSecurityGroupResourceIds: privateEndpoint.?applicationSecurityGroupResourceIds customNetworkInterfaceName: privateEndpoint.?customNetworkInterfaceName - enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry } }] @@ -166,24 +177,31 @@ type privateEndpointType = { @description('Optional. The location to deploy the private endpoint to.') location: string? - @description('Required. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob".') - service: string + @description('Optional. The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory".') + service: string? @description('Required. Resource ID of the subnet where the endpoint needs to be created.') subnetResourceId: string - @description('Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided.') + @description('Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided.') privateDnsZoneGroupName: string? @description('Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.') privateDnsZoneResourceIds: string[]? + @description('Optional. If Manual Private Link Connection is required.') + isManualConnection: bool? + + @description('Optional. A message passed to the owner of the remote resource with the manual connection request.') + @maxLength(140) + manualConnectionRequestMessage: string? + @description('Optional. Custom DNS configurations.') customDnsConfigs: { - @description('Required. Fqdn that resolves to private endpoint ip address.') + @description('Required. Fqdn that resolves to private endpoint IP address.') fqdn: string? - @description('Required. A list of private ip addresses of the private endpoint.') + @description('Required. A list of private IP addresses of the private endpoint.') ipAddresses: string[] }[]? @@ -200,7 +218,7 @@ type privateEndpointType = { @description('Required. The member name of a group obtained from the remote resource that this private endpoint should connect to.') memberName: string - @description('Required. A private ip address obtained from the private endpoint\'s subnet.') + @description('Required. A private IP address obtained from the private endpoint\'s subnet.') privateIPAddress: string } }[]? @@ -220,9 +238,6 @@ type privateEndpointType = { @description('Optional. Tags to be applied on all resources/resource groups in this deployment.') tags: object? - @description('Optional. Manual PrivateLink Service Connections.') - manualPrivateLinkServiceConnections: array? - @description('Optional. Enable/Disable usage telemetry for module.') enableTelemetry: bool? }[]? diff --git a/avm/res/synapse/workspace/main.bicep b/avm/res/synapse/workspace/main.bicep index 53e6f009bd..13c505992a 100644 --- a/avm/res/synapse/workspace/main.bicep +++ b/avm/res/synapse/workspace/main.bicep @@ -396,7 +396,8 @@ type privateEndpointType = { @description('Optional. If Manual Private Link Connection is required.') isManualConnection: bool? - @description('Optional. A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars.') + @description('Optional. A message passed to the owner of the remote resource with the manual connection request.') + @maxLength(140) manualConnectionRequestMessage: string? @description('Optional. Custom DNS configurations.') diff --git a/avm/res/web/site/main.bicep b/avm/res/web/site/main.bicep index 2f325beae7..f7a85f5813 100644 --- a/avm/res/web/site/main.bicep +++ b/avm/res/web/site/main.bicep @@ -363,20 +363,32 @@ resource app_roleAssignments 'Microsoft.Authorization/roleAssignments@2022-04-01 }] module app_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { - name: '${uniqueString(deployment().name, location)}-app-PrivateEndpoint-${index}' + name: '${uniqueString(deployment().name, location)}-App-PrivateEndpoint-${index}' params: { - privateLinkServiceConnections: [ + name: privateEndpoint.?name ?? 'pep-${last(split(app.id, '/'))}-${privateEndpoint.service}-${index}' + privateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections != true ? [ { - name: name + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(app.id, '/'))}-${privateEndpoint.service}-${index}' properties: { privateLinkServiceId: app.id groupIds: [ - privateEndpoint.?service ?? 'sites' + privateEndpoint.service ?? 'sites' ] } } - ] - name: privateEndpoint.?name ?? 'pep-${last(split(app.id, '/'))}-${privateEndpoint.?service ?? 'sites'}-${index}' + ] : null + manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ + { + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(app.id, '/'))}-${privateEndpoint.service}-${index}' + properties: { + privateLinkServiceId: app.id + groupIds: [ + privateEndpoint.service ?? 'sites' + ] + requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' + } + } + ] : null subnetResourceId: privateEndpoint.subnetResourceId enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry location: privateEndpoint.?location ?? reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location @@ -385,7 +397,6 @@ module app_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = privateDnsZoneResourceIds: privateEndpoint.?privateDnsZoneResourceIds roleAssignments: privateEndpoint.?roleAssignments tags: privateEndpoint.?tags ?? tags - manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections customDnsConfigs: privateEndpoint.?customDnsConfigs ipConfigurations: privateEndpoint.?ipConfigurations applicationSecurityGroupResourceIds: privateEndpoint.?applicationSecurityGroupResourceIds @@ -485,7 +496,8 @@ type privateEndpointType = { @description('Optional. If Manual Private Link Connection is required.') isManualConnection: bool? - @description('Optional. A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars.') + @description('Optional. A message passed to the owner of the remote resource with the manual connection request.') + @maxLength(140) manualConnectionRequestMessage: string? @description('Optional. Custom DNS configurations.') diff --git a/avm/res/web/site/slot/main.bicep b/avm/res/web/site/slot/main.bicep index 367f32fbc2..3651c856c6 100644 --- a/avm/res/web/site/slot/main.bicep +++ b/avm/res/web/site/slot/main.bicep @@ -298,9 +298,10 @@ resource slot_roleAssignments 'Microsoft.Authorization/roleAssignments@2022-04-0 module slot_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-Slot-PrivateEndpoint-${index}' params: { - privateLinkServiceConnections: [ + name: privateEndpoint.?name ?? 'pep-${last(split(app.id, '/'))}-${name}-${privateEndpoint.?service ?? 'sites'}-${index}' + privateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections != true ? [ { - name: slot.name + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(app.id, '/'))}-${privateEndpoint.service}-${index}' properties: { privateLinkServiceId: app.id // Must be set on the WebApp and not the slot groupIds: [ @@ -308,8 +309,19 @@ module slot_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' ] } } - ] - name: privateEndpoint.?name ?? 'pep-${last(split(app.id, '/'))}-${name}-${privateEndpoint.?service ?? 'sites'}-${index}' + ] : null + manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ + { + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(app.id, '/'))}-${privateEndpoint.service}-${index}' + properties: { + privateLinkServiceId: app.id // Must be set on the WebApp and not the slot + groupIds: [ + privateEndpoint.?service ?? 'sites-${slot.name}' // The required syntax to create the private endpoint for a specific slot + ] + requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' + } + } + ] : null subnetResourceId: privateEndpoint.subnetResourceId enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry location: privateEndpoint.?location ?? reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location @@ -318,7 +330,6 @@ module slot_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' privateDnsZoneResourceIds: privateEndpoint.?privateDnsZoneResourceIds roleAssignments: privateEndpoint.?roleAssignments tags: privateEndpoint.?tags ?? tags - manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections customDnsConfigs: privateEndpoint.?customDnsConfigs ipConfigurations: privateEndpoint.?ipConfigurations applicationSecurityGroupResourceIds: privateEndpoint.?applicationSecurityGroupResourceIds @@ -406,7 +417,8 @@ type privateEndpointType = { @description('Optional. If Manual Private Link Connection is required.') isManualConnection: bool? - @description('Optional. A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars.') + @description('Optional. A message passed to the owner of the remote resource with the manual connection request.') + @maxLength(140) manualConnectionRequestMessage: string? @description('Optional. Custom DNS configurations.') diff --git a/avm/res/web/static-site/main.bicep b/avm/res/web/static-site/main.bicep index c31a39647a..a653860a4e 100644 --- a/avm/res/web/static-site/main.bicep +++ b/avm/res/web/static-site/main.bicep @@ -202,20 +202,32 @@ resource staticSite_roleAssignments 'Microsoft.Authorization/roleAssignments@202 }] module staticSite_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { - name: '${uniqueString(deployment().name, location)}-staticSite-PrivateEndpoint-${index}' + name: '${uniqueString(deployment().name, location)}-StaticSite-PrivateEndpoint-${index}' params: { - privateLinkServiceConnections: [ + name: privateEndpoint.?name ?? 'pep-${last(split(staticSite.id, '/'))}-${privateEndpoint.service}-${index}' + privateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections != true ? [ { - name: name + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(staticSite.id, '/'))}-${privateEndpoint.service}-${index}' properties: { privateLinkServiceId: staticSite.id groupIds: [ - privateEndpoint.?service ?? 'staticSites' + privateEndpoint.service ?? 'staticSites' ] } } - ] - name: privateEndpoint.?name ?? 'pep-${last(split(staticSite.id, '/'))}-${privateEndpoint.?service ?? 'staticSites'}-${index}' + ] : null + manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ + { + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(staticSite.id, '/'))}-${privateEndpoint.service}-${index}' + properties: { + privateLinkServiceId: staticSite.id + groupIds: [ + privateEndpoint.service ?? 'staticSites' + ] + requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' + } + } + ] : null subnetResourceId: privateEndpoint.subnetResourceId enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry location: privateEndpoint.?location ?? reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location @@ -224,7 +236,6 @@ module staticSite_privateEndpoints 'br/public:avm/res/network/private-endpoint:0 privateDnsZoneResourceIds: privateEndpoint.?privateDnsZoneResourceIds roleAssignments: privateEndpoint.?roleAssignments tags: privateEndpoint.?tags ?? tags - manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections customDnsConfigs: privateEndpoint.?customDnsConfigs ipConfigurations: privateEndpoint.?ipConfigurations applicationSecurityGroupResourceIds: privateEndpoint.?applicationSecurityGroupResourceIds @@ -315,7 +326,8 @@ type privateEndpointType = { @description('Optional. If Manual Private Link Connection is required.') isManualConnection: bool? - @description('Optional. A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars.') + @description('Optional. A message passed to the owner of the remote resource with the manual connection request.') + @maxLength(140) manualConnectionRequestMessage: string? @description('Optional. Custom DNS configurations.') From ad3895741e90320bd97b9bc1fb4c9ebf97c96914 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sun, 25 Feb 2024 11:49:07 +0100 Subject: [PATCH 05/29] Expanded tests --- .../cache/redis/tests/e2e/max/main.test.bicep | 6 + .../account/tests/e2e/max/main.test.bicep | 6 + .../registry/tests/e2e/max/main.test.bicep | 7 +- .../registry/tests/e2e/pe/dependencies.bicep | 49 ------ .../registry/tests/e2e/pe/main.test.bicep | 64 -------- .../factory/tests/e2e/max/main.test.bicep | 8 +- .../host-pool/tests/e2e/max/main.test.bicep | 6 + .../e2e/private-endpoint/dependencies.bicep | 49 ------ .../e2e/private-endpoint/main.test.bicep | 61 -------- .../e2e/private-endpoint/dependencies.bicep | 59 -------- .../e2e/private-endpoint/main.test.bicep | 139 ------------------ .../tests/e2e/sqldb/main.test.bicep | 7 + .../tests/e2e/waf-aligned/dependencies.bicep | 47 ++++++ .../tests/e2e/waf-aligned/main.test.bicep | 15 ++ .../domain/tests/e2e/max/main.test.bicep | 7 +- .../domain/tests/e2e/pe/dependencies.bicep | 49 ------ .../domain/tests/e2e/pe/main.test.bicep | 73 --------- .../topic/tests/e2e/max/main.test.bicep | 7 +- .../topic/tests/e2e/pe/dependencies.bicep | 49 ------ .../topic/tests/e2e/pe/main.test.bicep | 73 --------- .../tests/e2e/max/main.test.bicep | 6 + .../vault/tests/e2e/max/main.test.bicep | 7 +- .../e2e/private-endpoint/dependencies.bicep | 65 -------- .../e2e/private-endpoint/main.test.bicep | 101 ------------- .../tests/e2e/pe/main.test.bicep | 6 + .../namespace/tests/e2e/max/main.test.bicep | 7 +- .../namespace/tests/e2e/pe/dependencies.bicep | 60 -------- .../namespace/tests/e2e/pe/main.test.bicep | 98 ------------ .../sql/server/tests/e2e/max/main.test.bicep | 7 +- .../server/tests/e2e/pe/dependencies.bicep | 50 ------- .../sql/server/tests/e2e/pe/main.test.bicep | 96 ------------ .../tests/e2e/max/main.test.bicep | 7 +- .../tests/e2e/functionApp.max/main.test.bicep | 6 + .../site/tests/e2e/webApp.max/main.test.bicep | 6 + .../static-site/tests/e2e/max/main.test.bicep | 6 + 35 files changed, 166 insertions(+), 1143 deletions(-) delete mode 100644 avm/res/container-registry/registry/tests/e2e/pe/dependencies.bicep delete mode 100644 avm/res/container-registry/registry/tests/e2e/pe/main.test.bicep delete mode 100644 avm/res/desktop-virtualization/host-pool/tests/e2e/private-endpoint/dependencies.bicep delete mode 100644 avm/res/desktop-virtualization/host-pool/tests/e2e/private-endpoint/main.test.bicep delete mode 100644 avm/res/desktop-virtualization/workspace/tests/e2e/private-endpoint/dependencies.bicep delete mode 100644 avm/res/desktop-virtualization/workspace/tests/e2e/private-endpoint/main.test.bicep delete mode 100644 avm/res/event-grid/domain/tests/e2e/pe/dependencies.bicep delete mode 100644 avm/res/event-grid/domain/tests/e2e/pe/main.test.bicep delete mode 100644 avm/res/event-grid/topic/tests/e2e/pe/dependencies.bicep delete mode 100644 avm/res/event-grid/topic/tests/e2e/pe/main.test.bicep delete mode 100644 avm/res/key-vault/vault/tests/e2e/private-endpoint/dependencies.bicep delete mode 100644 avm/res/key-vault/vault/tests/e2e/private-endpoint/main.test.bicep delete mode 100644 avm/res/service-bus/namespace/tests/e2e/pe/dependencies.bicep delete mode 100644 avm/res/service-bus/namespace/tests/e2e/pe/main.test.bicep delete mode 100644 avm/res/sql/server/tests/e2e/pe/dependencies.bicep delete mode 100644 avm/res/sql/server/tests/e2e/pe/main.test.bicep diff --git a/avm/res/cache/redis/tests/e2e/max/main.test.bicep b/avm/res/cache/redis/tests/e2e/max/main.test.bicep index 5ba333465d..fd70ad201b 100644 --- a/avm/res/cache/redis/tests/e2e/max/main.test.bicep +++ b/avm/res/cache/redis/tests/e2e/max/main.test.bicep @@ -118,6 +118,12 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } + { + privateDnsZoneResourceIds: [ + nestedDependencies.outputs.privateDNSZoneResourceId + ] + subnetResourceId: nestedDependencies.outputs.subnetResourceId + } ] redisVersion: '6' shardCount: 1 diff --git a/avm/res/cognitive-services/account/tests/e2e/max/main.test.bicep b/avm/res/cognitive-services/account/tests/e2e/max/main.test.bicep index e13f8afd9f..82b05d5555 100644 --- a/avm/res/cognitive-services/account/tests/e2e/max/main.test.bicep +++ b/avm/res/cognitive-services/account/tests/e2e/max/main.test.bicep @@ -162,6 +162,12 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' } ] } + { + privateDnsZoneResourceIds: [ + nestedDependencies.outputs.privateDNSZoneResourceId + ] + subnetResourceId: nestedDependencies.outputs.subnetResourceId + } ] tags: { 'hidden-title': 'This is visible in the resource name' diff --git a/avm/res/container-registry/registry/tests/e2e/max/main.test.bicep b/avm/res/container-registry/registry/tests/e2e/max/main.test.bicep index 38d182fd5a..54dc543210 100644 --- a/avm/res/container-registry/registry/tests/e2e/max/main.test.bicep +++ b/avm/res/container-registry/registry/tests/e2e/max/main.test.bicep @@ -94,7 +94,6 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' } privateEndpoints: [ { - service: 'registry' subnetResourceId: nestedDependencies.outputs.subnetResourceId privateDnsZoneResourceIds: [ nestedDependencies.outputs.privateDNSZoneResourceId @@ -105,6 +104,12 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } + { + subnetResourceId: nestedDependencies.outputs.subnetResourceId + privateDnsZoneResourceIds: [ + nestedDependencies.outputs.privateDNSZoneResourceId + ] + } ] networkRuleSetIpRules: [ { diff --git a/avm/res/container-registry/registry/tests/e2e/pe/dependencies.bicep b/avm/res/container-registry/registry/tests/e2e/pe/dependencies.bicep deleted file mode 100644 index 0422180c41..0000000000 --- a/avm/res/container-registry/registry/tests/e2e/pe/dependencies.bicep +++ /dev/null @@ -1,49 +0,0 @@ -@description('Optional. The location to deploy resources to.') -param location string = resourceGroup().location - -@description('Required. The name of the Virtual Network to create.') -param virtualNetworkName string - -var addressPrefix = '10.0.0.0/16' - -resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = { - name: virtualNetworkName - location: location - properties: { - addressSpace: { - addressPrefixes: [ - addressPrefix - ] - } - subnets: [ - { - name: 'defaultSubnet' - properties: { - addressPrefix: cidrSubnet(addressPrefix, 16, 0) - } - } - ] - } -} - -resource privateDNSZone 'Microsoft.Network/privateDnsZones@2020-06-01' = { - name: 'privatelink${environment().suffixes.acrLoginServer}' - location: 'global' - - resource virtualNetworkLinks 'virtualNetworkLinks@2020-06-01' = { - name: '${virtualNetwork.name}-vnetlink' - location: 'global' - properties: { - virtualNetwork: { - id: virtualNetwork.id - } - registrationEnabled: false - } - } -} - -@description('The resource ID of the created Virtual Network Subnet.') -output subnetResourceId string = virtualNetwork.properties.subnets[0].id - -@description('The resource ID of the created Private DNS Zone.') -output privateDNSZoneResourceId string = privateDNSZone.id diff --git a/avm/res/container-registry/registry/tests/e2e/pe/main.test.bicep b/avm/res/container-registry/registry/tests/e2e/pe/main.test.bicep deleted file mode 100644 index f56d0c49e3..0000000000 --- a/avm/res/container-registry/registry/tests/e2e/pe/main.test.bicep +++ /dev/null @@ -1,64 +0,0 @@ -targetScope = 'subscription' - -metadata name = 'Using private endpoint' -metadata description = 'This instance deploys the module with a private endpoint.' - -// ========== // -// Parameters // -// ========== // - -@description('Optional. The name of the resource group to deploy for testing purposes.') -@maxLength(90) -param resourceGroupName string = 'dep-${namePrefix}-containerregistry.registries-${serviceShort}-rg' - -@description('Optional. The location to deploy resources to.') -param resourceLocation string = deployment().location - -@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') -param serviceShort string = 'crrpe' - -@description('Optional. A token to inject into the name of each resource.') -param namePrefix string = '#_namePrefix_#' - -// ============ // -// Dependencies // -// ============ // - -// General resources -// ================= -resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { - name: resourceGroupName - location: resourceLocation -} - -module nestedDependencies 'dependencies.bicep' = { - scope: resourceGroup - name: '${uniqueString(deployment().name, resourceLocation)}-nestedDependencies' - params: { - virtualNetworkName: 'dep-${namePrefix}-vnet-${serviceShort}' - location: resourceLocation - } -} - -// ============== // -// Test Execution // -// ============== // - -@batchSize(1) -module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' ]: { - scope: resourceGroup - name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}' - params: { - name: '${namePrefix}${serviceShort}001' - location: resourceLocation - acrSku: 'Premium' - privateEndpoints: [ - { - subnetResourceId: nestedDependencies.outputs.subnetResourceId - privateDnsZoneResourceIds: [ - nestedDependencies.outputs.privateDNSZoneResourceId - ] - } - ] - } -}] diff --git a/avm/res/data-factory/factory/tests/e2e/max/main.test.bicep b/avm/res/data-factory/factory/tests/e2e/max/main.test.bicep index 7cabaa0fc7..e825639f2e 100644 --- a/avm/res/data-factory/factory/tests/e2e/max/main.test.bicep +++ b/avm/res/data-factory/factory/tests/e2e/max/main.test.bicep @@ -134,9 +134,15 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' subnetResourceId: nestedDependencies.outputs.subnetResourceId tags: { 'hidden-title': 'This is visible in the resource name' - application: 'CARML' + application: 'AVM' } } + { + privateDnsZoneResourceIds: [ + nestedDependencies.outputs.privateDNSZoneResourceId + ] + subnetResourceId: nestedDependencies.outputs.subnetResourceId + } ] roleAssignments: [ { diff --git a/avm/res/desktop-virtualization/host-pool/tests/e2e/max/main.test.bicep b/avm/res/desktop-virtualization/host-pool/tests/e2e/max/main.test.bicep index 1150a73b43..2c05f337d8 100644 --- a/avm/res/desktop-virtualization/host-pool/tests/e2e/max/main.test.bicep +++ b/avm/res/desktop-virtualization/host-pool/tests/e2e/max/main.test.bicep @@ -89,6 +89,12 @@ module testDeployment '../../../main.bicep' = { ] subnetResourceId: nestedDependencies.outputs.subnetResourceId } + { + privateDnsZoneResourceIds: [ + nestedDependencies.outputs.privateDNSZoneResourceId + ] + subnetResourceId: nestedDependencies.outputs.subnetResourceId + } ] loadBalancerType: 'BreadthFirst' location: resourceLocation diff --git a/avm/res/desktop-virtualization/host-pool/tests/e2e/private-endpoint/dependencies.bicep b/avm/res/desktop-virtualization/host-pool/tests/e2e/private-endpoint/dependencies.bicep deleted file mode 100644 index f18c0628e3..0000000000 --- a/avm/res/desktop-virtualization/host-pool/tests/e2e/private-endpoint/dependencies.bicep +++ /dev/null @@ -1,49 +0,0 @@ -@description('Optional. The location to deploy to.') -param location string = resourceGroup().location - -@description('Required. The name of the Virtual Network to create.') -param virtualNetworkName string - -var addressPrefix = '10.0.0.0/16' - -resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = { - name: virtualNetworkName - location: location - properties: { - addressSpace: { - addressPrefixes: [ - addressPrefix - ] - } - subnets: [ - { - name: 'defaultSubnet' - properties: { - addressPrefix: cidrSubnet(addressPrefix, 16, 0) - } - } - ] - } -} - -resource privateDNSZone 'Microsoft.Network/privateDnsZones@2020-06-01' = { - name: 'privatelink.wvd.microsoft.com' - location: 'global' - - resource virtualNetworkLinks 'virtualNetworkLinks@2020-06-01' = { - name: '${virtualNetwork.name}-vnetlink' - location: 'global' - properties: { - virtualNetwork: { - id: virtualNetwork.id - } - registrationEnabled: false - } - } -} - -@description('The resource ID of the created Virtual Network Subnet.') -output subnetResourceId string = virtualNetwork.properties.subnets[0].id - -@description('The resource ID of the created Private DNS Zone.') -output privateDNSZoneResourceId string = privateDNSZone.id diff --git a/avm/res/desktop-virtualization/host-pool/tests/e2e/private-endpoint/main.test.bicep b/avm/res/desktop-virtualization/host-pool/tests/e2e/private-endpoint/main.test.bicep deleted file mode 100644 index 0cf73ba6a0..0000000000 --- a/avm/res/desktop-virtualization/host-pool/tests/e2e/private-endpoint/main.test.bicep +++ /dev/null @@ -1,61 +0,0 @@ -targetScope = 'subscription' - -metadata name = 'Using Private Endpoints' -metadata description = 'This instance deploys the module with Private Endpoints.' - -@description('Optional. The name of the resource group to deploy for testing purposes.') -@maxLength(90) -param resourceGroupName string = 'dep-${namePrefix}-desktopvirtualization.hostpools-${serviceShort}-rg' - -@description('Optional. The location to deploy resources to.') -param resourceLocation string = deployment().location - -@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') -param serviceShort string = 'dvhppe' - -@description('Optional. A token to inject into the name of each resource. This value can be automatically injected by the CI.') -param namePrefix string = '#_namePrefix_#' - -// ============ // -// Dependencies // -// ============ // - -// General resources -// ================= - -resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { - name: resourceGroupName - location: resourceLocation -} - -module nestedDependencies 'dependencies.bicep' = { - scope: resourceGroup - name: '${uniqueString(deployment().name, resourceLocation)}-nestedDependencies' - params: { - virtualNetworkName: 'dep-${namePrefix}-vnet-${serviceShort}' - location: resourceLocation - } -} - -// ============== // -// Test Execution // -// ============== // - -@batchSize(1) -module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' ]: { - scope: resourceGroup - name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}' - params: { - name: '${namePrefix}${serviceShort}001' - location: resourceLocation - publicNetworkAccess: 'Disabled' - privateEndpoints: [ - { - privateDnsZoneResourceIds: [ - nestedDependencies.outputs.privateDNSZoneResourceId - ] - subnetResourceId: nestedDependencies.outputs.subnetResourceId - } - ] - } -}] diff --git a/avm/res/desktop-virtualization/workspace/tests/e2e/private-endpoint/dependencies.bicep b/avm/res/desktop-virtualization/workspace/tests/e2e/private-endpoint/dependencies.bicep deleted file mode 100644 index 2e1877ac5d..0000000000 --- a/avm/res/desktop-virtualization/workspace/tests/e2e/private-endpoint/dependencies.bicep +++ /dev/null @@ -1,59 +0,0 @@ -@description('Optional. The location to deploy to.') -param location string = resourceGroup().location - -@description('Required. The name of the Virtual Network to create.') -param virtualNetworkName string - -@description('Required. The name of the Managed Identity to create.') -param managedIdentityName string - -var addressPrefix = '10.0.0.0/16' - -resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = { - name: managedIdentityName - location: location -} - -resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = { - name: virtualNetworkName - location: location - properties: { - addressSpace: { - addressPrefixes: [ - addressPrefix - ] - } - subnets: [ - { - name: 'defaultSubnet' - properties: { - addressPrefix: cidrSubnet(addressPrefix, 16, 0) - } - } - ] - } -} - -resource privateDNSZone 'Microsoft.Network/privateDnsZones@2020-06-01' = { - name: 'privatelink.wvd.microsoft.com' - location: 'global' - resource virtualNetworkLinks 'virtualNetworkLinks@2020-06-01' = { - name: '${virtualNetwork.name}-vnetlink' - location: 'global' - properties: { - virtualNetwork: { - id: virtualNetwork.id - } - registrationEnabled: false - } - } -} - -@description('The resource ID of the created Virtual Network Subnet.') -output subnetResourceId string = virtualNetwork.properties.subnets[0].id - -@description('The resource ID of the created Private DNS Zone.') -output privateDNSZoneResourceId string = privateDNSZone.id - -@description('The principal ID of the created Managed Identity.') -output managedIdentityPrincipalId string = managedIdentity.properties.principalId diff --git a/avm/res/desktop-virtualization/workspace/tests/e2e/private-endpoint/main.test.bicep b/avm/res/desktop-virtualization/workspace/tests/e2e/private-endpoint/main.test.bicep deleted file mode 100644 index 2bef56353d..0000000000 --- a/avm/res/desktop-virtualization/workspace/tests/e2e/private-endpoint/main.test.bicep +++ /dev/null @@ -1,139 +0,0 @@ -targetScope = 'subscription' - -metadata name = 'Using Private Endpoints' -metadata description = 'This instance deploys the module with Private Endpoints.' - -@description('Optional. The name of the resource group to deploy for testing purposes.') -@maxLength(90) -param resourceGroupName string = 'dep-${namePrefix}-desktopvirtualization.workspace-${serviceShort}-rg' - -@description('Optional. The location to deploy resources to.') -param resourceLocation string = deployment().location - -@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') -param serviceShort string = 'dvwspe' - -@description('Optional. A token to inject into the name of each resource. This value can be automatically injected by the CI.') -param namePrefix string = '#_namePrefix_#' - -// ============ // -// Dependencies // -// ============ // - -// General resources -// ================= - -resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { - name: resourceGroupName - location: resourceLocation -} - -module nestedDependencies 'dependencies.bicep' = { - scope: resourceGroup - name: '${uniqueString(deployment().name, resourceLocation)}-nestedDependencies' - params: { - virtualNetworkName: 'dep-${namePrefix}-vnet-${serviceShort}' - location: resourceLocation - managedIdentityName: 'dvwspe-managedidentity' - } -} - -// ============== // -// Test Execution // -// ============== // - -@batchSize(1) -module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' ]: { - scope: resourceGroup - name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}' - params: { - name: '${namePrefix}${serviceShort}001' - location: resourceLocation - publicNetworkAccess: 'Disabled' - privateEndpoints: [ - { - service: 'feed' - privateDnsZoneResourceIds: [ - nestedDependencies.outputs.privateDNSZoneResourceId - ] - subnetResourceId: nestedDependencies.outputs.subnetResourceId - tags: { - 'hidden-title': 'This is visible in the resource name' - Environment: 'Non-Prod' - Role: 'DeploymentValidation' - } - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalId: nestedDependencies.outputs.managedIdentityPrincipalId - principalType: 'ServicePrincipal' - } - ] - ipConfigurations: [ - { - name: 'myIPconfig-feed1' - properties: { - groupId: 'feed' - memberName: 'web-r0' - privateIPAddress: '10.0.0.10' - } - } - { - name: 'myIPconfig-feed2' - properties: { - groupId: 'feed' - memberName: 'web-r1' - privateIPAddress: '10.0.0.13' - } - } - ] - customDnsConfigs: [ - { - fqdn: 'abc.workspace.com' - ipAddresses: [ - '10.0.0.10' - '10.0.0.13' - ] - } - ] - } - { - service: 'global' - privateDnsZoneResourceIds: [ - nestedDependencies.outputs.privateDNSZoneResourceId - ] - subnetResourceId: nestedDependencies.outputs.subnetResourceId - tags: { - 'hidden-title': 'This is visible in the resource name' - Environment: 'Non-Prod' - Role: 'DeploymentValidation' - } - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalId: nestedDependencies.outputs.managedIdentityPrincipalId - principalType: 'ServicePrincipal' - } - ] - ipConfigurations: [ - { - name: 'myIPconfig-global' - properties: { - groupId: 'global' - memberName: 'web' - privateIPAddress: '10.0.0.11' - } - } - ] - customDnsConfigs: [ - { - fqdn: 'abc.workspace.com' - ipAddresses: [ - '10.0.0.11' - ] - } - ] - } - ] - } -}] diff --git a/avm/res/document-db/database-account/tests/e2e/sqldb/main.test.bicep b/avm/res/document-db/database-account/tests/e2e/sqldb/main.test.bicep index 70a0d82469..966d41060a 100644 --- a/avm/res/document-db/database-account/tests/e2e/sqldb/main.test.bicep +++ b/avm/res/document-db/database-account/tests/e2e/sqldb/main.test.bicep @@ -105,6 +105,13 @@ module testDeployment '../../../main.bicep' = { Role: 'DeploymentValidation' } } + { + privateDnsZoneResourceIds: [ + nestedDependencies.outputs.privateDNSZoneResourceId + ] + service: 'Sql' + subnetResourceId: nestedDependencies.outputs.subnetResourceId + } ] roleAssignments: [ { diff --git a/avm/res/document-db/database-account/tests/e2e/waf-aligned/dependencies.bicep b/avm/res/document-db/database-account/tests/e2e/waf-aligned/dependencies.bicep index d9e107c4ea..e42185366b 100644 --- a/avm/res/document-db/database-account/tests/e2e/waf-aligned/dependencies.bicep +++ b/avm/res/document-db/database-account/tests/e2e/waf-aligned/dependencies.bicep @@ -4,9 +4,50 @@ param location string = resourceGroup().location @description('Required. The name of the Managed Identity to create.') param managedIdentityName string +@description('Required. The name of the Virtual Network to create.') +param virtualNetworkName string + @description('Required. The name of the Deployment Script to create to get the paired region name.') param pairedRegionScriptName string +var addressPrefix = '10.0.0.0/16' + +resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = { + name: virtualNetworkName + location: location + properties: { + addressSpace: { + addressPrefixes: [ + addressPrefix + ] + } + subnets: [ + { + name: 'defaultSubnet' + properties: { + addressPrefix: cidrSubnet(addressPrefix, 16, 0) + } + } + ] + } +} + +resource privateDNSZone 'Microsoft.Network/privateDnsZones@2020-06-01' = { + name: 'privatelink.documents.azure.com' + location: 'global' + + resource virtualNetworkLinks 'virtualNetworkLinks@2020-06-01' = { + name: '${virtualNetwork.name}-vnetlink' + location: 'global' + properties: { + virtualNetwork: { + id: virtualNetwork.id + } + registrationEnabled: false + } + } +} + resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = { name: managedIdentityName location: location @@ -44,3 +85,9 @@ resource getPairedRegionScript 'Microsoft.Resources/deploymentScripts@2020-10-01 @description('The name of the paired region.') output pairedRegionName string = getPairedRegionScript.properties.outputs.pairedRegionName + +@description('The resource ID of the created Virtual Network Subnet.') +output subnetResourceId string = virtualNetwork.properties.subnets[0].id + +@description('The resource ID of the created Private DNS Zone.') +output privateDNSZoneResourceId string = privateDNSZone.id diff --git a/avm/res/document-db/database-account/tests/e2e/waf-aligned/main.test.bicep b/avm/res/document-db/database-account/tests/e2e/waf-aligned/main.test.bicep index 4f9c11197e..ec5d857416 100644 --- a/avm/res/document-db/database-account/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/document-db/database-account/tests/e2e/waf-aligned/main.test.bicep @@ -38,6 +38,7 @@ module nestedDependencies 'dependencies.bicep' = { name: '${uniqueString(deployment().name, resourceLocation)}-nestedDependencies' params: { managedIdentityName: 'dep-${namePrefix}-msi-${serviceShort}' + virtualNetworkName: 'dep-${namePrefix}-vnet-${serviceShort}' pairedRegionScriptName: 'dep-${namePrefix}-ds-${serviceShort}' location: resourceLocation } @@ -87,6 +88,20 @@ module testDeployment '../../../main.bicep' = { } ] location: resourceLocation + privateEndpoints: [ + { + privateDnsZoneResourceIds: [ + nestedDependencies.outputs.privateDNSZoneResourceId + ] + service: 'Sql' + subnetResourceId: nestedDependencies.outputs.subnetResourceId + tags: { + 'hidden-title': 'This is visible in the resource name' + Environment: 'Non-Prod' + Role: 'DeploymentValidation' + } + } + ] sqlDatabases: [ { containers: [ diff --git a/avm/res/event-grid/domain/tests/e2e/max/main.test.bicep b/avm/res/event-grid/domain/tests/e2e/max/main.test.bicep index 2f2e04933a..814e11f2e9 100644 --- a/avm/res/event-grid/domain/tests/e2e/max/main.test.bicep +++ b/avm/res/event-grid/domain/tests/e2e/max/main.test.bicep @@ -95,7 +95,6 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' privateDnsZoneResourceIds: [ nestedDependencies.outputs.privateDNSZoneResourceId ] - service: 'domain' subnetResourceId: nestedDependencies.outputs.subnetResourceId tags: { 'hidden-title': 'This is visible in the resource name' @@ -103,6 +102,12 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } + { + privateDnsZoneResourceIds: [ + nestedDependencies.outputs.privateDNSZoneResourceId + ] + subnetResourceId: nestedDependencies.outputs.subnetResourceId + } ] roleAssignments: [ { diff --git a/avm/res/event-grid/domain/tests/e2e/pe/dependencies.bicep b/avm/res/event-grid/domain/tests/e2e/pe/dependencies.bicep deleted file mode 100644 index 4d31fc9282..0000000000 --- a/avm/res/event-grid/domain/tests/e2e/pe/dependencies.bicep +++ /dev/null @@ -1,49 +0,0 @@ -@description('Optional. The location to deploy to.') -param location string = resourceGroup().location - -@description('Required. The name of the Virtual Network to create.') -param virtualNetworkName string - -var addressPrefix = '10.0.0.0/16' - -resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = { - name: virtualNetworkName - location: location - properties: { - addressSpace: { - addressPrefixes: [ - addressPrefix - ] - } - subnets: [ - { - name: 'defaultSubnet' - properties: { - addressPrefix: cidrSubnet(addressPrefix, 16, 0) - } - } - ] - } -} - -resource privateDNSZone 'Microsoft.Network/privateDnsZones@2020-06-01' = { - name: 'privatelink.eventgrid.azure.net' - location: 'global' - - resource virtualNetworkLinks 'virtualNetworkLinks@2020-06-01' = { - name: '${virtualNetwork.name}-vnetlink' - location: 'global' - properties: { - virtualNetwork: { - id: virtualNetwork.id - } - registrationEnabled: false - } - } -} - -@description('The resource ID of the created Virtual Network Subnet.') -output subnetResourceId string = virtualNetwork.properties.subnets[0].id - -@description('The resource ID of the created Private DNS Zone.') -output privateDNSZoneResourceId string = privateDNSZone.id diff --git a/avm/res/event-grid/domain/tests/e2e/pe/main.test.bicep b/avm/res/event-grid/domain/tests/e2e/pe/main.test.bicep deleted file mode 100644 index 49b2014da2..0000000000 --- a/avm/res/event-grid/domain/tests/e2e/pe/main.test.bicep +++ /dev/null @@ -1,73 +0,0 @@ -targetScope = 'subscription' - -metadata name = 'Using private endpoint' -metadata description = 'This instance deploys the module with private endpoint.' - -// ========== // -// Parameters // -// ========== // - -@description('Optional. The name of the resource group to deploy for testing purposes.') -@maxLength(90) -param resourceGroupName string = 'dep-${namePrefix}-eventgrid.domains-${serviceShort}-rg' - -@description('Optional. The location to deploy resources to.') -param resourceLocation string = deployment().location - -@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') -param serviceShort string = 'egdpe' - -@description('Optional. A token to inject into the name of each resource.') -param namePrefix string = '#_namePrefix_#' - -// ============ // -// Dependencies // -// ============ // - -// General resources -// ================= -resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { - name: resourceGroupName - location: resourceLocation -} - -module nestedDependencies 'dependencies.bicep' = { - scope: resourceGroup - name: '${uniqueString(deployment().name, resourceLocation)}-nestedDependencies' - params: { - virtualNetworkName: 'dep-${namePrefix}-vnet-${serviceShort}' - location: resourceLocation - } -} - -// ============== // -// Test Execution // -// ============== // - -@batchSize(1) -module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' ]: { - scope: resourceGroup - name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}' - params: { - name: '${namePrefix}${serviceShort}001' - location: resourceLocation - privateEndpoints: [ - { - privateDnsZoneResourceIds: [ - nestedDependencies.outputs.privateDNSZoneResourceId - ] - subnetResourceId: nestedDependencies.outputs.subnetResourceId - tags: { - 'hidden-title': 'This is visible in the resource name' - Environment: 'Non-Prod' - Role: 'DeploymentValidation' - } - } - ] - tags: { - 'hidden-title': 'This is visible in the resource name' - Environment: 'Non-Prod' - Role: 'DeploymentValidation' - } - } -}] diff --git a/avm/res/event-grid/topic/tests/e2e/max/main.test.bicep b/avm/res/event-grid/topic/tests/e2e/max/main.test.bicep index ddd5fb048b..7208e4a1ba 100644 --- a/avm/res/event-grid/topic/tests/e2e/max/main.test.bicep +++ b/avm/res/event-grid/topic/tests/e2e/max/main.test.bicep @@ -118,7 +118,6 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' privateDnsZoneResourceIds: [ nestedDependencies.outputs.privateDNSZoneResourceId ] - service: 'topic' subnetResourceId: nestedDependencies.outputs.subnetResourceId roleAssignments: [ { @@ -138,6 +137,12 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } + { + privateDnsZoneResourceIds: [ + nestedDependencies.outputs.privateDNSZoneResourceId + ] + subnetResourceId: nestedDependencies.outputs.subnetResourceId + } ] roleAssignments: [ { diff --git a/avm/res/event-grid/topic/tests/e2e/pe/dependencies.bicep b/avm/res/event-grid/topic/tests/e2e/pe/dependencies.bicep deleted file mode 100644 index 4d31fc9282..0000000000 --- a/avm/res/event-grid/topic/tests/e2e/pe/dependencies.bicep +++ /dev/null @@ -1,49 +0,0 @@ -@description('Optional. The location to deploy to.') -param location string = resourceGroup().location - -@description('Required. The name of the Virtual Network to create.') -param virtualNetworkName string - -var addressPrefix = '10.0.0.0/16' - -resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = { - name: virtualNetworkName - location: location - properties: { - addressSpace: { - addressPrefixes: [ - addressPrefix - ] - } - subnets: [ - { - name: 'defaultSubnet' - properties: { - addressPrefix: cidrSubnet(addressPrefix, 16, 0) - } - } - ] - } -} - -resource privateDNSZone 'Microsoft.Network/privateDnsZones@2020-06-01' = { - name: 'privatelink.eventgrid.azure.net' - location: 'global' - - resource virtualNetworkLinks 'virtualNetworkLinks@2020-06-01' = { - name: '${virtualNetwork.name}-vnetlink' - location: 'global' - properties: { - virtualNetwork: { - id: virtualNetwork.id - } - registrationEnabled: false - } - } -} - -@description('The resource ID of the created Virtual Network Subnet.') -output subnetResourceId string = virtualNetwork.properties.subnets[0].id - -@description('The resource ID of the created Private DNS Zone.') -output privateDNSZoneResourceId string = privateDNSZone.id diff --git a/avm/res/event-grid/topic/tests/e2e/pe/main.test.bicep b/avm/res/event-grid/topic/tests/e2e/pe/main.test.bicep deleted file mode 100644 index 95900fbe39..0000000000 --- a/avm/res/event-grid/topic/tests/e2e/pe/main.test.bicep +++ /dev/null @@ -1,73 +0,0 @@ -targetScope = 'subscription' - -metadata name = 'Using private endpoint' -metadata description = 'This instance deploys the module with the private endpoint.' - -// ========== // -// Parameters // -// ========== // - -@description('Optional. The name of the resource group to deploy for testing purposes.') -@maxLength(90) -param resourceGroupName string = 'dep-${namePrefix}-eventgrid.topics-${serviceShort}-rg' - -@description('Optional. The location to deploy resources to.') -param resourceLocation string = deployment().location - -@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') -param serviceShort string = 'egtpe' - -@description('Optional. A token to inject into the name of each resource.') -param namePrefix string = '#_namePrefix_#' - -// ============ // -// Dependencies // -// ============ // - -// General resources -// ================= -resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { - name: resourceGroupName - location: resourceLocation -} - -module nestedDependencies 'dependencies.bicep' = { - scope: resourceGroup - name: '${uniqueString(deployment().name, resourceLocation)}-nestedDependencies' - params: { - virtualNetworkName: 'dep-${namePrefix}-vnet-${serviceShort}' - location: resourceLocation - } -} - -// ============== // -// Test Execution // -// ============== // - -@batchSize(1) -module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' ]: { - scope: resourceGroup - name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}' - params: { - name: '${namePrefix}${serviceShort}001' - location: resourceLocation - privateEndpoints: [ - { - privateDnsZoneResourceIds: [ - nestedDependencies.outputs.privateDNSZoneResourceId - ] - subnetResourceId: nestedDependencies.outputs.subnetResourceId - tags: { - 'hidden-title': 'This is visible in the resource name' - Environment: 'Non-Prod' - Role: 'DeploymentValidation' - } - } - ] - tags: { - 'hidden-title': 'This is visible in the resource name' - Environment: 'Non-Prod' - Role: 'DeploymentValidation' - } - } -}] diff --git a/avm/res/insights/private-link-scope/tests/e2e/max/main.test.bicep b/avm/res/insights/private-link-scope/tests/e2e/max/main.test.bicep index 1d3b534580..6f6c3328c3 100644 --- a/avm/res/insights/private-link-scope/tests/e2e/max/main.test.bicep +++ b/avm/res/insights/private-link-scope/tests/e2e/max/main.test.bicep @@ -183,6 +183,12 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' } ] } + { + subnetResourceId: nestedDependencies.outputs.subnetResourceId + privateDnsZoneResourceIds: [ + nestedDependencies.outputs.privateDNSZoneResourceId + ] + } ] roleAssignments: [ { diff --git a/avm/res/key-vault/vault/tests/e2e/max/main.test.bicep b/avm/res/key-vault/vault/tests/e2e/max/main.test.bicep index 9a629f5218..48c8d6acf9 100644 --- a/avm/res/key-vault/vault/tests/e2e/max/main.test.bicep +++ b/avm/res/key-vault/vault/tests/e2e/max/main.test.bicep @@ -191,7 +191,6 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' privateDnsZoneResourceIds: [ nestedDependencies.outputs.privateDNSResourceId ] - service: 'vault' subnetResourceId: nestedDependencies.outputs.subnetResourceId tags: { 'hidden-title': 'This is visible in the resource name' @@ -229,6 +228,12 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' } ] } + { + privateDnsZoneResourceIds: [ + nestedDependencies.outputs.privateDNSResourceId + ] + subnetResourceId: nestedDependencies.outputs.subnetResourceId + } ] roleAssignments: [ { diff --git a/avm/res/key-vault/vault/tests/e2e/private-endpoint/dependencies.bicep b/avm/res/key-vault/vault/tests/e2e/private-endpoint/dependencies.bicep deleted file mode 100644 index a9999dcb53..0000000000 --- a/avm/res/key-vault/vault/tests/e2e/private-endpoint/dependencies.bicep +++ /dev/null @@ -1,65 +0,0 @@ -@description('Optional. The location to deploy to.') -param location string = resourceGroup().location - -@description('Required. The name of the Virtual Network to create.') -param virtualNetworkName string - -@description('Required. The name of the Managed Identity to create.') -param managedIdentityName string - -var addressPrefix = '10.0.0.0/16' - -resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = { - name: virtualNetworkName - location: location - properties: { - addressSpace: { - addressPrefixes: [ - addressPrefix - ] - } - subnets: [ - { - name: 'defaultSubnet' - properties: { - addressPrefix: cidrSubnet(addressPrefix, 16, 0) - serviceEndpoints: [ - { - service: 'Microsoft.KeyVault' - } - ] - } - } - ] - } -} - -resource privateDNSZone 'Microsoft.Network/privateDnsZones@2020-06-01' = { - name: 'privatelink.vaultcore.azure.net' - location: 'global' - - resource virtualNetworkLinks 'virtualNetworkLinks@2020-06-01' = { - name: '${virtualNetwork.name}-vnetlink' - location: 'global' - properties: { - virtualNetwork: { - id: virtualNetwork.id - } - registrationEnabled: false - } - } -} - -resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = { - name: managedIdentityName - location: location -} - -@description('The resource ID of the created Virtual Network Subnet.') -output subnetResourceId string = virtualNetwork.properties.subnets[0].id - -@description('The resource ID of the created Private DNS Zone.') -output privateDNSResourceId string = privateDNSZone.id - -@description('The principal ID of the created Managed Identity.') -output managedIdentityPrincipalId string = managedIdentity.properties.principalId diff --git a/avm/res/key-vault/vault/tests/e2e/private-endpoint/main.test.bicep b/avm/res/key-vault/vault/tests/e2e/private-endpoint/main.test.bicep deleted file mode 100644 index 6694323ecc..0000000000 --- a/avm/res/key-vault/vault/tests/e2e/private-endpoint/main.test.bicep +++ /dev/null @@ -1,101 +0,0 @@ -targetScope = 'subscription' - -metadata name = 'Using Private Endpoints' -metadata description = 'This instance deploys the module with Private Endpoints.' - -// ========== // -// Parameters // -// ========== // - -@description('Optional. The name of the resource group to deploy for testing purposes.') -@maxLength(90) -param resourceGroupName string = 'dep-${namePrefix}-keyvault.vaults-${serviceShort}-rg' - -@description('Optional. The location to deploy resources to.') -param resourceLocation string = deployment().location - -@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') -param serviceShort string = 'kvvpe' - -@description('Optional. A token to inject into the name of each resource. This value can be automatically injected by the CI.') -param namePrefix string = '#_namePrefix_#' - -// ============ // -// Dependencies // -// ============ // - -// General resources -// ================= -resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { - name: resourceGroupName - location: resourceLocation -} - -module nestedDependencies 'dependencies.bicep' = { - scope: resourceGroup - name: '${uniqueString(deployment().name, resourceLocation)}-nestedDependencies' - params: { - virtualNetworkName: 'dep-${namePrefix}-vnet-${serviceShort}' - managedIdentityName: 'dep-${namePrefix}-msi-${serviceShort}' - location: resourceLocation - } -} - -// ============== // -// Test Execution // -// ============== // - -@batchSize(1) -module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' ]: { - scope: resourceGroup - name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}' - params: { - name: '${namePrefix}${serviceShort}001' - location: resourceLocation - privateEndpoints: [ - { - privateDnsZoneResourceIds: [ - nestedDependencies.outputs.privateDNSResourceId - ] - subnetResourceId: nestedDependencies.outputs.subnetResourceId - tags: { - 'hidden-title': 'This is visible in the resource name' - Environment: 'Non-Prod' - Role: 'DeploymentValidation' - } - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalId: nestedDependencies.outputs.managedIdentityPrincipalId - principalType: 'ServicePrincipal' - } - ] - ipConfigurations: [ - { - name: 'myIPconfig' - properties: { - groupId: 'vault' - memberName: 'default' - privateIPAddress: '10.0.0.10' - } - } - ] - customDnsConfigs: [ - { - fqdn: 'abc.keyvault.com' - ipAddresses: [ - '10.0.0.10' - ] - } - ] - } - ] - tags: { - 'hidden-title': 'This is visible in the resource name' - Environment: 'Non-Prod' - Role: 'DeploymentValidation' - } - // Only for testing purposes - enablePurgeProtection: false - } -}] diff --git a/avm/res/search/search-service/tests/e2e/pe/main.test.bicep b/avm/res/search/search-service/tests/e2e/pe/main.test.bicep index 6f3121f61a..0c8f6c6692 100644 --- a/avm/res/search/search-service/tests/e2e/pe/main.test.bicep +++ b/avm/res/search/search-service/tests/e2e/pe/main.test.bicep @@ -69,6 +69,12 @@ module testDeployment '../../../main.bicep' = { Role: 'DeploymentValidation' } } + { + privateDnsZoneResourceIds: [ + nestedDependencies.outputs.privateDNSZoneResourceId + ] + subnetResourceId: nestedDependencies.outputs.subnetResourceId + } ] sharedPrivateLinkResources: [ { diff --git a/avm/res/service-bus/namespace/tests/e2e/max/main.test.bicep b/avm/res/service-bus/namespace/tests/e2e/max/main.test.bicep index 09f357c679..de69e57438 100644 --- a/avm/res/service-bus/namespace/tests/e2e/max/main.test.bicep +++ b/avm/res/service-bus/namespace/tests/e2e/max/main.test.bicep @@ -212,7 +212,6 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' ] privateEndpoints: [ { - service: 'namespace' subnetResourceId: nestedDependencies.outputs.subnetResourceId privateDnsZoneResourceIds: [ nestedDependencies.outputs.privateDNSZoneResourceId @@ -241,6 +240,12 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' } ] } + { + subnetResourceId: nestedDependencies.outputs.subnetResourceId + privateDnsZoneResourceIds: [ + nestedDependencies.outputs.privateDNSZoneResourceId + ] + } ] managedIdentities: { systemAssigned: true diff --git a/avm/res/service-bus/namespace/tests/e2e/pe/dependencies.bicep b/avm/res/service-bus/namespace/tests/e2e/pe/dependencies.bicep deleted file mode 100644 index 12f11cff98..0000000000 --- a/avm/res/service-bus/namespace/tests/e2e/pe/dependencies.bicep +++ /dev/null @@ -1,60 +0,0 @@ -@description('Optional. The location to deploy resources to.') -param location string = resourceGroup().location - -@description('Required. The name of the Virtual Network to create.') -param virtualNetworkName string - -@description('Required. The name of the Managed Identity to create.') -param managedIdentityName string - -var addressPrefix = '10.0.0.0/16' - -resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = { - name: virtualNetworkName - location: location - properties: { - addressSpace: { - addressPrefixes: [ - addressPrefix - ] - } - subnets: [ - { - name: 'defaultSubnet' - properties: { - addressPrefix: cidrSubnet(addressPrefix, 16, 0) - } - } - ] - } -} - -resource privateDNSZone 'Microsoft.Network/privateDnsZones@2020-06-01' = { - name: 'privatelink.servicebus.windows.net' - location: 'global' - - resource virtualNetworkLinks 'virtualNetworkLinks@2020-06-01' = { - name: '${virtualNetwork.name}-vnetlink' - location: 'global' - properties: { - virtualNetwork: { - id: virtualNetwork.id - } - registrationEnabled: false - } - } -} - -resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = { - name: managedIdentityName - location: location -} - -@description('The resource ID of the created Virtual Network Subnet.') -output subnetResourceId string = virtualNetwork.properties.subnets[0].id - -@description('The resource ID of the created Private DNS Zone.') -output privateDNSZoneResourceId string = privateDNSZone.id - -@description('The principal ID of the created Managed Identity.') -output managedIdentityPrincipalId string = managedIdentity.properties.principalId diff --git a/avm/res/service-bus/namespace/tests/e2e/pe/main.test.bicep b/avm/res/service-bus/namespace/tests/e2e/pe/main.test.bicep deleted file mode 100644 index 034666003b..0000000000 --- a/avm/res/service-bus/namespace/tests/e2e/pe/main.test.bicep +++ /dev/null @@ -1,98 +0,0 @@ -targetScope = 'subscription' - -metadata name = 'Using private endpoint parameter set' -metadata description = 'This instance deploys the module with features enabled for private endpoint configrations.' - -// ========== // -// Parameters // -// ========== // - -@description('Optional. The name of the resource group to deploy for testing purposes.') -@maxLength(90) -param resourceGroupName string = 'dep-${namePrefix}-servicebus.namespaces-${serviceShort}-rg' - -@description('Optional. The location to deploy resources to.') -param resourceLocation string = deployment().location - -@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') -param serviceShort string = 'sbnpe' - -@description('Optional. A token to inject into the name of each resource.') -param namePrefix string = '#_namePrefix_#' - -// ============ // -// Dependencies // -// ============ // - -// General resources -// ================= -resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { - name: resourceGroupName - location: resourceLocation -} - -module nestedDependencies 'dependencies.bicep' = { - scope: resourceGroup - name: '${uniqueString(deployment().name, resourceLocation)}-nestedDependencies' - params: { - virtualNetworkName: 'dep-${namePrefix}-vnet-${serviceShort}' - managedIdentityName: 'dep-${namePrefix}-msi-${serviceShort}' - location: resourceLocation - } -} - -// ============== // -// Test Execution // -// ============== // - -@batchSize(1) -module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' ]: { - scope: resourceGroup - name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}' - params: { - name: '${namePrefix}${serviceShort}001' - skuObject: { - name: 'Premium' - } - location: resourceLocation - publicNetworkAccess: 'Disabled' - privateEndpoints: [ - { - subnetResourceId: nestedDependencies.outputs.subnetResourceId - privateDnsZoneResourceIds: [ - nestedDependencies.outputs.privateDNSZoneResourceId - ] - tags: { - 'hidden-title': 'This is visible in the resource name' - Environment: 'Non-Prod' - Role: 'DeploymentValidation' - } - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalId: nestedDependencies.outputs.managedIdentityPrincipalId - principalType: 'ServicePrincipal' - } - ] - ipConfigurations: [ - { - name: 'myIPconfig' - properties: { - groupId: 'namespace' - memberName: 'namespace' - privateIPAddress: '10.0.0.10' - } - } - ] - customDnsConfigs: [ - { - fqdn: 'abc.namespace.com' - ipAddresses: [ - '10.0.0.10' - ] - } - ] - } - ] - } -}] diff --git a/avm/res/sql/server/tests/e2e/max/main.test.bicep b/avm/res/sql/server/tests/e2e/max/main.test.bicep index 32fe6d15cb..2d2f0b944d 100644 --- a/avm/res/sql/server/tests/e2e/max/main.test.bicep +++ b/avm/res/sql/server/tests/e2e/max/main.test.bicep @@ -175,7 +175,6 @@ module testDeployment '../../../main.bicep' = { privateEndpoints: [ { subnetResourceId: nestedDependencies.outputs.privateEndpointSubnetResourceId - service: 'sqlServer' privateDnsZoneResourceIds: [ nestedDependencies.outputs.privateDNSZoneResourceId ] @@ -185,6 +184,12 @@ module testDeployment '../../../main.bicep' = { Role: 'DeploymentValidation' } } + { + subnetResourceId: nestedDependencies.outputs.privateEndpointSubnetResourceId + privateDnsZoneResourceIds: [ + nestedDependencies.outputs.privateDNSZoneResourceId + ] + } ] virtualNetworkRules: [ { diff --git a/avm/res/sql/server/tests/e2e/pe/dependencies.bicep b/avm/res/sql/server/tests/e2e/pe/dependencies.bicep deleted file mode 100644 index ef2f9239a0..0000000000 --- a/avm/res/sql/server/tests/e2e/pe/dependencies.bicep +++ /dev/null @@ -1,50 +0,0 @@ -@description('Required. The name of the Virtual Network to create.') -param virtualNetworkName string - -@description('Optional. The location to deploy resources to.') -param location string = resourceGroup().location - -var addressPrefix = '10.0.0.0/16' - -resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = { - name: virtualNetworkName - location: location - properties: { - addressSpace: { - addressPrefixes: [ - addressPrefix - ] - } - subnets: [ - { - name: 'defaultSubnet' - properties: { - - addressPrefix: cidrSubnet(addressPrefix, 16, 0) - } - } - ] - } -} - -resource privateDNSZone 'Microsoft.Network/privateDnsZones@2020-06-01' = { - name: 'privatelink${environment().suffixes.sqlServerHostname}' - location: 'global' - - resource virtualNetworkLinks 'virtualNetworkLinks@2020-06-01' = { - name: '${virtualNetwork.name}-vnetlink' - location: 'global' - properties: { - virtualNetwork: { - id: virtualNetwork.id - } - registrationEnabled: false - } - } -} - -@description('The resource ID of the created virtual network subnet.') -output subnetResourceId string = virtualNetwork.properties.subnets[0].id - -@description('The resource ID of the created Private DNS Zone.') -output privateDNSZoneResourceId string = privateDNSZone.id diff --git a/avm/res/sql/server/tests/e2e/pe/main.test.bicep b/avm/res/sql/server/tests/e2e/pe/main.test.bicep deleted file mode 100644 index f842f3c416..0000000000 --- a/avm/res/sql/server/tests/e2e/pe/main.test.bicep +++ /dev/null @@ -1,96 +0,0 @@ -targetScope = 'subscription' - -metadata name = 'Using Private Endpoints' -metadata description = 'This instance deploys the module with Private Endpoints.' - -// ========== // -// Parameters // -// ========== // - -@description('Optional. The name of the resource group to deploy for testing purposes.') -@maxLength(90) -param resourceGroupName string = 'dep-${namePrefix}-sql.servers-${serviceShort}-rg' - -@description('Optional. The location to deploy resources to.') -param resourceLocation string = deployment().location - -@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') -param serviceShort string = 'sqlspe' - -@description('Optional. The password to leverage for the login.') -@secure() -param password string = newGuid() - -@description('Optional. A token to inject into the name of each resource.') -param namePrefix string = '#_namePrefix_#' - -// ============ // -// Dependencies // -// ============ // - -// General resources -// ================= -resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { - name: resourceGroupName - location: resourceLocation -} - -module nestedDependencies 'dependencies.bicep' = { - scope: resourceGroup - name: '${uniqueString(deployment().name, resourceLocation)}-nestedDependencies' - params: { - virtualNetworkName: 'dep-${namePrefix}-vnet-${serviceShort}' - location: resourceLocation - } -} - -// ============== // -// Test Execution // -// ============== // - -module testDeployment '../../../main.bicep' = { - scope: resourceGroup - name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}' - params: { - name: '${namePrefix}-${serviceShort}' - location: resourceLocation - administratorLogin: 'adminUserName' - administratorLoginPassword: password - privateEndpoints: [ - { - privateDnsZoneResourceIds: [ - nestedDependencies.outputs.privateDNSZoneResourceId - ] - subnetResourceId: nestedDependencies.outputs.subnetResourceId - tags: { - 'hidden-title': 'This is visible in the resource name' - Environment: 'Non-Prod' - Role: 'DeploymentValidation' - } - ipConfigurations: [ - { - name: 'myIPconfig' - properties: { - groupId: 'sqlServer' - memberName: 'sqlServer' - privateIPAddress: '10.0.0.10' - } - } - ] - customDnsConfigs: [ - { - fqdn: 'abc.sqlServer.com' - ipAddresses: [ - '10.0.0.10' - ] - } - ] - } - ] - tags: { - 'hidden-title': 'This is visible in the resource name' - Environment: 'Non-Prod' - Role: 'DeploymentValidation' - } - } -} diff --git a/avm/res/synapse/private-link-hub/tests/e2e/max/main.test.bicep b/avm/res/synapse/private-link-hub/tests/e2e/max/main.test.bicep index edcbcf4ffe..f1e31fccb2 100644 --- a/avm/res/synapse/private-link-hub/tests/e2e/max/main.test.bicep +++ b/avm/res/synapse/private-link-hub/tests/e2e/max/main.test.bicep @@ -62,7 +62,6 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' privateDnsZoneResourceIds: [ nestedDependencies.outputs.privateDNSZoneResourceId ] - service: 'Web' subnetResourceId: nestedDependencies.outputs.subnetResourceId tags: { 'hidden-title': 'This is visible in the resource name' @@ -70,6 +69,12 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } + { + privateDnsZoneResourceIds: [ + nestedDependencies.outputs.privateDNSZoneResourceId + ] + subnetResourceId: nestedDependencies.outputs.subnetResourceId + } ] roleAssignments: [ { diff --git a/avm/res/web/site/tests/e2e/functionApp.max/main.test.bicep b/avm/res/web/site/tests/e2e/functionApp.max/main.test.bicep index 6ce8a38d92..632b06414e 100644 --- a/avm/res/web/site/tests/e2e/functionApp.max/main.test.bicep +++ b/avm/res/web/site/tests/e2e/functionApp.max/main.test.bicep @@ -182,6 +182,12 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } + { + subnetResourceId: nestedDependencies.outputs.subnetResourceId + privateDnsZoneResourceIds: [ + nestedDependencies.outputs.privateDNSZoneResourceId + ] + } ] roleAssignments: [ { diff --git a/avm/res/web/site/tests/e2e/webApp.max/main.test.bicep b/avm/res/web/site/tests/e2e/webApp.max/main.test.bicep index cab7d7b186..58763b8e53 100644 --- a/avm/res/web/site/tests/e2e/webApp.max/main.test.bicep +++ b/avm/res/web/site/tests/e2e/webApp.max/main.test.bicep @@ -182,6 +182,12 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } + { + subnetResourceId: nestedDependencies.outputs.subnetResourceId + privateDnsZoneResourceIds: [ + nestedDependencies.outputs.privateDNSZoneResourceId + ] + } ] roleAssignments: [ { diff --git a/avm/res/web/static-site/tests/e2e/max/main.test.bicep b/avm/res/web/static-site/tests/e2e/max/main.test.bicep index 36bea24219..520c6ff0cc 100644 --- a/avm/res/web/static-site/tests/e2e/max/main.test.bicep +++ b/avm/res/web/static-site/tests/e2e/max/main.test.bicep @@ -72,6 +72,12 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } + { + subnetResourceId: nestedDependencies.outputs.subnetResourceId + privateDnsZoneResourceIds: [ + nestedDependencies.outputs.privateDNSZoneResourceId + ] + } ] roleAssignments: [ { From e11cbd96b525a5587901895d31dc9866067c27c8 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sun, 25 Feb 2024 11:53:51 +0100 Subject: [PATCH 06/29] Refreshed JSON --- .../automation/automation-account/main.json | 60 ++-- avm/res/batch/batch-account/main.json | 32 +- avm/res/cache/redis/main.json | 61 ++-- avm/res/cognitive-services/account/main.json | 62 ++-- avm/res/container-registry/registry/main.json | 63 ++-- avm/res/data-factory/factory/main.json | 63 ++-- avm/res/databricks/workspace/main.json | 18 +- .../host-pool/main.json | 268 +++++++++++++---- .../workspace/main.json | 268 +++++++++++++---- .../document-db/database-account/main.json | 56 ++-- avm/res/event-grid/domain/main.json | 277 ++++++++++++++---- avm/res/event-grid/topic/main.json | 277 ++++++++++++++---- avm/res/insights/private-link-scope/main.json | 75 +++-- avm/res/key-vault/vault/main.json | 71 ++--- avm/res/search/search-service/main.json | 87 +++--- avm/res/service-bus/namespace/main.json | 75 ++--- avm/res/sql/server/main.json | 79 ++--- avm/res/storage/storage-account/main.json | 80 ++--- avm/res/synapse/private-link-hub/main.json | 88 +++--- avm/res/synapse/workspace/main.json | 44 +-- avm/res/web/site/main.json | 146 ++++----- avm/res/web/static-site/main.json | 81 ++--- 22 files changed, 1527 insertions(+), 804 deletions(-) diff --git a/avm/res/automation/automation-account/main.json b/avm/res/automation/automation-account/main.json index 88f18107e4..feb3919fc8 100644 --- a/avm/res/automation/automation-account/main.json +++ b/avm/res/automation/automation-account/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "14118178153874910817" + "version": "0.25.53.49325", + "templateHash": "17457652611185300575" }, "name": "Automation Accounts", "description": "This module deploys an Azure Automation Account.", @@ -185,8 +185,9 @@ "manualConnectionRequestMessage": { "type": "string", "nullable": true, + "maxLength": 140, "metadata": { - "description": "Optional. A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars." + "description": "Optional. A message passed to the owner of the remote resource with the manual connection request." } }, "customDnsConfigs": { @@ -815,8 +816,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "6758949567913452110" + "version": "0.25.53.49325", + "templateHash": "4277151232699761913" }, "name": "Automation Account Modules", "description": "This module deploys an Azure Automation Account Module.", @@ -957,8 +958,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "17013504570786383965" + "version": "0.25.53.49325", + "templateHash": "15445244253525012229" }, "name": "Automation Account Schedules", "description": "This module deploys an Azure Automation Account Schedule.", @@ -1136,8 +1137,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "12519596207626057781" + "version": "0.25.53.49325", + "templateHash": "16141039584915226874" }, "name": "Automation Account Runbooks", "description": "This module deploys an Azure Automation Account Runbook.", @@ -1336,8 +1337,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "14246826935635972197" + "version": "0.25.53.49325", + "templateHash": "4183701486282199551" }, "name": "Automation Account Job Schedules", "description": "This module deploys an Azure Automation Account Job Schedule.", @@ -1464,8 +1465,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "162568846997583805" + "version": "0.25.53.49325", + "templateHash": "15605588341437540157" }, "name": "Automation Account Variables", "description": "This module deploys an Azure Automation Account Variable.", @@ -1579,8 +1580,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "6280157469343577004" + "version": "0.25.53.49325", + "templateHash": "14301767156435143002" }, "name": "Log Analytics Workspace Linked Services", "description": "This module deploys a Log Analytics Workspace Linked Service.", @@ -1898,8 +1899,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "6362006893081858637" + "version": "0.25.53.49325", + "templateHash": "6467431009828483672" }, "name": "Automation Account Software Update Configurations", "description": "This module deploys an Azure Automation Account Software Update Configuration.", @@ -2366,8 +2367,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "2821141217598568122" + "version": "0.24.24.22086", + "templateHash": "2592884001616184297" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -2416,7 +2417,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." } }, "conditionVersion": { @@ -2494,7 +2495,7 @@ "privateIPAddress": { "type": "string", "metadata": { - "description": "Required. A private ip address obtained from the private endpoint's subnet." + "description": "Required. A private IP address obtained from the private endpoint's subnet." } } }, @@ -2597,7 +2598,7 @@ "fqdn": { "type": "string", "metadata": { - "description": "Required. Fqdn that resolves to private endpoint ip address." + "description": "Required. Fqdn that resolves to private endpoint IP address." } }, "ipAddresses": { @@ -2606,7 +2607,7 @@ "type": "string" }, "metadata": { - "description": "Required. A list of private ip addresses of the private endpoint." + "description": "Required. A list of private IP addresses of the private endpoint." } } } @@ -2732,7 +2733,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2023-07-01", - "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.3.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.4.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -2837,8 +2838,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18168683629401652671" + "version": "0.24.24.22086", + "templateHash": "9321937464667207030" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -2949,6 +2950,13 @@ "description": "The location the resource was deployed into." }, "value": "[reference('privateEndpoint', '2023-04-01', 'full').location]" + }, + "groupId": { + "type": "string", + "metadata": { + "description": "The group Id for the private endpoint Group." + }, + "value": "[if(not(empty(reference('privateEndpoint').manualPrivateLinkServiceConnections)), reference('privateEndpoint').manualPrivateLinkServiceConnections[0].properties.groupIds[0], reference('privateEndpoint').privateLinkServiceConnections[0].properties.groupIds[0])]" } } } diff --git a/avm/res/batch/batch-account/main.json b/avm/res/batch/batch-account/main.json index 5ade13aabe..925fe85130 100644 --- a/avm/res/batch/batch-account/main.json +++ b/avm/res/batch/batch-account/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "18272738624063996498" + "version": "0.25.53.49325", + "templateHash": "11102129881431176996" }, "name": "Batch Accounts", "description": "This module deploys a Batch Account.", @@ -257,8 +257,9 @@ "manualConnectionRequestMessage": { "type": "string", "nullable": true, + "maxLength": 140, "metadata": { - "description": "Optional. A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars." + "description": "Optional. A message passed to the owner of the remote resource with the manual connection request." } }, "customDnsConfigs": { @@ -881,8 +882,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "2821141217598568122" + "version": "0.24.24.22086", + "templateHash": "2592884001616184297" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -931,7 +932,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." } }, "conditionVersion": { @@ -1009,7 +1010,7 @@ "privateIPAddress": { "type": "string", "metadata": { - "description": "Required. A private ip address obtained from the private endpoint's subnet." + "description": "Required. A private IP address obtained from the private endpoint's subnet." } } }, @@ -1112,7 +1113,7 @@ "fqdn": { "type": "string", "metadata": { - "description": "Required. Fqdn that resolves to private endpoint ip address." + "description": "Required. Fqdn that resolves to private endpoint IP address." } }, "ipAddresses": { @@ -1121,7 +1122,7 @@ "type": "string" }, "metadata": { - "description": "Required. A list of private ip addresses of the private endpoint." + "description": "Required. A list of private IP addresses of the private endpoint." } } } @@ -1247,7 +1248,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2023-07-01", - "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.3.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.4.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -1352,8 +1353,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18168683629401652671" + "version": "0.24.24.22086", + "templateHash": "9321937464667207030" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -1464,6 +1465,13 @@ "description": "The location the resource was deployed into." }, "value": "[reference('privateEndpoint', '2023-04-01', 'full').location]" + }, + "groupId": { + "type": "string", + "metadata": { + "description": "The group Id for the private endpoint Group." + }, + "value": "[if(not(empty(reference('privateEndpoint').manualPrivateLinkServiceConnections)), reference('privateEndpoint').manualPrivateLinkServiceConnections[0].properties.groupIds[0], reference('privateEndpoint').privateLinkServiceConnections[0].properties.groupIds[0])]" } } } diff --git a/avm/res/cache/redis/main.json b/avm/res/cache/redis/main.json index 85d840b572..aa4aa14c64 100644 --- a/avm/res/cache/redis/main.json +++ b/avm/res/cache/redis/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "16070478115038910597" + "templateHash": "9141362951159332153" }, "name": "Redis Cache", "description": "This module deploys a Redis Cache.", @@ -84,7 +84,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The service (sub-) type to deploy the private endpoint for. For example \"vault\" or \"blob\"." + "description": "Optional. The subresource to deploy the private endpoint for. For example \"vault\", \"mysqlServer\" or \"dataFactory\"." } }, "subnetResourceId": { @@ -110,6 +110,21 @@ "description": "Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones." } }, + "isManualConnection": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. If Manual Private Link Connection is required." + } + }, + "manualConnectionRequestMessage": { + "type": "string", + "nullable": true, + "maxLength": 140, + "metadata": { + "description": "Optional. A message passed to the owner of the remote resource with the manual connection request." + } + }, "customDnsConfigs": { "type": "array", "items": { @@ -218,13 +233,6 @@ "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." } }, - "manualPrivateLinkServiceConnections": { - "type": "array", - "nullable": true, - "metadata": { - "description": "Optional. Manual PrivateLink Service Connections." - } - }, "enableTelemetry": { "type": "bool", "nullable": true, @@ -770,6 +778,9 @@ }, "mode": "Incremental", "parameters": { + "name": { + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.Cache/redis', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'redisCache'), copyIndex()))]" + }, "privateLinkServiceConnections": { "value": [ { @@ -783,9 +794,7 @@ } ] }, - "name": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.Cache/redis', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'redisCache'), copyIndex()))]" - }, + "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Cache/redis', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Cache/redis', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'redisCache')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, @@ -810,9 +819,6 @@ "tags": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'tags'), parameters('tags'))]" }, - "manualPrivateLinkServiceConnections": { - "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections')]" - }, "customDnsConfigs": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customDnsConfigs')]" }, @@ -833,8 +839,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "2821141217598568122" + "version": "0.24.24.22086", + "templateHash": "2592884001616184297" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -883,7 +889,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." } }, "conditionVersion": { @@ -961,7 +967,7 @@ "privateIPAddress": { "type": "string", "metadata": { - "description": "Required. A private ip address obtained from the private endpoint's subnet." + "description": "Required. A private IP address obtained from the private endpoint's subnet." } } }, @@ -1064,7 +1070,7 @@ "fqdn": { "type": "string", "metadata": { - "description": "Required. Fqdn that resolves to private endpoint ip address." + "description": "Required. Fqdn that resolves to private endpoint IP address." } }, "ipAddresses": { @@ -1073,7 +1079,7 @@ "type": "string" }, "metadata": { - "description": "Required. A list of private ip addresses of the private endpoint." + "description": "Required. A list of private IP addresses of the private endpoint." } } } @@ -1199,7 +1205,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2023-07-01", - "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.3.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.4.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -1304,8 +1310,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18168683629401652671" + "version": "0.24.24.22086", + "templateHash": "9321937464667207030" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -1416,6 +1422,13 @@ "description": "The location the resource was deployed into." }, "value": "[reference('privateEndpoint', '2023-04-01', 'full').location]" + }, + "groupId": { + "type": "string", + "metadata": { + "description": "The group Id for the private endpoint Group." + }, + "value": "[if(not(empty(reference('privateEndpoint').manualPrivateLinkServiceConnections)), reference('privateEndpoint').manualPrivateLinkServiceConnections[0].properties.groupIds[0], reference('privateEndpoint').privateLinkServiceConnections[0].properties.groupIds[0])]" } } } diff --git a/avm/res/cognitive-services/account/main.json b/avm/res/cognitive-services/account/main.json index 97ad908e5b..27e8568317 100644 --- a/avm/res/cognitive-services/account/main.json +++ b/avm/res/cognitive-services/account/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "6619617132004799661" + "templateHash": "9235897593540934483" }, "name": "Cognitive Services", "description": "This module deploys a Cognitive Service.", @@ -222,7 +222,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The service (sub-) type to deploy the private endpoint for. For example \"vault\" or \"blob\"." + "description": "Optional. The subresource to deploy the private endpoint for. For example \"vault\", \"mysqlServer\" or \"dataFactory\"." } }, "subnetResourceId": { @@ -248,6 +248,21 @@ "description": "Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones." } }, + "isManualConnection": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. If Manual Private Link Connection is required." + } + }, + "manualConnectionRequestMessage": { + "type": "string", + "nullable": true, + "maxLength": 140, + "metadata": { + "description": "Optional. A message passed to the owner of the remote resource with the manual connection request." + } + }, "customDnsConfigs": { "type": "array", "items": { @@ -345,7 +360,6 @@ }, "roleAssignments": { "$ref": "#/definitions/roleAssignmentType", - "nullable": true, "metadata": { "description": "Optional. Array of role assignments to create." } @@ -357,13 +371,6 @@ "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." } }, - "manualPrivateLinkServiceConnections": { - "type": "array", - "nullable": true, - "metadata": { - "description": "Optional. Manual PrivateLink Service Connections." - } - }, "enableTelemetry": { "type": "bool", "nullable": true, @@ -873,6 +880,9 @@ }, "mode": "Incremental", "parameters": { + "name": { + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.CognitiveServices/accounts', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'account'), copyIndex()))]" + }, "privateLinkServiceConnections": { "value": [ { @@ -886,9 +896,7 @@ } ] }, - "name": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.CognitiveServices/accounts', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'account'), copyIndex()))]" - }, + "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.CognitiveServices/accounts', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.CognitiveServices/accounts', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'account')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, @@ -913,9 +921,6 @@ "tags": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'tags'), parameters('tags'))]" }, - "manualPrivateLinkServiceConnections": { - "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections')]" - }, "customDnsConfigs": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customDnsConfigs')]" }, @@ -936,8 +941,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "2821141217598568122" + "version": "0.24.24.22086", + "templateHash": "2592884001616184297" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -986,7 +991,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." } }, "conditionVersion": { @@ -1064,7 +1069,7 @@ "privateIPAddress": { "type": "string", "metadata": { - "description": "Required. A private ip address obtained from the private endpoint's subnet." + "description": "Required. A private IP address obtained from the private endpoint's subnet." } } }, @@ -1167,7 +1172,7 @@ "fqdn": { "type": "string", "metadata": { - "description": "Required. Fqdn that resolves to private endpoint ip address." + "description": "Required. Fqdn that resolves to private endpoint IP address." } }, "ipAddresses": { @@ -1176,7 +1181,7 @@ "type": "string" }, "metadata": { - "description": "Required. A list of private ip addresses of the private endpoint." + "description": "Required. A list of private IP addresses of the private endpoint." } } } @@ -1302,7 +1307,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2023-07-01", - "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.3.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.4.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -1407,8 +1412,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18168683629401652671" + "version": "0.24.24.22086", + "templateHash": "9321937464667207030" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -1519,6 +1524,13 @@ "description": "The location the resource was deployed into." }, "value": "[reference('privateEndpoint', '2023-04-01', 'full').location]" + }, + "groupId": { + "type": "string", + "metadata": { + "description": "The group Id for the private endpoint Group." + }, + "value": "[if(not(empty(reference('privateEndpoint').manualPrivateLinkServiceConnections)), reference('privateEndpoint').manualPrivateLinkServiceConnections[0].properties.groupIds[0], reference('privateEndpoint').privateLinkServiceConnections[0].properties.groupIds[0])]" } } } diff --git a/avm/res/container-registry/registry/main.json b/avm/res/container-registry/registry/main.json index fb6accc837..d8863e7b67 100644 --- a/avm/res/container-registry/registry/main.json +++ b/avm/res/container-registry/registry/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "3316618601179718411" + "templateHash": "13226881250525855714" }, "name": "Azure Container Registries (ACR)", "description": "This module deploys an Azure Container Registry (ACR).", @@ -150,7 +150,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The service (sub-) type to deploy the private endpoint for. For example \"vault\" or \"blob\"." + "description": "Optional. The subresource to deploy the private endpoint for. For example \"vault\", \"mysqlServer\" or \"dataFactory\"." } }, "subnetResourceId": { @@ -163,7 +163,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided." + "description": "Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided." } }, "privateDnsZoneResourceIds": { @@ -176,6 +176,21 @@ "description": "Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones." } }, + "isManualConnection": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. If Manual Private Link Connection is required." + } + }, + "manualConnectionRequestMessage": { + "type": "string", + "nullable": true, + "maxLength": 140, + "metadata": { + "description": "Optional. A message passed to the owner of the remote resource with the manual connection request." + } + }, "customDnsConfigs": { "type": "array", "items": { @@ -185,7 +200,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Required. Fqdn that resolves to private endpoint ip address." + "description": "Required. Fqdn that resolves to private endpoint IP address." } }, "ipAddresses": { @@ -194,7 +209,7 @@ "type": "string" }, "metadata": { - "description": "Required. A list of private ip addresses of the private endpoint." + "description": "Required. A list of private IP addresses of the private endpoint." } } } @@ -233,7 +248,7 @@ "privateIPAddress": { "type": "string", "metadata": { - "description": "Required. A private ip address obtained from the private endpoint's subnet." + "description": "Required. A private IP address obtained from the private endpoint's subnet." } } }, @@ -284,13 +299,6 @@ "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." } }, - "manualPrivateLinkServiceConnections": { - "type": "array", - "nullable": true, - "metadata": { - "description": "Optional. Manual PrivateLink Service Connections." - } - }, "enableTelemetry": { "type": "bool", "nullable": true, @@ -1402,6 +1410,9 @@ }, "mode": "Incremental", "parameters": { + "name": { + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.ContainerRegistry/registries', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'registry'), copyIndex()))]" + }, "privateLinkServiceConnections": { "value": [ { @@ -1415,9 +1426,7 @@ } ] }, - "name": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.ContainerRegistry/registries', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'registry'), copyIndex()))]" - }, + "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.ContainerRegistry/registries', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.ContainerRegistry/registries', parameters('name')), 'groupIds', createArray(coalesce(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, 'registry')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, @@ -1442,9 +1451,6 @@ "tags": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'tags'), parameters('tags'))]" }, - "manualPrivateLinkServiceConnections": { - "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections')]" - }, "customDnsConfigs": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customDnsConfigs')]" }, @@ -1465,8 +1471,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "2821141217598568122" + "version": "0.24.24.22086", + "templateHash": "2592884001616184297" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -1515,7 +1521,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." } }, "conditionVersion": { @@ -1831,7 +1837,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2023-07-01", - "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.3.2', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.4.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -1936,8 +1942,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18168683629401652671" + "version": "0.24.24.22086", + "templateHash": "9321937464667207030" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -2048,6 +2054,13 @@ "description": "The location the resource was deployed into." }, "value": "[reference('privateEndpoint', '2023-04-01', 'full').location]" + }, + "groupId": { + "type": "string", + "metadata": { + "description": "The group Id for the private endpoint Group." + }, + "value": "[if(not(empty(reference('privateEndpoint').manualPrivateLinkServiceConnections)), reference('privateEndpoint').manualPrivateLinkServiceConnections[0].properties.groupIds[0], reference('privateEndpoint').privateLinkServiceConnections[0].properties.groupIds[0])]" } } } diff --git a/avm/res/data-factory/factory/main.json b/avm/res/data-factory/factory/main.json index ec293b4da5..f6667137bc 100644 --- a/avm/res/data-factory/factory/main.json +++ b/avm/res/data-factory/factory/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "6048154575317305583" + "templateHash": "14313869927695029069" }, "name": "Data Factories", "description": "This module deploys a Data Factory.", @@ -150,7 +150,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The service (sub-) type to deploy the private endpoint for. For example \"vault\" or \"blob\"." + "description": "Optional. The subresource to deploy the private endpoint for. For example \"vault\", \"mysqlServer\" or \"dataFactory\"." } }, "subnetResourceId": { @@ -163,7 +163,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided." + "description": "Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided." } }, "privateDnsZoneResourceIds": { @@ -176,6 +176,21 @@ "description": "Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones." } }, + "isManualConnection": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. If Manual Private Link Connection is required." + } + }, + "manualConnectionRequestMessage": { + "type": "string", + "nullable": true, + "maxLength": 140, + "metadata": { + "description": "Optional. A message passed to the owner of the remote resource with the manual connection request." + } + }, "customDnsConfigs": { "type": "array", "items": { @@ -185,7 +200,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Required. Fqdn that resolves to private endpoint ip address." + "description": "Required. Fqdn that resolves to private endpoint IP address." } }, "ipAddresses": { @@ -194,7 +209,7 @@ "type": "string" }, "metadata": { - "description": "Required. A list of private ip addresses of the private endpoint." + "description": "Required. A list of private IP addresses of the private endpoint." } } } @@ -233,7 +248,7 @@ "privateIPAddress": { "type": "string", "metadata": { - "description": "Required. A private ip address obtained from the private endpoint's subnet." + "description": "Required. A private IP address obtained from the private endpoint's subnet." } } }, @@ -284,13 +299,6 @@ "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." } }, - "manualPrivateLinkServiceConnections": { - "type": "array", - "nullable": true, - "metadata": { - "description": "Optional. Manual PrivateLink Service Connections." - } - }, "enableTelemetry": { "type": "bool", "nullable": true, @@ -1130,6 +1138,9 @@ }, "mode": "Incremental", "parameters": { + "name": { + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.DataFactory/factories', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'dataFactory'), copyIndex()))]" + }, "privateLinkServiceConnections": { "value": [ { @@ -1143,9 +1154,7 @@ } ] }, - "name": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.DataFactory/factories', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'dataFactory'), copyIndex()))]" - }, + "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.DataFactory/factories', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.DataFactory/factories', parameters('name')), 'groupIds', createArray(coalesce(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, 'dataFactory')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, @@ -1170,9 +1179,6 @@ "tags": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'tags'), parameters('tags'))]" }, - "manualPrivateLinkServiceConnections": { - "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections')]" - }, "customDnsConfigs": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customDnsConfigs')]" }, @@ -1193,8 +1199,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "2821141217598568122" + "version": "0.24.24.22086", + "templateHash": "2592884001616184297" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -1243,7 +1249,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." } }, "conditionVersion": { @@ -1559,7 +1565,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2023-07-01", - "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.3.2', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.4.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -1664,8 +1670,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18168683629401652671" + "version": "0.24.24.22086", + "templateHash": "9321937464667207030" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -1776,6 +1782,13 @@ "description": "The location the resource was deployed into." }, "value": "[reference('privateEndpoint', '2023-04-01', 'full').location]" + }, + "groupId": { + "type": "string", + "metadata": { + "description": "The group Id for the private endpoint Group." + }, + "value": "[if(not(empty(reference('privateEndpoint').manualPrivateLinkServiceConnections)), reference('privateEndpoint').manualPrivateLinkServiceConnections[0].properties.groupIds[0], reference('privateEndpoint').privateLinkServiceConnections[0].properties.groupIds[0])]" } } } diff --git a/avm/res/databricks/workspace/main.json b/avm/res/databricks/workspace/main.json index 748a3df265..e8eac46cb3 100644 --- a/avm/res/databricks/workspace/main.json +++ b/avm/res/databricks/workspace/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "18173040551879229242" + "version": "0.25.53.49325", + "templateHash": "13278553463810121429" }, "name": "Azure Databricks Workspaces", "description": "This module deploys an Azure Databricks Workspace.", @@ -96,8 +96,9 @@ "manualConnectionRequestMessage": { "type": "string", "nullable": true, + "maxLength": 140, "metadata": { - "description": "Optional. A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars." + "description": "Optional. A message passed to the owner of the remote resource with the manual connection request." } }, "customDnsConfigs": { @@ -883,7 +884,7 @@ "_generator": { "name": "bicep", "version": "0.24.24.22086", - "templateHash": "5518855230364102370" + "templateHash": "2592884001616184297" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -1248,7 +1249,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2023-07-01", - "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.3.3', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.4.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -1465,6 +1466,13 @@ "description": "The location the resource was deployed into." }, "value": "[reference('privateEndpoint', '2023-04-01', 'full').location]" + }, + "groupId": { + "type": "string", + "metadata": { + "description": "The group Id for the private endpoint Group." + }, + "value": "[if(not(empty(reference('privateEndpoint').manualPrivateLinkServiceConnections)), reference('privateEndpoint').manualPrivateLinkServiceConnections[0].properties.groupIds[0], reference('privateEndpoint').privateLinkServiceConnections[0].properties.groupIds[0])]" } } } diff --git a/avm/res/desktop-virtualization/host-pool/main.json b/avm/res/desktop-virtualization/host-pool/main.json index 6719f26b5d..ccdc0c68ac 100644 --- a/avm/res/desktop-virtualization/host-pool/main.json +++ b/avm/res/desktop-virtualization/host-pool/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "4511420670498379838" + "templateHash": "2200972037690976544" }, "name": "Azure Virtual Desktop Host Pool", "description": "This module deploys an Azure Virtual Desktop Host Pool", @@ -197,7 +197,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The service (sub-) type to deploy the private endpoint for. For example \"connection\"." + "description": "Optional. The subresource to deploy the private endpoint for. For example \"vault\", \"mysqlServer\" or \"dataFactory\"." } }, "subnetResourceId": { @@ -223,6 +223,21 @@ "description": "Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones." } }, + "isManualConnection": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. If Manual Private Link Connection is required." + } + }, + "manualConnectionRequestMessage": { + "type": "string", + "nullable": true, + "maxLength": 140, + "metadata": { + "description": "Optional. A message passed to the owner of the remote resource with the manual connection request." + } + }, "customDnsConfigs": { "type": "array", "items": { @@ -331,13 +346,6 @@ "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." } }, - "manualPrivateLinkServiceConnections": { - "type": "array", - "nullable": true, - "metadata": { - "description": "Optional. Manual PrivateLink Service Connections." - } - }, "enableTelemetry": { "type": "bool", "nullable": true, @@ -763,26 +771,35 @@ }, "mode": "Incremental", "parameters": { - "groupIds": { - "value": [ - "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'connection')]" - ] - }, "name": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.DesktopVirtualization/hostPools', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'connection'), copyIndex()))]" }, - "serviceResourceId": { - "value": "[resourceId('Microsoft.DesktopVirtualization/hostPools', parameters('name'))]" + "privateLinkServiceConnections": { + "value": [ + { + "name": "[parameters('name')]", + "properties": { + "privateLinkServiceId": "[resourceId('Microsoft.DesktopVirtualization/hostPools', parameters('name'))]", + "groupIds": [ + "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'connection')]" + ] + } + } + ] }, + "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.DesktopVirtualization/hostPools', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.DesktopVirtualization/hostPools', parameters('name')), 'groupIds', createArray(coalesce(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, 'connection')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, - "enableTelemetry": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'enableTelemetry'), parameters('enableTelemetry'))]" + "location": { + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'location'), reference(split(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location)]" }, "lock": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'lock'), parameters('lock'))]" }, + "enableTelemetry": { + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'enableTelemetry'), parameters('enableTelemetry'))]" + }, "privateDnsZoneGroupName": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateDnsZoneGroupName')]" }, @@ -795,9 +812,6 @@ "tags": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'tags'), parameters('tags'))]" }, - "manualPrivateLinkServiceConnections": { - "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections')]" - }, "customDnsConfigs": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customDnsConfigs')]" }, @@ -818,8 +832,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13152465847704433697" + "version": "0.24.24.22086", + "templateHash": "2592884001616184297" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -834,7 +848,7 @@ "roleDefinitionIdOrName": { "type": "string", "metadata": { - "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead." + "description": "Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." } }, "principalId": { @@ -868,7 +882,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." } }, "conditionVersion": { @@ -916,6 +930,154 @@ } }, "nullable": true + }, + "ipConfigurationsType": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the resource that is unique within a resource group." + } + }, + "properties": { + "type": "object", + "properties": { + "groupId": { + "type": "string", + "metadata": { + "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to." + } + }, + "memberName": { + "type": "string", + "metadata": { + "description": "Required. The member name of a group obtained from the remote resource that this private endpoint should connect to." + } + }, + "privateIPAddress": { + "type": "string", + "metadata": { + "description": "Required. A private IP address obtained from the private endpoint's subnet." + } + } + }, + "metadata": { + "description": "Required. Properties of private endpoint IP configurations." + } + } + } + }, + "nullable": true + }, + "manualPrivateLinkServiceConnectionsType": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the private link service connection." + } + }, + "properties": { + "type": "object", + "properties": { + "groupIds": { + "type": "array", + "metadata": { + "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to." + } + }, + "privateLinkServiceId": { + "type": "string", + "metadata": { + "description": "Required. The resource id of private link service." + } + }, + "requestMessage": { + "type": "string", + "metadata": { + "description": "Optional. A message passed to the owner of the remote resource with this connection request. Restricted to 140 chars." + } + } + }, + "metadata": { + "description": "Required. Properties of private link service connection." + } + } + } + }, + "nullable": true + }, + "privateLinkServiceConnectionsType": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the private link service connection." + } + }, + "properties": { + "type": "object", + "properties": { + "groupIds": { + "type": "array", + "metadata": { + "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to." + } + }, + "privateLinkServiceId": { + "type": "string", + "metadata": { + "description": "Required. The resource id of private link service." + } + }, + "requestMessage": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. A message passed to the owner of the remote resource with this connection request. Restricted to 140 chars." + } + } + }, + "metadata": { + "description": "Required. Properties of private link service connection." + } + } + } + }, + "nullable": true + }, + "customDnsConfigType": { + "type": "array", + "items": { + "type": "object", + "properties": { + "fqdn": { + "type": "string", + "metadata": { + "description": "Required. Fqdn that resolves to private endpoint IP address." + } + }, + "ipAddresses": { + "type": "array", + "items": { + "type": "string" + }, + "metadata": { + "description": "Required. A list of private IP addresses of the private endpoint." + } + } + } + }, + "nullable": true } }, "parameters": { @@ -931,12 +1093,6 @@ "description": "Required. Resource ID of the subnet where the endpoint needs to be created." } }, - "serviceResourceId": { - "type": "string", - "metadata": { - "description": "Required. Resource ID of the resource that needs to be connected to the network." - } - }, "applicationSecurityGroupResourceIds": { "type": "array", "nullable": true, @@ -952,18 +1108,11 @@ } }, "ipConfigurations": { - "type": "array", - "nullable": true, + "$ref": "#/definitions/ipConfigurationsType", "metadata": { "description": "Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints." } }, - "groupIds": { - "type": "array", - "metadata": { - "description": "Required. Subtype(s) of the connection to be created. The allowed values depend on the type serviceResourceId refers to." - } - }, "privateDnsZoneGroupName": { "type": "string", "nullable": true, @@ -994,7 +1143,7 @@ "roleAssignments": { "$ref": "#/definitions/roleAssignmentType", "metadata": { - "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + "description": "Optional. Array of role assignments to create." } }, "tags": { @@ -1005,17 +1154,21 @@ } }, "customDnsConfigs": { - "type": "array", - "nullable": true, + "$ref": "#/definitions/customDnsConfigType", "metadata": { "description": "Optional. Custom DNS configurations." } }, "manualPrivateLinkServiceConnections": { - "type": "array", - "nullable": true, + "$ref": "#/definitions/manualPrivateLinkServiceConnectionsType", + "metadata": { + "description": "Optional. A grouping of information about the connection to the remote resource. Used when the network admin does not have access to approve connections to the remote resource." + } + }, + "privateLinkServiceConnections": { + "$ref": "#/definitions/privateLinkServiceConnectionsType", "metadata": { - "description": "Optional. Manual PrivateLink Service Connections." + "description": "Optional. A grouping of information about the connection to the remote resource." } }, "enableTelemetry": { @@ -1045,7 +1198,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2023-07-01", - "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.1.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.4.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -1081,15 +1234,7 @@ "customNetworkInterfaceName": "[coalesce(parameters('customNetworkInterfaceName'), '')]", "ipConfigurations": "[coalesce(parameters('ipConfigurations'), createArray())]", "manualPrivateLinkServiceConnections": "[coalesce(parameters('manualPrivateLinkServiceConnections'), createArray())]", - "privateLinkServiceConnections": [ - { - "name": "[parameters('name')]", - "properties": { - "privateLinkServiceId": "[parameters('serviceResourceId')]", - "groupIds": "[parameters('groupIds')]" - } - } - ], + "privateLinkServiceConnections": "[coalesce(parameters('privateLinkServiceConnections'), createArray())]", "subnet": { "id": "[parameters('subnetResourceId')]" } @@ -1119,7 +1264,7 @@ "scope": "[format('Microsoft.Network/privateEndpoints/{0}', parameters('name'))]", "name": "[guid(resourceId('Microsoft.Network/privateEndpoints', parameters('name')), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId, coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]", "properties": { - "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName), variables('builtInRoleNames')[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName], coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]", + "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName), variables('builtInRoleNames')[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName], if(contains(coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName, '/providers/Microsoft.Authorization/roleDefinitions/'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)))]", "principalId": "[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId]", "description": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'description')]", "principalType": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'principalType')]", @@ -1158,8 +1303,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1698104586574073002" + "version": "0.24.24.22086", + "templateHash": "9321937464667207030" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -1270,6 +1415,13 @@ "description": "The location the resource was deployed into." }, "value": "[reference('privateEndpoint', '2023-04-01', 'full').location]" + }, + "groupId": { + "type": "string", + "metadata": { + "description": "The group Id for the private endpoint Group." + }, + "value": "[if(not(empty(reference('privateEndpoint').manualPrivateLinkServiceConnections)), reference('privateEndpoint').manualPrivateLinkServiceConnections[0].properties.groupIds[0], reference('privateEndpoint').privateLinkServiceConnections[0].properties.groupIds[0])]" } } } diff --git a/avm/res/desktop-virtualization/workspace/main.json b/avm/res/desktop-virtualization/workspace/main.json index ac075c7a41..c71f5f179a 100644 --- a/avm/res/desktop-virtualization/workspace/main.json +++ b/avm/res/desktop-virtualization/workspace/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "4530090726614666900" + "templateHash": "6103356200292183138" }, "name": "Workspace", "description": "This module deploys an Azure Virtual Desktop Workspace.", @@ -215,6 +215,21 @@ "description": "Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones." } }, + "isManualConnection": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. If Manual Private Link Connection is required." + } + }, + "manualConnectionRequestMessage": { + "type": "string", + "nullable": true, + "maxLength": 140, + "metadata": { + "description": "Optional. A message passed to the owner of the remote resource with the manual connection request." + } + }, "customDnsConfigs": { "type": "array", "items": { @@ -323,13 +338,6 @@ "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." } }, - "manualPrivateLinkServiceConnections": { - "type": "array", - "nullable": true, - "metadata": { - "description": "Optional. Manual PrivateLink Service Connections." - } - }, "enableTelemetry": { "type": "bool", "nullable": true, @@ -577,26 +585,35 @@ }, "mode": "Incremental", "parameters": { - "groupIds": { - "value": [ - "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service]" - ] - }, "name": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.DesktopVirtualization/workspaces', parameters('name')), '/')), tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), copyIndex()))]" + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.DesktopVirtualization/workspaces', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'connection'), copyIndex()))]" }, - "serviceResourceId": { - "value": "[resourceId('Microsoft.DesktopVirtualization/workspaces', parameters('name'))]" + "privateLinkServiceConnections": { + "value": [ + { + "name": "[parameters('name')]", + "properties": { + "privateLinkServiceId": "[resourceId('Microsoft.DesktopVirtualization/workspaces', parameters('name'))]", + "groupIds": [ + "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'connection')]" + ] + } + } + ] }, + "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.DesktopVirtualization/workspaces', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.DesktopVirtualization/workspaces', parameters('name')), 'groupIds', createArray(coalesce(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, 'connection')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, - "enableTelemetry": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'enableTelemetry'), parameters('enableTelemetry'))]" + "location": { + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'location'), reference(split(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location)]" }, "lock": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'lock'), parameters('lock'))]" }, + "enableTelemetry": { + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'enableTelemetry'), parameters('enableTelemetry'))]" + }, "privateDnsZoneGroupName": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateDnsZoneGroupName')]" }, @@ -609,9 +626,6 @@ "tags": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'tags'), parameters('tags'))]" }, - "manualPrivateLinkServiceConnections": { - "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections')]" - }, "customDnsConfigs": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customDnsConfigs')]" }, @@ -632,8 +646,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13152465847704433697" + "version": "0.24.24.22086", + "templateHash": "2592884001616184297" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -648,7 +662,7 @@ "roleDefinitionIdOrName": { "type": "string", "metadata": { - "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead." + "description": "Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." } }, "principalId": { @@ -682,7 +696,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." } }, "conditionVersion": { @@ -730,6 +744,154 @@ } }, "nullable": true + }, + "ipConfigurationsType": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the resource that is unique within a resource group." + } + }, + "properties": { + "type": "object", + "properties": { + "groupId": { + "type": "string", + "metadata": { + "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to." + } + }, + "memberName": { + "type": "string", + "metadata": { + "description": "Required. The member name of a group obtained from the remote resource that this private endpoint should connect to." + } + }, + "privateIPAddress": { + "type": "string", + "metadata": { + "description": "Required. A private IP address obtained from the private endpoint's subnet." + } + } + }, + "metadata": { + "description": "Required. Properties of private endpoint IP configurations." + } + } + } + }, + "nullable": true + }, + "manualPrivateLinkServiceConnectionsType": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the private link service connection." + } + }, + "properties": { + "type": "object", + "properties": { + "groupIds": { + "type": "array", + "metadata": { + "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to." + } + }, + "privateLinkServiceId": { + "type": "string", + "metadata": { + "description": "Required. The resource id of private link service." + } + }, + "requestMessage": { + "type": "string", + "metadata": { + "description": "Optional. A message passed to the owner of the remote resource with this connection request. Restricted to 140 chars." + } + } + }, + "metadata": { + "description": "Required. Properties of private link service connection." + } + } + } + }, + "nullable": true + }, + "privateLinkServiceConnectionsType": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the private link service connection." + } + }, + "properties": { + "type": "object", + "properties": { + "groupIds": { + "type": "array", + "metadata": { + "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to." + } + }, + "privateLinkServiceId": { + "type": "string", + "metadata": { + "description": "Required. The resource id of private link service." + } + }, + "requestMessage": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. A message passed to the owner of the remote resource with this connection request. Restricted to 140 chars." + } + } + }, + "metadata": { + "description": "Required. Properties of private link service connection." + } + } + } + }, + "nullable": true + }, + "customDnsConfigType": { + "type": "array", + "items": { + "type": "object", + "properties": { + "fqdn": { + "type": "string", + "metadata": { + "description": "Required. Fqdn that resolves to private endpoint IP address." + } + }, + "ipAddresses": { + "type": "array", + "items": { + "type": "string" + }, + "metadata": { + "description": "Required. A list of private IP addresses of the private endpoint." + } + } + } + }, + "nullable": true } }, "parameters": { @@ -745,12 +907,6 @@ "description": "Required. Resource ID of the subnet where the endpoint needs to be created." } }, - "serviceResourceId": { - "type": "string", - "metadata": { - "description": "Required. Resource ID of the resource that needs to be connected to the network." - } - }, "applicationSecurityGroupResourceIds": { "type": "array", "nullable": true, @@ -766,18 +922,11 @@ } }, "ipConfigurations": { - "type": "array", - "nullable": true, + "$ref": "#/definitions/ipConfigurationsType", "metadata": { "description": "Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints." } }, - "groupIds": { - "type": "array", - "metadata": { - "description": "Required. Subtype(s) of the connection to be created. The allowed values depend on the type serviceResourceId refers to." - } - }, "privateDnsZoneGroupName": { "type": "string", "nullable": true, @@ -808,7 +957,7 @@ "roleAssignments": { "$ref": "#/definitions/roleAssignmentType", "metadata": { - "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + "description": "Optional. Array of role assignments to create." } }, "tags": { @@ -819,17 +968,21 @@ } }, "customDnsConfigs": { - "type": "array", - "nullable": true, + "$ref": "#/definitions/customDnsConfigType", "metadata": { "description": "Optional. Custom DNS configurations." } }, "manualPrivateLinkServiceConnections": { - "type": "array", - "nullable": true, + "$ref": "#/definitions/manualPrivateLinkServiceConnectionsType", + "metadata": { + "description": "Optional. A grouping of information about the connection to the remote resource. Used when the network admin does not have access to approve connections to the remote resource." + } + }, + "privateLinkServiceConnections": { + "$ref": "#/definitions/privateLinkServiceConnectionsType", "metadata": { - "description": "Optional. Manual PrivateLink Service Connections." + "description": "Optional. A grouping of information about the connection to the remote resource." } }, "enableTelemetry": { @@ -859,7 +1012,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2023-07-01", - "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.1.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.4.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -895,15 +1048,7 @@ "customNetworkInterfaceName": "[coalesce(parameters('customNetworkInterfaceName'), '')]", "ipConfigurations": "[coalesce(parameters('ipConfigurations'), createArray())]", "manualPrivateLinkServiceConnections": "[coalesce(parameters('manualPrivateLinkServiceConnections'), createArray())]", - "privateLinkServiceConnections": [ - { - "name": "[parameters('name')]", - "properties": { - "privateLinkServiceId": "[parameters('serviceResourceId')]", - "groupIds": "[parameters('groupIds')]" - } - } - ], + "privateLinkServiceConnections": "[coalesce(parameters('privateLinkServiceConnections'), createArray())]", "subnet": { "id": "[parameters('subnetResourceId')]" } @@ -933,7 +1078,7 @@ "scope": "[format('Microsoft.Network/privateEndpoints/{0}', parameters('name'))]", "name": "[guid(resourceId('Microsoft.Network/privateEndpoints', parameters('name')), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId, coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]", "properties": { - "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName), variables('builtInRoleNames')[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName], coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]", + "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName), variables('builtInRoleNames')[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName], if(contains(coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName, '/providers/Microsoft.Authorization/roleDefinitions/'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)))]", "principalId": "[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId]", "description": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'description')]", "principalType": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'principalType')]", @@ -972,8 +1117,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1698104586574073002" + "version": "0.24.24.22086", + "templateHash": "9321937464667207030" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -1084,6 +1229,13 @@ "description": "The location the resource was deployed into." }, "value": "[reference('privateEndpoint', '2023-04-01', 'full').location]" + }, + "groupId": { + "type": "string", + "metadata": { + "description": "The group Id for the private endpoint Group." + }, + "value": "[if(not(empty(reference('privateEndpoint').manualPrivateLinkServiceConnections)), reference('privateEndpoint').manualPrivateLinkServiceConnections[0].properties.groupIds[0], reference('privateEndpoint').privateLinkServiceConnections[0].properties.groupIds[0])]" } } } diff --git a/avm/res/document-db/database-account/main.json b/avm/res/document-db/database-account/main.json index 0c94146f28..3a3f8d75a5 100644 --- a/avm/res/document-db/database-account/main.json +++ b/avm/res/document-db/database-account/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "8692130573137948509" + "version": "0.25.53.49325", + "templateHash": "6178968809986230954" }, "name": "DocumentDB Database Accounts", "description": "This module deploys a DocumentDB Database Account.", @@ -185,8 +185,9 @@ "manualConnectionRequestMessage": { "type": "string", "nullable": true, + "maxLength": 140, "metadata": { - "description": "Optional. A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars." + "description": "Optional. A message passed to the owner of the remote resource with the manual connection request." } }, "customDnsConfigs": { @@ -848,8 +849,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "6855947757310197808" + "version": "0.25.53.49325", + "templateHash": "3371007626132936503" }, "name": "DocumentDB Database Account SQL Databases", "description": "This module deploys a SQL Database in a CosmosDB Account.", @@ -963,8 +964,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "6680377134811820539" + "version": "0.25.53.49325", + "templateHash": "15407611441750959399" }, "name": "DocumentDB Database Account SQL Database Containers", "description": "This module deploys a SQL Database Container in a CosmosDB Account.", @@ -1203,8 +1204,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "5366984101532329712" + "version": "0.25.53.49325", + "templateHash": "5538920636867167805" }, "name": "DocumentDB Database Account MongoDB Databases", "description": "This module deploys a MongoDB Database within a CosmosDB Account.", @@ -1306,8 +1307,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "10065636031063619686" + "version": "0.25.53.49325", + "templateHash": "12727124123085683569" }, "name": "DocumentDB Database Account MongoDB Database Collections", "description": "This module deploys a MongoDB Database Collection.", @@ -1462,8 +1463,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "2617432375264179405" + "version": "0.25.53.49325", + "templateHash": "5227237801347888732" }, "name": "DocumentDB Database Account Gremlin Databases", "description": "This module deploys a Gremlin Database within a CosmosDB Account.", @@ -1566,8 +1567,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "14243370867444327055" + "version": "0.25.53.49325", + "templateHash": "4078462189838201163" }, "name": "DocumentDB Database Accounts Gremlin Databases Graphs", "description": "This module deploys a DocumentDB Database Accounts Gremlin Database Graph.", @@ -1771,8 +1772,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "2821141217598568122" + "version": "0.24.24.22086", + "templateHash": "2592884001616184297" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -1821,7 +1822,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." } }, "conditionVersion": { @@ -1899,7 +1900,7 @@ "privateIPAddress": { "type": "string", "metadata": { - "description": "Required. A private ip address obtained from the private endpoint's subnet." + "description": "Required. A private IP address obtained from the private endpoint's subnet." } } }, @@ -2002,7 +2003,7 @@ "fqdn": { "type": "string", "metadata": { - "description": "Required. Fqdn that resolves to private endpoint ip address." + "description": "Required. Fqdn that resolves to private endpoint IP address." } }, "ipAddresses": { @@ -2011,7 +2012,7 @@ "type": "string" }, "metadata": { - "description": "Required. A list of private ip addresses of the private endpoint." + "description": "Required. A list of private IP addresses of the private endpoint." } } } @@ -2137,7 +2138,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2023-07-01", - "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.3.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.4.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -2242,8 +2243,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18168683629401652671" + "version": "0.24.24.22086", + "templateHash": "9321937464667207030" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -2354,6 +2355,13 @@ "description": "The location the resource was deployed into." }, "value": "[reference('privateEndpoint', '2023-04-01', 'full').location]" + }, + "groupId": { + "type": "string", + "metadata": { + "description": "The group Id for the private endpoint Group." + }, + "value": "[if(not(empty(reference('privateEndpoint').manualPrivateLinkServiceConnections)), reference('privateEndpoint').manualPrivateLinkServiceConnections[0].properties.groupIds[0], reference('privateEndpoint').privateLinkServiceConnections[0].properties.groupIds[0])]" } } } diff --git a/avm/res/event-grid/domain/main.json b/avm/res/event-grid/domain/main.json index 6c5b06c183..b4afcc513a 100644 --- a/avm/res/event-grid/domain/main.json +++ b/avm/res/event-grid/domain/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "13095982235255644248" + "templateHash": "3048569417856427270" }, "name": "Event Grid Domains", "description": "This module deploys an Event Grid Domain.", @@ -150,7 +150,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The service (sub-) type to deploy the private endpoint for. For example \"vault\" or \"blob\"." + "description": "Optional. The subresource to deploy the private endpoint for. For example \"vault\", \"mysqlServer\" or \"dataFactory\"." } }, "subnetResourceId": { @@ -163,7 +163,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided." + "description": "Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided." } }, "privateDnsZoneResourceIds": { @@ -176,6 +176,21 @@ "description": "Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones." } }, + "isManualConnection": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. If Manual Private Link Connection is required." + } + }, + "manualConnectionRequestMessage": { + "type": "string", + "nullable": true, + "maxLength": 140, + "metadata": { + "description": "Optional. A message passed to the owner of the remote resource with the manual connection request." + } + }, "customDnsConfigs": { "type": "array", "items": { @@ -185,7 +200,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Required. Fqdn that resolves to private endpoint ip address." + "description": "Required. Fqdn that resolves to private endpoint IP address." } }, "ipAddresses": { @@ -194,7 +209,7 @@ "type": "string" }, "metadata": { - "description": "Required. A list of private ip addresses of the private endpoint." + "description": "Required. A list of private IP addresses of the private endpoint." } } } @@ -233,7 +248,7 @@ "privateIPAddress": { "type": "string", "metadata": { - "description": "Required. A private ip address obtained from the private endpoint's subnet." + "description": "Required. A private IP address obtained from the private endpoint's subnet." } } }, @@ -284,13 +299,6 @@ "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." } }, - "manualPrivateLinkServiceConnections": { - "type": "array", - "nullable": true, - "metadata": { - "description": "Optional. Manual PrivateLink Service Connections." - } - }, "enableTelemetry": { "type": "bool", "nullable": true, @@ -748,24 +756,30 @@ }, "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('{0}-domain-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "name": "[format('{0}-Domain-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { "scope": "inner" }, "mode": "Incremental", "parameters": { - "groupIds": { - "value": [ - "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'domain')]" - ] - }, "name": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.EventGrid/domains', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'domain'), copyIndex()))]" }, - "serviceResourceId": { - "value": "[resourceId('Microsoft.EventGrid/domains', parameters('name'))]" + "privateLinkServiceConnections": { + "value": [ + { + "name": "[parameters('name')]", + "properties": { + "privateLinkServiceId": "[resourceId('Microsoft.EventGrid/domains', parameters('name'))]", + "groupIds": [ + "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'domain')]" + ] + } + } + ] }, + "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.EventGrid/domains', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.EventGrid/domains', parameters('name')), 'groupIds', createArray(coalesce(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, 'domain')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, @@ -775,6 +789,9 @@ "lock": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'lock'), parameters('lock'))]" }, + "enableTelemetry": { + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'enableTelemetry'), parameters('enableTelemetry'))]" + }, "privateDnsZoneGroupName": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateDnsZoneGroupName')]" }, @@ -787,9 +804,6 @@ "tags": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'tags'), parameters('tags'))]" }, - "manualPrivateLinkServiceConnections": { - "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections')]" - }, "customDnsConfigs": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customDnsConfigs')]" }, @@ -801,9 +815,6 @@ }, "customNetworkInterfaceName": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customNetworkInterfaceName')]" - }, - "enableTelemetry": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'enableTelemetry'), parameters('enableTelemetry'))]" } }, "template": { @@ -813,8 +824,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13152465847704433697" + "version": "0.24.24.22086", + "templateHash": "2592884001616184297" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -829,7 +840,7 @@ "roleDefinitionIdOrName": { "type": "string", "metadata": { - "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead." + "description": "Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." } }, "principalId": { @@ -863,7 +874,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." } }, "conditionVersion": { @@ -911,6 +922,154 @@ } }, "nullable": true + }, + "ipConfigurationsType": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the resource that is unique within a resource group." + } + }, + "properties": { + "type": "object", + "properties": { + "groupId": { + "type": "string", + "metadata": { + "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to." + } + }, + "memberName": { + "type": "string", + "metadata": { + "description": "Required. The member name of a group obtained from the remote resource that this private endpoint should connect to." + } + }, + "privateIPAddress": { + "type": "string", + "metadata": { + "description": "Required. A private IP address obtained from the private endpoint's subnet." + } + } + }, + "metadata": { + "description": "Required. Properties of private endpoint IP configurations." + } + } + } + }, + "nullable": true + }, + "manualPrivateLinkServiceConnectionsType": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the private link service connection." + } + }, + "properties": { + "type": "object", + "properties": { + "groupIds": { + "type": "array", + "metadata": { + "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to." + } + }, + "privateLinkServiceId": { + "type": "string", + "metadata": { + "description": "Required. The resource id of private link service." + } + }, + "requestMessage": { + "type": "string", + "metadata": { + "description": "Optional. A message passed to the owner of the remote resource with this connection request. Restricted to 140 chars." + } + } + }, + "metadata": { + "description": "Required. Properties of private link service connection." + } + } + } + }, + "nullable": true + }, + "privateLinkServiceConnectionsType": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the private link service connection." + } + }, + "properties": { + "type": "object", + "properties": { + "groupIds": { + "type": "array", + "metadata": { + "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to." + } + }, + "privateLinkServiceId": { + "type": "string", + "metadata": { + "description": "Required. The resource id of private link service." + } + }, + "requestMessage": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. A message passed to the owner of the remote resource with this connection request. Restricted to 140 chars." + } + } + }, + "metadata": { + "description": "Required. Properties of private link service connection." + } + } + } + }, + "nullable": true + }, + "customDnsConfigType": { + "type": "array", + "items": { + "type": "object", + "properties": { + "fqdn": { + "type": "string", + "metadata": { + "description": "Required. Fqdn that resolves to private endpoint IP address." + } + }, + "ipAddresses": { + "type": "array", + "items": { + "type": "string" + }, + "metadata": { + "description": "Required. A list of private IP addresses of the private endpoint." + } + } + } + }, + "nullable": true } }, "parameters": { @@ -926,12 +1085,6 @@ "description": "Required. Resource ID of the subnet where the endpoint needs to be created." } }, - "serviceResourceId": { - "type": "string", - "metadata": { - "description": "Required. Resource ID of the resource that needs to be connected to the network." - } - }, "applicationSecurityGroupResourceIds": { "type": "array", "nullable": true, @@ -947,18 +1100,11 @@ } }, "ipConfigurations": { - "type": "array", - "nullable": true, + "$ref": "#/definitions/ipConfigurationsType", "metadata": { "description": "Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints." } }, - "groupIds": { - "type": "array", - "metadata": { - "description": "Required. Subtype(s) of the connection to be created. The allowed values depend on the type serviceResourceId refers to." - } - }, "privateDnsZoneGroupName": { "type": "string", "nullable": true, @@ -989,7 +1135,7 @@ "roleAssignments": { "$ref": "#/definitions/roleAssignmentType", "metadata": { - "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + "description": "Optional. Array of role assignments to create." } }, "tags": { @@ -1000,17 +1146,21 @@ } }, "customDnsConfigs": { - "type": "array", - "nullable": true, + "$ref": "#/definitions/customDnsConfigType", "metadata": { "description": "Optional. Custom DNS configurations." } }, "manualPrivateLinkServiceConnections": { - "type": "array", - "nullable": true, + "$ref": "#/definitions/manualPrivateLinkServiceConnectionsType", + "metadata": { + "description": "Optional. A grouping of information about the connection to the remote resource. Used when the network admin does not have access to approve connections to the remote resource." + } + }, + "privateLinkServiceConnections": { + "$ref": "#/definitions/privateLinkServiceConnectionsType", "metadata": { - "description": "Optional. Manual PrivateLink Service Connections." + "description": "Optional. A grouping of information about the connection to the remote resource." } }, "enableTelemetry": { @@ -1040,7 +1190,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2023-07-01", - "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.1.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.4.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -1076,15 +1226,7 @@ "customNetworkInterfaceName": "[coalesce(parameters('customNetworkInterfaceName'), '')]", "ipConfigurations": "[coalesce(parameters('ipConfigurations'), createArray())]", "manualPrivateLinkServiceConnections": "[coalesce(parameters('manualPrivateLinkServiceConnections'), createArray())]", - "privateLinkServiceConnections": [ - { - "name": "[parameters('name')]", - "properties": { - "privateLinkServiceId": "[parameters('serviceResourceId')]", - "groupIds": "[parameters('groupIds')]" - } - } - ], + "privateLinkServiceConnections": "[coalesce(parameters('privateLinkServiceConnections'), createArray())]", "subnet": { "id": "[parameters('subnetResourceId')]" } @@ -1114,7 +1256,7 @@ "scope": "[format('Microsoft.Network/privateEndpoints/{0}', parameters('name'))]", "name": "[guid(resourceId('Microsoft.Network/privateEndpoints', parameters('name')), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId, coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]", "properties": { - "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName), variables('builtInRoleNames')[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName], coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]", + "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName), variables('builtInRoleNames')[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName], if(contains(coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName, '/providers/Microsoft.Authorization/roleDefinitions/'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)))]", "principalId": "[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId]", "description": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'description')]", "principalType": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'principalType')]", @@ -1153,8 +1295,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1698104586574073002" + "version": "0.24.24.22086", + "templateHash": "9321937464667207030" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -1265,6 +1407,13 @@ "description": "The location the resource was deployed into." }, "value": "[reference('privateEndpoint', '2023-04-01', 'full').location]" + }, + "groupId": { + "type": "string", + "metadata": { + "description": "The group Id for the private endpoint Group." + }, + "value": "[if(not(empty(reference('privateEndpoint').manualPrivateLinkServiceConnections)), reference('privateEndpoint').manualPrivateLinkServiceConnections[0].properties.groupIds[0], reference('privateEndpoint').privateLinkServiceConnections[0].properties.groupIds[0])]" } } } diff --git a/avm/res/event-grid/topic/main.json b/avm/res/event-grid/topic/main.json index c3ef671cd3..7109fccf3c 100644 --- a/avm/res/event-grid/topic/main.json +++ b/avm/res/event-grid/topic/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "11641318899572418269" + "templateHash": "14522400974559779755" }, "name": "Event Grid Topics", "description": "This module deploys an Event Grid Topic.", @@ -150,7 +150,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The service (sub-) type to deploy the private endpoint for. For example \"vault\" or \"blob\"." + "description": "Optional. The subresource to deploy the private endpoint for. For example \"vault\", \"mysqlServer\" or \"dataFactory\"." } }, "subnetResourceId": { @@ -163,7 +163,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided." + "description": "Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided." } }, "privateDnsZoneResourceIds": { @@ -176,6 +176,21 @@ "description": "Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones." } }, + "isManualConnection": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. If Manual Private Link Connection is required." + } + }, + "manualConnectionRequestMessage": { + "type": "string", + "nullable": true, + "maxLength": 140, + "metadata": { + "description": "Optional. A message passed to the owner of the remote resource with the manual connection request." + } + }, "customDnsConfigs": { "type": "array", "items": { @@ -185,7 +200,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Required. Fqdn that resolves to private endpoint ip address." + "description": "Required. Fqdn that resolves to private endpoint IP address." } }, "ipAddresses": { @@ -194,7 +209,7 @@ "type": "string" }, "metadata": { - "description": "Required. A list of private ip addresses of the private endpoint." + "description": "Required. A list of private IP addresses of the private endpoint." } } } @@ -233,7 +248,7 @@ "privateIPAddress": { "type": "string", "metadata": { - "description": "Required. A private ip address obtained from the private endpoint's subnet." + "description": "Required. A private IP address obtained from the private endpoint's subnet." } } }, @@ -284,13 +299,6 @@ "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." } }, - "manualPrivateLinkServiceConnections": { - "type": "array", - "nullable": true, - "metadata": { - "description": "Optional. Manual PrivateLink Service Connections." - } - }, "enableTelemetry": { "type": "bool", "nullable": true, @@ -829,24 +837,30 @@ }, "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('{0}-topic-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "name": "[format('{0}-Topic-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { "scope": "inner" }, "mode": "Incremental", "parameters": { - "groupIds": { - "value": [ - "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'topic')]" - ] - }, "name": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.EventGrid/topics', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'topic'), copyIndex()))]" }, - "serviceResourceId": { - "value": "[resourceId('Microsoft.EventGrid/topics', parameters('name'))]" + "privateLinkServiceConnections": { + "value": [ + { + "name": "[parameters('name')]", + "properties": { + "privateLinkServiceId": "[resourceId('Microsoft.EventGrid/topics', parameters('name'))]", + "groupIds": [ + "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'topic')]" + ] + } + } + ] }, + "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.EventGrid/topics', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.EventGrid/topics', parameters('name')), 'groupIds', createArray(coalesce(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, 'topic')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, @@ -856,6 +870,9 @@ "lock": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'lock'), parameters('lock'))]" }, + "enableTelemetry": { + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'enableTelemetry'), parameters('enableTelemetry'))]" + }, "privateDnsZoneGroupName": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateDnsZoneGroupName')]" }, @@ -868,9 +885,6 @@ "tags": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'tags'), parameters('tags'))]" }, - "manualPrivateLinkServiceConnections": { - "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections')]" - }, "customDnsConfigs": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customDnsConfigs')]" }, @@ -882,9 +896,6 @@ }, "customNetworkInterfaceName": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customNetworkInterfaceName')]" - }, - "enableTelemetry": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'enableTelemetry'), parameters('enableTelemetry'))]" } }, "template": { @@ -894,8 +905,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13152465847704433697" + "version": "0.24.24.22086", + "templateHash": "2592884001616184297" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -910,7 +921,7 @@ "roleDefinitionIdOrName": { "type": "string", "metadata": { - "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead." + "description": "Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." } }, "principalId": { @@ -944,7 +955,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." } }, "conditionVersion": { @@ -992,6 +1003,154 @@ } }, "nullable": true + }, + "ipConfigurationsType": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the resource that is unique within a resource group." + } + }, + "properties": { + "type": "object", + "properties": { + "groupId": { + "type": "string", + "metadata": { + "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to." + } + }, + "memberName": { + "type": "string", + "metadata": { + "description": "Required. The member name of a group obtained from the remote resource that this private endpoint should connect to." + } + }, + "privateIPAddress": { + "type": "string", + "metadata": { + "description": "Required. A private IP address obtained from the private endpoint's subnet." + } + } + }, + "metadata": { + "description": "Required. Properties of private endpoint IP configurations." + } + } + } + }, + "nullable": true + }, + "manualPrivateLinkServiceConnectionsType": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the private link service connection." + } + }, + "properties": { + "type": "object", + "properties": { + "groupIds": { + "type": "array", + "metadata": { + "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to." + } + }, + "privateLinkServiceId": { + "type": "string", + "metadata": { + "description": "Required. The resource id of private link service." + } + }, + "requestMessage": { + "type": "string", + "metadata": { + "description": "Optional. A message passed to the owner of the remote resource with this connection request. Restricted to 140 chars." + } + } + }, + "metadata": { + "description": "Required. Properties of private link service connection." + } + } + } + }, + "nullable": true + }, + "privateLinkServiceConnectionsType": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the private link service connection." + } + }, + "properties": { + "type": "object", + "properties": { + "groupIds": { + "type": "array", + "metadata": { + "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to." + } + }, + "privateLinkServiceId": { + "type": "string", + "metadata": { + "description": "Required. The resource id of private link service." + } + }, + "requestMessage": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. A message passed to the owner of the remote resource with this connection request. Restricted to 140 chars." + } + } + }, + "metadata": { + "description": "Required. Properties of private link service connection." + } + } + } + }, + "nullable": true + }, + "customDnsConfigType": { + "type": "array", + "items": { + "type": "object", + "properties": { + "fqdn": { + "type": "string", + "metadata": { + "description": "Required. Fqdn that resolves to private endpoint IP address." + } + }, + "ipAddresses": { + "type": "array", + "items": { + "type": "string" + }, + "metadata": { + "description": "Required. A list of private IP addresses of the private endpoint." + } + } + } + }, + "nullable": true } }, "parameters": { @@ -1007,12 +1166,6 @@ "description": "Required. Resource ID of the subnet where the endpoint needs to be created." } }, - "serviceResourceId": { - "type": "string", - "metadata": { - "description": "Required. Resource ID of the resource that needs to be connected to the network." - } - }, "applicationSecurityGroupResourceIds": { "type": "array", "nullable": true, @@ -1028,18 +1181,11 @@ } }, "ipConfigurations": { - "type": "array", - "nullable": true, + "$ref": "#/definitions/ipConfigurationsType", "metadata": { "description": "Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints." } }, - "groupIds": { - "type": "array", - "metadata": { - "description": "Required. Subtype(s) of the connection to be created. The allowed values depend on the type serviceResourceId refers to." - } - }, "privateDnsZoneGroupName": { "type": "string", "nullable": true, @@ -1070,7 +1216,7 @@ "roleAssignments": { "$ref": "#/definitions/roleAssignmentType", "metadata": { - "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + "description": "Optional. Array of role assignments to create." } }, "tags": { @@ -1081,17 +1227,21 @@ } }, "customDnsConfigs": { - "type": "array", - "nullable": true, + "$ref": "#/definitions/customDnsConfigType", "metadata": { "description": "Optional. Custom DNS configurations." } }, "manualPrivateLinkServiceConnections": { - "type": "array", - "nullable": true, + "$ref": "#/definitions/manualPrivateLinkServiceConnectionsType", + "metadata": { + "description": "Optional. A grouping of information about the connection to the remote resource. Used when the network admin does not have access to approve connections to the remote resource." + } + }, + "privateLinkServiceConnections": { + "$ref": "#/definitions/privateLinkServiceConnectionsType", "metadata": { - "description": "Optional. Manual PrivateLink Service Connections." + "description": "Optional. A grouping of information about the connection to the remote resource." } }, "enableTelemetry": { @@ -1121,7 +1271,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2023-07-01", - "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.1.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.4.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -1157,15 +1307,7 @@ "customNetworkInterfaceName": "[coalesce(parameters('customNetworkInterfaceName'), '')]", "ipConfigurations": "[coalesce(parameters('ipConfigurations'), createArray())]", "manualPrivateLinkServiceConnections": "[coalesce(parameters('manualPrivateLinkServiceConnections'), createArray())]", - "privateLinkServiceConnections": [ - { - "name": "[parameters('name')]", - "properties": { - "privateLinkServiceId": "[parameters('serviceResourceId')]", - "groupIds": "[parameters('groupIds')]" - } - } - ], + "privateLinkServiceConnections": "[coalesce(parameters('privateLinkServiceConnections'), createArray())]", "subnet": { "id": "[parameters('subnetResourceId')]" } @@ -1195,7 +1337,7 @@ "scope": "[format('Microsoft.Network/privateEndpoints/{0}', parameters('name'))]", "name": "[guid(resourceId('Microsoft.Network/privateEndpoints', parameters('name')), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId, coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]", "properties": { - "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName), variables('builtInRoleNames')[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName], coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]", + "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName), variables('builtInRoleNames')[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName], if(contains(coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName, '/providers/Microsoft.Authorization/roleDefinitions/'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)))]", "principalId": "[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId]", "description": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'description')]", "principalType": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'principalType')]", @@ -1234,8 +1376,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1698104586574073002" + "version": "0.24.24.22086", + "templateHash": "9321937464667207030" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -1346,6 +1488,13 @@ "description": "The location the resource was deployed into." }, "value": "[reference('privateEndpoint', '2023-04-01', 'full').location]" + }, + "groupId": { + "type": "string", + "metadata": { + "description": "The group Id for the private endpoint Group." + }, + "value": "[if(not(empty(reference('privateEndpoint').manualPrivateLinkServiceConnections)), reference('privateEndpoint').manualPrivateLinkServiceConnections[0].properties.groupIds[0], reference('privateEndpoint').privateLinkServiceConnections[0].properties.groupIds[0])]" } } } diff --git a/avm/res/insights/private-link-scope/main.json b/avm/res/insights/private-link-scope/main.json index bb0d88d038..b134dd2728 100644 --- a/avm/res/insights/private-link-scope/main.json +++ b/avm/res/insights/private-link-scope/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "12578290654061226677" + "templateHash": "16450080141803062642" }, "name": "Azure Monitor Private Link Scopes", "description": "This module deploys an Azure Monitor Private Link Scope.", @@ -127,7 +127,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The service (sub-) type to deploy the private endpoint for. For example \"vault\" or \"blob\"." + "description": "Optional. The subresource to deploy the private endpoint for. For example \"vault\", \"mysqlServer\" or \"dataFactory\"." } }, "subnetResourceId": { @@ -140,7 +140,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided." + "description": "Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided." } }, "privateDnsZoneResourceIds": { @@ -153,6 +153,21 @@ "description": "Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones." } }, + "isManualConnection": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. If Manual Private Link Connection is required." + } + }, + "manualConnectionRequestMessage": { + "type": "string", + "nullable": true, + "maxLength": 140, + "metadata": { + "description": "Optional. A message passed to the owner of the remote resource with the manual connection request." + } + }, "customDnsConfigs": { "type": "array", "items": { @@ -162,7 +177,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Required. Fqdn that resolves to private endpoint ip address." + "description": "Required. Fqdn that resolves to private endpoint IP address." } }, "ipAddresses": { @@ -171,7 +186,7 @@ "type": "string" }, "metadata": { - "description": "Required. A list of private ip addresses of the private endpoint." + "description": "Required. A list of private IP addresses of the private endpoint." } } } @@ -210,7 +225,7 @@ "privateIPAddress": { "type": "string", "metadata": { - "description": "Required. A private ip address obtained from the private endpoint's subnet." + "description": "Required. A private IP address obtained from the private endpoint's subnet." } } }, @@ -261,13 +276,6 @@ "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." } }, - "manualPrivateLinkServiceConnections": { - "type": "array", - "nullable": true, - "metadata": { - "description": "Optional. Manual PrivateLink Service Connections." - } - }, "enableTelemetry": { "type": "bool", "nullable": true, @@ -624,6 +632,9 @@ }, "mode": "Incremental", "parameters": { + "name": { + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('microsoft.insights/privateLinkScopes', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'azuremonitor'), copyIndex()))]" + }, "privateLinkServiceConnections": { "value": [ { @@ -637,21 +648,19 @@ } ] }, - "name": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('microsoft.insights/privateLinkScopes', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'azuremonitor'), copyIndex()))]" - }, + "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('microsoft.insights/privateLinkScopes', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('microsoft.insights/privateLinkScopes', parameters('name')), 'groupIds', createArray(coalesce(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, 'azuremonitor')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, - "enableTelemetry": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'enableTelemetry'), parameters('enableTelemetry'))]" - }, "location": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'location'), reference(split(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location)]" }, "lock": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'lock'), parameters('lock'))]" }, + "enableTelemetry": { + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'enableTelemetry'), parameters('enableTelemetry'))]" + }, "privateDnsZoneGroupName": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateDnsZoneGroupName')]" }, @@ -664,9 +673,6 @@ "tags": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'tags'), parameters('tags'))]" }, - "manualPrivateLinkServiceConnections": { - "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections')]" - }, "customDnsConfigs": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customDnsConfigs')]" }, @@ -687,8 +693,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "2821141217598568122" + "version": "0.24.24.22086", + "templateHash": "2592884001616184297" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -737,7 +743,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." } }, "conditionVersion": { @@ -815,7 +821,7 @@ "privateIPAddress": { "type": "string", "metadata": { - "description": "Required. A private ip address obtained from the private endpoint's subnet." + "description": "Required. A private IP address obtained from the private endpoint's subnet." } } }, @@ -918,7 +924,7 @@ "fqdn": { "type": "string", "metadata": { - "description": "Required. Fqdn that resolves to private endpoint ip address." + "description": "Required. Fqdn that resolves to private endpoint IP address." } }, "ipAddresses": { @@ -927,7 +933,7 @@ "type": "string" }, "metadata": { - "description": "Required. A list of private ip addresses of the private endpoint." + "description": "Required. A list of private IP addresses of the private endpoint." } } } @@ -1053,7 +1059,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2023-07-01", - "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.3.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.4.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -1158,8 +1164,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18168683629401652671" + "version": "0.24.24.22086", + "templateHash": "9321937464667207030" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -1270,6 +1276,13 @@ "description": "The location the resource was deployed into." }, "value": "[reference('privateEndpoint', '2023-04-01', 'full').location]" + }, + "groupId": { + "type": "string", + "metadata": { + "description": "The group Id for the private endpoint Group." + }, + "value": "[if(not(empty(reference('privateEndpoint').manualPrivateLinkServiceConnections)), reference('privateEndpoint').manualPrivateLinkServiceConnections[0].properties.groupIds[0], reference('privateEndpoint').privateLinkServiceConnections[0].properties.groupIds[0])]" } } } diff --git a/avm/res/key-vault/vault/main.json b/avm/res/key-vault/vault/main.json index 2dc432b2e9..6597f9bf9e 100644 --- a/avm/res/key-vault/vault/main.json +++ b/avm/res/key-vault/vault/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "5160127432215154568" + "templateHash": "17079013752233330751" }, "name": "Key Vaults", "description": "This module deploys a Key Vault.", @@ -222,7 +222,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The service (sub-) type to deploy the private endpoint for. For example \"vault\" or \"blob\"." + "description": "Optional. The subresource to deploy the private endpoint for. For example \"vault\", \"mysqlServer\" or \"dataFactory\"." } }, "subnetResourceId": { @@ -248,6 +248,21 @@ "description": "Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones." } }, + "isManualConnection": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. If Manual Private Link Connection is required." + } + }, + "manualConnectionRequestMessage": { + "type": "string", + "nullable": true, + "maxLength": 140, + "metadata": { + "description": "Optional. A message passed to the owner of the remote resource with the manual connection request." + } + }, "customDnsConfigs": { "type": "array", "items": { @@ -356,13 +371,6 @@ "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." } }, - "manualPrivateLinkServiceConnections": { - "type": "array", - "nullable": true, - "metadata": { - "description": "Optional. Manual PrivateLink Service Connections." - } - }, "enableTelemetry": { "type": "bool", "nullable": true, @@ -1723,22 +1731,11 @@ }, "mode": "Incremental", "parameters": { - "privateLinkServiceConnections": { - "value": [ - { - "name": "[parameters('name')]", - "properties": { - "privateLinkServiceId": "[resourceId('Microsoft.KeyVault/vaults', parameters('name'))]", - "groupIds": [ - "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'vault')]" - ] - } - } - ] - }, "name": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.KeyVault/vaults', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'vault'), copyIndex()))]" + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.KeyVault/vaults', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex()))]" }, + "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.KeyVault/vaults', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.KeyVault/vaults', parameters('name')), 'groupIds', createArray(coalesce(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, 'vault')))))), createObject('value', null()))]", + "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.KeyVault/vaults', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.KeyVault/vaults', parameters('name')), 'groupIds', createArray(coalesce(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, 'vault')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, @@ -1763,9 +1760,6 @@ "tags": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'tags'), parameters('tags'))]" }, - "manualPrivateLinkServiceConnections": { - "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections')]" - }, "customDnsConfigs": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customDnsConfigs')]" }, @@ -1786,8 +1780,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "2821141217598568122" + "version": "0.24.24.22086", + "templateHash": "2592884001616184297" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -1836,7 +1830,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." } }, "conditionVersion": { @@ -1914,7 +1908,7 @@ "privateIPAddress": { "type": "string", "metadata": { - "description": "Required. A private ip address obtained from the private endpoint's subnet." + "description": "Required. A private IP address obtained from the private endpoint's subnet." } } }, @@ -2017,7 +2011,7 @@ "fqdn": { "type": "string", "metadata": { - "description": "Required. Fqdn that resolves to private endpoint ip address." + "description": "Required. Fqdn that resolves to private endpoint IP address." } }, "ipAddresses": { @@ -2026,7 +2020,7 @@ "type": "string" }, "metadata": { - "description": "Required. A list of private ip addresses of the private endpoint." + "description": "Required. A list of private IP addresses of the private endpoint." } } } @@ -2152,7 +2146,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2023-07-01", - "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.3.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.4.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -2257,8 +2251,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18168683629401652671" + "version": "0.24.24.22086", + "templateHash": "9321937464667207030" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -2369,6 +2363,13 @@ "description": "The location the resource was deployed into." }, "value": "[reference('privateEndpoint', '2023-04-01', 'full').location]" + }, + "groupId": { + "type": "string", + "metadata": { + "description": "The group Id for the private endpoint Group." + }, + "value": "[if(not(empty(reference('privateEndpoint').manualPrivateLinkServiceConnections)), reference('privateEndpoint').manualPrivateLinkServiceConnections[0].properties.groupIds[0], reference('privateEndpoint').privateLinkServiceConnections[0].properties.groupIds[0])]" } } } diff --git a/avm/res/search/search-service/main.json b/avm/res/search/search-service/main.json index 126db0c411..1bd72eeab1 100644 --- a/avm/res/search/search-service/main.json +++ b/avm/res/search/search-service/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "1009124214102909652" + "templateHash": "16955501416707998682" }, "name": "Search Services", "description": "This module deploys a Search Service.", @@ -140,7 +140,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The service (sub-) type to deploy the private endpoint for. For example \"vault\" or \"blob\"." + "description": "Optional. The subresource to deploy the private endpoint for. For example \"vault\", \"mysqlServer\" or \"dataFactory\"." } }, "subnetResourceId": { @@ -153,7 +153,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided." + "description": "Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided." } }, "privateDnsZoneResourceIds": { @@ -166,6 +166,21 @@ "description": "Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones." } }, + "isManualConnection": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. If Manual Private Link Connection is required." + } + }, + "manualConnectionRequestMessage": { + "type": "string", + "nullable": true, + "maxLength": 140, + "metadata": { + "description": "Optional. A message passed to the owner of the remote resource with the manual connection request." + } + }, "customDnsConfigs": { "type": "array", "items": { @@ -175,7 +190,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Required. Fqdn that resolves to private endpoint ip address." + "description": "Required. Fqdn that resolves to private endpoint IP address." } }, "ipAddresses": { @@ -184,7 +199,7 @@ "type": "string" }, "metadata": { - "description": "Required. A list of private ip addresses of the private endpoint." + "description": "Required. A list of private IP addresses of the private endpoint." } } } @@ -223,7 +238,7 @@ "privateIPAddress": { "type": "string", "metadata": { - "description": "Required. A private ip address obtained from the private endpoint's subnet." + "description": "Required. A private IP address obtained from the private endpoint's subnet." } } }, @@ -274,13 +289,6 @@ "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." } }, - "manualPrivateLinkServiceConnections": { - "type": "array", - "nullable": true, - "metadata": { - "description": "Optional. Manual PrivateLink Service Connections." - } - }, "enableTelemetry": { "type": "bool", "nullable": true, @@ -709,32 +717,24 @@ }, "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('{0}-searchService-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "name": "[format('{0}-SearchService-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { "scope": "inner" }, "mode": "Incremental", "parameters": { - "privateLinkServiceConnections": { - "value": [ - { - "name": "[parameters('name')]", - "properties": { - "privateLinkServiceId": "[resourceId('Microsoft.Search/searchServices', parameters('name'))]", - "groupIds": [ - "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'searchService')]" - ] - } - } - ] - }, "name": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.Search/searchServices', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'searchService'), copyIndex()))]" + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.Search/searchServices', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex()))]" }, + "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Search/searchServices', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Search/searchServices', parameters('name')), 'groupIds', createArray(coalesce(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, 'searchService')))))), createObject('value', null()))]", + "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Search/searchServices', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Search/searchServices', parameters('name')), 'groupIds', createArray(coalesce(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, 'searchService')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, + "enableTelemetry": { + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'enableTelemetry'), parameters('enableTelemetry'))]" + }, "location": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'location'), reference(split(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location)]" }, @@ -753,9 +753,6 @@ "tags": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'tags'), parameters('tags'))]" }, - "manualPrivateLinkServiceConnections": { - "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections')]" - }, "customDnsConfigs": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customDnsConfigs')]" }, @@ -767,9 +764,6 @@ }, "customNetworkInterfaceName": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customNetworkInterfaceName')]" - }, - "enableTelemetry": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'enableTelemetry'), parameters('enableTelemetry'))]" } }, "template": { @@ -779,8 +773,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "2821141217598568122" + "version": "0.24.24.22086", + "templateHash": "2592884001616184297" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -829,7 +823,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." } }, "conditionVersion": { @@ -907,7 +901,7 @@ "privateIPAddress": { "type": "string", "metadata": { - "description": "Required. A private ip address obtained from the private endpoint's subnet." + "description": "Required. A private IP address obtained from the private endpoint's subnet." } } }, @@ -1010,7 +1004,7 @@ "fqdn": { "type": "string", "metadata": { - "description": "Required. Fqdn that resolves to private endpoint ip address." + "description": "Required. Fqdn that resolves to private endpoint IP address." } }, "ipAddresses": { @@ -1019,7 +1013,7 @@ "type": "string" }, "metadata": { - "description": "Required. A list of private ip addresses of the private endpoint." + "description": "Required. A list of private IP addresses of the private endpoint." } } } @@ -1145,7 +1139,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2023-07-01", - "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.3.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.4.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -1250,8 +1244,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18168683629401652671" + "version": "0.24.24.22086", + "templateHash": "9321937464667207030" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -1362,6 +1356,13 @@ "description": "The location the resource was deployed into." }, "value": "[reference('privateEndpoint', '2023-04-01', 'full').location]" + }, + "groupId": { + "type": "string", + "metadata": { + "description": "The group Id for the private endpoint Group." + }, + "value": "[if(not(empty(reference('privateEndpoint').manualPrivateLinkServiceConnections)), reference('privateEndpoint').manualPrivateLinkServiceConnections[0].properties.groupIds[0], reference('privateEndpoint').privateLinkServiceConnections[0].properties.groupIds[0])]" } } } diff --git a/avm/res/service-bus/namespace/main.json b/avm/res/service-bus/namespace/main.json index eab333df99..1b3fd1c827 100644 --- a/avm/res/service-bus/namespace/main.json +++ b/avm/res/service-bus/namespace/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "16905316086455363065" + "templateHash": "8498919384397410551" }, "name": "Service Bus Namespaces", "description": "This module deploys a Service Bus Namespace.", @@ -150,7 +150,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The service (sub-) type to deploy the private endpoint for. For example \"vault\" or \"blob\"." + "description": "Optional. The subresource to deploy the private endpoint for. For example \"vault\", \"mysqlServer\" or \"dataFactory\"." } }, "subnetResourceId": { @@ -163,7 +163,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided." + "description": "Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided." } }, "privateDnsZoneResourceIds": { @@ -176,6 +176,21 @@ "description": "Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones." } }, + "isManualConnection": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. If Manual Private Link Connection is required." + } + }, + "manualConnectionRequestMessage": { + "type": "string", + "nullable": true, + "maxLength": 140, + "metadata": { + "description": "Optional. A message passed to the owner of the remote resource with the manual connection request." + } + }, "customDnsConfigs": { "type": "array", "items": { @@ -284,13 +299,6 @@ "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." } }, - "manualPrivateLinkServiceConnections": { - "type": "array", - "nullable": true, - "metadata": { - "description": "Optional. Manual PrivateLink Service Connections." - } - }, "enableTelemetry": { "type": "bool", "nullable": true, @@ -3385,29 +3393,18 @@ }, "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('{0}-serviceBusNamespace-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "name": "[format('{0}-ServiceBusNamespace-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { "scope": "inner" }, "mode": "Incremental", "parameters": { - "privateLinkServiceConnections": { - "value": [ - { - "name": "[parameters('name')]", - "properties": { - "privateLinkServiceId": "[resourceId('Microsoft.ServiceBus/namespaces', parameters('name'))]", - "groupIds": [ - "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'namespace')]" - ] - } - } - ] - }, "name": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.ServiceBus/namespaces', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'vault'), copyIndex()))]" + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.ServiceBus/namespaces', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex()))]" }, + "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.ServiceBus/namespaces', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.ServiceBus/namespaces', parameters('name')), 'groupIds', createArray(coalesce(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, 'namespace')))))), createObject('value', null()))]", + "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.ServiceBus/namespaces', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.ServiceBus/namespaces', parameters('name')), 'groupIds', createArray(coalesce(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, 'namespace')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, @@ -3432,9 +3429,6 @@ "tags": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'tags'), parameters('tags'))]" }, - "manualPrivateLinkServiceConnections": { - "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections')]" - }, "customDnsConfigs": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customDnsConfigs')]" }, @@ -3455,8 +3449,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "2821141217598568122" + "version": "0.24.24.22086", + "templateHash": "2592884001616184297" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -3505,7 +3499,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." } }, "conditionVersion": { @@ -3583,7 +3577,7 @@ "privateIPAddress": { "type": "string", "metadata": { - "description": "Required. A private ip address obtained from the private endpoint's subnet." + "description": "Required. A private IP address obtained from the private endpoint's subnet." } } }, @@ -3686,7 +3680,7 @@ "fqdn": { "type": "string", "metadata": { - "description": "Required. Fqdn that resolves to private endpoint ip address." + "description": "Required. Fqdn that resolves to private endpoint IP address." } }, "ipAddresses": { @@ -3695,7 +3689,7 @@ "type": "string" }, "metadata": { - "description": "Required. A list of private ip addresses of the private endpoint." + "description": "Required. A list of private IP addresses of the private endpoint." } } } @@ -3821,7 +3815,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2023-07-01", - "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.3.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.4.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -3926,8 +3920,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18168683629401652671" + "version": "0.24.24.22086", + "templateHash": "9321937464667207030" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -4038,6 +4032,13 @@ "description": "The location the resource was deployed into." }, "value": "[reference('privateEndpoint', '2023-04-01', 'full').location]" + }, + "groupId": { + "type": "string", + "metadata": { + "description": "The group Id for the private endpoint Group." + }, + "value": "[if(not(empty(reference('privateEndpoint').manualPrivateLinkServiceConnections)), reference('privateEndpoint').manualPrivateLinkServiceConnections[0].properties.groupIds[0], reference('privateEndpoint').privateLinkServiceConnections[0].properties.groupIds[0])]" } } } diff --git a/avm/res/sql/server/main.json b/avm/res/sql/server/main.json index 70407beb9e..f4f61eb4a5 100644 --- a/avm/res/sql/server/main.json +++ b/avm/res/sql/server/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "2223159689907478294" + "templateHash": "12730355516454932504" }, "name": "Azure SQL Servers", "description": "This module deploys an Azure SQL Server.", @@ -150,7 +150,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The service (sub-) type to deploy the private endpoint for. For example \"vault\" or \"blob\"." + "description": "Optional. The subresource to deploy the private endpoint for. For example \"vault\", \"mysqlServer\" or \"dataFactory\"." } }, "subnetResourceId": { @@ -176,6 +176,21 @@ "description": "Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones." } }, + "isManualConnection": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. If Manual Private Link Connection is required." + } + }, + "manualConnectionRequestMessage": { + "type": "string", + "nullable": true, + "maxLength": 140, + "metadata": { + "description": "Optional. A message passed to the owner of the remote resource with the manual connection request." + } + }, "customDnsConfigs": { "type": "array", "items": { @@ -284,13 +299,6 @@ "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." } }, - "manualPrivateLinkServiceConnections": { - "type": "array", - "nullable": true, - "metadata": { - "description": "Optional. Manual PrivateLink Service Connections." - } - }, "enableTelemetry": { "type": "bool", "nullable": true, @@ -1585,32 +1593,24 @@ }, "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('{0}-server-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "name": "[format('{0}-Server-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { "scope": "inner" }, "mode": "Incremental", "parameters": { - "privateLinkServiceConnections": { - "value": [ - { - "name": "[parameters('name')]", - "properties": { - "privateLinkServiceId": "[resourceId('Microsoft.Sql/servers', parameters('name'))]", - "groupIds": [ - "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'sqlServer')]" - ] - } - } - ] - }, "name": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.Sql/servers', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'sqlServer'), copyIndex()))]" + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.Sql/servers', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex()))]" }, + "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Sql/servers', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Sql/servers', parameters('name')), 'groupIds', createArray(coalesce(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, 'sqlServer')))))), createObject('value', null()))]", + "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Sql/servers', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Sql/servers', parameters('name')), 'groupIds', createArray(coalesce(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, 'sqlServer')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, + "enableTelemetry": { + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'enableTelemetry'), parameters('enableTelemetry'))]" + }, "location": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'location'), reference(split(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location)]" }, @@ -1629,9 +1629,6 @@ "tags": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'tags'), parameters('tags'))]" }, - "manualPrivateLinkServiceConnections": { - "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections')]" - }, "customDnsConfigs": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customDnsConfigs')]" }, @@ -1643,9 +1640,6 @@ }, "customNetworkInterfaceName": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customNetworkInterfaceName')]" - }, - "enableTelemetry": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'enableTelemetry'), parameters('enableTelemetry'))]" } }, "template": { @@ -1655,8 +1649,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "2821141217598568122" + "version": "0.24.24.22086", + "templateHash": "2592884001616184297" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -1705,7 +1699,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." } }, "conditionVersion": { @@ -1783,7 +1777,7 @@ "privateIPAddress": { "type": "string", "metadata": { - "description": "Required. A private ip address obtained from the private endpoint's subnet." + "description": "Required. A private IP address obtained from the private endpoint's subnet." } } }, @@ -1886,7 +1880,7 @@ "fqdn": { "type": "string", "metadata": { - "description": "Required. Fqdn that resolves to private endpoint ip address." + "description": "Required. Fqdn that resolves to private endpoint IP address." } }, "ipAddresses": { @@ -1895,7 +1889,7 @@ "type": "string" }, "metadata": { - "description": "Required. A list of private ip addresses of the private endpoint." + "description": "Required. A list of private IP addresses of the private endpoint." } } } @@ -2021,7 +2015,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2023-07-01", - "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.3.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.4.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -2126,8 +2120,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18168683629401652671" + "version": "0.24.24.22086", + "templateHash": "9321937464667207030" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -2238,6 +2232,13 @@ "description": "The location the resource was deployed into." }, "value": "[reference('privateEndpoint', '2023-04-01', 'full').location]" + }, + "groupId": { + "type": "string", + "metadata": { + "description": "The group Id for the private endpoint Group." + }, + "value": "[if(not(empty(reference('privateEndpoint').manualPrivateLinkServiceConnections)), reference('privateEndpoint').manualPrivateLinkServiceConnections[0].properties.groupIds[0], reference('privateEndpoint').privateLinkServiceConnections[0].properties.groupIds[0])]" } } } diff --git a/avm/res/storage/storage-account/main.json b/avm/res/storage/storage-account/main.json index 04600ad432..8553905226 100644 --- a/avm/res/storage/storage-account/main.json +++ b/avm/res/storage/storage-account/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "14648230293508240755" + "version": "0.25.53.49325", + "templateHash": "3367209446741600401" }, "name": "Storage Accounts", "description": "This module deploys a Storage Account.", @@ -237,8 +237,9 @@ "manualConnectionRequestMessage": { "type": "string", "nullable": true, + "maxLength": 140, "metadata": { - "description": "Optional. The name of the request message for manual approval." + "description": "Optional. A message passed to the owner of the remote resource with the manual connection request." } }, "customDnsConfigs": { @@ -1051,8 +1052,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "2821141217598568122" + "version": "0.24.24.22086", + "templateHash": "2592884001616184297" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -1101,7 +1102,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." } }, "conditionVersion": { @@ -1179,7 +1180,7 @@ "privateIPAddress": { "type": "string", "metadata": { - "description": "Required. A private ip address obtained from the private endpoint's subnet." + "description": "Required. A private IP address obtained from the private endpoint's subnet." } } }, @@ -1282,7 +1283,7 @@ "fqdn": { "type": "string", "metadata": { - "description": "Required. Fqdn that resolves to private endpoint ip address." + "description": "Required. Fqdn that resolves to private endpoint IP address." } }, "ipAddresses": { @@ -1291,7 +1292,7 @@ "type": "string" }, "metadata": { - "description": "Required. A list of private ip addresses of the private endpoint." + "description": "Required. A list of private IP addresses of the private endpoint." } } } @@ -1417,7 +1418,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2023-07-01", - "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.3.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.4.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -1522,8 +1523,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18168683629401652671" + "version": "0.24.24.22086", + "templateHash": "9321937464667207030" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -1634,6 +1635,13 @@ "description": "The location the resource was deployed into." }, "value": "[reference('privateEndpoint', '2023-04-01', 'full').location]" + }, + "groupId": { + "type": "string", + "metadata": { + "description": "The group Id for the private endpoint Group." + }, + "value": "[if(not(empty(reference('privateEndpoint').manualPrivateLinkServiceConnections)), reference('privateEndpoint').manualPrivateLinkServiceConnections[0].properties.groupIds[0], reference('privateEndpoint').privateLinkServiceConnections[0].properties.groupIds[0])]" } } } @@ -1666,8 +1674,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "17360500138014235250" + "version": "0.25.53.49325", + "templateHash": "774635646248081518" }, "name": "Storage Account Management Policies", "description": "This module deploys a Storage Account Management Policy.", @@ -1776,8 +1784,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "414567084253124464" + "version": "0.25.53.49325", + "templateHash": "17117452291389534361" }, "name": "Storage Account Local Users", "description": "This module deploys a Storage Account Local User, which is used for SFTP authentication.", @@ -1994,8 +2002,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "1171033307374205653" + "version": "0.25.53.49325", + "templateHash": "4746835745355709536" }, "name": "Storage Account blob Services", "description": "This module deploys a Storage Account Blob Service.", @@ -2392,8 +2400,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "1429761296615247722" + "version": "0.25.53.49325", + "templateHash": "11351273351916968732" }, "name": "Storage Account Blob Containers", "description": "This module deploys a Storage Account Blob Container.", @@ -2661,8 +2669,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "15441426428461937893" + "version": "0.25.53.49325", + "templateHash": "10329548264889228160" }, "name": "Storage Account Blob Container Immutability Policies", "description": "This module deploys a Storage Account Blob Container Immutability Policy.", @@ -2840,8 +2848,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "9233391743581137624" + "version": "0.25.53.49325", + "templateHash": "5288106279947156711" }, "name": "Storage Account File Share Services", "description": "This module deploys a Storage Account File Share Service.", @@ -3121,8 +3129,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "11243515252529303304" + "version": "0.25.53.49325", + "templateHash": "2026482374148202879" }, "name": "Storage Account File Shares", "description": "This module deploys a Storage Account File Share.", @@ -3321,8 +3329,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "17643632023108067837" + "version": "0.25.53.49325", + "templateHash": "15595600813016932186" } }, "parameters": { @@ -3590,8 +3598,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "10823351122551411657" + "version": "0.25.53.49325", + "templateHash": "14446905482734328346" }, "name": "Storage Account Queue Services", "description": "This module deploys a Storage Account Queue Service.", @@ -3835,8 +3843,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "11104056744955032379" + "version": "0.25.53.49325", + "templateHash": "12411465246702614738" }, "name": "Storage Account Queues", "description": "This module deploys a Storage Account Queue.", @@ -4092,8 +4100,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "2077261761360434847" + "version": "0.25.53.49325", + "templateHash": "14471460242481977546" }, "name": "Storage Account Table Services", "description": "This module deploys a Storage Account Table Service.", @@ -4334,8 +4342,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "981180809348713884" + "version": "0.25.53.49325", + "templateHash": "8824223095963877860" }, "name": "Storage Account Table", "description": "This module deploys a Storage Account Table.", diff --git a/avm/res/synapse/private-link-hub/main.json b/avm/res/synapse/private-link-hub/main.json index d6a37b5693..5c5fdadd7e 100644 --- a/avm/res/synapse/private-link-hub/main.json +++ b/avm/res/synapse/private-link-hub/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "17829030796536004082" + "templateHash": "11530149506711542411" }, "name": "Azure Synapse Analytics", "description": "This module deploys an Azure Synapse Analytics (Private Link Hub).", @@ -125,8 +125,9 @@ }, "service": { "type": "string", + "nullable": true, "metadata": { - "description": "Required. The service (sub-) type to deploy the private endpoint for. For example \"vault\" or \"blob\"." + "description": "Optional. The subresource to deploy the private endpoint for. For example \"vault\", \"mysqlServer\" or \"dataFactory\"." } }, "subnetResourceId": { @@ -139,7 +140,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided." + "description": "Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided." } }, "privateDnsZoneResourceIds": { @@ -152,6 +153,21 @@ "description": "Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones." } }, + "isManualConnection": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. If Manual Private Link Connection is required." + } + }, + "manualConnectionRequestMessage": { + "type": "string", + "nullable": true, + "maxLength": 140, + "metadata": { + "description": "Optional. A message passed to the owner of the remote resource with the manual connection request." + } + }, "customDnsConfigs": { "type": "array", "items": { @@ -161,7 +177,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Required. Fqdn that resolves to private endpoint ip address." + "description": "Required. Fqdn that resolves to private endpoint IP address." } }, "ipAddresses": { @@ -170,7 +186,7 @@ "type": "string" }, "metadata": { - "description": "Required. A list of private ip addresses of the private endpoint." + "description": "Required. A list of private IP addresses of the private endpoint." } } } @@ -209,7 +225,7 @@ "privateIPAddress": { "type": "string", "metadata": { - "description": "Required. A private ip address obtained from the private endpoint's subnet." + "description": "Required. A private IP address obtained from the private endpoint's subnet." } } }, @@ -260,13 +276,6 @@ "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." } }, - "manualPrivateLinkServiceConnections": { - "type": "array", - "nullable": true, - "metadata": { - "description": "Optional. Manual PrivateLink Service Connections." - } - }, "enableTelemetry": { "type": "bool", "nullable": true, @@ -406,32 +415,24 @@ }, "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('{0}-privateLinkHub-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "name": "[format('{0}-PrivateLinkHub-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { "scope": "inner" }, "mode": "Incremental", "parameters": { - "privateLinkServiceConnections": { - "value": [ - { - "name": "[parameters('name')]", - "properties": { - "privateLinkServiceId": "[resourceId('Microsoft.Synapse/privateLinkHubs', parameters('name'))]", - "groupIds": [ - "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'privateLinkHubs')]" - ] - } - } - ] - }, "name": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.Synapse/privateLinkHubs', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service), copyIndex()))]" + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.Synapse/privateLinkHubs', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex()))]" }, + "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Synapse/privateLinkHubs', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Synapse/privateLinkHubs', parameters('name')), 'groupIds', createArray(coalesce(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, 'privateLinkHubs')))))), createObject('value', null()))]", + "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Synapse/privateLinkHubs', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Synapse/privateLinkHubs', parameters('name')), 'groupIds', createArray(coalesce(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, 'privateLinkHubs')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, + "enableTelemetry": { + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'enableTelemetry'), parameters('enableTelemetry'))]" + }, "location": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'location'), reference(split(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location)]" }, @@ -450,9 +451,6 @@ "tags": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'tags'), parameters('tags'))]" }, - "manualPrivateLinkServiceConnections": { - "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections')]" - }, "customDnsConfigs": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customDnsConfigs')]" }, @@ -464,9 +462,6 @@ }, "customNetworkInterfaceName": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customNetworkInterfaceName')]" - }, - "enableTelemetry": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'enableTelemetry'), parameters('enableTelemetry'))]" } }, "template": { @@ -476,8 +471,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "2821141217598568122" + "version": "0.24.24.22086", + "templateHash": "2592884001616184297" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -526,7 +521,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." } }, "conditionVersion": { @@ -604,7 +599,7 @@ "privateIPAddress": { "type": "string", "metadata": { - "description": "Required. A private ip address obtained from the private endpoint's subnet." + "description": "Required. A private IP address obtained from the private endpoint's subnet." } } }, @@ -707,7 +702,7 @@ "fqdn": { "type": "string", "metadata": { - "description": "Required. Fqdn that resolves to private endpoint ip address." + "description": "Required. Fqdn that resolves to private endpoint IP address." } }, "ipAddresses": { @@ -716,7 +711,7 @@ "type": "string" }, "metadata": { - "description": "Required. A list of private ip addresses of the private endpoint." + "description": "Required. A list of private IP addresses of the private endpoint." } } } @@ -842,7 +837,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2023-07-01", - "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.3.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.4.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -947,8 +942,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18168683629401652671" + "version": "0.24.24.22086", + "templateHash": "9321937464667207030" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -1059,6 +1054,13 @@ "description": "The location the resource was deployed into." }, "value": "[reference('privateEndpoint', '2023-04-01', 'full').location]" + }, + "groupId": { + "type": "string", + "metadata": { + "description": "The group Id for the private endpoint Group." + }, + "value": "[if(not(empty(reference('privateEndpoint').manualPrivateLinkServiceConnections)), reference('privateEndpoint').manualPrivateLinkServiceConnections[0].properties.groupIds[0], reference('privateEndpoint').privateLinkServiceConnections[0].properties.groupIds[0])]" } } } diff --git a/avm/res/synapse/workspace/main.json b/avm/res/synapse/workspace/main.json index c5d4473836..142dc8c71d 100644 --- a/avm/res/synapse/workspace/main.json +++ b/avm/res/synapse/workspace/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "7944657056081864299" + "version": "0.25.53.49325", + "templateHash": "12361616235413083464" }, "name": "Synapse Workspaces", "description": "This module deploys a Synapse Workspace.", @@ -177,8 +177,9 @@ "manualConnectionRequestMessage": { "type": "string", "nullable": true, + "maxLength": 140, "metadata": { - "description": "Optional. A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars." + "description": "Optional. A message passed to the owner of the remote resource with the manual connection request." } }, "customDnsConfigs": { @@ -796,8 +797,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "5925144887906209420" + "version": "0.25.53.49325", + "templateHash": "7739107907804712060" }, "name": "Synapse Workspace Integration Runtimes", "description": "This module deploys a Synapse Workspace Integration Runtime.", @@ -894,8 +895,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "17058954208193213785" + "version": "0.25.53.49325", + "templateHash": "16862202180408198277" } }, "parameters": { @@ -982,8 +983,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "15811131631744837887" + "version": "0.25.53.49325", + "templateHash": "2498604793784722860" }, "name": "Synapse Workspaces Keys", "description": "This module deploys a Synapse Workspaces Key.", @@ -1120,8 +1121,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "2821141217598568122" + "version": "0.24.24.22086", + "templateHash": "2592884001616184297" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -1170,7 +1171,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." } }, "conditionVersion": { @@ -1248,7 +1249,7 @@ "privateIPAddress": { "type": "string", "metadata": { - "description": "Required. A private ip address obtained from the private endpoint's subnet." + "description": "Required. A private IP address obtained from the private endpoint's subnet." } } }, @@ -1351,7 +1352,7 @@ "fqdn": { "type": "string", "metadata": { - "description": "Required. Fqdn that resolves to private endpoint ip address." + "description": "Required. Fqdn that resolves to private endpoint IP address." } }, "ipAddresses": { @@ -1360,7 +1361,7 @@ "type": "string" }, "metadata": { - "description": "Required. A list of private ip addresses of the private endpoint." + "description": "Required. A list of private IP addresses of the private endpoint." } } } @@ -1486,7 +1487,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2023-07-01", - "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.3.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.4.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -1591,8 +1592,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18168683629401652671" + "version": "0.24.24.22086", + "templateHash": "9321937464667207030" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -1703,6 +1704,13 @@ "description": "The location the resource was deployed into." }, "value": "[reference('privateEndpoint', '2023-04-01', 'full').location]" + }, + "groupId": { + "type": "string", + "metadata": { + "description": "The group Id for the private endpoint Group." + }, + "value": "[if(not(empty(reference('privateEndpoint').manualPrivateLinkServiceConnections)), reference('privateEndpoint').manualPrivateLinkServiceConnections[0].properties.groupIds[0], reference('privateEndpoint').privateLinkServiceConnections[0].properties.groupIds[0])]" } } } diff --git a/avm/res/web/site/main.json b/avm/res/web/site/main.json index 500663e7fb..1612504cb0 100644 --- a/avm/res/web/site/main.json +++ b/avm/res/web/site/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "15412423005625899099" + "templateHash": "11321679505113447554" }, "name": "Web/Function Apps", "description": "This module deploys a Web or Function App.", @@ -150,7 +150,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The service (sub-) type to deploy the private endpoint for. For example \"vault\" or \"blob\"." + "description": "Optional. The subresource to deploy the private endpoint for. For example \"vault\", \"mysqlServer\" or \"dataFactory\"." } }, "subnetResourceId": { @@ -163,7 +163,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided." + "description": "Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided." } }, "privateDnsZoneResourceIds": { @@ -176,6 +176,21 @@ "description": "Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones." } }, + "isManualConnection": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. If Manual Private Link Connection is required." + } + }, + "manualConnectionRequestMessage": { + "type": "string", + "nullable": true, + "maxLength": 140, + "metadata": { + "description": "Optional. A message passed to the owner of the remote resource with the manual connection request." + } + }, "customDnsConfigs": { "type": "array", "items": { @@ -185,7 +200,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Required. Fqdn that resolves to private endpoint ip address." + "description": "Required. Fqdn that resolves to private endpoint IP address." } }, "ipAddresses": { @@ -194,7 +209,7 @@ "type": "string" }, "metadata": { - "description": "Required. A list of private ip addresses of the private endpoint." + "description": "Required. A list of private IP addresses of the private endpoint." } } } @@ -233,7 +248,7 @@ "privateIPAddress": { "type": "string", "metadata": { - "description": "Required. A private ip address obtained from the private endpoint's subnet." + "description": "Required. A private IP address obtained from the private endpoint's subnet." } } }, @@ -284,13 +299,6 @@ "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." } }, - "manualPrivateLinkServiceConnections": { - "type": "array", - "nullable": true, - "metadata": { - "description": "Optional. Manual PrivateLink Service Connections." - } - }, "enableTelemetry": { "type": "bool", "nullable": true, @@ -1288,7 +1296,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "12905465301950647404" + "templateHash": "153313484532541481" }, "name": "Web/Function App Deployment Slots", "description": "This module deploys a Web or Function App Deployment Slot.", @@ -1432,7 +1440,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The service (sub-) type to deploy the private endpoint for. For example \"vault\" or \"blob\"." + "description": "Optional. The subresource to deploy the private endpoint for. For example \"vault\", \"mysqlServer\" or \"dataFactory\"." } }, "subnetResourceId": { @@ -1445,7 +1453,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided." + "description": "Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided." } }, "privateDnsZoneResourceIds": { @@ -1458,6 +1466,21 @@ "description": "Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones." } }, + "isManualConnection": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. If Manual Private Link Connection is required." + } + }, + "manualConnectionRequestMessage": { + "type": "string", + "nullable": true, + "maxLength": 140, + "metadata": { + "description": "Optional. A message passed to the owner of the remote resource with the manual connection request." + } + }, "customDnsConfigs": { "type": "array", "items": { @@ -1467,7 +1490,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Required. Fqdn that resolves to private endpoint ip address." + "description": "Required. Fqdn that resolves to private endpoint IP address." } }, "ipAddresses": { @@ -1476,7 +1499,7 @@ "type": "string" }, "metadata": { - "description": "Required. A list of private ip addresses of the private endpoint." + "description": "Required. A list of private IP addresses of the private endpoint." } } } @@ -1515,7 +1538,7 @@ "privateIPAddress": { "type": "string", "metadata": { - "description": "Required. A private ip address obtained from the private endpoint's subnet." + "description": "Required. A private IP address obtained from the private endpoint's subnet." } } }, @@ -1566,13 +1589,6 @@ "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." } }, - "manualPrivateLinkServiceConnections": { - "type": "array", - "nullable": true, - "metadata": { - "description": "Optional. Manual PrivateLink Service Connections." - } - }, "enableTelemetry": { "type": "bool", "nullable": true, @@ -2689,22 +2705,11 @@ }, "mode": "Incremental", "parameters": { - "privateLinkServiceConnections": { - "value": [ - { - "name": "[parameters('name')]", - "properties": { - "privateLinkServiceId": "[resourceId('Microsoft.Web/sites', parameters('appName'))]", - "groupIds": [ - "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), format('sites-{0}', parameters('name')))]" - ] - } - } - ] - }, "name": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}-{3}', last(split(resourceId('Microsoft.Web/sites', parameters('appName')), '/')), parameters('name'), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'sites'), copyIndex()))]" }, + "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/sites', parameters('appName')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Web/sites', parameters('appName')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), format('sites-{0}', parameters('name')))))))), createObject('value', null()))]", + "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/sites', parameters('appName')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Web/sites', parameters('appName')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), format('sites-{0}', parameters('name')))), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, @@ -2729,9 +2734,6 @@ "tags": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'tags'), parameters('tags'))]" }, - "manualPrivateLinkServiceConnections": { - "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections')]" - }, "customDnsConfigs": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customDnsConfigs')]" }, @@ -2752,8 +2754,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "2821141217598568122" + "version": "0.24.24.22086", + "templateHash": "2592884001616184297" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -2802,7 +2804,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." } }, "conditionVersion": { @@ -3118,7 +3120,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2023-07-01", - "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.3.2', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.4.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -3223,8 +3225,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18168683629401652671" + "version": "0.24.24.22086", + "templateHash": "9321937464667207030" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -3335,6 +3337,13 @@ "description": "The location the resource was deployed into." }, "value": "[reference('privateEndpoint', '2023-04-01', 'full').location]" + }, + "groupId": { + "type": "string", + "metadata": { + "description": "The group Id for the private endpoint Group." + }, + "value": "[if(not(empty(reference('privateEndpoint').manualPrivateLinkServiceConnections)), reference('privateEndpoint').manualPrivateLinkServiceConnections[0].properties.groupIds[0], reference('privateEndpoint').privateLinkServiceConnections[0].properties.groupIds[0])]" } } } @@ -3618,29 +3627,18 @@ }, "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('{0}-app-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "name": "[format('{0}-App-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { "scope": "inner" }, "mode": "Incremental", "parameters": { - "privateLinkServiceConnections": { - "value": [ - { - "name": "[parameters('name')]", - "properties": { - "privateLinkServiceId": "[resourceId('Microsoft.Web/sites', parameters('name'))]", - "groupIds": [ - "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'sites')]" - ] - } - } - ] - }, "name": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/sites', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'sites'), copyIndex()))]" + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/sites', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex()))]" }, + "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/sites', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Web/sites', parameters('name')), 'groupIds', createArray(coalesce(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, 'sites')))))), createObject('value', null()))]", + "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/sites', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Web/sites', parameters('name')), 'groupIds', createArray(coalesce(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, 'sites')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, @@ -3665,9 +3663,6 @@ "tags": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'tags'), parameters('tags'))]" }, - "manualPrivateLinkServiceConnections": { - "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections')]" - }, "customDnsConfigs": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customDnsConfigs')]" }, @@ -3688,8 +3683,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "2821141217598568122" + "version": "0.24.24.22086", + "templateHash": "2592884001616184297" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -3738,7 +3733,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." } }, "conditionVersion": { @@ -4054,7 +4049,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2023-07-01", - "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.3.2', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.4.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -4159,8 +4154,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18168683629401652671" + "version": "0.24.24.22086", + "templateHash": "9321937464667207030" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -4271,6 +4266,13 @@ "description": "The location the resource was deployed into." }, "value": "[reference('privateEndpoint', '2023-04-01', 'full').location]" + }, + "groupId": { + "type": "string", + "metadata": { + "description": "The group Id for the private endpoint Group." + }, + "value": "[if(not(empty(reference('privateEndpoint').manualPrivateLinkServiceConnections)), reference('privateEndpoint').manualPrivateLinkServiceConnections[0].properties.groupIds[0], reference('privateEndpoint').privateLinkServiceConnections[0].properties.groupIds[0])]" } } } diff --git a/avm/res/web/static-site/main.json b/avm/res/web/static-site/main.json index bd76acc54e..f0084bdb23 100644 --- a/avm/res/web/static-site/main.json +++ b/avm/res/web/static-site/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "6139621116295404519" + "templateHash": "12380932113650006196" }, "name": "Static Web Apps", "description": "This module deploys a Static Web App.", @@ -150,7 +150,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The service (sub-) type to deploy the private endpoint for. For example \"vault\" or \"blob\"." + "description": "Optional. The subresource to deploy the private endpoint for. For example \"vault\", \"mysqlServer\" or \"dataFactory\"." } }, "subnetResourceId": { @@ -163,7 +163,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided." + "description": "Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided." } }, "privateDnsZoneResourceIds": { @@ -176,6 +176,21 @@ "description": "Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones." } }, + "isManualConnection": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. If Manual Private Link Connection is required." + } + }, + "manualConnectionRequestMessage": { + "type": "string", + "nullable": true, + "maxLength": 140, + "metadata": { + "description": "Optional. A message passed to the owner of the remote resource with the manual connection request." + } + }, "customDnsConfigs": { "type": "array", "items": { @@ -185,7 +200,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Required. Fqdn that resolves to private endpoint ip address." + "description": "Required. Fqdn that resolves to private endpoint IP address." } }, "ipAddresses": { @@ -194,7 +209,7 @@ "type": "string" }, "metadata": { - "description": "Required. A list of private ip addresses of the private endpoint." + "description": "Required. A list of private IP addresses of the private endpoint." } } } @@ -233,7 +248,7 @@ "privateIPAddress": { "type": "string", "metadata": { - "description": "Required. A private ip address obtained from the private endpoint's subnet." + "description": "Required. A private IP address obtained from the private endpoint's subnet." } } }, @@ -284,13 +299,6 @@ "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." } }, - "manualPrivateLinkServiceConnections": { - "type": "array", - "nullable": true, - "metadata": { - "description": "Optional. Manual PrivateLink Service Connections." - } - }, "enableTelemetry": { "type": "bool", "nullable": true, @@ -955,29 +963,18 @@ }, "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('{0}-staticSite-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "name": "[format('{0}-StaticSite-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { "scope": "inner" }, "mode": "Incremental", "parameters": { - "privateLinkServiceConnections": { - "value": [ - { - "name": "[parameters('name')]", - "properties": { - "privateLinkServiceId": "[resourceId('Microsoft.Web/staticSites', parameters('name'))]", - "groupIds": [ - "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'staticSites')]" - ] - } - } - ] - }, "name": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/staticSites', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'staticSites'), copyIndex()))]" + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/staticSites', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex()))]" }, + "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/staticSites', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Web/staticSites', parameters('name')), 'groupIds', createArray(coalesce(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, 'staticSites')))))), createObject('value', null()))]", + "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/staticSites', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Web/staticSites', parameters('name')), 'groupIds', createArray(coalesce(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, 'staticSites')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, @@ -1002,9 +999,6 @@ "tags": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'tags'), parameters('tags'))]" }, - "manualPrivateLinkServiceConnections": { - "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections')]" - }, "customDnsConfigs": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customDnsConfigs')]" }, @@ -1025,8 +1019,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "2821141217598568122" + "version": "0.24.24.22086", + "templateHash": "2592884001616184297" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -1075,7 +1069,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." } }, "conditionVersion": { @@ -1153,7 +1147,7 @@ "privateIPAddress": { "type": "string", "metadata": { - "description": "Required. A private ip address obtained from the private endpoint's subnet." + "description": "Required. A private IP address obtained from the private endpoint's subnet." } } }, @@ -1256,7 +1250,7 @@ "fqdn": { "type": "string", "metadata": { - "description": "Required. Fqdn that resolves to private endpoint ip address." + "description": "Required. Fqdn that resolves to private endpoint IP address." } }, "ipAddresses": { @@ -1265,7 +1259,7 @@ "type": "string" }, "metadata": { - "description": "Required. A list of private ip addresses of the private endpoint." + "description": "Required. A list of private IP addresses of the private endpoint." } } } @@ -1391,7 +1385,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2023-07-01", - "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.3.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.4.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -1496,8 +1490,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18168683629401652671" + "version": "0.24.24.22086", + "templateHash": "9321937464667207030" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -1608,6 +1602,13 @@ "description": "The location the resource was deployed into." }, "value": "[reference('privateEndpoint', '2023-04-01', 'full').location]" + }, + "groupId": { + "type": "string", + "metadata": { + "description": "The group Id for the private endpoint Group." + }, + "value": "[if(not(empty(reference('privateEndpoint').manualPrivateLinkServiceConnections)), reference('privateEndpoint').manualPrivateLinkServiceConnections[0].properties.groupIds[0], reference('privateEndpoint').privateLinkServiceConnections[0].properties.groupIds[0])]" } } } From 7989ce09896485507a6b3458aef699c23d13706d Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sun, 25 Feb 2024 12:03:12 +0100 Subject: [PATCH 07/29] Update to latest --- .../automation/automation-account/README.md | 6 +- avm/res/batch/batch-account/README.md | 6 +- avm/res/cache/redis/README.md | 34 ++- avm/res/cognitive-services/account/README.md | 34 ++- avm/res/container-registry/registry/README.md | 127 +++------ avm/res/data-factory/factory/README.md | 54 ++-- avm/res/databricks/workspace/README.md | 6 +- .../host-pool/README.md | 109 ++------ .../workspace/README.md | 247 ++---------------- .../document-db/database-account/README.md | 50 +++- avm/res/event-grid/domain/README.md | 145 +++------- avm/res/event-grid/topic/README.md | 145 +++------- avm/res/insights/private-link-scope/README.md | 50 ++-- avm/res/key-vault/vault/README.md | 183 ++----------- avm/res/search/search-service/README.md | 50 ++-- avm/res/service-bus/namespace/README.md | 183 +++---------- avm/res/sql/server/README.md | 181 +++---------- avm/res/storage/storage-account/README.md | 6 +- avm/res/synapse/private-link-hub/README.md | 64 +++-- avm/res/synapse/workspace/README.md | 6 +- avm/res/web/site/README.md | 62 +++-- avm/res/web/static-site/README.md | 50 ++-- 22 files changed, 594 insertions(+), 1204 deletions(-) diff --git a/avm/res/automation/automation-account/README.md b/avm/res/automation/automation-account/README.md index 89cd146346..3951118bca 100644 --- a/avm/res/automation/automation-account/README.md +++ b/avm/res/automation/automation-account/README.md @@ -1435,7 +1435,7 @@ Configuration details for private endpoints. For security reasons, it is recomme | [`isManualConnection`](#parameter-privateendpointsismanualconnection) | bool | If Manual Private Link Connection is required. | | [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | | [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | -| [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars. | +| [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | A message passed to the owner of the remote resource with the manual connection request. | | [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | | [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | | [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | @@ -1614,7 +1614,7 @@ Specify the name of lock. ### Parameter: `privateEndpoints.manualConnectionRequestMessage` -A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars. +A message passed to the owner of the remote resource with the manual connection request. - Required: No - Type: string @@ -1913,7 +1913,7 @@ This section gives you an overview of all local-referenced module files (i.e., o | Reference | Type | | :-- | :-- | | `res/operational-insights/workspace/linked-service` | Local reference | -| `br/public:avm/res/network/private-endpoint:0.3.1` | Remote reference | +| `br/public:avm/res/network/private-endpoint:0.4.0` | Remote reference | | `br/public:avm/res/operations-management/solution:0.1.0` | Remote reference | ## Data Collection diff --git a/avm/res/batch/batch-account/README.md b/avm/res/batch/batch-account/README.md index b7db1151a3..696eaef654 100644 --- a/avm/res/batch/batch-account/README.md +++ b/avm/res/batch/batch-account/README.md @@ -1065,7 +1065,7 @@ Configuration details for private endpoints. For security reasons, it is recomme | [`isManualConnection`](#parameter-privateendpointsismanualconnection) | bool | If Manual Private Link Connection is required. | | [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | | [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | -| [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars. | +| [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | A message passed to the owner of the remote resource with the manual connection request. | | [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | | [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. | | [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | @@ -1244,7 +1244,7 @@ Specify the name of lock. ### Parameter: `privateEndpoints.manualConnectionRequestMessage` -A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars. +A message passed to the owner of the remote resource with the manual connection request. - Required: No - Type: string @@ -1517,7 +1517,7 @@ This section gives you an overview of all local-referenced module files (i.e., o | Reference | Type | | :-- | :-- | -| `br/public:avm/res/network/private-endpoint:0.3.1` | Remote reference | +| `br/public:avm/res/network/private-endpoint:0.4.0` | Remote reference | ## Data Collection diff --git a/avm/res/cache/redis/README.md b/avm/res/cache/redis/README.md index 1b8ef80cda..11b99c963d 100644 --- a/avm/res/cache/redis/README.md +++ b/avm/res/cache/redis/README.md @@ -156,6 +156,12 @@ module redis 'br/public:avm/res/cache/redis:' = { Role: 'DeploymentValidation' } } + { + privateDnsZoneResourceIds: [ + '' + ] + subnetResourceId: '' + } ] redisVersion: '6' roleAssignments: [ @@ -278,6 +284,12 @@ module redis 'br/public:avm/res/cache/redis:' = { "hidden-title": "This is visible in the resource name", "Role": "DeploymentValidation" } + }, + { + "privateDnsZoneResourceIds": [ + "" + ], + "subnetResourceId": "" } ] }, @@ -839,14 +851,15 @@ Configuration details for private endpoints. For security reasons, it is recomme | [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | | [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | | [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | +| [`isManualConnection`](#parameter-privateendpointsismanualconnection) | bool | If Manual Private Link Connection is required. | | [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | | [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | -| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | +| [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | A message passed to the owner of the remote resource with the manual connection request. | | [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | | [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. | | [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | | [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | -| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | +| [`service`](#parameter-privateendpointsservice) | string | The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". | | [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | ### Parameter: `privateEndpoints.subnetResourceId` @@ -962,6 +975,13 @@ A private IP address obtained from the private endpoint's subnet. - Required: Yes - Type: string +### Parameter: `privateEndpoints.isManualConnection` + +If Manual Private Link Connection is required. + +- Required: No +- Type: bool + ### Parameter: `privateEndpoints.location` The location to deploy the private endpoint to. @@ -1005,12 +1025,12 @@ Specify the name of lock. - Required: No - Type: string -### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` +### Parameter: `privateEndpoints.manualConnectionRequestMessage` -Manual PrivateLink Service Connections. +A message passed to the owner of the remote resource with the manual connection request. - Required: No -- Type: array +- Type: string ### Parameter: `privateEndpoints.name` @@ -1124,7 +1144,7 @@ The principal type of the assigned principal ID. ### Parameter: `privateEndpoints.service` -The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". +The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". - Required: No - Type: string @@ -1371,7 +1391,7 @@ This section gives you an overview of all local-referenced module files (i.e., o | Reference | Type | | :-- | :-- | -| `br/public:avm/res/network/private-endpoint:0.3.1` | Remote reference | +| `br/public:avm/res/network/private-endpoint:0.4.0` | Remote reference | ## Notes diff --git a/avm/res/cognitive-services/account/README.md b/avm/res/cognitive-services/account/README.md index 2e5dc2db5d..7829d5f201 100644 --- a/avm/res/cognitive-services/account/README.md +++ b/avm/res/cognitive-services/account/README.md @@ -184,6 +184,12 @@ module account 'br/public:avm/res/cognitive-services/account:' = { Role: 'DeploymentValidation' } } + { + privateDnsZoneResourceIds: [ + '' + ] + subnetResourceId: '' + } ] publicNetworkAccess: 'Disabled' roleAssignments: [ @@ -323,6 +329,12 @@ module account 'br/public:avm/res/cognitive-services/account:' = { "hidden-title": "This is visible in the resource name", "Role": "DeploymentValidation" } + }, + { + "privateDnsZoneResourceIds": [ + "" + ], + "subnetResourceId": "" } ] }, @@ -1222,14 +1234,15 @@ Configuration details for private endpoints. For security reasons, it is recomme | [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | | [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | | [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | +| [`isManualConnection`](#parameter-privateendpointsismanualconnection) | bool | If Manual Private Link Connection is required. | | [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | | [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | -| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | +| [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | A message passed to the owner of the remote resource with the manual connection request. | | [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | | [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. | | [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | | [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | -| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | +| [`service`](#parameter-privateendpointsservice) | string | The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". | | [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | ### Parameter: `privateEndpoints.subnetResourceId` @@ -1345,6 +1358,13 @@ A private IP address obtained from the private endpoint's subnet. - Required: Yes - Type: string +### Parameter: `privateEndpoints.isManualConnection` + +If Manual Private Link Connection is required. + +- Required: No +- Type: bool + ### Parameter: `privateEndpoints.location` The location to deploy the private endpoint to. @@ -1388,12 +1408,12 @@ Specify the name of lock. - Required: No - Type: string -### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` +### Parameter: `privateEndpoints.manualConnectionRequestMessage` -Manual PrivateLink Service Connections. +A message passed to the owner of the remote resource with the manual connection request. - Required: No -- Type: array +- Type: string ### Parameter: `privateEndpoints.name` @@ -1507,7 +1527,7 @@ The principal type of the assigned principal ID. ### Parameter: `privateEndpoints.service` -The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". +The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". - Required: No - Type: string @@ -1702,7 +1722,7 @@ This section gives you an overview of all local-referenced module files (i.e., o | Reference | Type | | :-- | :-- | -| `br/public:avm/res/network/private-endpoint:0.3.1` | Remote reference | +| `br/public:avm/res/network/private-endpoint:0.4.0` | Remote reference | ## Data Collection diff --git a/avm/res/container-registry/registry/README.md b/avm/res/container-registry/registry/README.md index 9c96fdf622..12a6dca930 100644 --- a/avm/res/container-registry/registry/README.md +++ b/avm/res/container-registry/registry/README.md @@ -36,8 +36,7 @@ The following section provides usage examples for the module, which were used to - [Using only defaults](#example-1-using-only-defaults) - [Using encryption with Customer-Managed-Key](#example-2-using-encryption-with-customer-managed-key) - [Using large parameter set](#example-3-using-large-parameter-set) -- [Using private endpoint](#example-4-using-private-endpoint) -- [WAF-aligned](#example-5-waf-aligned) +- [WAF-aligned](#example-4-waf-aligned) ### Example 1: _Using only defaults_ @@ -233,7 +232,6 @@ module registry 'br/public:avm/res/container-registry/registry:' = { privateDnsZoneResourceIds: [ '' ] - service: 'registry' subnetResourceId: '' tags: { Environment: 'Non-Prod' @@ -241,6 +239,12 @@ module registry 'br/public:avm/res/container-registry/registry:' = { Role: 'DeploymentValidation' } } + { + privateDnsZoneResourceIds: [ + '' + ] + subnetResourceId: '' + } ] quarantinePolicyStatus: 'enabled' replications: [ @@ -372,13 +376,18 @@ module registry 'br/public:avm/res/container-registry/registry:' = { "privateDnsZoneResourceIds": [ "" ], - "service": "registry", "subnetResourceId": "", "tags": { "Environment": "Non-Prod", "hidden-title": "This is visible in the resource name", "Role": "DeploymentValidation" } + }, + { + "privateDnsZoneResourceIds": [ + "" + ], + "subnetResourceId": "" } ] }, @@ -443,77 +452,7 @@ module registry 'br/public:avm/res/container-registry/registry:' = {

-### Example 4: _Using private endpoint_ - -This instance deploys the module with a private endpoint. - - -

- -via Bicep module - -```bicep -module registry 'br/public:avm/res/container-registry/registry:' = { - name: '${uniqueString(deployment().name, resourceLocation)}-test-crrpe' - params: { - // Required parameters - name: 'crrpe001' - // Non-required parameters - acrSku: 'Premium' - location: '' - privateEndpoints: [ - { - privateDnsZoneResourceIds: [ - '' - ] - subnetResourceId: '' - } - ] - } -} -``` - -
-

- -

- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - // Required parameters - "name": { - "value": "crrpe001" - }, - // Non-required parameters - "acrSku": { - "value": "Premium" - }, - "location": { - "value": "" - }, - "privateEndpoints": { - "value": [ - { - "privateDnsZoneResourceIds": [ - "" - ], - "subnetResourceId": "" - } - ] - } - } -} -``` - -
-

- -### Example 5: _WAF-aligned_ +### Example 4: _WAF-aligned_ This instance deploys the module in alignment with the best-practices of the Azure Well-Architected Framework. @@ -1098,14 +1037,15 @@ Configuration details for private endpoints. For security reasons, it is recomme | [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | | [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | | [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | +| [`isManualConnection`](#parameter-privateendpointsismanualconnection) | bool | If Manual Private Link Connection is required. | | [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | | [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | -| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | +| [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | A message passed to the owner of the remote resource with the manual connection request. | | [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | -| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | +| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. | | [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | | [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | -| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | +| [`service`](#parameter-privateendpointsservice) | string | The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". | | [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | ### Parameter: `privateEndpoints.subnetResourceId` @@ -1133,19 +1073,19 @@ Custom DNS configurations. | Parameter | Type | Description | | :-- | :-- | :-- | -| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | string | Fqdn that resolves to private endpoint ip address. | -| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | array | A list of private ip addresses of the private endpoint. | +| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | string | Fqdn that resolves to private endpoint IP address. | +| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | array | A list of private IP addresses of the private endpoint. | ### Parameter: `privateEndpoints.customDnsConfigs.fqdn` -Fqdn that resolves to private endpoint ip address. +Fqdn that resolves to private endpoint IP address. - Required: No - Type: string ### Parameter: `privateEndpoints.customDnsConfigs.ipAddresses` -A list of private ip addresses of the private endpoint. +A list of private IP addresses of the private endpoint. - Required: Yes - Type: array @@ -1198,7 +1138,7 @@ Properties of private endpoint IP configurations. | :-- | :-- | :-- | | [`groupId`](#parameter-privateendpointsipconfigurationspropertiesgroupid) | string | The ID of a group obtained from the remote resource that this private endpoint should connect to. | | [`memberName`](#parameter-privateendpointsipconfigurationspropertiesmembername) | string | The member name of a group obtained from the remote resource that this private endpoint should connect to. | -| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | string | A private ip address obtained from the private endpoint's subnet. | +| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | string | A private IP address obtained from the private endpoint's subnet. | ### Parameter: `privateEndpoints.ipConfigurations.properties.groupId` @@ -1216,11 +1156,18 @@ The member name of a group obtained from the remote resource that this private e ### Parameter: `privateEndpoints.ipConfigurations.properties.privateIPAddress` -A private ip address obtained from the private endpoint's subnet. +A private IP address obtained from the private endpoint's subnet. - Required: Yes - Type: string +### Parameter: `privateEndpoints.isManualConnection` + +If Manual Private Link Connection is required. + +- Required: No +- Type: bool + ### Parameter: `privateEndpoints.location` The location to deploy the private endpoint to. @@ -1264,12 +1211,12 @@ Specify the name of lock. - Required: No - Type: string -### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` +### Parameter: `privateEndpoints.manualConnectionRequestMessage` -Manual PrivateLink Service Connections. +A message passed to the owner of the remote resource with the manual connection request. - Required: No -- Type: array +- Type: string ### Parameter: `privateEndpoints.name` @@ -1280,7 +1227,7 @@ The name of the private endpoint. ### Parameter: `privateEndpoints.privateDnsZoneGroupName` -The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. +The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. - Required: No - Type: string @@ -1383,7 +1330,7 @@ The principal type of the assigned principal ID. ### Parameter: `privateEndpoints.service` -The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". +The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". - Required: No - Type: string @@ -1628,7 +1575,7 @@ This section gives you an overview of all local-referenced module files (i.e., o | Reference | Type | | :-- | :-- | -| `br/public:avm/res/network/private-endpoint:0.3.2` | Remote reference | +| `br/public:avm/res/network/private-endpoint:0.4.0` | Remote reference | ## Data Collection diff --git a/avm/res/data-factory/factory/README.md b/avm/res/data-factory/factory/README.md index 779fdc9c32..c66b9c79f3 100644 --- a/avm/res/data-factory/factory/README.md +++ b/avm/res/data-factory/factory/README.md @@ -173,10 +173,16 @@ module factory 'br/public:avm/res/data-factory/factory:' = { ] subnetResourceId: '' tags: { - application: 'CARML' + application: 'AVM' 'hidden-title': 'This is visible in the resource name' } } + { + privateDnsZoneResourceIds: [ + '' + ] + subnetResourceId: '' + } ] roleAssignments: [ { @@ -313,9 +319,15 @@ module factory 'br/public:avm/res/data-factory/factory:' = { ], "subnetResourceId": "", "tags": { - "application": "CARML", + "application": "AVM", "hidden-title": "This is visible in the resource name" } + }, + { + "privateDnsZoneResourceIds": [ + "" + ], + "subnetResourceId": "" } ] }, @@ -893,14 +905,15 @@ Configuration Details for private endpoints. For security reasons, it is recomme | [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | | [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | | [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | +| [`isManualConnection`](#parameter-privateendpointsismanualconnection) | bool | If Manual Private Link Connection is required. | | [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | | [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | -| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | +| [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | A message passed to the owner of the remote resource with the manual connection request. | | [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | -| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | +| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. | | [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | | [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | -| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | +| [`service`](#parameter-privateendpointsservice) | string | The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". | | [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | ### Parameter: `privateEndpoints.subnetResourceId` @@ -928,19 +941,19 @@ Custom DNS configurations. | Parameter | Type | Description | | :-- | :-- | :-- | -| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | string | Fqdn that resolves to private endpoint ip address. | -| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | array | A list of private ip addresses of the private endpoint. | +| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | string | Fqdn that resolves to private endpoint IP address. | +| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | array | A list of private IP addresses of the private endpoint. | ### Parameter: `privateEndpoints.customDnsConfigs.fqdn` -Fqdn that resolves to private endpoint ip address. +Fqdn that resolves to private endpoint IP address. - Required: No - Type: string ### Parameter: `privateEndpoints.customDnsConfigs.ipAddresses` -A list of private ip addresses of the private endpoint. +A list of private IP addresses of the private endpoint. - Required: Yes - Type: array @@ -993,7 +1006,7 @@ Properties of private endpoint IP configurations. | :-- | :-- | :-- | | [`groupId`](#parameter-privateendpointsipconfigurationspropertiesgroupid) | string | The ID of a group obtained from the remote resource that this private endpoint should connect to. | | [`memberName`](#parameter-privateendpointsipconfigurationspropertiesmembername) | string | The member name of a group obtained from the remote resource that this private endpoint should connect to. | -| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | string | A private ip address obtained from the private endpoint's subnet. | +| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | string | A private IP address obtained from the private endpoint's subnet. | ### Parameter: `privateEndpoints.ipConfigurations.properties.groupId` @@ -1011,11 +1024,18 @@ The member name of a group obtained from the remote resource that this private e ### Parameter: `privateEndpoints.ipConfigurations.properties.privateIPAddress` -A private ip address obtained from the private endpoint's subnet. +A private IP address obtained from the private endpoint's subnet. - Required: Yes - Type: string +### Parameter: `privateEndpoints.isManualConnection` + +If Manual Private Link Connection is required. + +- Required: No +- Type: bool + ### Parameter: `privateEndpoints.location` The location to deploy the private endpoint to. @@ -1059,12 +1079,12 @@ Specify the name of lock. - Required: No - Type: string -### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` +### Parameter: `privateEndpoints.manualConnectionRequestMessage` -Manual PrivateLink Service Connections. +A message passed to the owner of the remote resource with the manual connection request. - Required: No -- Type: array +- Type: string ### Parameter: `privateEndpoints.name` @@ -1075,7 +1095,7 @@ The name of the private endpoint. ### Parameter: `privateEndpoints.privateDnsZoneGroupName` -The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. +The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. - Required: No - Type: string @@ -1178,7 +1198,7 @@ The principal type of the assigned principal ID. ### Parameter: `privateEndpoints.service` -The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". +The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". - Required: No - Type: string @@ -1319,7 +1339,7 @@ This section gives you an overview of all local-referenced module files (i.e., o | Reference | Type | | :-- | :-- | -| `br/public:avm/res/network/private-endpoint:0.3.2` | Remote reference | +| `br/public:avm/res/network/private-endpoint:0.4.0` | Remote reference | ## Notes diff --git a/avm/res/databricks/workspace/README.md b/avm/res/databricks/workspace/README.md index 6cb17f06d0..b82707c649 100644 --- a/avm/res/databricks/workspace/README.md +++ b/avm/res/databricks/workspace/README.md @@ -1013,7 +1013,7 @@ Configuration details for private endpoints. For security reasons, it is recomme | [`isManualConnection`](#parameter-privateendpointsismanualconnection) | bool | If Manual Private Link Connection is required. | | [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | | [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | -| [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars. | +| [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | A message passed to the owner of the remote resource with the manual connection request. | | [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | | [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. | | [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | @@ -1192,7 +1192,7 @@ Specify the name of lock. ### Parameter: `privateEndpoints.manualConnectionRequestMessage` -A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars. +A message passed to the owner of the remote resource with the manual connection request. - Required: No - Type: string @@ -1517,7 +1517,7 @@ This section gives you an overview of all local-referenced module files (i.e., o | Reference | Type | | :-- | :-- | -| `br/public:avm/res/network/private-endpoint:0.3.3` | Remote reference | +| `br/public:avm/res/network/private-endpoint:0.4.0` | Remote reference | ## Notes diff --git a/avm/res/desktop-virtualization/host-pool/README.md b/avm/res/desktop-virtualization/host-pool/README.md index 3c31139d59..c38e99d1ea 100644 --- a/avm/res/desktop-virtualization/host-pool/README.md +++ b/avm/res/desktop-virtualization/host-pool/README.md @@ -32,8 +32,7 @@ The following section provides usage examples for the module, which were used to - [Using only defaults](#example-1-using-only-defaults) - [Using large parameter set](#example-2-using-large-parameter-set) -- [Using Private Endpoints](#example-3-using-private-endpoints) -- [WAF-aligned](#example-4-waf-aligned) +- [WAF-aligned](#example-3-waf-aligned) ### Example 1: _Using only defaults_ @@ -148,6 +147,12 @@ module hostPool 'br/public:avm/res/desktop-virtualization/host-pool:' = ] subnetResourceId: '' } + { + privateDnsZoneResourceIds: [ + '' + ] + subnetResourceId: '' + } ] publicNetworkAccess: 'Disabled' roleAssignments: [ @@ -278,6 +283,12 @@ module hostPool 'br/public:avm/res/desktop-virtualization/host-pool:' = }, "privateEndpoints": { "value": [ + { + "privateDnsZoneResourceIds": [ + "" + ], + "subnetResourceId": "" + }, { "privateDnsZoneResourceIds": [ "" @@ -341,77 +352,7 @@ module hostPool 'br/public:avm/res/desktop-virtualization/host-pool:' =

-### Example 3: _Using Private Endpoints_ - -This instance deploys the module with Private Endpoints. - - -

- -via Bicep module - -```bicep -module hostPool 'br/public:avm/res/desktop-virtualization/host-pool:' = { - name: '${uniqueString(deployment().name, resourceLocation)}-test-dvhppe' - params: { - // Required parameters - name: 'dvhppe001' - // Non-required parameters - location: '' - privateEndpoints: [ - { - privateDnsZoneResourceIds: [ - '' - ] - subnetResourceId: '' - } - ] - publicNetworkAccess: 'Disabled' - } -} -``` - -
-

- -

- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - // Required parameters - "name": { - "value": "dvhppe001" - }, - // Non-required parameters - "location": { - "value": "" - }, - "privateEndpoints": { - "value": [ - { - "privateDnsZoneResourceIds": [ - "" - ], - "subnetResourceId": "" - } - ] - }, - "publicNetworkAccess": { - "value": "Disabled" - } - } -} -``` - -
-

- -### Example 4: _WAF-aligned_ +### Example 3: _WAF-aligned_ This instance deploys the module in alignment with the best-practices of the Azure Well-Architected Framework. @@ -836,14 +777,15 @@ Configuration details for private endpoints. | [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | | [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | | [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | +| [`isManualConnection`](#parameter-privateendpointsismanualconnection) | bool | If Manual Private Link Connection is required. | | [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | | [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | -| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | +| [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | A message passed to the owner of the remote resource with the manual connection request. | | [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | | [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. | | [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | | [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | -| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "connection". | +| [`service`](#parameter-privateendpointsservice) | string | The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". | | [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | ### Parameter: `privateEndpoints.subnetResourceId` @@ -959,6 +901,13 @@ A private IP address obtained from the private endpoint's subnet. - Required: Yes - Type: string +### Parameter: `privateEndpoints.isManualConnection` + +If Manual Private Link Connection is required. + +- Required: No +- Type: bool + ### Parameter: `privateEndpoints.location` The location to deploy the private endpoint to. @@ -1002,12 +951,12 @@ Specify the name of lock. - Required: No - Type: string -### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` +### Parameter: `privateEndpoints.manualConnectionRequestMessage` -Manual PrivateLink Service Connections. +A message passed to the owner of the remote resource with the manual connection request. - Required: No -- Type: array +- Type: string ### Parameter: `privateEndpoints.name` @@ -1121,7 +1070,7 @@ The principal type of the assigned principal ID. ### Parameter: `privateEndpoints.service` -The service (sub-) type to deploy the private endpoint for. For example "connection". +The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". - Required: No - Type: string @@ -1352,7 +1301,7 @@ This section gives you an overview of all local-referenced module files (i.e., o | Reference | Type | | :-- | :-- | -| `br/public:avm-res-network-privateendpoint:0.1.1` | Remote reference | +| `br/public:avm/res/network/private-endpoint:0.4.0` | Remote reference | ## Data Collection diff --git a/avm/res/desktop-virtualization/workspace/README.md b/avm/res/desktop-virtualization/workspace/README.md index 398a16117c..614a16878a 100644 --- a/avm/res/desktop-virtualization/workspace/README.md +++ b/avm/res/desktop-virtualization/workspace/README.md @@ -32,8 +32,7 @@ The following section provides usage examples for the module, which were used to - [Using only defaults](#example-1-using-only-defaults) - [Using large parameter set](#example-2-using-large-parameter-set) -- [Using Private Endpoints](#example-3-using-private-endpoints) -- [WAF-aligned](#example-4-waf-aligned) +- [WAF-aligned](#example-3-waf-aligned) ### Example 1: _Using only defaults_ @@ -373,231 +372,7 @@ module workspace 'br/public:avm/res/desktop-virtualization/workspace:'

-### Example 3: _Using Private Endpoints_ - -This instance deploys the module with Private Endpoints. - - -

- -via Bicep module - -```bicep -module workspace 'br/public:avm/res/desktop-virtualization/workspace:' = { - name: '${uniqueString(deployment().name, resourceLocation)}-test-dvwspe' - params: { - // Required parameters - name: 'dvwspe001' - // Non-required parameters - location: '' - privateEndpoints: [ - { - customDnsConfigs: [ - { - fqdn: 'abc.workspace.com' - ipAddresses: [ - '10.0.0.10' - '10.0.0.13' - ] - } - ] - ipConfigurations: [ - { - name: 'myIPconfig-feed1' - properties: { - groupId: 'feed' - memberName: 'web-r0' - privateIPAddress: '10.0.0.10' - } - } - { - name: 'myIPconfig-feed2' - properties: { - groupId: 'feed' - memberName: 'web-r1' - privateIPAddress: '10.0.0.13' - } - } - ] - privateDnsZoneResourceIds: [ - '' - ] - roleAssignments: [ - { - principalId: '' - principalType: 'ServicePrincipal' - roleDefinitionIdOrName: 'Reader' - } - ] - service: 'feed' - subnetResourceId: '' - tags: { - Environment: 'Non-Prod' - 'hidden-title': 'This is visible in the resource name' - Role: 'DeploymentValidation' - } - } - { - customDnsConfigs: [ - { - fqdn: 'abc.workspace.com' - ipAddresses: [ - '10.0.0.11' - ] - } - ] - ipConfigurations: [ - { - name: 'myIPconfig-global' - properties: { - groupId: 'global' - memberName: 'web' - privateIPAddress: '10.0.0.11' - } - } - ] - privateDnsZoneResourceIds: [ - '' - ] - roleAssignments: [ - { - principalId: '' - principalType: 'ServicePrincipal' - roleDefinitionIdOrName: 'Reader' - } - ] - service: 'global' - subnetResourceId: '' - tags: { - Environment: 'Non-Prod' - 'hidden-title': 'This is visible in the resource name' - Role: 'DeploymentValidation' - } - } - ] - publicNetworkAccess: 'Disabled' - } -} -``` - -
-

- -

- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - // Required parameters - "name": { - "value": "dvwspe001" - }, - // Non-required parameters - "location": { - "value": "" - }, - "privateEndpoints": { - "value": [ - { - "customDnsConfigs": [ - { - "fqdn": "abc.workspace.com", - "ipAddresses": [ - "10.0.0.10", - "10.0.0.13" - ] - } - ], - "ipConfigurations": [ - { - "name": "myIPconfig-feed1", - "properties": { - "groupId": "feed", - "memberName": "web-r0", - "privateIPAddress": "10.0.0.10" - } - }, - { - "name": "myIPconfig-feed2", - "properties": { - "groupId": "feed", - "memberName": "web-r1", - "privateIPAddress": "10.0.0.13" - } - } - ], - "privateDnsZoneResourceIds": [ - "" - ], - "roleAssignments": [ - { - "principalId": "", - "principalType": "ServicePrincipal", - "roleDefinitionIdOrName": "Reader" - } - ], - "service": "feed", - "subnetResourceId": "", - "tags": { - "Environment": "Non-Prod", - "hidden-title": "This is visible in the resource name", - "Role": "DeploymentValidation" - } - }, - { - "customDnsConfigs": [ - { - "fqdn": "abc.workspace.com", - "ipAddresses": [ - "10.0.0.11" - ] - } - ], - "ipConfigurations": [ - { - "name": "myIPconfig-global", - "properties": { - "groupId": "global", - "memberName": "web", - "privateIPAddress": "10.0.0.11" - } - } - ], - "privateDnsZoneResourceIds": [ - "" - ], - "roleAssignments": [ - { - "principalId": "", - "principalType": "ServicePrincipal", - "roleDefinitionIdOrName": "Reader" - } - ], - "service": "global", - "subnetResourceId": "", - "tags": { - "Environment": "Non-Prod", - "hidden-title": "This is visible in the resource name", - "Role": "DeploymentValidation" - } - } - ] - }, - "publicNetworkAccess": { - "value": "Disabled" - } - } -} -``` - -
-

- -### Example 4: _WAF-aligned_ +### Example 3: _WAF-aligned_ This instance deploys the module in alignment with the best-practices of the Well-Architected Framework. @@ -910,9 +685,10 @@ Configuration details for private endpoints. | [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | | [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | | [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | +| [`isManualConnection`](#parameter-privateendpointsismanualconnection) | bool | If Manual Private Link Connection is required. | | [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | | [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | -| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | +| [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | A message passed to the owner of the remote resource with the manual connection request. | | [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | | [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. | | [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | @@ -1039,6 +815,13 @@ A private IP address obtained from the private endpoint's subnet. - Required: Yes - Type: string +### Parameter: `privateEndpoints.isManualConnection` + +If Manual Private Link Connection is required. + +- Required: No +- Type: bool + ### Parameter: `privateEndpoints.location` The location to deploy the private endpoint to. @@ -1082,12 +865,12 @@ Specify the name of lock. - Required: No - Type: string -### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` +### Parameter: `privateEndpoints.manualConnectionRequestMessage` -Manual PrivateLink Service Connections. +A message passed to the owner of the remote resource with the manual connection request. - Required: No -- Type: array +- Type: string ### Parameter: `privateEndpoints.name` @@ -1326,7 +1109,7 @@ This section gives you an overview of all local-referenced module files (i.e., o | Reference | Type | | :-- | :-- | -| `br/public:avm-res-network-privateendpoint:0.1.1` | Remote reference | +| `br/public:avm/res/network/private-endpoint:0.4.0` | Remote reference | ## Data Collection diff --git a/avm/res/document-db/database-account/README.md b/avm/res/document-db/database-account/README.md index ed6069fbc2..5202d4df23 100644 --- a/avm/res/document-db/database-account/README.md +++ b/avm/res/document-db/database-account/README.md @@ -1132,6 +1132,13 @@ module databaseAccount 'br/public:avm/res/document-db/database-account: Role: 'DeploymentValidation' } } + { + privateDnsZoneResourceIds: [ + '' + ] + service: 'Sql' + subnetResourceId: '' + } ] roleAssignments: [ { @@ -1303,6 +1310,13 @@ module databaseAccount 'br/public:avm/res/document-db/database-account: "hidden-title": "This is visible in the resource name", "Role": "DeploymentValidation" } + }, + { + "privateDnsZoneResourceIds": [ + "" + ], + "service": "Sql", + "subnetResourceId": "" } ] }, @@ -1452,6 +1466,20 @@ module databaseAccount 'br/public:avm/res/document-db/database-account: } ] location: '' + privateEndpoints: [ + { + privateDnsZoneResourceIds: [ + '' + ] + service: 'Sql' + subnetResourceId: '' + tags: { + Environment: 'Non-Prod' + 'hidden-title': 'This is visible in the resource name' + Role: 'DeploymentValidation' + } + } + ] sqlDatabases: [ { containers: [ @@ -1542,6 +1570,22 @@ module databaseAccount 'br/public:avm/res/document-db/database-account: "location": { "value": "" }, + "privateEndpoints": { + "value": [ + { + "privateDnsZoneResourceIds": [ + "" + ], + "service": "Sql", + "subnetResourceId": "", + "tags": { + "Environment": "Non-Prod", + "hidden-title": "This is visible in the resource name", + "Role": "DeploymentValidation" + } + } + ] + }, "sqlDatabases": { "value": [ { @@ -2061,7 +2105,7 @@ Configuration details for private endpoints. For security reasons, it is recomme | [`isManualConnection`](#parameter-privateendpointsismanualconnection) | bool | If Manual Private Link Connection is required. | | [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | | [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | -| [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars. | +| [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | A message passed to the owner of the remote resource with the manual connection request. | | [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | | [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | | [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | @@ -2240,7 +2284,7 @@ Specify the name of lock. ### Parameter: `privateEndpoints.manualConnectionRequestMessage` -A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars. +A message passed to the owner of the remote resource with the manual connection request. - Required: No - Type: string @@ -2500,7 +2544,7 @@ This section gives you an overview of all local-referenced module files (i.e., o | Reference | Type | | :-- | :-- | -| `br/public:avm/res/network/private-endpoint:0.3.1` | Remote reference | +| `br/public:avm/res/network/private-endpoint:0.4.0` | Remote reference | ## Data Collection diff --git a/avm/res/event-grid/domain/README.md b/avm/res/event-grid/domain/README.md index af3e336ac1..229f56e444 100644 --- a/avm/res/event-grid/domain/README.md +++ b/avm/res/event-grid/domain/README.md @@ -33,8 +33,7 @@ The following section provides usage examples for the module, which were used to - [Using only defaults](#example-1-using-only-defaults) - [Using large parameter set](#example-2-using-large-parameter-set) -- [Using private endpoint](#example-3-using-private-endpoint) -- [WAF-aligned](#example-4-waf-aligned) +- [WAF-aligned](#example-3-waf-aligned) ### Example 1: _Using only defaults_ @@ -130,7 +129,6 @@ module domain 'br/public:avm/res/event-grid/domain:' = { privateDnsZoneResourceIds: [ '' ] - service: 'domain' subnetResourceId: '' tags: { Environment: 'Non-Prod' @@ -138,6 +136,12 @@ module domain 'br/public:avm/res/event-grid/domain:' = { Role: 'DeploymentValidation' } } + { + privateDnsZoneResourceIds: [ + '' + ] + subnetResourceId: '' + } ] roleAssignments: [ { @@ -224,13 +228,18 @@ module domain 'br/public:avm/res/event-grid/domain:' = { "privateDnsZoneResourceIds": [ "" ], - "service": "domain", "subnetResourceId": "", "tags": { "Environment": "Non-Prod", "hidden-title": "This is visible in the resource name", "Role": "DeploymentValidation" } + }, + { + "privateDnsZoneResourceIds": [ + "" + ], + "subnetResourceId": "" } ] }, @@ -272,95 +281,7 @@ module domain 'br/public:avm/res/event-grid/domain:' = {

-### Example 3: _Using private endpoint_ - -This instance deploys the module with private endpoint. - - -

- -via Bicep module - -```bicep -module domain 'br/public:avm/res/event-grid/domain:' = { - name: '${uniqueString(deployment().name, resourceLocation)}-test-egdpe' - params: { - // Required parameters - name: 'egdpe001' - // Non-required parameters - location: '' - privateEndpoints: [ - { - privateDnsZoneResourceIds: [ - '' - ] - subnetResourceId: '' - tags: { - Environment: 'Non-Prod' - 'hidden-title': 'This is visible in the resource name' - Role: 'DeploymentValidation' - } - } - ] - tags: { - Environment: 'Non-Prod' - 'hidden-title': 'This is visible in the resource name' - Role: 'DeploymentValidation' - } - } -} -``` - -
-

- -

- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - // Required parameters - "name": { - "value": "egdpe001" - }, - // Non-required parameters - "location": { - "value": "" - }, - "privateEndpoints": { - "value": [ - { - "privateDnsZoneResourceIds": [ - "" - ], - "subnetResourceId": "", - "tags": { - "Environment": "Non-Prod", - "hidden-title": "This is visible in the resource name", - "Role": "DeploymentValidation" - } - } - ] - }, - "tags": { - "value": { - "Environment": "Non-Prod", - "hidden-title": "This is visible in the resource name", - "Role": "DeploymentValidation" - } - } - } -} -``` - -
-

- -### Example 4: _WAF-aligned_ +### Example 3: _WAF-aligned_ This instance deploys the module in alignment with the best-practices of the Azure Well-Architected Framework. @@ -817,14 +738,15 @@ Configuration details for private endpoints. For security reasons, it is recomme | [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | | [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | | [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | +| [`isManualConnection`](#parameter-privateendpointsismanualconnection) | bool | If Manual Private Link Connection is required. | | [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | | [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | -| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | +| [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | A message passed to the owner of the remote resource with the manual connection request. | | [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | -| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | +| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. | | [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | | [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | -| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | +| [`service`](#parameter-privateendpointsservice) | string | The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". | | [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | ### Parameter: `privateEndpoints.subnetResourceId` @@ -852,19 +774,19 @@ Custom DNS configurations. | Parameter | Type | Description | | :-- | :-- | :-- | -| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | string | Fqdn that resolves to private endpoint ip address. | -| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | array | A list of private ip addresses of the private endpoint. | +| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | string | Fqdn that resolves to private endpoint IP address. | +| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | array | A list of private IP addresses of the private endpoint. | ### Parameter: `privateEndpoints.customDnsConfigs.fqdn` -Fqdn that resolves to private endpoint ip address. +Fqdn that resolves to private endpoint IP address. - Required: No - Type: string ### Parameter: `privateEndpoints.customDnsConfigs.ipAddresses` -A list of private ip addresses of the private endpoint. +A list of private IP addresses of the private endpoint. - Required: Yes - Type: array @@ -917,7 +839,7 @@ Properties of private endpoint IP configurations. | :-- | :-- | :-- | | [`groupId`](#parameter-privateendpointsipconfigurationspropertiesgroupid) | string | The ID of a group obtained from the remote resource that this private endpoint should connect to. | | [`memberName`](#parameter-privateendpointsipconfigurationspropertiesmembername) | string | The member name of a group obtained from the remote resource that this private endpoint should connect to. | -| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | string | A private ip address obtained from the private endpoint's subnet. | +| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | string | A private IP address obtained from the private endpoint's subnet. | ### Parameter: `privateEndpoints.ipConfigurations.properties.groupId` @@ -935,11 +857,18 @@ The member name of a group obtained from the remote resource that this private e ### Parameter: `privateEndpoints.ipConfigurations.properties.privateIPAddress` -A private ip address obtained from the private endpoint's subnet. +A private IP address obtained from the private endpoint's subnet. - Required: Yes - Type: string +### Parameter: `privateEndpoints.isManualConnection` + +If Manual Private Link Connection is required. + +- Required: No +- Type: bool + ### Parameter: `privateEndpoints.location` The location to deploy the private endpoint to. @@ -983,12 +912,12 @@ Specify the name of lock. - Required: No - Type: string -### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` +### Parameter: `privateEndpoints.manualConnectionRequestMessage` -Manual PrivateLink Service Connections. +A message passed to the owner of the remote resource with the manual connection request. - Required: No -- Type: array +- Type: string ### Parameter: `privateEndpoints.name` @@ -999,7 +928,7 @@ The name of the private endpoint. ### Parameter: `privateEndpoints.privateDnsZoneGroupName` -The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. +The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. - Required: No - Type: string @@ -1102,7 +1031,7 @@ The principal type of the assigned principal ID. ### Parameter: `privateEndpoints.service` -The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". +The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". - Required: No - Type: string @@ -1250,7 +1179,7 @@ This section gives you an overview of all local-referenced module files (i.e., o | Reference | Type | | :-- | :-- | -| `br/public:avm-res-network-privateendpoint:0.4.0` | Remote reference | +| `br/public:avm/res/network/private-endpoint:0.4.0` | Remote reference | ## Data Collection diff --git a/avm/res/event-grid/topic/README.md b/avm/res/event-grid/topic/README.md index 8bfb703f81..a8e91be495 100644 --- a/avm/res/event-grid/topic/README.md +++ b/avm/res/event-grid/topic/README.md @@ -33,8 +33,7 @@ The following section provides usage examples for the module, which were used to - [Using only defaults](#example-1-using-only-defaults) - [Using large parameter set](#example-2-using-large-parameter-set) -- [Using private endpoint](#example-3-using-private-endpoint) -- [WAF-aligned](#example-4-waf-aligned) +- [WAF-aligned](#example-3-waf-aligned) ### Example 1: _Using only defaults_ @@ -165,7 +164,6 @@ module topic 'br/public:avm/res/event-grid/topic:' = { roleDefinitionIdOrName: '' } ] - service: 'topic' subnetResourceId: '' tags: { Environment: 'Non-Prod' @@ -173,6 +171,12 @@ module topic 'br/public:avm/res/event-grid/topic:' = { Role: 'DeploymentValidation' } } + { + privateDnsZoneResourceIds: [ + '' + ] + subnetResourceId: '' + } ] roleAssignments: [ { @@ -293,13 +297,18 @@ module topic 'br/public:avm/res/event-grid/topic:' = { "roleDefinitionIdOrName": "" } ], - "service": "topic", "subnetResourceId": "", "tags": { "Environment": "Non-Prod", "hidden-title": "This is visible in the resource name", "Role": "DeploymentValidation" } + }, + { + "privateDnsZoneResourceIds": [ + "" + ], + "subnetResourceId": "" } ] }, @@ -336,95 +345,7 @@ module topic 'br/public:avm/res/event-grid/topic:' = {

-### Example 3: _Using private endpoint_ - -This instance deploys the module with the private endpoint. - - -

- -via Bicep module - -```bicep -module topic 'br/public:avm/res/event-grid/topic:' = { - name: '${uniqueString(deployment().name, resourceLocation)}-test-egtpe' - params: { - // Required parameters - name: 'egtpe001' - // Non-required parameters - location: '' - privateEndpoints: [ - { - privateDnsZoneResourceIds: [ - '' - ] - subnetResourceId: '' - tags: { - Environment: 'Non-Prod' - 'hidden-title': 'This is visible in the resource name' - Role: 'DeploymentValidation' - } - } - ] - tags: { - Environment: 'Non-Prod' - 'hidden-title': 'This is visible in the resource name' - Role: 'DeploymentValidation' - } - } -} -``` - -
-

- -

- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - // Required parameters - "name": { - "value": "egtpe001" - }, - // Non-required parameters - "location": { - "value": "" - }, - "privateEndpoints": { - "value": [ - { - "privateDnsZoneResourceIds": [ - "" - ], - "subnetResourceId": "", - "tags": { - "Environment": "Non-Prod", - "hidden-title": "This is visible in the resource name", - "Role": "DeploymentValidation" - } - } - ] - }, - "tags": { - "value": { - "Environment": "Non-Prod", - "hidden-title": "This is visible in the resource name", - "Role": "DeploymentValidation" - } - } - } -} -``` - -
-

- -### Example 4: _WAF-aligned_ +### Example 3: _WAF-aligned_ This instance deploys the module in alignment with the best-practices of the Azure Well-Architected Framework. @@ -911,14 +832,15 @@ Configuration details for private endpoints. For security reasons, it is recomme | [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | | [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | | [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | +| [`isManualConnection`](#parameter-privateendpointsismanualconnection) | bool | If Manual Private Link Connection is required. | | [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | | [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | -| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | +| [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | A message passed to the owner of the remote resource with the manual connection request. | | [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | -| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | +| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. | | [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | | [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | -| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | +| [`service`](#parameter-privateendpointsservice) | string | The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". | | [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | ### Parameter: `privateEndpoints.subnetResourceId` @@ -946,19 +868,19 @@ Custom DNS configurations. | Parameter | Type | Description | | :-- | :-- | :-- | -| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | string | Fqdn that resolves to private endpoint ip address. | -| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | array | A list of private ip addresses of the private endpoint. | +| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | string | Fqdn that resolves to private endpoint IP address. | +| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | array | A list of private IP addresses of the private endpoint. | ### Parameter: `privateEndpoints.customDnsConfigs.fqdn` -Fqdn that resolves to private endpoint ip address. +Fqdn that resolves to private endpoint IP address. - Required: No - Type: string ### Parameter: `privateEndpoints.customDnsConfigs.ipAddresses` -A list of private ip addresses of the private endpoint. +A list of private IP addresses of the private endpoint. - Required: Yes - Type: array @@ -1011,7 +933,7 @@ Properties of private endpoint IP configurations. | :-- | :-- | :-- | | [`groupId`](#parameter-privateendpointsipconfigurationspropertiesgroupid) | string | The ID of a group obtained from the remote resource that this private endpoint should connect to. | | [`memberName`](#parameter-privateendpointsipconfigurationspropertiesmembername) | string | The member name of a group obtained from the remote resource that this private endpoint should connect to. | -| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | string | A private ip address obtained from the private endpoint's subnet. | +| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | string | A private IP address obtained from the private endpoint's subnet. | ### Parameter: `privateEndpoints.ipConfigurations.properties.groupId` @@ -1029,11 +951,18 @@ The member name of a group obtained from the remote resource that this private e ### Parameter: `privateEndpoints.ipConfigurations.properties.privateIPAddress` -A private ip address obtained from the private endpoint's subnet. +A private IP address obtained from the private endpoint's subnet. - Required: Yes - Type: string +### Parameter: `privateEndpoints.isManualConnection` + +If Manual Private Link Connection is required. + +- Required: No +- Type: bool + ### Parameter: `privateEndpoints.location` The location to deploy the private endpoint to. @@ -1077,12 +1006,12 @@ Specify the name of lock. - Required: No - Type: string -### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` +### Parameter: `privateEndpoints.manualConnectionRequestMessage` -Manual PrivateLink Service Connections. +A message passed to the owner of the remote resource with the manual connection request. - Required: No -- Type: array +- Type: string ### Parameter: `privateEndpoints.name` @@ -1093,7 +1022,7 @@ The name of the private endpoint. ### Parameter: `privateEndpoints.privateDnsZoneGroupName` -The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. +The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. - Required: No - Type: string @@ -1196,7 +1125,7 @@ The principal type of the assigned principal ID. ### Parameter: `privateEndpoints.service` -The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". +The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". - Required: No - Type: string @@ -1337,7 +1266,7 @@ This section gives you an overview of all local-referenced module files (i.e., o | Reference | Type | | :-- | :-- | -| `br/public:avm-res-network-privateendpoint:0.4.0` | Remote reference | +| `br/public:avm/res/network/private-endpoint:0.4.0` | Remote reference | ## Data Collection diff --git a/avm/res/insights/private-link-scope/README.md b/avm/res/insights/private-link-scope/README.md index a156c4214e..89d1ed507c 100644 --- a/avm/res/insights/private-link-scope/README.md +++ b/avm/res/insights/private-link-scope/README.md @@ -223,6 +223,12 @@ This instance deploys the module with most of its features enabled. Role: 'DeploymentValidation' } } + { + privateDnsZoneResourceIds: [ + '' + ] + subnetResourceId: '' + } ] roleAssignments: [ { @@ -406,6 +412,12 @@ This instance deploys the module with most of its features enabled. "hidden-title": "This is visible in the resource name", "Role": "DeploymentValidation" } + }, + { + "privateDnsZoneResourceIds": [ + "" + ], + "subnetResourceId": "" } ] }, @@ -931,14 +943,15 @@ Configuration details for private endpoints. For security reasons, it is recomme | [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | | [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | | [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | +| [`isManualConnection`](#parameter-privateendpointsismanualconnection) | bool | If Manual Private Link Connection is required. | | [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | | [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | -| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | +| [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | A message passed to the owner of the remote resource with the manual connection request. | | [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | -| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | +| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. | | [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | | [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | -| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | +| [`service`](#parameter-privateendpointsservice) | string | The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". | | [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | ### Parameter: `privateEndpoints.subnetResourceId` @@ -966,19 +979,19 @@ Custom DNS configurations. | Parameter | Type | Description | | :-- | :-- | :-- | -| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | string | Fqdn that resolves to private endpoint ip address. | -| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | array | A list of private ip addresses of the private endpoint. | +| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | string | Fqdn that resolves to private endpoint IP address. | +| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | array | A list of private IP addresses of the private endpoint. | ### Parameter: `privateEndpoints.customDnsConfigs.fqdn` -Fqdn that resolves to private endpoint ip address. +Fqdn that resolves to private endpoint IP address. - Required: No - Type: string ### Parameter: `privateEndpoints.customDnsConfigs.ipAddresses` -A list of private ip addresses of the private endpoint. +A list of private IP addresses of the private endpoint. - Required: Yes - Type: array @@ -1031,7 +1044,7 @@ Properties of private endpoint IP configurations. | :-- | :-- | :-- | | [`groupId`](#parameter-privateendpointsipconfigurationspropertiesgroupid) | string | The ID of a group obtained from the remote resource that this private endpoint should connect to. | | [`memberName`](#parameter-privateendpointsipconfigurationspropertiesmembername) | string | The member name of a group obtained from the remote resource that this private endpoint should connect to. | -| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | string | A private ip address obtained from the private endpoint's subnet. | +| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | string | A private IP address obtained from the private endpoint's subnet. | ### Parameter: `privateEndpoints.ipConfigurations.properties.groupId` @@ -1049,11 +1062,18 @@ The member name of a group obtained from the remote resource that this private e ### Parameter: `privateEndpoints.ipConfigurations.properties.privateIPAddress` -A private ip address obtained from the private endpoint's subnet. +A private IP address obtained from the private endpoint's subnet. - Required: Yes - Type: string +### Parameter: `privateEndpoints.isManualConnection` + +If Manual Private Link Connection is required. + +- Required: No +- Type: bool + ### Parameter: `privateEndpoints.location` The location to deploy the private endpoint to. @@ -1097,12 +1117,12 @@ Specify the name of lock. - Required: No - Type: string -### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` +### Parameter: `privateEndpoints.manualConnectionRequestMessage` -Manual PrivateLink Service Connections. +A message passed to the owner of the remote resource with the manual connection request. - Required: No -- Type: array +- Type: string ### Parameter: `privateEndpoints.name` @@ -1113,7 +1133,7 @@ The name of the private endpoint. ### Parameter: `privateEndpoints.privateDnsZoneGroupName` -The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. +The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. - Required: No - Type: string @@ -1216,7 +1236,7 @@ The principal type of the assigned principal ID. ### Parameter: `privateEndpoints.service` -The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". +The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". - Required: No - Type: string @@ -1368,7 +1388,7 @@ This section gives you an overview of all local-referenced module files (i.e., o | Reference | Type | | :-- | :-- | -| `br/public:avm/res/network/private-endpoint:0.3.1` | Remote reference | +| `br/public:avm/res/network/private-endpoint:0.4.0` | Remote reference | ## Data Collection diff --git a/avm/res/key-vault/vault/README.md b/avm/res/key-vault/vault/README.md index 5dba112ffb..c6e2340873 100644 --- a/avm/res/key-vault/vault/README.md +++ b/avm/res/key-vault/vault/README.md @@ -35,8 +35,7 @@ The following section provides usage examples for the module, which were used to - [Using only defaults](#example-1-using-only-defaults) - [Using large parameter set](#example-2-using-large-parameter-set) -- [Using Private Endpoints](#example-3-using-private-endpoints) -- [WAF-aligned](#example-4-waf-aligned) +- [WAF-aligned](#example-3-waf-aligned) ### Example 1: _Using only defaults_ @@ -261,7 +260,6 @@ module vault 'br/public:avm/res/key-vault/vault:' = { roleDefinitionIdOrName: '' } ] - service: 'vault' subnetResourceId: '' tags: { Environment: 'Non-Prod' @@ -269,6 +267,12 @@ module vault 'br/public:avm/res/key-vault/vault:' = { Role: 'DeploymentValidation' } } + { + privateDnsZoneResourceIds: [ + '' + ] + subnetResourceId: '' + } ] roleAssignments: [ { @@ -512,13 +516,18 @@ module vault 'br/public:avm/res/key-vault/vault:' = { "roleDefinitionIdOrName": "" } ], - "service": "vault", "subnetResourceId": "", "tags": { "Environment": "Non-Prod", "hidden-title": "This is visible in the resource name", "Role": "DeploymentValidation" } + }, + { + "privateDnsZoneResourceIds": [ + "" + ], + "subnetResourceId": "" } ] }, @@ -588,149 +597,7 @@ module vault 'br/public:avm/res/key-vault/vault:' = {

-### Example 3: _Using Private Endpoints_ - -This instance deploys the module with Private Endpoints. - - -

- -via Bicep module - -```bicep -module vault 'br/public:avm/res/key-vault/vault:' = { - name: '${uniqueString(deployment().name, resourceLocation)}-test-kvvpe' - params: { - // Required parameters - name: 'kvvpe001' - // Non-required parameters - enablePurgeProtection: false - location: '' - privateEndpoints: [ - { - customDnsConfigs: [ - { - fqdn: 'abc.keyvault.com' - ipAddresses: [ - '10.0.0.10' - ] - } - ] - ipConfigurations: [ - { - name: 'myIPconfig' - properties: { - groupId: 'vault' - memberName: 'default' - privateIPAddress: '10.0.0.10' - } - } - ] - privateDnsZoneResourceIds: [ - '' - ] - roleAssignments: [ - { - principalId: '' - principalType: 'ServicePrincipal' - roleDefinitionIdOrName: 'Reader' - } - ] - subnetResourceId: '' - tags: { - Environment: 'Non-Prod' - 'hidden-title': 'This is visible in the resource name' - Role: 'DeploymentValidation' - } - } - ] - tags: { - Environment: 'Non-Prod' - 'hidden-title': 'This is visible in the resource name' - Role: 'DeploymentValidation' - } - } -} -``` - -
-

- -

- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - // Required parameters - "name": { - "value": "kvvpe001" - }, - // Non-required parameters - "enablePurgeProtection": { - "value": false - }, - "location": { - "value": "" - }, - "privateEndpoints": { - "value": [ - { - "customDnsConfigs": [ - { - "fqdn": "abc.keyvault.com", - "ipAddresses": [ - "10.0.0.10" - ] - } - ], - "ipConfigurations": [ - { - "name": "myIPconfig", - "properties": { - "groupId": "vault", - "memberName": "default", - "privateIPAddress": "10.0.0.10" - } - } - ], - "privateDnsZoneResourceIds": [ - "" - ], - "roleAssignments": [ - { - "principalId": "", - "principalType": "ServicePrincipal", - "roleDefinitionIdOrName": "Reader" - } - ], - "subnetResourceId": "", - "tags": { - "Environment": "Non-Prod", - "hidden-title": "This is visible in the resource name", - "Role": "DeploymentValidation" - } - } - ] - }, - "tags": { - "value": { - "Environment": "Non-Prod", - "hidden-title": "This is visible in the resource name", - "Role": "DeploymentValidation" - } - } - } -} -``` - -
-

- -### Example 4: _WAF-aligned_ +### Example 3: _WAF-aligned_ This instance deploys the module in alignment with the best-practices of the Well-Architected Framework. @@ -1446,14 +1313,15 @@ Configuration details for private endpoints. For security reasons, it is recomme | [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | | [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | | [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | +| [`isManualConnection`](#parameter-privateendpointsismanualconnection) | bool | If Manual Private Link Connection is required. | | [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | | [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | -| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | +| [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | A message passed to the owner of the remote resource with the manual connection request. | | [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | | [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. | | [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | | [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | -| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | +| [`service`](#parameter-privateendpointsservice) | string | The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". | | [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | ### Parameter: `privateEndpoints.subnetResourceId` @@ -1569,6 +1437,13 @@ A private IP address obtained from the private endpoint's subnet. - Required: Yes - Type: string +### Parameter: `privateEndpoints.isManualConnection` + +If Manual Private Link Connection is required. + +- Required: No +- Type: bool + ### Parameter: `privateEndpoints.location` The location to deploy the private endpoint to. @@ -1612,12 +1487,12 @@ Specify the name of lock. - Required: No - Type: string -### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` +### Parameter: `privateEndpoints.manualConnectionRequestMessage` -Manual PrivateLink Service Connections. +A message passed to the owner of the remote resource with the manual connection request. - Required: No -- Type: array +- Type: string ### Parameter: `privateEndpoints.name` @@ -1731,7 +1606,7 @@ The principal type of the assigned principal ID. ### Parameter: `privateEndpoints.service` -The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". +The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". - Required: No - Type: string @@ -1902,7 +1777,7 @@ This section gives you an overview of all local-referenced module files (i.e., o | Reference | Type | | :-- | :-- | -| `br/public:avm/res/network/private-endpoint:0.3.1` | Remote reference | +| `br/public:avm/res/network/private-endpoint:0.4.0` | Remote reference | ## Data Collection diff --git a/avm/res/search/search-service/README.md b/avm/res/search/search-service/README.md index 31c7aed1bf..3768b8ef1c 100644 --- a/avm/res/search/search-service/README.md +++ b/avm/res/search/search-service/README.md @@ -317,6 +317,12 @@ module searchService 'br/public:avm/res/search/search-service:' = { Role: 'DeploymentValidation' } } + { + privateDnsZoneResourceIds: [ + '' + ] + subnetResourceId: '' + } ] publicNetworkAccess: 'disabled' sharedPrivateLinkResources: [ @@ -375,6 +381,12 @@ module searchService 'br/public:avm/res/search/search-service:' = { "Environment": "Non-Prod", "Role": "DeploymentValidation" } + }, + { + "privateDnsZoneResourceIds": [ + "" + ], + "subnetResourceId": "" } ] }, @@ -918,14 +930,15 @@ Configuration details for private endpoints. For security reasons, it is recomme | [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | | [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | | [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | +| [`isManualConnection`](#parameter-privateendpointsismanualconnection) | bool | If Manual Private Link Connection is required. | | [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | | [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | -| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | +| [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | A message passed to the owner of the remote resource with the manual connection request. | | [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | -| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | +| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. | | [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | | [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | -| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | +| [`service`](#parameter-privateendpointsservice) | string | The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". | | [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | ### Parameter: `privateEndpoints.subnetResourceId` @@ -953,19 +966,19 @@ Custom DNS configurations. | Parameter | Type | Description | | :-- | :-- | :-- | -| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | string | Fqdn that resolves to private endpoint ip address. | -| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | array | A list of private ip addresses of the private endpoint. | +| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | string | Fqdn that resolves to private endpoint IP address. | +| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | array | A list of private IP addresses of the private endpoint. | ### Parameter: `privateEndpoints.customDnsConfigs.fqdn` -Fqdn that resolves to private endpoint ip address. +Fqdn that resolves to private endpoint IP address. - Required: No - Type: string ### Parameter: `privateEndpoints.customDnsConfigs.ipAddresses` -A list of private ip addresses of the private endpoint. +A list of private IP addresses of the private endpoint. - Required: Yes - Type: array @@ -1018,7 +1031,7 @@ Properties of private endpoint IP configurations. | :-- | :-- | :-- | | [`groupId`](#parameter-privateendpointsipconfigurationspropertiesgroupid) | string | The ID of a group obtained from the remote resource that this private endpoint should connect to. | | [`memberName`](#parameter-privateendpointsipconfigurationspropertiesmembername) | string | The member name of a group obtained from the remote resource that this private endpoint should connect to. | -| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | string | A private ip address obtained from the private endpoint's subnet. | +| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | string | A private IP address obtained from the private endpoint's subnet. | ### Parameter: `privateEndpoints.ipConfigurations.properties.groupId` @@ -1036,11 +1049,18 @@ The member name of a group obtained from the remote resource that this private e ### Parameter: `privateEndpoints.ipConfigurations.properties.privateIPAddress` -A private ip address obtained from the private endpoint's subnet. +A private IP address obtained from the private endpoint's subnet. - Required: Yes - Type: string +### Parameter: `privateEndpoints.isManualConnection` + +If Manual Private Link Connection is required. + +- Required: No +- Type: bool + ### Parameter: `privateEndpoints.location` The location to deploy the private endpoint to. @@ -1084,12 +1104,12 @@ Specify the name of lock. - Required: No - Type: string -### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` +### Parameter: `privateEndpoints.manualConnectionRequestMessage` -Manual PrivateLink Service Connections. +A message passed to the owner of the remote resource with the manual connection request. - Required: No -- Type: array +- Type: string ### Parameter: `privateEndpoints.name` @@ -1100,7 +1120,7 @@ The name of the private endpoint. ### Parameter: `privateEndpoints.privateDnsZoneGroupName` -The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. +The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. - Required: No - Type: string @@ -1203,7 +1223,7 @@ The principal type of the assigned principal ID. ### Parameter: `privateEndpoints.service` -The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". +The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". - Required: No - Type: string @@ -1379,7 +1399,7 @@ This section gives you an overview of all local-referenced module files (i.e., o | Reference | Type | | :-- | :-- | -| `br/public:avm/res/network/private-endpoint:0.3.1` | Remote reference | +| `br/public:avm/res/network/private-endpoint:0.4.0` | Remote reference | ## Data Collection diff --git a/avm/res/service-bus/namespace/README.md b/avm/res/service-bus/namespace/README.md index 1075d92df0..b599a682dd 100644 --- a/avm/res/service-bus/namespace/README.md +++ b/avm/res/service-bus/namespace/README.md @@ -42,8 +42,7 @@ The following section provides usage examples for the module, which were used to - [Using only defaults](#example-1-using-only-defaults) - [Using encryption parameter set](#example-2-using-encryption-parameter-set) - [Using large parameter set](#example-3-using-large-parameter-set) -- [Using private endpoint parameter set](#example-4-using-private-endpoint-parameter-set) -- [WAF-aligned](#example-5-waf-aligned) +- [WAF-aligned](#example-4-waf-aligned) ### Example 1: _Using only defaults_ @@ -298,7 +297,6 @@ module namespace 'br/public:avm/res/service-bus/namespace:' = { privateDnsZoneResourceIds: [ '' ] - service: 'namespace' subnetResourceId: '' tags: { Environment: 'Non-Prod' @@ -306,6 +304,12 @@ module namespace 'br/public:avm/res/service-bus/namespace:' = { Role: 'DeploymentValidation' } } + { + privateDnsZoneResourceIds: [ + '' + ] + subnetResourceId: '' + } ] publicNetworkAccess: 'Enabled' queues: [ @@ -525,13 +529,18 @@ module namespace 'br/public:avm/res/service-bus/namespace:' = { "privateDnsZoneResourceIds": [ "" ], - "service": "namespace", "subnetResourceId": "", "tags": { "Environment": "Non-Prod", "hidden-title": "This is visible in the resource name", "Role": "DeploymentValidation" } + }, + { + "privateDnsZoneResourceIds": [ + "" + ], + "subnetResourceId": "" } ] }, @@ -633,145 +642,7 @@ module namespace 'br/public:avm/res/service-bus/namespace:' = {

-### Example 4: _Using private endpoint parameter set_ - -This instance deploys the module with features enabled for private endpoint configrations. - - -

- -via Bicep module - -```bicep -module namespace 'br/public:avm/res/service-bus/namespace:' = { - name: '${uniqueString(deployment().name, resourceLocation)}-test-sbnpe' - params: { - // Required parameters - name: 'sbnpe001' - skuObject: { - name: 'Premium' - } - // Non-required parameters - location: '' - privateEndpoints: [ - { - customDnsConfigs: [ - { - fqdn: 'abc.namespace.com' - ipAddresses: [ - '10.0.0.10' - ] - } - ] - ipConfigurations: [ - { - name: 'myIPconfig' - properties: { - groupId: 'namespace' - memberName: 'namespace' - privateIPAddress: '10.0.0.10' - } - } - ] - privateDnsZoneResourceIds: [ - '' - ] - roleAssignments: [ - { - principalId: '' - principalType: 'ServicePrincipal' - roleDefinitionIdOrName: 'Reader' - } - ] - subnetResourceId: '' - tags: { - Environment: 'Non-Prod' - 'hidden-title': 'This is visible in the resource name' - Role: 'DeploymentValidation' - } - } - ] - publicNetworkAccess: 'Disabled' - } -} -``` - -
-

- -

- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - // Required parameters - "name": { - "value": "sbnpe001" - }, - "skuObject": { - "value": { - "name": "Premium" - } - }, - // Non-required parameters - "location": { - "value": "" - }, - "privateEndpoints": { - "value": [ - { - "customDnsConfigs": [ - { - "fqdn": "abc.namespace.com", - "ipAddresses": [ - "10.0.0.10" - ] - } - ], - "ipConfigurations": [ - { - "name": "myIPconfig", - "properties": { - "groupId": "namespace", - "memberName": "namespace", - "privateIPAddress": "10.0.0.10" - } - } - ], - "privateDnsZoneResourceIds": [ - "" - ], - "roleAssignments": [ - { - "principalId": "", - "principalType": "ServicePrincipal", - "roleDefinitionIdOrName": "Reader" - } - ], - "subnetResourceId": "", - "tags": { - "Environment": "Non-Prod", - "hidden-title": "This is visible in the resource name", - "Role": "DeploymentValidation" - } - } - ] - }, - "publicNetworkAccess": { - "value": "Disabled" - } - } -} -``` - -
-

- -### Example 5: _WAF-aligned_ +### Example 4: _WAF-aligned_ This instance deploys the module in alignment with the best-practices of the Well-Architected Framework. @@ -1769,14 +1640,15 @@ Configuration details for private endpoints. For security reasons, it is recomme | [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | | [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | | [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | +| [`isManualConnection`](#parameter-privateendpointsismanualconnection) | bool | If Manual Private Link Connection is required. | | [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | | [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | -| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | +| [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | A message passed to the owner of the remote resource with the manual connection request. | | [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | -| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | +| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. | | [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | | [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | -| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | +| [`service`](#parameter-privateendpointsservice) | string | The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". | | [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | ### Parameter: `privateEndpoints.subnetResourceId` @@ -1892,6 +1764,13 @@ A private IP address obtained from the private endpoint's subnet. - Required: Yes - Type: string +### Parameter: `privateEndpoints.isManualConnection` + +If Manual Private Link Connection is required. + +- Required: No +- Type: bool + ### Parameter: `privateEndpoints.location` The location to deploy the private endpoint to. @@ -1935,12 +1814,12 @@ Specify the name of lock. - Required: No - Type: string -### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` +### Parameter: `privateEndpoints.manualConnectionRequestMessage` -Manual PrivateLink Service Connections. +A message passed to the owner of the remote resource with the manual connection request. - Required: No -- Type: array +- Type: string ### Parameter: `privateEndpoints.name` @@ -1951,7 +1830,7 @@ The name of the private endpoint. ### Parameter: `privateEndpoints.privateDnsZoneGroupName` -The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. +The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. - Required: No - Type: string @@ -2054,7 +1933,7 @@ The principal type of the assigned principal ID. ### Parameter: `privateEndpoints.service` -The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". +The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". - Required: No - Type: string @@ -3030,7 +2909,7 @@ This section gives you an overview of all local-referenced module files (i.e., o | Reference | Type | | :-- | :-- | -| `br/public:avm/res/network/private-endpoint:0.3.1` | Remote reference | +| `br/public:avm/res/network/private-endpoint:0.4.0` | Remote reference | ## Data Collection diff --git a/avm/res/sql/server/README.md b/avm/res/sql/server/README.md index a35700ec06..67a838766f 100644 --- a/avm/res/sql/server/README.md +++ b/avm/res/sql/server/README.md @@ -44,10 +44,9 @@ The following section provides usage examples for the module, which were used to - [With an administrator](#example-1-with-an-administrator) - [Using only defaults](#example-2-using-only-defaults) - [Using large parameter set](#example-3-using-large-parameter-set) -- [Using Private Endpoints](#example-4-using-private-endpoints) -- [With a secondary database](#example-5-with-a-secondary-database) -- [With vulnerability assessment](#example-6-with-vulnerability-assessment) -- [WAF-aligned](#example-7-waf-aligned) +- [With a secondary database](#example-4-with-a-secondary-database) +- [With vulnerability assessment](#example-5-with-vulnerability-assessment) +- [WAF-aligned](#example-6-waf-aligned) ### Example 1: _With an administrator_ @@ -256,7 +255,6 @@ module server 'br/public:avm/res/sql/server:' = { privateDnsZoneResourceIds: [ '' ] - service: 'sqlServer' subnetResourceId: '' tags: { Environment: 'Non-Prod' @@ -264,6 +262,12 @@ module server 'br/public:avm/res/sql/server:' = { Role: 'DeploymentValidation' } } + { + privateDnsZoneResourceIds: [ + '' + ] + subnetResourceId: '' + } ] restrictOutboundNetworkAccess: 'Disabled' roleAssignments: [ @@ -425,13 +429,18 @@ module server 'br/public:avm/res/sql/server:' = { "privateDnsZoneResourceIds": [ "" ], - "service": "sqlServer", "subnetResourceId": "", "tags": { "Environment": "Non-Prod", "hidden-title": "This is visible in the resource name", "Role": "DeploymentValidation" } + }, + { + "privateDnsZoneResourceIds": [ + "" + ], + "subnetResourceId": "" } ] }, @@ -501,139 +510,7 @@ module server 'br/public:avm/res/sql/server:' = {

-### Example 4: _Using Private Endpoints_ - -This instance deploys the module with Private Endpoints. - - -

- -via Bicep module - -```bicep -module server 'br/public:avm/res/sql/server:' = { - name: '${uniqueString(deployment().name, resourceLocation)}-test-sqlspe' - params: { - // Required parameters - name: 'sqlspe' - // Non-required parameters - administratorLogin: 'adminUserName' - administratorLoginPassword: '' - location: '' - privateEndpoints: [ - { - customDnsConfigs: [ - { - fqdn: 'abc.sqlServer.com' - ipAddresses: [ - '10.0.0.10' - ] - } - ] - ipConfigurations: [ - { - name: 'myIPconfig' - properties: { - groupId: 'sqlServer' - memberName: 'sqlServer' - privateIPAddress: '10.0.0.10' - } - } - ] - privateDnsZoneResourceIds: [ - '' - ] - subnetResourceId: '' - tags: { - Environment: 'Non-Prod' - 'hidden-title': 'This is visible in the resource name' - Role: 'DeploymentValidation' - } - } - ] - tags: { - Environment: 'Non-Prod' - 'hidden-title': 'This is visible in the resource name' - Role: 'DeploymentValidation' - } - } -} -``` - -
-

- -

- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - // Required parameters - "name": { - "value": "sqlspe" - }, - // Non-required parameters - "administratorLogin": { - "value": "adminUserName" - }, - "administratorLoginPassword": { - "value": "" - }, - "location": { - "value": "" - }, - "privateEndpoints": { - "value": [ - { - "customDnsConfigs": [ - { - "fqdn": "abc.sqlServer.com", - "ipAddresses": [ - "10.0.0.10" - ] - } - ], - "ipConfigurations": [ - { - "name": "myIPconfig", - "properties": { - "groupId": "sqlServer", - "memberName": "sqlServer", - "privateIPAddress": "10.0.0.10" - } - } - ], - "privateDnsZoneResourceIds": [ - "" - ], - "subnetResourceId": "", - "tags": { - "Environment": "Non-Prod", - "hidden-title": "This is visible in the resource name", - "Role": "DeploymentValidation" - } - } - ] - }, - "tags": { - "value": { - "Environment": "Non-Prod", - "hidden-title": "This is visible in the resource name", - "Role": "DeploymentValidation" - } - } - } -} -``` - -
-

- -### Example 5: _With a secondary database_ +### Example 4: _With a secondary database_ This instance deploys the module with a secondary database. @@ -723,7 +600,7 @@ module server 'br/public:avm/res/sql/server:' = {

-### Example 6: _With vulnerability assessment_ +### Example 5: _With vulnerability assessment_ This instance deploys the module with a vulnerability assessment. @@ -851,7 +728,7 @@ module server 'br/public:avm/res/sql/server:' = {

-### Example 7: _WAF-aligned_ +### Example 6: _WAF-aligned_ This instance deploys the module in alignment with the best-practices of the Azure Well-Architected Framework. @@ -1367,14 +1244,15 @@ Configuration details for private endpoints. For security reasons, it is recomme | [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | | [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | | [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | +| [`isManualConnection`](#parameter-privateendpointsismanualconnection) | bool | If Manual Private Link Connection is required. | | [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | | [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | -| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | +| [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | A message passed to the owner of the remote resource with the manual connection request. | | [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | | [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. | | [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | | [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | -| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | +| [`service`](#parameter-privateendpointsservice) | string | The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". | | [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | ### Parameter: `privateEndpoints.subnetResourceId` @@ -1490,6 +1368,13 @@ A private IP address obtained from the private endpoint's subnet. - Required: Yes - Type: string +### Parameter: `privateEndpoints.isManualConnection` + +If Manual Private Link Connection is required. + +- Required: No +- Type: bool + ### Parameter: `privateEndpoints.location` The location to deploy the private endpoint to. @@ -1533,12 +1418,12 @@ Specify the name of lock. - Required: No - Type: string -### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` +### Parameter: `privateEndpoints.manualConnectionRequestMessage` -Manual PrivateLink Service Connections. +A message passed to the owner of the remote resource with the manual connection request. - Required: No -- Type: array +- Type: string ### Parameter: `privateEndpoints.name` @@ -1652,7 +1537,7 @@ The principal type of the assigned principal ID. ### Parameter: `privateEndpoints.service` -The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". +The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". - Required: No - Type: string @@ -1833,7 +1718,7 @@ This section gives you an overview of all local-referenced module files (i.e., o | Reference | Type | | :-- | :-- | -| `br/public:avm/res/network/private-endpoint:0.3.1` | Remote reference | +| `br/public:avm/res/network/private-endpoint:0.4.0` | Remote reference | ## Notes diff --git a/avm/res/storage/storage-account/README.md b/avm/res/storage/storage-account/README.md index 7831a99e68..697fd99e9f 100644 --- a/avm/res/storage/storage-account/README.md +++ b/avm/res/storage/storage-account/README.md @@ -2470,7 +2470,7 @@ Configuration details for private endpoints. For security reasons, it is recomme | [`isManualConnection`](#parameter-privateendpointsismanualconnection) | bool | Manual PrivateLink Service Connections. | | [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | | [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | -| [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | The name of the request message for manual approval. | +| [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | A message passed to the owner of the remote resource with the manual connection request. | | [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | | [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | | [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | @@ -2649,7 +2649,7 @@ Specify the name of lock. ### Parameter: `privateEndpoints.manualConnectionRequestMessage` -The name of the request message for manual approval. +A message passed to the owner of the remote resource with the manual connection request. - Required: No - Type: string @@ -2962,7 +2962,7 @@ This section gives you an overview of all local-referenced module files (i.e., o | Reference | Type | | :-- | :-- | -| `br/public:avm/res/network/private-endpoint:0.3.1` | Remote reference | +| `br/public:avm/res/network/private-endpoint:0.4.0` | Remote reference | ## Notes diff --git a/avm/res/synapse/private-link-hub/README.md b/avm/res/synapse/private-link-hub/README.md index 82e2a891c3..7534fb874e 100644 --- a/avm/res/synapse/private-link-hub/README.md +++ b/avm/res/synapse/private-link-hub/README.md @@ -112,7 +112,6 @@ module privateLinkHub 'br/public:avm/res/synapse/private-link-hub:' = { privateDnsZoneResourceIds: [ '' ] - service: 'Web' subnetResourceId: '' tags: { Environment: 'Non-Prod' @@ -120,6 +119,12 @@ module privateLinkHub 'br/public:avm/res/synapse/private-link-hub:' = { Role: 'DeploymentValidation' } } + { + privateDnsZoneResourceIds: [ + '' + ] + subnetResourceId: '' + } ] roleAssignments: [ { @@ -174,13 +179,18 @@ module privateLinkHub 'br/public:avm/res/synapse/private-link-hub:' = { "privateDnsZoneResourceIds": [ "" ], - "service": "Web", "subnetResourceId": "", "tags": { "Environment": "Non-Prod", "hidden-title": "This is visible in the resource name", "Role": "DeploymentValidation" } + }, + { + "privateDnsZoneResourceIds": [ + "" + ], + "subnetResourceId": "" } ] }, @@ -392,7 +402,6 @@ Configuration details for private endpoints. For security reasons, it is recomme | Parameter | Type | Description | | :-- | :-- | :-- | -| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | | [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | string | Resource ID of the subnet where the endpoint needs to be created. | **Optional parameters** @@ -404,22 +413,17 @@ Configuration details for private endpoints. For security reasons, it is recomme | [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | | [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | | [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | +| [`isManualConnection`](#parameter-privateendpointsismanualconnection) | bool | If Manual Private Link Connection is required. | | [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | | [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | -| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | +| [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | A message passed to the owner of the remote resource with the manual connection request. | | [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | -| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | +| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. | | [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | | [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | +| [`service`](#parameter-privateendpointsservice) | string | The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". | | [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | -### Parameter: `privateEndpoints.service` - -The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". - -- Required: Yes -- Type: string - ### Parameter: `privateEndpoints.subnetResourceId` Resource ID of the subnet where the endpoint needs to be created. @@ -445,19 +449,19 @@ Custom DNS configurations. | Parameter | Type | Description | | :-- | :-- | :-- | -| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | string | Fqdn that resolves to private endpoint ip address. | -| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | array | A list of private ip addresses of the private endpoint. | +| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | string | Fqdn that resolves to private endpoint IP address. | +| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | array | A list of private IP addresses of the private endpoint. | ### Parameter: `privateEndpoints.customDnsConfigs.fqdn` -Fqdn that resolves to private endpoint ip address. +Fqdn that resolves to private endpoint IP address. - Required: No - Type: string ### Parameter: `privateEndpoints.customDnsConfigs.ipAddresses` -A list of private ip addresses of the private endpoint. +A list of private IP addresses of the private endpoint. - Required: Yes - Type: array @@ -510,7 +514,7 @@ Properties of private endpoint IP configurations. | :-- | :-- | :-- | | [`groupId`](#parameter-privateendpointsipconfigurationspropertiesgroupid) | string | The ID of a group obtained from the remote resource that this private endpoint should connect to. | | [`memberName`](#parameter-privateendpointsipconfigurationspropertiesmembername) | string | The member name of a group obtained from the remote resource that this private endpoint should connect to. | -| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | string | A private ip address obtained from the private endpoint's subnet. | +| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | string | A private IP address obtained from the private endpoint's subnet. | ### Parameter: `privateEndpoints.ipConfigurations.properties.groupId` @@ -528,11 +532,18 @@ The member name of a group obtained from the remote resource that this private e ### Parameter: `privateEndpoints.ipConfigurations.properties.privateIPAddress` -A private ip address obtained from the private endpoint's subnet. +A private IP address obtained from the private endpoint's subnet. - Required: Yes - Type: string +### Parameter: `privateEndpoints.isManualConnection` + +If Manual Private Link Connection is required. + +- Required: No +- Type: bool + ### Parameter: `privateEndpoints.location` The location to deploy the private endpoint to. @@ -576,12 +587,12 @@ Specify the name of lock. - Required: No - Type: string -### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` +### Parameter: `privateEndpoints.manualConnectionRequestMessage` -Manual PrivateLink Service Connections. +A message passed to the owner of the remote resource with the manual connection request. - Required: No -- Type: array +- Type: string ### Parameter: `privateEndpoints.name` @@ -592,7 +603,7 @@ The name of the private endpoint. ### Parameter: `privateEndpoints.privateDnsZoneGroupName` -The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. +The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. - Required: No - Type: string @@ -693,6 +704,13 @@ The principal type of the assigned principal ID. ] ``` +### Parameter: `privateEndpoints.service` + +The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". + +- Required: No +- Type: string + ### Parameter: `privateEndpoints.tags` Tags to be applied on all resources/resource groups in this deployment. @@ -812,7 +830,7 @@ This section gives you an overview of all local-referenced module files (i.e., o | Reference | Type | | :-- | :-- | -| `br/public:avm/res/network/private-endpoint:0.3.1` | Remote reference | +| `br/public:avm/res/network/private-endpoint:0.4.0` | Remote reference | ## Data Collection diff --git a/avm/res/synapse/workspace/README.md b/avm/res/synapse/workspace/README.md index 40f298488e..3ec58eab1e 100644 --- a/avm/res/synapse/workspace/README.md +++ b/avm/res/synapse/workspace/README.md @@ -1126,7 +1126,7 @@ Configuration details for private endpoints. For security reasons, it is recomme | [`isManualConnection`](#parameter-privateendpointsismanualconnection) | bool | If Manual Private Link Connection is required. | | [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | | [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | -| [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars. | +| [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | A message passed to the owner of the remote resource with the manual connection request. | | [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | | [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | | [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | @@ -1305,7 +1305,7 @@ Specify the name of lock. ### Parameter: `privateEndpoints.manualConnectionRequestMessage` -A message passed to the owner of the remote resource with the manual connection request. Restricted to 140 chars. +A message passed to the owner of the remote resource with the manual connection request. - Required: No - Type: string @@ -1580,7 +1580,7 @@ This section gives you an overview of all local-referenced module files (i.e., o | Reference | Type | | :-- | :-- | -| `br/public:avm/res/network/private-endpoint:0.3.1` | Remote reference | +| `br/public:avm/res/network/private-endpoint:0.4.0` | Remote reference | ## Data Collection diff --git a/avm/res/web/site/README.md b/avm/res/web/site/README.md index 3fa8c4a1e0..7d7f600c47 100644 --- a/avm/res/web/site/README.md +++ b/avm/res/web/site/README.md @@ -249,6 +249,12 @@ module site 'br/public:avm/res/web/site:' = { Role: 'DeploymentValidation' } } + { + privateDnsZoneResourceIds: [ + '' + ] + subnetResourceId: '' + } ] roleAssignments: [ { @@ -443,6 +449,12 @@ module site 'br/public:avm/res/web/site:' = { "hidden-title": "This is visible in the resource name", "Role": "DeploymentValidation" } + }, + { + "privateDnsZoneResourceIds": [ + "" + ], + "subnetResourceId": "" } ] }, @@ -752,6 +764,12 @@ module site 'br/public:avm/res/web/site:' = { Role: 'DeploymentValidation' } } + { + privateDnsZoneResourceIds: [ + '' + ] + subnetResourceId: '' + } ] publicNetworkAccess: 'Disabled' roleAssignments: [ @@ -960,6 +978,12 @@ module site 'br/public:avm/res/web/site:' = { "hidden-title": "This is visible in the resource name", "Role": "DeploymentValidation" } + }, + { + "privateDnsZoneResourceIds": [ + "" + ], + "subnetResourceId": "" } ] }, @@ -1579,14 +1603,15 @@ Configuration details for private endpoints. For security reasons, it is recomme | [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | | [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | | [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | +| [`isManualConnection`](#parameter-privateendpointsismanualconnection) | bool | If Manual Private Link Connection is required. | | [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | | [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | -| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | +| [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | A message passed to the owner of the remote resource with the manual connection request. | | [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | -| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | +| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. | | [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | | [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | -| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | +| [`service`](#parameter-privateendpointsservice) | string | The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". | | [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | ### Parameter: `privateEndpoints.subnetResourceId` @@ -1614,19 +1639,19 @@ Custom DNS configurations. | Parameter | Type | Description | | :-- | :-- | :-- | -| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | string | Fqdn that resolves to private endpoint ip address. | -| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | array | A list of private ip addresses of the private endpoint. | +| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | string | Fqdn that resolves to private endpoint IP address. | +| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | array | A list of private IP addresses of the private endpoint. | ### Parameter: `privateEndpoints.customDnsConfigs.fqdn` -Fqdn that resolves to private endpoint ip address. +Fqdn that resolves to private endpoint IP address. - Required: No - Type: string ### Parameter: `privateEndpoints.customDnsConfigs.ipAddresses` -A list of private ip addresses of the private endpoint. +A list of private IP addresses of the private endpoint. - Required: Yes - Type: array @@ -1679,7 +1704,7 @@ Properties of private endpoint IP configurations. | :-- | :-- | :-- | | [`groupId`](#parameter-privateendpointsipconfigurationspropertiesgroupid) | string | The ID of a group obtained from the remote resource that this private endpoint should connect to. | | [`memberName`](#parameter-privateendpointsipconfigurationspropertiesmembername) | string | The member name of a group obtained from the remote resource that this private endpoint should connect to. | -| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | string | A private ip address obtained from the private endpoint's subnet. | +| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | string | A private IP address obtained from the private endpoint's subnet. | ### Parameter: `privateEndpoints.ipConfigurations.properties.groupId` @@ -1697,11 +1722,18 @@ The member name of a group obtained from the remote resource that this private e ### Parameter: `privateEndpoints.ipConfigurations.properties.privateIPAddress` -A private ip address obtained from the private endpoint's subnet. +A private IP address obtained from the private endpoint's subnet. - Required: Yes - Type: string +### Parameter: `privateEndpoints.isManualConnection` + +If Manual Private Link Connection is required. + +- Required: No +- Type: bool + ### Parameter: `privateEndpoints.location` The location to deploy the private endpoint to. @@ -1745,12 +1777,12 @@ Specify the name of lock. - Required: No - Type: string -### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` +### Parameter: `privateEndpoints.manualConnectionRequestMessage` -Manual PrivateLink Service Connections. +A message passed to the owner of the remote resource with the manual connection request. - Required: No -- Type: array +- Type: string ### Parameter: `privateEndpoints.name` @@ -1761,7 +1793,7 @@ The name of the private endpoint. ### Parameter: `privateEndpoints.privateDnsZoneGroupName` -The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. +The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. - Required: No - Type: string @@ -1864,7 +1896,7 @@ The principal type of the assigned principal ID. ### Parameter: `privateEndpoints.service` -The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". +The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". - Required: No - Type: string @@ -2101,7 +2133,7 @@ This section gives you an overview of all local-referenced module files (i.e., o | Reference | Type | | :-- | :-- | -| `br/public:avm/res/network/private-endpoint:0.3.2` | Remote reference | +| `br/public:avm/res/network/private-endpoint:0.4.0` | Remote reference | ## Notes diff --git a/avm/res/web/static-site/README.md b/avm/res/web/static-site/README.md index a4a37abdff..fd130bc092 100644 --- a/avm/res/web/static-site/README.md +++ b/avm/res/web/static-site/README.md @@ -136,6 +136,12 @@ module staticSite 'br/public:avm/res/web/static-site:' = { Role: 'DeploymentValidation' } } + { + privateDnsZoneResourceIds: [ + '' + ] + subnetResourceId: '' + } ] roleAssignments: [ { @@ -234,6 +240,12 @@ module staticSite 'br/public:avm/res/web/static-site:' = { "hidden-title": "This is visible in the resource name", "Role": "DeploymentValidation" } + }, + { + "privateDnsZoneResourceIds": [ + "" + ], + "subnetResourceId": "" } ] }, @@ -633,14 +645,15 @@ Configuration details for private endpoints. For security reasons, it is recomme | [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | | [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | | [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | +| [`isManualConnection`](#parameter-privateendpointsismanualconnection) | bool | If Manual Private Link Connection is required. | | [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | | [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | -| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | +| [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | A message passed to the owner of the remote resource with the manual connection request. | | [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | -| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | +| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. | | [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | | [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | -| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | +| [`service`](#parameter-privateendpointsservice) | string | The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". | | [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | ### Parameter: `privateEndpoints.subnetResourceId` @@ -668,19 +681,19 @@ Custom DNS configurations. | Parameter | Type | Description | | :-- | :-- | :-- | -| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | string | Fqdn that resolves to private endpoint ip address. | -| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | array | A list of private ip addresses of the private endpoint. | +| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | string | Fqdn that resolves to private endpoint IP address. | +| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | array | A list of private IP addresses of the private endpoint. | ### Parameter: `privateEndpoints.customDnsConfigs.fqdn` -Fqdn that resolves to private endpoint ip address. +Fqdn that resolves to private endpoint IP address. - Required: No - Type: string ### Parameter: `privateEndpoints.customDnsConfigs.ipAddresses` -A list of private ip addresses of the private endpoint. +A list of private IP addresses of the private endpoint. - Required: Yes - Type: array @@ -733,7 +746,7 @@ Properties of private endpoint IP configurations. | :-- | :-- | :-- | | [`groupId`](#parameter-privateendpointsipconfigurationspropertiesgroupid) | string | The ID of a group obtained from the remote resource that this private endpoint should connect to. | | [`memberName`](#parameter-privateendpointsipconfigurationspropertiesmembername) | string | The member name of a group obtained from the remote resource that this private endpoint should connect to. | -| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | string | A private ip address obtained from the private endpoint's subnet. | +| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | string | A private IP address obtained from the private endpoint's subnet. | ### Parameter: `privateEndpoints.ipConfigurations.properties.groupId` @@ -751,11 +764,18 @@ The member name of a group obtained from the remote resource that this private e ### Parameter: `privateEndpoints.ipConfigurations.properties.privateIPAddress` -A private ip address obtained from the private endpoint's subnet. +A private IP address obtained from the private endpoint's subnet. - Required: Yes - Type: string +### Parameter: `privateEndpoints.isManualConnection` + +If Manual Private Link Connection is required. + +- Required: No +- Type: bool + ### Parameter: `privateEndpoints.location` The location to deploy the private endpoint to. @@ -799,12 +819,12 @@ Specify the name of lock. - Required: No - Type: string -### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` +### Parameter: `privateEndpoints.manualConnectionRequestMessage` -Manual PrivateLink Service Connections. +A message passed to the owner of the remote resource with the manual connection request. - Required: No -- Type: array +- Type: string ### Parameter: `privateEndpoints.name` @@ -815,7 +835,7 @@ The name of the private endpoint. ### Parameter: `privateEndpoints.privateDnsZoneGroupName` -The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. +The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. - Required: No - Type: string @@ -918,7 +938,7 @@ The principal type of the assigned principal ID. ### Parameter: `privateEndpoints.service` -The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". +The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". - Required: No - Type: string @@ -1103,7 +1123,7 @@ This section gives you an overview of all local-referenced module files (i.e., o | Reference | Type | | :-- | :-- | -| `br/public:avm/res/network/private-endpoint:0.3.1` | Remote reference | +| `br/public:avm/res/network/private-endpoint:0.4.0` | Remote reference | ## Data Collection From a96d94be8fefcbdb7175d522d379aea758b9cb43 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sun, 25 Feb 2024 14:02:10 +0100 Subject: [PATCH 08/29] Added missing tryGet --- avm/res/container-registry/registry/main.bicep | 2 +- avm/res/container-registry/registry/main.json | 4 ++-- avm/res/data-factory/factory/main.bicep | 2 +- avm/res/data-factory/factory/main.json | 4 ++-- avm/res/desktop-virtualization/host-pool/main.bicep | 2 +- avm/res/desktop-virtualization/host-pool/main.json | 4 ++-- avm/res/desktop-virtualization/workspace/main.bicep | 2 +- avm/res/desktop-virtualization/workspace/main.json | 4 ++-- avm/res/event-grid/domain/main.bicep | 2 +- avm/res/event-grid/domain/main.json | 4 ++-- avm/res/event-grid/topic/main.bicep | 2 +- avm/res/event-grid/topic/main.json | 4 ++-- avm/res/insights/private-link-scope/main.bicep | 2 +- avm/res/insights/private-link-scope/main.json | 4 ++-- avm/res/key-vault/vault/main.bicep | 4 ++-- avm/res/key-vault/vault/main.json | 6 +++--- avm/res/search/search-service/main.bicep | 4 ++-- avm/res/search/search-service/main.json | 6 +++--- avm/res/service-bus/namespace/main.bicep | 4 ++-- avm/res/service-bus/namespace/main.json | 6 +++--- avm/res/sql/server/main.bicep | 4 ++-- avm/res/sql/server/main.json | 6 +++--- avm/res/synapse/private-link-hub/main.bicep | 4 ++-- avm/res/synapse/private-link-hub/main.json | 6 +++--- avm/res/web/site/main.bicep | 4 ++-- avm/res/web/site/main.json | 6 +++--- avm/res/web/static-site/main.bicep | 4 ++-- avm/res/web/static-site/main.json | 6 +++--- 28 files changed, 56 insertions(+), 56 deletions(-) diff --git a/avm/res/container-registry/registry/main.bicep b/avm/res/container-registry/registry/main.bicep index 98f33b4364..1afb601a1b 100644 --- a/avm/res/container-registry/registry/main.bicep +++ b/avm/res/container-registry/registry/main.bicep @@ -355,7 +355,7 @@ module registry_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4 properties: { privateLinkServiceId: registry.id groupIds: [ - privateEndpoint.service ?? 'registry' + privateEndpoint.?service ?? 'registry' ] requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' } diff --git a/avm/res/container-registry/registry/main.json b/avm/res/container-registry/registry/main.json index d8863e7b67..f80fd46333 100644 --- a/avm/res/container-registry/registry/main.json +++ b/avm/res/container-registry/registry/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "13226881250525855714" + "templateHash": "12297664192511047607" }, "name": "Azure Container Registries (ACR)", "description": "This module deploys an Azure Container Registry (ACR).", @@ -1426,7 +1426,7 @@ } ] }, - "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.ContainerRegistry/registries', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.ContainerRegistry/registries', parameters('name')), 'groupIds', createArray(coalesce(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, 'registry')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", + "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.ContainerRegistry/registries', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.ContainerRegistry/registries', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'registry')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, diff --git a/avm/res/data-factory/factory/main.bicep b/avm/res/data-factory/factory/main.bicep index b337667b46..8917493908 100644 --- a/avm/res/data-factory/factory/main.bicep +++ b/avm/res/data-factory/factory/main.bicep @@ -247,7 +247,7 @@ module dataFactory_privateEndpoints 'br/public:avm/res/network/private-endpoint: properties: { privateLinkServiceId: dataFactory.id groupIds: [ - privateEndpoint.service ?? 'dataFactory' + privateEndpoint.?service ?? 'dataFactory' ] requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' } diff --git a/avm/res/data-factory/factory/main.json b/avm/res/data-factory/factory/main.json index f6667137bc..68a796a21a 100644 --- a/avm/res/data-factory/factory/main.json +++ b/avm/res/data-factory/factory/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "14313869927695029069" + "templateHash": "1193597743314108761" }, "name": "Data Factories", "description": "This module deploys a Data Factory.", @@ -1154,7 +1154,7 @@ } ] }, - "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.DataFactory/factories', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.DataFactory/factories', parameters('name')), 'groupIds', createArray(coalesce(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, 'dataFactory')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", + "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.DataFactory/factories', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.DataFactory/factories', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'dataFactory')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, diff --git a/avm/res/desktop-virtualization/host-pool/main.bicep b/avm/res/desktop-virtualization/host-pool/main.bicep index ea7b13dfd4..b7e53ae354 100644 --- a/avm/res/desktop-virtualization/host-pool/main.bicep +++ b/avm/res/desktop-virtualization/host-pool/main.bicep @@ -217,7 +217,7 @@ module hostPool_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4 properties: { privateLinkServiceId: hostPool.id groupIds: [ - privateEndpoint.service ?? 'connection' + privateEndpoint.?service ?? 'connection' ] requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' } diff --git a/avm/res/desktop-virtualization/host-pool/main.json b/avm/res/desktop-virtualization/host-pool/main.json index ccdc0c68ac..c2af042a65 100644 --- a/avm/res/desktop-virtualization/host-pool/main.json +++ b/avm/res/desktop-virtualization/host-pool/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "2200972037690976544" + "templateHash": "16466891172149132846" }, "name": "Azure Virtual Desktop Host Pool", "description": "This module deploys an Azure Virtual Desktop Host Pool", @@ -787,7 +787,7 @@ } ] }, - "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.DesktopVirtualization/hostPools', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.DesktopVirtualization/hostPools', parameters('name')), 'groupIds', createArray(coalesce(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, 'connection')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", + "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.DesktopVirtualization/hostPools', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.DesktopVirtualization/hostPools', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'connection')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, diff --git a/avm/res/desktop-virtualization/workspace/main.bicep b/avm/res/desktop-virtualization/workspace/main.bicep index d07588b933..fa2920ff20 100644 --- a/avm/res/desktop-virtualization/workspace/main.bicep +++ b/avm/res/desktop-virtualization/workspace/main.bicep @@ -111,7 +111,7 @@ module workspace_privateEndpoints 'br/public:avm/res/network/private-endpoint:0. properties: { privateLinkServiceId: workspace.id groupIds: [ - privateEndpoint.service ?? 'connection' + privateEndpoint.?service ?? 'connection' ] requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' } diff --git a/avm/res/desktop-virtualization/workspace/main.json b/avm/res/desktop-virtualization/workspace/main.json index c71f5f179a..1b5bae807e 100644 --- a/avm/res/desktop-virtualization/workspace/main.json +++ b/avm/res/desktop-virtualization/workspace/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "6103356200292183138" + "templateHash": "14501453677179673661" }, "name": "Workspace", "description": "This module deploys an Azure Virtual Desktop Workspace.", @@ -601,7 +601,7 @@ } ] }, - "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.DesktopVirtualization/workspaces', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.DesktopVirtualization/workspaces', parameters('name')), 'groupIds', createArray(coalesce(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, 'connection')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", + "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.DesktopVirtualization/workspaces', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.DesktopVirtualization/workspaces', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'connection')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, diff --git a/avm/res/event-grid/domain/main.bicep b/avm/res/event-grid/domain/main.bicep index 85a25125e9..6d1cd95eac 100644 --- a/avm/res/event-grid/domain/main.bicep +++ b/avm/res/event-grid/domain/main.bicep @@ -164,7 +164,7 @@ module domain_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0 properties: { privateLinkServiceId: domain.id groupIds: [ - privateEndpoint.service ?? 'domain' + privateEndpoint.?service ?? 'domain' ] requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' } diff --git a/avm/res/event-grid/domain/main.json b/avm/res/event-grid/domain/main.json index b4afcc513a..a8090f3db8 100644 --- a/avm/res/event-grid/domain/main.json +++ b/avm/res/event-grid/domain/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "3048569417856427270" + "templateHash": "15505085285715148641" }, "name": "Event Grid Domains", "description": "This module deploys an Event Grid Domain.", @@ -779,7 +779,7 @@ } ] }, - "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.EventGrid/domains', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.EventGrid/domains', parameters('name')), 'groupIds', createArray(coalesce(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, 'domain')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", + "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.EventGrid/domains', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.EventGrid/domains', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'domain')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, diff --git a/avm/res/event-grid/topic/main.bicep b/avm/res/event-grid/topic/main.bicep index 450f055f47..bc1a0074fa 100644 --- a/avm/res/event-grid/topic/main.bicep +++ b/avm/res/event-grid/topic/main.bicep @@ -166,7 +166,7 @@ module topic_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' properties: { privateLinkServiceId: topic.id groupIds: [ - privateEndpoint.service ?? 'topic' + privateEndpoint.?service ?? 'topic' ] requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' } diff --git a/avm/res/event-grid/topic/main.json b/avm/res/event-grid/topic/main.json index 7109fccf3c..d5eae84af8 100644 --- a/avm/res/event-grid/topic/main.json +++ b/avm/res/event-grid/topic/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "14522400974559779755" + "templateHash": "2572661825639537553" }, "name": "Event Grid Topics", "description": "This module deploys an Event Grid Topic.", @@ -860,7 +860,7 @@ } ] }, - "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.EventGrid/topics', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.EventGrid/topics', parameters('name')), 'groupIds', createArray(coalesce(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, 'topic')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", + "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.EventGrid/topics', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.EventGrid/topics', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'topic')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, diff --git a/avm/res/insights/private-link-scope/main.bicep b/avm/res/insights/private-link-scope/main.bicep index bc6f8b2a31..4e485f2962 100644 --- a/avm/res/insights/private-link-scope/main.bicep +++ b/avm/res/insights/private-link-scope/main.bicep @@ -124,7 +124,7 @@ module privateLinkScope_privateEndpoints 'br/public:avm/res/network/private-endp properties: { privateLinkServiceId: privateLinkScope.id groupIds: [ - privateEndpoint.service ?? 'azuremonitor' + privateEndpoint.?service ?? 'azuremonitor' ] requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' } diff --git a/avm/res/insights/private-link-scope/main.json b/avm/res/insights/private-link-scope/main.json index b134dd2728..41c2df08a8 100644 --- a/avm/res/insights/private-link-scope/main.json +++ b/avm/res/insights/private-link-scope/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "16450080141803062642" + "templateHash": "17632100016382700712" }, "name": "Azure Monitor Private Link Scopes", "description": "This module deploys an Azure Monitor Private Link Scope.", @@ -648,7 +648,7 @@ } ] }, - "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('microsoft.insights/privateLinkScopes', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('microsoft.insights/privateLinkScopes', parameters('name')), 'groupIds', createArray(coalesce(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, 'azuremonitor')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", + "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('microsoft.insights/privateLinkScopes', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('microsoft.insights/privateLinkScopes', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'azuremonitor')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, diff --git a/avm/res/key-vault/vault/main.bicep b/avm/res/key-vault/vault/main.bicep index f4b161b4b8..fbffc6f8cf 100644 --- a/avm/res/key-vault/vault/main.bicep +++ b/avm/res/key-vault/vault/main.bicep @@ -246,7 +246,7 @@ module keyVault_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4 properties: { privateLinkServiceId: keyVault.id groupIds: [ - privateEndpoint.service ?? 'vault' + privateEndpoint.?service ?? 'vault' ] } } @@ -257,7 +257,7 @@ module keyVault_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4 properties: { privateLinkServiceId: keyVault.id groupIds: [ - privateEndpoint.service ?? 'vault' + privateEndpoint.?service ?? 'vault' ] requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' } diff --git a/avm/res/key-vault/vault/main.json b/avm/res/key-vault/vault/main.json index 6597f9bf9e..a368180dfe 100644 --- a/avm/res/key-vault/vault/main.json +++ b/avm/res/key-vault/vault/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "17079013752233330751" + "templateHash": "14926953761133707701" }, "name": "Key Vaults", "description": "This module deploys a Key Vault.", @@ -1734,8 +1734,8 @@ "name": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.KeyVault/vaults', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex()))]" }, - "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.KeyVault/vaults', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.KeyVault/vaults', parameters('name')), 'groupIds', createArray(coalesce(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, 'vault')))))), createObject('value', null()))]", - "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.KeyVault/vaults', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.KeyVault/vaults', parameters('name')), 'groupIds', createArray(coalesce(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, 'vault')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", + "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.KeyVault/vaults', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.KeyVault/vaults', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'vault')))))), createObject('value', null()))]", + "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.KeyVault/vaults', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.KeyVault/vaults', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'vault')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, diff --git a/avm/res/search/search-service/main.bicep b/avm/res/search/search-service/main.bicep index 150e15315e..2a8c5a8193 100644 --- a/avm/res/search/search-service/main.bicep +++ b/avm/res/search/search-service/main.bicep @@ -208,7 +208,7 @@ module searchService_privateEndpoints 'br/public:avm/res/network/private-endpoin properties: { privateLinkServiceId: searchService.id groupIds: [ - privateEndpoint.service ?? 'searchService' + privateEndpoint.?service ?? 'searchService' ] } } @@ -219,7 +219,7 @@ module searchService_privateEndpoints 'br/public:avm/res/network/private-endpoin properties: { privateLinkServiceId: searchService.id groupIds: [ - privateEndpoint.service ?? 'searchService' + privateEndpoint.?service ?? 'searchService' ] requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' } diff --git a/avm/res/search/search-service/main.json b/avm/res/search/search-service/main.json index 1bd72eeab1..9ef0bb363c 100644 --- a/avm/res/search/search-service/main.json +++ b/avm/res/search/search-service/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "16955501416707998682" + "templateHash": "7484642960267395482" }, "name": "Search Services", "description": "This module deploys a Search Service.", @@ -727,8 +727,8 @@ "name": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.Search/searchServices', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex()))]" }, - "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Search/searchServices', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Search/searchServices', parameters('name')), 'groupIds', createArray(coalesce(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, 'searchService')))))), createObject('value', null()))]", - "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Search/searchServices', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Search/searchServices', parameters('name')), 'groupIds', createArray(coalesce(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, 'searchService')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", + "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Search/searchServices', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Search/searchServices', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'searchService')))))), createObject('value', null()))]", + "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Search/searchServices', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Search/searchServices', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'searchService')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, diff --git a/avm/res/service-bus/namespace/main.bicep b/avm/res/service-bus/namespace/main.bicep index 60f496afca..2de7c2a715 100644 --- a/avm/res/service-bus/namespace/main.bicep +++ b/avm/res/service-bus/namespace/main.bicep @@ -310,7 +310,7 @@ module serviceBusNamespace_privateEndpoints 'br/public:avm/res/network/private-e properties: { privateLinkServiceId: serviceBusNamespace.id groupIds: [ - privateEndpoint.service ?? 'namespace' + privateEndpoint.?service ?? 'namespace' ] } } @@ -321,7 +321,7 @@ module serviceBusNamespace_privateEndpoints 'br/public:avm/res/network/private-e properties: { privateLinkServiceId: serviceBusNamespace.id groupIds: [ - privateEndpoint.service ?? 'namespace' + privateEndpoint.?service ?? 'namespace' ] requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' } diff --git a/avm/res/service-bus/namespace/main.json b/avm/res/service-bus/namespace/main.json index 1b3fd1c827..778a9c7000 100644 --- a/avm/res/service-bus/namespace/main.json +++ b/avm/res/service-bus/namespace/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "8498919384397410551" + "templateHash": "15392017989115253" }, "name": "Service Bus Namespaces", "description": "This module deploys a Service Bus Namespace.", @@ -3403,8 +3403,8 @@ "name": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.ServiceBus/namespaces', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex()))]" }, - "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.ServiceBus/namespaces', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.ServiceBus/namespaces', parameters('name')), 'groupIds', createArray(coalesce(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, 'namespace')))))), createObject('value', null()))]", - "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.ServiceBus/namespaces', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.ServiceBus/namespaces', parameters('name')), 'groupIds', createArray(coalesce(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, 'namespace')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", + "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.ServiceBus/namespaces', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.ServiceBus/namespaces', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'namespace')))))), createObject('value', null()))]", + "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.ServiceBus/namespaces', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.ServiceBus/namespaces', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'namespace')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, diff --git a/avm/res/sql/server/main.bicep b/avm/res/sql/server/main.bicep index b25e0e9ce0..f24c8ea856 100644 --- a/avm/res/sql/server/main.bicep +++ b/avm/res/sql/server/main.bicep @@ -244,7 +244,7 @@ module server_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0 properties: { privateLinkServiceId: server.id groupIds: [ - privateEndpoint.service ?? 'sqlServer' + privateEndpoint.?service ?? 'sqlServer' ] } } @@ -255,7 +255,7 @@ module server_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0 properties: { privateLinkServiceId: server.id groupIds: [ - privateEndpoint.service ?? 'sqlServer' + privateEndpoint.?service ?? 'sqlServer' ] requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' } diff --git a/avm/res/sql/server/main.json b/avm/res/sql/server/main.json index f4f61eb4a5..66f75f5e16 100644 --- a/avm/res/sql/server/main.json +++ b/avm/res/sql/server/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "12730355516454932504" + "templateHash": "4920986167206372784" }, "name": "Azure SQL Servers", "description": "This module deploys an Azure SQL Server.", @@ -1603,8 +1603,8 @@ "name": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.Sql/servers', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex()))]" }, - "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Sql/servers', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Sql/servers', parameters('name')), 'groupIds', createArray(coalesce(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, 'sqlServer')))))), createObject('value', null()))]", - "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Sql/servers', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Sql/servers', parameters('name')), 'groupIds', createArray(coalesce(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, 'sqlServer')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", + "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Sql/servers', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Sql/servers', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'sqlServer')))))), createObject('value', null()))]", + "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Sql/servers', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Sql/servers', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'sqlServer')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, diff --git a/avm/res/synapse/private-link-hub/main.bicep b/avm/res/synapse/private-link-hub/main.bicep index d9b19bcc7e..a1e4abafb8 100644 --- a/avm/res/synapse/private-link-hub/main.bicep +++ b/avm/res/synapse/private-link-hub/main.bicep @@ -91,7 +91,7 @@ module privateLinkHub_privateEndpoints 'br/public:avm/res/network/private-endpoi properties: { privateLinkServiceId: privateLinkHub.id groupIds: [ - privateEndpoint.service ?? 'privateLinkHubs' + privateEndpoint.?service ?? 'privateLinkHubs' ] } } @@ -102,7 +102,7 @@ module privateLinkHub_privateEndpoints 'br/public:avm/res/network/private-endpoi properties: { privateLinkServiceId: privateLinkHub.id groupIds: [ - privateEndpoint.service ?? 'privateLinkHubs' + privateEndpoint.?service ?? 'privateLinkHubs' ] requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' } diff --git a/avm/res/synapse/private-link-hub/main.json b/avm/res/synapse/private-link-hub/main.json index 5c5fdadd7e..5ea7cab4a6 100644 --- a/avm/res/synapse/private-link-hub/main.json +++ b/avm/res/synapse/private-link-hub/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "11530149506711542411" + "templateHash": "17026026948123898340" }, "name": "Azure Synapse Analytics", "description": "This module deploys an Azure Synapse Analytics (Private Link Hub).", @@ -425,8 +425,8 @@ "name": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.Synapse/privateLinkHubs', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex()))]" }, - "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Synapse/privateLinkHubs', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Synapse/privateLinkHubs', parameters('name')), 'groupIds', createArray(coalesce(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, 'privateLinkHubs')))))), createObject('value', null()))]", - "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Synapse/privateLinkHubs', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Synapse/privateLinkHubs', parameters('name')), 'groupIds', createArray(coalesce(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, 'privateLinkHubs')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", + "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Synapse/privateLinkHubs', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Synapse/privateLinkHubs', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'privateLinkHubs')))))), createObject('value', null()))]", + "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Synapse/privateLinkHubs', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Synapse/privateLinkHubs', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'privateLinkHubs')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, diff --git a/avm/res/web/site/main.bicep b/avm/res/web/site/main.bicep index f7a85f5813..8ac60bd456 100644 --- a/avm/res/web/site/main.bicep +++ b/avm/res/web/site/main.bicep @@ -372,7 +372,7 @@ module app_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = properties: { privateLinkServiceId: app.id groupIds: [ - privateEndpoint.service ?? 'sites' + privateEndpoint.?service ?? 'sites' ] } } @@ -383,7 +383,7 @@ module app_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = properties: { privateLinkServiceId: app.id groupIds: [ - privateEndpoint.service ?? 'sites' + privateEndpoint.?service ?? 'sites' ] requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' } diff --git a/avm/res/web/site/main.json b/avm/res/web/site/main.json index 1612504cb0..0c0b4f6f40 100644 --- a/avm/res/web/site/main.json +++ b/avm/res/web/site/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "11321679505113447554" + "templateHash": "7892863393666588295" }, "name": "Web/Function Apps", "description": "This module deploys a Web or Function App.", @@ -3637,8 +3637,8 @@ "name": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/sites', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex()))]" }, - "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/sites', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Web/sites', parameters('name')), 'groupIds', createArray(coalesce(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, 'sites')))))), createObject('value', null()))]", - "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/sites', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Web/sites', parameters('name')), 'groupIds', createArray(coalesce(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, 'sites')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", + "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/sites', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Web/sites', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'sites')))))), createObject('value', null()))]", + "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/sites', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Web/sites', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'sites')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, diff --git a/avm/res/web/static-site/main.bicep b/avm/res/web/static-site/main.bicep index a653860a4e..0a50cdeb53 100644 --- a/avm/res/web/static-site/main.bicep +++ b/avm/res/web/static-site/main.bicep @@ -211,7 +211,7 @@ module staticSite_privateEndpoints 'br/public:avm/res/network/private-endpoint:0 properties: { privateLinkServiceId: staticSite.id groupIds: [ - privateEndpoint.service ?? 'staticSites' + privateEndpoint.?service ?? 'staticSites' ] } } @@ -222,7 +222,7 @@ module staticSite_privateEndpoints 'br/public:avm/res/network/private-endpoint:0 properties: { privateLinkServiceId: staticSite.id groupIds: [ - privateEndpoint.service ?? 'staticSites' + privateEndpoint.?service ?? 'staticSites' ] requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' } diff --git a/avm/res/web/static-site/main.json b/avm/res/web/static-site/main.json index f0084bdb23..f41704e08b 100644 --- a/avm/res/web/static-site/main.json +++ b/avm/res/web/static-site/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "12380932113650006196" + "templateHash": "2936873399883813450" }, "name": "Static Web Apps", "description": "This module deploys a Static Web App.", @@ -973,8 +973,8 @@ "name": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/staticSites', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex()))]" }, - "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/staticSites', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Web/staticSites', parameters('name')), 'groupIds', createArray(coalesce(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, 'staticSites')))))), createObject('value', null()))]", - "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/staticSites', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Web/staticSites', parameters('name')), 'groupIds', createArray(coalesce(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, 'staticSites')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", + "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/staticSites', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Web/staticSites', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'staticSites')))))), createObject('value', null()))]", + "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/staticSites', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Web/staticSites', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'staticSites')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, From 54ba237065e8c4b53d80d9f2b7722ecb31d13dc2 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sun, 25 Feb 2024 14:08:24 +0100 Subject: [PATCH 09/29] Updated site docs --- avm/res/web/site/slot/README.md | 38 +++++++++++------- avm/res/web/site/slot/main.json | 71 +++++++++++++++++---------------- 2 files changed, 59 insertions(+), 50 deletions(-) diff --git a/avm/res/web/site/slot/README.md b/avm/res/web/site/slot/README.md index 8b82bf1ad9..f81c939982 100644 --- a/avm/res/web/site/slot/README.md +++ b/avm/res/web/site/slot/README.md @@ -509,14 +509,15 @@ Configuration details for private endpoints. | [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | | [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | | [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | +| [`isManualConnection`](#parameter-privateendpointsismanualconnection) | bool | If Manual Private Link Connection is required. | | [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | | [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | -| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | +| [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | A message passed to the owner of the remote resource with the manual connection request. | | [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | -| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | +| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. | | [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | | [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | -| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | +| [`service`](#parameter-privateendpointsservice) | string | The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". | | [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | ### Parameter: `privateEndpoints.subnetResourceId` @@ -544,19 +545,19 @@ Custom DNS configurations. | Parameter | Type | Description | | :-- | :-- | :-- | -| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | string | Fqdn that resolves to private endpoint ip address. | -| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | array | A list of private ip addresses of the private endpoint. | +| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | string | Fqdn that resolves to private endpoint IP address. | +| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | array | A list of private IP addresses of the private endpoint. | ### Parameter: `privateEndpoints.customDnsConfigs.fqdn` -Fqdn that resolves to private endpoint ip address. +Fqdn that resolves to private endpoint IP address. - Required: No - Type: string ### Parameter: `privateEndpoints.customDnsConfigs.ipAddresses` -A list of private ip addresses of the private endpoint. +A list of private IP addresses of the private endpoint. - Required: Yes - Type: array @@ -609,7 +610,7 @@ Properties of private endpoint IP configurations. | :-- | :-- | :-- | | [`groupId`](#parameter-privateendpointsipconfigurationspropertiesgroupid) | string | The ID of a group obtained from the remote resource that this private endpoint should connect to. | | [`memberName`](#parameter-privateendpointsipconfigurationspropertiesmembername) | string | The member name of a group obtained from the remote resource that this private endpoint should connect to. | -| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | string | A private ip address obtained from the private endpoint's subnet. | +| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | string | A private IP address obtained from the private endpoint's subnet. | ### Parameter: `privateEndpoints.ipConfigurations.properties.groupId` @@ -627,11 +628,18 @@ The member name of a group obtained from the remote resource that this private e ### Parameter: `privateEndpoints.ipConfigurations.properties.privateIPAddress` -A private ip address obtained from the private endpoint's subnet. +A private IP address obtained from the private endpoint's subnet. - Required: Yes - Type: string +### Parameter: `privateEndpoints.isManualConnection` + +If Manual Private Link Connection is required. + +- Required: No +- Type: bool + ### Parameter: `privateEndpoints.location` The location to deploy the private endpoint to. @@ -675,12 +683,12 @@ Specify the name of lock. - Required: No - Type: string -### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` +### Parameter: `privateEndpoints.manualConnectionRequestMessage` -Manual PrivateLink Service Connections. +A message passed to the owner of the remote resource with the manual connection request. - Required: No -- Type: array +- Type: string ### Parameter: `privateEndpoints.name` @@ -691,7 +699,7 @@ The name of the private endpoint. ### Parameter: `privateEndpoints.privateDnsZoneGroupName` -The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. +The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. - Required: No - Type: string @@ -794,7 +802,7 @@ The principal type of the assigned principal ID. ### Parameter: `privateEndpoints.service` -The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". +The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". - Required: No - Type: string @@ -1019,7 +1027,7 @@ This section gives you an overview of all local-referenced module files (i.e., o | Reference | Type | | :-- | :-- | -| `br/public:avm/res/network/private-endpoint:0.3.2` | Remote reference | +| `br/public:avm/res/network/private-endpoint:0.4.0` | Remote reference | ## Notes diff --git a/avm/res/web/site/slot/main.json b/avm/res/web/site/slot/main.json index a4c60a5730..c9fec737f8 100644 --- a/avm/res/web/site/slot/main.json +++ b/avm/res/web/site/slot/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "12905465301950647404" + "templateHash": "153313484532541481" }, "name": "Web/Function App Deployment Slots", "description": "This module deploys a Web or Function App Deployment Slot.", @@ -150,7 +150,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The service (sub-) type to deploy the private endpoint for. For example \"vault\" or \"blob\"." + "description": "Optional. The subresource to deploy the private endpoint for. For example \"vault\", \"mysqlServer\" or \"dataFactory\"." } }, "subnetResourceId": { @@ -163,7 +163,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided." + "description": "Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided." } }, "privateDnsZoneResourceIds": { @@ -176,6 +176,21 @@ "description": "Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones." } }, + "isManualConnection": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. If Manual Private Link Connection is required." + } + }, + "manualConnectionRequestMessage": { + "type": "string", + "nullable": true, + "maxLength": 140, + "metadata": { + "description": "Optional. A message passed to the owner of the remote resource with the manual connection request." + } + }, "customDnsConfigs": { "type": "array", "items": { @@ -185,7 +200,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Required. Fqdn that resolves to private endpoint ip address." + "description": "Required. Fqdn that resolves to private endpoint IP address." } }, "ipAddresses": { @@ -194,7 +209,7 @@ "type": "string" }, "metadata": { - "description": "Required. A list of private ip addresses of the private endpoint." + "description": "Required. A list of private IP addresses of the private endpoint." } } } @@ -233,7 +248,7 @@ "privateIPAddress": { "type": "string", "metadata": { - "description": "Required. A private ip address obtained from the private endpoint's subnet." + "description": "Required. A private IP address obtained from the private endpoint's subnet." } } }, @@ -284,13 +299,6 @@ "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." } }, - "manualPrivateLinkServiceConnections": { - "type": "array", - "nullable": true, - "metadata": { - "description": "Optional. Manual PrivateLink Service Connections." - } - }, "enableTelemetry": { "type": "bool", "nullable": true, @@ -1407,22 +1415,11 @@ }, "mode": "Incremental", "parameters": { - "privateLinkServiceConnections": { - "value": [ - { - "name": "[parameters('name')]", - "properties": { - "privateLinkServiceId": "[resourceId('Microsoft.Web/sites', parameters('appName'))]", - "groupIds": [ - "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), format('sites-{0}', parameters('name')))]" - ] - } - } - ] - }, "name": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}-{3}', last(split(resourceId('Microsoft.Web/sites', parameters('appName')), '/')), parameters('name'), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'sites'), copyIndex()))]" }, + "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/sites', parameters('appName')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Web/sites', parameters('appName')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), format('sites-{0}', parameters('name')))))))), createObject('value', null()))]", + "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/sites', parameters('appName')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Web/sites', parameters('appName')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), format('sites-{0}', parameters('name')))), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, @@ -1447,9 +1444,6 @@ "tags": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'tags'), parameters('tags'))]" }, - "manualPrivateLinkServiceConnections": { - "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections')]" - }, "customDnsConfigs": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customDnsConfigs')]" }, @@ -1470,8 +1464,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "2821141217598568122" + "version": "0.24.24.22086", + "templateHash": "2592884001616184297" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -1520,7 +1514,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." } }, "conditionVersion": { @@ -1836,7 +1830,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2023-07-01", - "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.3.2', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.4.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -1941,8 +1935,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18168683629401652671" + "version": "0.24.24.22086", + "templateHash": "9321937464667207030" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -2053,6 +2047,13 @@ "description": "The location the resource was deployed into." }, "value": "[reference('privateEndpoint', '2023-04-01', 'full').location]" + }, + "groupId": { + "type": "string", + "metadata": { + "description": "The group Id for the private endpoint Group." + }, + "value": "[if(not(empty(reference('privateEndpoint').manualPrivateLinkServiceConnections)), reference('privateEndpoint').manualPrivateLinkServiceConnections[0].properties.groupIds[0], reference('privateEndpoint').privateLinkServiceConnections[0].properties.groupIds[0])]" } } } From a2d88ab2bc39fe330e04f3c32c47cbc4e67c63f4 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sun, 25 Feb 2024 14:25:19 +0100 Subject: [PATCH 10/29] Update to latest --- avm/res/automation/automation-account/version.json | 4 ++-- avm/res/batch/batch-account/version.json | 4 ++-- avm/res/cache/redis/version.json | 4 ++-- avm/res/cognitive-services/account/version.json | 2 +- avm/res/container-registry/registry/version.json | 2 +- avm/res/data-factory/factory/version.json | 2 +- avm/res/databricks/workspace/version.json | 4 ++-- .../desktop-virtualization/workspace/version.json | 12 ++++++------ avm/res/document-db/database-account/version.json | 4 ++-- avm/res/event-grid/domain/version.json | 4 ++-- avm/res/event-grid/topic/version.json | 4 ++-- avm/res/insights/private-link-scope/version.json | 2 +- avm/res/key-vault/vault/version.json | 2 +- avm/res/search/search-service/version.json | 2 +- avm/res/service-bus/namespace/version.json | 4 ++-- avm/res/sql/server/version.json | 2 +- avm/res/storage/storage-account/version.json | 4 ++-- avm/res/synapse/private-link-hub/version.json | 2 +- avm/res/synapse/workspace/version.json | 4 ++-- avm/res/web/site/version.json | 2 +- avm/res/web/static-site/version.json | 4 ++-- 21 files changed, 37 insertions(+), 37 deletions(-) diff --git a/avm/res/automation/automation-account/version.json b/avm/res/automation/automation-account/version.json index 9481fea58e..c177b1bb58 100644 --- a/avm/res/automation/automation-account/version.json +++ b/avm/res/automation/automation-account/version.json @@ -1,7 +1,7 @@ { "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.2", + "version": "0.3", "pathFilters": [ "./main.json" ] -} +} \ No newline at end of file diff --git a/avm/res/batch/batch-account/version.json b/avm/res/batch/batch-account/version.json index 96236a61ba..a8eda31021 100644 --- a/avm/res/batch/batch-account/version.json +++ b/avm/res/batch/batch-account/version.json @@ -1,7 +1,7 @@ { "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.4", + "version": "0.5", "pathFilters": [ "./main.json" ] -} +} \ No newline at end of file diff --git a/avm/res/cache/redis/version.json b/avm/res/cache/redis/version.json index 7fa401bdf7..1c035df49f 100644 --- a/avm/res/cache/redis/version.json +++ b/avm/res/cache/redis/version.json @@ -1,7 +1,7 @@ { "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.1", + "version": "0.2", "pathFilters": [ "./main.json" ] -} +} \ No newline at end of file diff --git a/avm/res/cognitive-services/account/version.json b/avm/res/cognitive-services/account/version.json index c177b1bb58..3f863a2bec 100644 --- a/avm/res/cognitive-services/account/version.json +++ b/avm/res/cognitive-services/account/version.json @@ -1,6 +1,6 @@ { "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.3", + "version": "0.4", "pathFilters": [ "./main.json" ] diff --git a/avm/res/container-registry/registry/version.json b/avm/res/container-registry/registry/version.json index 83083db694..1c035df49f 100644 --- a/avm/res/container-registry/registry/version.json +++ b/avm/res/container-registry/registry/version.json @@ -1,6 +1,6 @@ { "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.1", + "version": "0.2", "pathFilters": [ "./main.json" ] diff --git a/avm/res/data-factory/factory/version.json b/avm/res/data-factory/factory/version.json index 83083db694..1c035df49f 100644 --- a/avm/res/data-factory/factory/version.json +++ b/avm/res/data-factory/factory/version.json @@ -1,6 +1,6 @@ { "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.1", + "version": "0.2", "pathFilters": [ "./main.json" ] diff --git a/avm/res/databricks/workspace/version.json b/avm/res/databricks/workspace/version.json index 9481fea58e..c177b1bb58 100644 --- a/avm/res/databricks/workspace/version.json +++ b/avm/res/databricks/workspace/version.json @@ -1,7 +1,7 @@ { "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.2", + "version": "0.3", "pathFilters": [ "./main.json" ] -} +} \ No newline at end of file diff --git a/avm/res/desktop-virtualization/workspace/version.json b/avm/res/desktop-virtualization/workspace/version.json index 7245f14872..729ac87673 100644 --- a/avm/res/desktop-virtualization/workspace/version.json +++ b/avm/res/desktop-virtualization/workspace/version.json @@ -1,7 +1,7 @@ { - "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.1", - "pathFilters": [ - "./main.json" - ] - } \ No newline at end of file + "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", + "version": "0.2", + "pathFilters": [ + "./main.json" + ] +} \ No newline at end of file diff --git a/avm/res/document-db/database-account/version.json b/avm/res/document-db/database-account/version.json index 9481fea58e..c177b1bb58 100644 --- a/avm/res/document-db/database-account/version.json +++ b/avm/res/document-db/database-account/version.json @@ -1,7 +1,7 @@ { "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.2", + "version": "0.3", "pathFilters": [ "./main.json" ] -} +} \ No newline at end of file diff --git a/avm/res/event-grid/domain/version.json b/avm/res/event-grid/domain/version.json index 8def869ede..729ac87673 100644 --- a/avm/res/event-grid/domain/version.json +++ b/avm/res/event-grid/domain/version.json @@ -1,7 +1,7 @@ { "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.1", + "version": "0.2", "pathFilters": [ "./main.json" ] -} +} \ No newline at end of file diff --git a/avm/res/event-grid/topic/version.json b/avm/res/event-grid/topic/version.json index 8def869ede..729ac87673 100644 --- a/avm/res/event-grid/topic/version.json +++ b/avm/res/event-grid/topic/version.json @@ -1,7 +1,7 @@ { "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.1", + "version": "0.2", "pathFilters": [ "./main.json" ] -} +} \ No newline at end of file diff --git a/avm/res/insights/private-link-scope/version.json b/avm/res/insights/private-link-scope/version.json index 83083db694..1c035df49f 100644 --- a/avm/res/insights/private-link-scope/version.json +++ b/avm/res/insights/private-link-scope/version.json @@ -1,6 +1,6 @@ { "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.1", + "version": "0.2", "pathFilters": [ "./main.json" ] diff --git a/avm/res/key-vault/vault/version.json b/avm/res/key-vault/vault/version.json index c177b1bb58..3f863a2bec 100644 --- a/avm/res/key-vault/vault/version.json +++ b/avm/res/key-vault/vault/version.json @@ -1,6 +1,6 @@ { "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.3", + "version": "0.4", "pathFilters": [ "./main.json" ] diff --git a/avm/res/search/search-service/version.json b/avm/res/search/search-service/version.json index 83083db694..1c035df49f 100644 --- a/avm/res/search/search-service/version.json +++ b/avm/res/search/search-service/version.json @@ -1,6 +1,6 @@ { "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.1", + "version": "0.2", "pathFilters": [ "./main.json" ] diff --git a/avm/res/service-bus/namespace/version.json b/avm/res/service-bus/namespace/version.json index daf1a794d9..76049e1c4a 100644 --- a/avm/res/service-bus/namespace/version.json +++ b/avm/res/service-bus/namespace/version.json @@ -1,7 +1,7 @@ { "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.2", + "version": "0.3", "pathFilters": [ "./main.json" ] -} +} \ No newline at end of file diff --git a/avm/res/sql/server/version.json b/avm/res/sql/server/version.json index 83083db694..1c035df49f 100644 --- a/avm/res/sql/server/version.json +++ b/avm/res/sql/server/version.json @@ -1,6 +1,6 @@ { "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.1", + "version": "0.2", "pathFilters": [ "./main.json" ] diff --git a/avm/res/storage/storage-account/version.json b/avm/res/storage/storage-account/version.json index 35040975ae..0f81d22abc 100644 --- a/avm/res/storage/storage-account/version.json +++ b/avm/res/storage/storage-account/version.json @@ -1,7 +1,7 @@ { "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.7", + "version": "0.8", "pathFilters": [ "./main.json" ] -} +} \ No newline at end of file diff --git a/avm/res/synapse/private-link-hub/version.json b/avm/res/synapse/private-link-hub/version.json index 83083db694..1c035df49f 100644 --- a/avm/res/synapse/private-link-hub/version.json +++ b/avm/res/synapse/private-link-hub/version.json @@ -1,6 +1,6 @@ { "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.1", + "version": "0.2", "pathFilters": [ "./main.json" ] diff --git a/avm/res/synapse/workspace/version.json b/avm/res/synapse/workspace/version.json index 9481fea58e..c177b1bb58 100644 --- a/avm/res/synapse/workspace/version.json +++ b/avm/res/synapse/workspace/version.json @@ -1,7 +1,7 @@ { "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.2", + "version": "0.3", "pathFilters": [ "./main.json" ] -} +} \ No newline at end of file diff --git a/avm/res/web/site/version.json b/avm/res/web/site/version.json index 1c035df49f..c177b1bb58 100644 --- a/avm/res/web/site/version.json +++ b/avm/res/web/site/version.json @@ -1,6 +1,6 @@ { "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.2", + "version": "0.3", "pathFilters": [ "./main.json" ] diff --git a/avm/res/web/static-site/version.json b/avm/res/web/static-site/version.json index 8def869ede..729ac87673 100644 --- a/avm/res/web/static-site/version.json +++ b/avm/res/web/static-site/version.json @@ -1,7 +1,7 @@ { "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.1", + "version": "0.2", "pathFilters": [ "./main.json" ] -} +} \ No newline at end of file From 3aa7a0386ad1a9e02dcf0a511b3083a4cbcc5ccd Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sun, 25 Feb 2024 14:29:30 +0100 Subject: [PATCH 11/29] Update to latest --- .../automation-account/job-schedule/main.json | 4 ++-- .../automation/automation-account/module/main.json | 4 ++-- .../automation/automation-account/runbook/main.json | 4 ++-- .../automation/automation-account/schedule/main.json | 4 ++-- .../software-update-configuration/main.json | 4 ++-- .../automation/automation-account/variable/main.json | 4 ++-- .../gremlin-database/graph/main.json | 4 ++-- .../database-account/gremlin-database/main.json | 8 ++++---- .../mongodb-database/collection/main.json | 4 ++-- .../database-account/mongodb-database/main.json | 8 ++++---- .../sql-database/container/main.json | 4 ++-- .../database-account/sql-database/main.json | 8 ++++---- .../container/immutability-policy/main.json | 4 ++-- .../storage-account/blob-service/container/main.json | 8 ++++---- .../storage/storage-account/blob-service/main.json | 12 ++++++------ .../storage/storage-account/file-service/main.json | 12 ++++++------ .../storage-account/file-service/share/main.json | 8 ++++---- avm/res/storage/storage-account/local-user/main.json | 4 ++-- .../storage-account/management-policy/main.json | 4 ++-- .../storage/storage-account/queue-service/main.json | 8 ++++---- .../storage-account/queue-service/queue/main.json | 4 ++-- .../storage/storage-account/table-service/main.json | 8 ++++---- .../storage-account/table-service/table/main.json | 4 ++-- .../synapse/workspace/integration-runtime/main.json | 4 ++-- avm/res/synapse/workspace/key/main.json | 4 ++-- 25 files changed, 72 insertions(+), 72 deletions(-) diff --git a/avm/res/automation/automation-account/job-schedule/main.json b/avm/res/automation/automation-account/job-schedule/main.json index 0dabd80bb5..170fa3ee8a 100644 --- a/avm/res/automation/automation-account/job-schedule/main.json +++ b/avm/res/automation/automation-account/job-schedule/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "14246826935635972197" + "version": "0.25.53.49325", + "templateHash": "4183701486282199551" }, "name": "Automation Account Job Schedules", "description": "This module deploys an Azure Automation Account Job Schedule.", diff --git a/avm/res/automation/automation-account/module/main.json b/avm/res/automation/automation-account/module/main.json index 4baf87c834..c151060111 100644 --- a/avm/res/automation/automation-account/module/main.json +++ b/avm/res/automation/automation-account/module/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "6758949567913452110" + "version": "0.25.53.49325", + "templateHash": "4277151232699761913" }, "name": "Automation Account Modules", "description": "This module deploys an Azure Automation Account Module.", diff --git a/avm/res/automation/automation-account/runbook/main.json b/avm/res/automation/automation-account/runbook/main.json index a3a4fe2e0b..0761a0bce4 100644 --- a/avm/res/automation/automation-account/runbook/main.json +++ b/avm/res/automation/automation-account/runbook/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "12519596207626057781" + "version": "0.25.53.49325", + "templateHash": "16141039584915226874" }, "name": "Automation Account Runbooks", "description": "This module deploys an Azure Automation Account Runbook.", diff --git a/avm/res/automation/automation-account/schedule/main.json b/avm/res/automation/automation-account/schedule/main.json index 5ce4bf8737..26dfa7ca29 100644 --- a/avm/res/automation/automation-account/schedule/main.json +++ b/avm/res/automation/automation-account/schedule/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "17013504570786383965" + "version": "0.25.53.49325", + "templateHash": "15445244253525012229" }, "name": "Automation Account Schedules", "description": "This module deploys an Azure Automation Account Schedule.", diff --git a/avm/res/automation/automation-account/software-update-configuration/main.json b/avm/res/automation/automation-account/software-update-configuration/main.json index dbe061896d..e6d98f28da 100644 --- a/avm/res/automation/automation-account/software-update-configuration/main.json +++ b/avm/res/automation/automation-account/software-update-configuration/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "6362006893081858637" + "version": "0.25.53.49325", + "templateHash": "6467431009828483672" }, "name": "Automation Account Software Update Configurations", "description": "This module deploys an Azure Automation Account Software Update Configuration.", diff --git a/avm/res/automation/automation-account/variable/main.json b/avm/res/automation/automation-account/variable/main.json index d6213254ee..ec55c87f17 100644 --- a/avm/res/automation/automation-account/variable/main.json +++ b/avm/res/automation/automation-account/variable/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "162568846997583805" + "version": "0.25.53.49325", + "templateHash": "15605588341437540157" }, "name": "Automation Account Variables", "description": "This module deploys an Azure Automation Account Variable.", diff --git a/avm/res/document-db/database-account/gremlin-database/graph/main.json b/avm/res/document-db/database-account/gremlin-database/graph/main.json index 1483098c2e..531189986d 100644 --- a/avm/res/document-db/database-account/gremlin-database/graph/main.json +++ b/avm/res/document-db/database-account/gremlin-database/graph/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "14243370867444327055" + "version": "0.25.53.49325", + "templateHash": "4078462189838201163" }, "name": "DocumentDB Database Accounts Gremlin Databases Graphs", "description": "This module deploys a DocumentDB Database Accounts Gremlin Database Graph.", diff --git a/avm/res/document-db/database-account/gremlin-database/main.json b/avm/res/document-db/database-account/gremlin-database/main.json index e64ef29612..1ff6b48baa 100644 --- a/avm/res/document-db/database-account/gremlin-database/main.json +++ b/avm/res/document-db/database-account/gremlin-database/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "2617432375264179405" + "version": "0.25.53.49325", + "templateHash": "5227237801347888732" }, "name": "DocumentDB Database Account Gremlin Databases", "description": "This module deploys a Gremlin Database within a CosmosDB Account.", @@ -109,8 +109,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "14243370867444327055" + "version": "0.25.53.49325", + "templateHash": "4078462189838201163" }, "name": "DocumentDB Database Accounts Gremlin Databases Graphs", "description": "This module deploys a DocumentDB Database Accounts Gremlin Database Graph.", diff --git a/avm/res/document-db/database-account/mongodb-database/collection/main.json b/avm/res/document-db/database-account/mongodb-database/collection/main.json index 10a7d6e4ca..925b996e85 100644 --- a/avm/res/document-db/database-account/mongodb-database/collection/main.json +++ b/avm/res/document-db/database-account/mongodb-database/collection/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "10065636031063619686" + "version": "0.25.53.49325", + "templateHash": "12727124123085683569" }, "name": "DocumentDB Database Account MongoDB Database Collections", "description": "This module deploys a MongoDB Database Collection.", diff --git a/avm/res/document-db/database-account/mongodb-database/main.json b/avm/res/document-db/database-account/mongodb-database/main.json index 8a15ed3962..549aa6394d 100644 --- a/avm/res/document-db/database-account/mongodb-database/main.json +++ b/avm/res/document-db/database-account/mongodb-database/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "5366984101532329712" + "version": "0.25.53.49325", + "templateHash": "5538920636867167805" }, "name": "DocumentDB Database Account MongoDB Databases", "description": "This module deploys a MongoDB Database within a CosmosDB Account.", @@ -108,8 +108,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "10065636031063619686" + "version": "0.25.53.49325", + "templateHash": "12727124123085683569" }, "name": "DocumentDB Database Account MongoDB Database Collections", "description": "This module deploys a MongoDB Database Collection.", diff --git a/avm/res/document-db/database-account/sql-database/container/main.json b/avm/res/document-db/database-account/sql-database/container/main.json index 2714d00e36..18ea3e8513 100644 --- a/avm/res/document-db/database-account/sql-database/container/main.json +++ b/avm/res/document-db/database-account/sql-database/container/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "6680377134811820539" + "version": "0.25.53.49325", + "templateHash": "15407611441750959399" }, "name": "DocumentDB Database Account SQL Database Containers", "description": "This module deploys a SQL Database Container in a CosmosDB Account.", diff --git a/avm/res/document-db/database-account/sql-database/main.json b/avm/res/document-db/database-account/sql-database/main.json index 0d5900963a..e57bc190b0 100644 --- a/avm/res/document-db/database-account/sql-database/main.json +++ b/avm/res/document-db/database-account/sql-database/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "6855947757310197808" + "version": "0.25.53.49325", + "templateHash": "3371007626132936503" }, "name": "DocumentDB Database Account SQL Databases", "description": "This module deploys a SQL Database in a CosmosDB Account.", @@ -120,8 +120,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "6680377134811820539" + "version": "0.25.53.49325", + "templateHash": "15407611441750959399" }, "name": "DocumentDB Database Account SQL Database Containers", "description": "This module deploys a SQL Database Container in a CosmosDB Account.", diff --git a/avm/res/storage/storage-account/blob-service/container/immutability-policy/main.json b/avm/res/storage/storage-account/blob-service/container/immutability-policy/main.json index c5f31a243f..ac3bd2c129 100644 --- a/avm/res/storage/storage-account/blob-service/container/immutability-policy/main.json +++ b/avm/res/storage/storage-account/blob-service/container/immutability-policy/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "15441426428461937893" + "version": "0.25.53.49325", + "templateHash": "10329548264889228160" }, "name": "Storage Account Blob Container Immutability Policies", "description": "This module deploys a Storage Account Blob Container Immutability Policy.", diff --git a/avm/res/storage/storage-account/blob-service/container/main.json b/avm/res/storage/storage-account/blob-service/container/main.json index d74b756e4a..3f3a51ac90 100644 --- a/avm/res/storage/storage-account/blob-service/container/main.json +++ b/avm/res/storage/storage-account/blob-service/container/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "1429761296615247722" + "version": "0.25.53.49325", + "templateHash": "11351273351916968732" }, "name": "Storage Account Blob Containers", "description": "This module deploys a Storage Account Blob Container.", @@ -274,8 +274,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "15441426428461937893" + "version": "0.25.53.49325", + "templateHash": "10329548264889228160" }, "name": "Storage Account Blob Container Immutability Policies", "description": "This module deploys a Storage Account Blob Container Immutability Policy.", diff --git a/avm/res/storage/storage-account/blob-service/main.json b/avm/res/storage/storage-account/blob-service/main.json index e96c5fb150..46429e3bb4 100644 --- a/avm/res/storage/storage-account/blob-service/main.json +++ b/avm/res/storage/storage-account/blob-service/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "1171033307374205653" + "version": "0.25.53.49325", + "templateHash": "4746835745355709536" }, "name": "Storage Account blob Services", "description": "This module deploys a Storage Account Blob Service.", @@ -403,8 +403,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "1429761296615247722" + "version": "0.25.53.49325", + "templateHash": "11351273351916968732" }, "name": "Storage Account Blob Containers", "description": "This module deploys a Storage Account Blob Container.", @@ -672,8 +672,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "15441426428461937893" + "version": "0.25.53.49325", + "templateHash": "10329548264889228160" }, "name": "Storage Account Blob Container Immutability Policies", "description": "This module deploys a Storage Account Blob Container Immutability Policy.", diff --git a/avm/res/storage/storage-account/file-service/main.json b/avm/res/storage/storage-account/file-service/main.json index bb79cc960a..b2d1773a8a 100644 --- a/avm/res/storage/storage-account/file-service/main.json +++ b/avm/res/storage/storage-account/file-service/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "9233391743581137624" + "version": "0.25.53.49325", + "templateHash": "5288106279947156711" }, "name": "Storage Account File Share Services", "description": "This module deploys a Storage Account File Share Service.", @@ -286,8 +286,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "11243515252529303304" + "version": "0.25.53.49325", + "templateHash": "2026482374148202879" }, "name": "Storage Account File Shares", "description": "This module deploys a Storage Account File Share.", @@ -486,8 +486,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "17643632023108067837" + "version": "0.25.53.49325", + "templateHash": "15595600813016932186" } }, "parameters": { diff --git a/avm/res/storage/storage-account/file-service/share/main.json b/avm/res/storage/storage-account/file-service/share/main.json index 13705f6f2d..4d6e95dba4 100644 --- a/avm/res/storage/storage-account/file-service/share/main.json +++ b/avm/res/storage/storage-account/file-service/share/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "11243515252529303304" + "version": "0.25.53.49325", + "templateHash": "2026482374148202879" }, "name": "Storage Account File Shares", "description": "This module deploys a Storage Account File Share.", @@ -205,8 +205,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "17643632023108067837" + "version": "0.25.53.49325", + "templateHash": "15595600813016932186" } }, "parameters": { diff --git a/avm/res/storage/storage-account/local-user/main.json b/avm/res/storage/storage-account/local-user/main.json index ac7889af2b..5044c80422 100644 --- a/avm/res/storage/storage-account/local-user/main.json +++ b/avm/res/storage/storage-account/local-user/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "414567084253124464" + "version": "0.25.53.49325", + "templateHash": "17117452291389534361" }, "name": "Storage Account Local Users", "description": "This module deploys a Storage Account Local User, which is used for SFTP authentication.", diff --git a/avm/res/storage/storage-account/management-policy/main.json b/avm/res/storage/storage-account/management-policy/main.json index 3a0a924bdb..3e1730f09b 100644 --- a/avm/res/storage/storage-account/management-policy/main.json +++ b/avm/res/storage/storage-account/management-policy/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "17360500138014235250" + "version": "0.25.53.49325", + "templateHash": "774635646248081518" }, "name": "Storage Account Management Policies", "description": "This module deploys a Storage Account Management Policy.", diff --git a/avm/res/storage/storage-account/queue-service/main.json b/avm/res/storage/storage-account/queue-service/main.json index 4956f26ae7..aae35c5012 100644 --- a/avm/res/storage/storage-account/queue-service/main.json +++ b/avm/res/storage/storage-account/queue-service/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "10823351122551411657" + "version": "0.25.53.49325", + "templateHash": "14446905482734328346" }, "name": "Storage Account Queue Services", "description": "This module deploys a Storage Account Queue Service.", @@ -250,8 +250,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "11104056744955032379" + "version": "0.25.53.49325", + "templateHash": "12411465246702614738" }, "name": "Storage Account Queues", "description": "This module deploys a Storage Account Queue.", diff --git a/avm/res/storage/storage-account/queue-service/queue/main.json b/avm/res/storage/storage-account/queue-service/queue/main.json index 888b7f01b5..6ad5c15435 100644 --- a/avm/res/storage/storage-account/queue-service/queue/main.json +++ b/avm/res/storage/storage-account/queue-service/queue/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "11104056744955032379" + "version": "0.25.53.49325", + "templateHash": "12411465246702614738" }, "name": "Storage Account Queues", "description": "This module deploys a Storage Account Queue.", diff --git a/avm/res/storage/storage-account/table-service/main.json b/avm/res/storage/storage-account/table-service/main.json index 17ea7814f7..4b2089447c 100644 --- a/avm/res/storage/storage-account/table-service/main.json +++ b/avm/res/storage/storage-account/table-service/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "2077261761360434847" + "version": "0.25.53.49325", + "templateHash": "14471460242481977546" }, "name": "Storage Account Table Services", "description": "This module deploys a Storage Account Table Service.", @@ -247,8 +247,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "981180809348713884" + "version": "0.25.53.49325", + "templateHash": "8824223095963877860" }, "name": "Storage Account Table", "description": "This module deploys a Storage Account Table.", diff --git a/avm/res/storage/storage-account/table-service/table/main.json b/avm/res/storage/storage-account/table-service/table/main.json index f8f1671b71..c87d417e99 100644 --- a/avm/res/storage/storage-account/table-service/table/main.json +++ b/avm/res/storage/storage-account/table-service/table/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "981180809348713884" + "version": "0.25.53.49325", + "templateHash": "8824223095963877860" }, "name": "Storage Account Table", "description": "This module deploys a Storage Account Table.", diff --git a/avm/res/synapse/workspace/integration-runtime/main.json b/avm/res/synapse/workspace/integration-runtime/main.json index 03114a39ba..97a5e64866 100644 --- a/avm/res/synapse/workspace/integration-runtime/main.json +++ b/avm/res/synapse/workspace/integration-runtime/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "5925144887906209420" + "version": "0.25.53.49325", + "templateHash": "7739107907804712060" }, "name": "Synapse Workspace Integration Runtimes", "description": "This module deploys a Synapse Workspace Integration Runtime.", diff --git a/avm/res/synapse/workspace/key/main.json b/avm/res/synapse/workspace/key/main.json index f14f2c84df..85aed99df5 100644 --- a/avm/res/synapse/workspace/key/main.json +++ b/avm/res/synapse/workspace/key/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "15811131631744837887" + "version": "0.25.53.49325", + "templateHash": "2498604793784722860" }, "name": "Synapse Workspaces Keys", "description": "This module deploys a Synapse Workspaces Key.", From e3fefb6a9ebf3c276ef5cc2fb33d356ab0d0448d Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sun, 25 Feb 2024 14:30:55 +0100 Subject: [PATCH 12/29] Update to latest --- .../desktop-virtualization/host-pool/version.json | 12 ++++++------ .../desktop-virtualization/workspace/version.json | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/avm/res/desktop-virtualization/host-pool/version.json b/avm/res/desktop-virtualization/host-pool/version.json index 7245f14872..729ac87673 100644 --- a/avm/res/desktop-virtualization/host-pool/version.json +++ b/avm/res/desktop-virtualization/host-pool/version.json @@ -1,7 +1,7 @@ { - "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.1", - "pathFilters": [ - "./main.json" - ] - } \ No newline at end of file + "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", + "version": "0.2", + "pathFilters": [ + "./main.json" + ] +} \ No newline at end of file diff --git a/avm/res/desktop-virtualization/workspace/version.json b/avm/res/desktop-virtualization/workspace/version.json index 729ac87673..76049e1c4a 100644 --- a/avm/res/desktop-virtualization/workspace/version.json +++ b/avm/res/desktop-virtualization/workspace/version.json @@ -1,6 +1,6 @@ { "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.2", + "version": "0.3", "pathFilters": [ "./main.json" ] From ff0819c102500c62b480bf975a12197a2a126f7b Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sun, 25 Feb 2024 14:51:45 +0100 Subject: [PATCH 13/29] Update to latest --- avm/res/cache/redis/main.bicep | 4 ++-- avm/res/cache/redis/main.json | 6 +++--- avm/res/cognitive-services/account/main.bicep | 4 ++-- avm/res/cognitive-services/account/main.json | 6 +++--- avm/res/container-registry/registry/main.bicep | 4 ++-- avm/res/container-registry/registry/main.json | 6 +++--- avm/res/data-factory/factory/main.bicep | 4 ++-- avm/res/data-factory/factory/main.json | 6 +++--- .../desktop-virtualization/host-pool/main.bicep | 4 ++-- .../desktop-virtualization/host-pool/main.json | 6 +++--- .../desktop-virtualization/workspace/main.bicep | 4 ++-- .../desktop-virtualization/workspace/main.json | 6 +++--- avm/res/event-grid/domain/main.bicep | 4 ++-- avm/res/event-grid/domain/main.json | 6 +++--- avm/res/event-grid/topic/main.bicep | 4 ++-- avm/res/event-grid/topic/main.json | 6 +++--- avm/res/insights/private-link-scope/main.bicep | 4 ++-- avm/res/insights/private-link-scope/main.json | 6 +++--- avm/res/key-vault/vault/main.bicep | 6 +++--- avm/res/key-vault/vault/main.json | 8 ++++---- avm/res/search/search-service/main.bicep | 6 +++--- avm/res/search/search-service/main.json | 8 ++++---- avm/res/service-bus/namespace/main.bicep | 6 +++--- avm/res/service-bus/namespace/main.json | 8 ++++---- avm/res/sql/server/main.bicep | 6 +++--- avm/res/sql/server/main.json | 8 ++++---- avm/res/synapse/private-link-hub/main.bicep | 6 +++--- avm/res/synapse/private-link-hub/main.json | 8 ++++---- avm/res/web/site/main.bicep | 6 +++--- avm/res/web/site/main.json | 16 ++++++++-------- avm/res/web/site/slot/main.bicep | 6 +++--- avm/res/web/site/slot/main.json | 8 ++++---- avm/res/web/static-site/main.bicep | 6 +++--- avm/res/web/static-site/main.json | 8 ++++---- 34 files changed, 105 insertions(+), 105 deletions(-) diff --git a/avm/res/cache/redis/main.bicep b/avm/res/cache/redis/main.bicep index 188af0cee6..38ffba3aab 100644 --- a/avm/res/cache/redis/main.bicep +++ b/avm/res/cache/redis/main.bicep @@ -219,7 +219,7 @@ module redis_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' name: privateEndpoint.?name ?? 'pep-${last(split(redis.id, '/'))}-${privateEndpoint.?service ?? 'redisCache'}-${index}' privateLinkServiceConnections: [ { - name: name + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(redis.id, '/'))}-${privateEndpoint.?service ?? 'redisCache'}-${index}' properties: { privateLinkServiceId: redis.id groupIds: [ @@ -230,7 +230,7 @@ module redis_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' ] manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(redis.id, '/'))}-${privateEndpoint.service}-${index}' + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(redis.id, '/'))}-${privateEndpoint.?service ?? 'redisCache'}-${index}' properties: { privateLinkServiceId: redis.id groupIds: [ diff --git a/avm/res/cache/redis/main.json b/avm/res/cache/redis/main.json index aa4aa14c64..9a90df4cd8 100644 --- a/avm/res/cache/redis/main.json +++ b/avm/res/cache/redis/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "9141362951159332153" + "templateHash": "798005420934456091" }, "name": "Redis Cache", "description": "This module deploys a Redis Cache.", @@ -784,7 +784,7 @@ "privateLinkServiceConnections": { "value": [ { - "name": "[parameters('name')]", + "name": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Cache/redis', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'redisCache'), copyIndex()))]", "properties": { "privateLinkServiceId": "[resourceId('Microsoft.Cache/redis', parameters('name'))]", "groupIds": [ @@ -794,7 +794,7 @@ } ] }, - "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Cache/redis', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Cache/redis', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'redisCache')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", + "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Cache/redis', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'redisCache'), copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Cache/redis', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'redisCache')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, diff --git a/avm/res/cognitive-services/account/main.bicep b/avm/res/cognitive-services/account/main.bicep index 7f8b8856df..55a51646ae 100644 --- a/avm/res/cognitive-services/account/main.bicep +++ b/avm/res/cognitive-services/account/main.bicep @@ -271,7 +271,7 @@ module cognitiveService_privateEndpoints 'br/public:avm/res/network/private-endp name: privateEndpoint.?name ?? 'pep-${last(split(cognitiveService.id, '/'))}-${privateEndpoint.?service ?? 'account'}-${index}' privateLinkServiceConnections: [ { - name: name + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(cognitiveService.id, '/'))}-${privateEndpoint.?service ?? 'account'}-${index}' properties: { privateLinkServiceId: cognitiveService.id groupIds: [ @@ -282,7 +282,7 @@ module cognitiveService_privateEndpoints 'br/public:avm/res/network/private-endp ] manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(cognitiveService.id, '/'))}-${privateEndpoint.service}-${index}' + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(cognitiveService.id, '/'))}-${privateEndpoint.?service ?? 'account'}-${index}' properties: { privateLinkServiceId: cognitiveService.id groupIds: [ diff --git a/avm/res/cognitive-services/account/main.json b/avm/res/cognitive-services/account/main.json index 27e8568317..a45302ba9e 100644 --- a/avm/res/cognitive-services/account/main.json +++ b/avm/res/cognitive-services/account/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "9235897593540934483" + "templateHash": "6670691272648355802" }, "name": "Cognitive Services", "description": "This module deploys a Cognitive Service.", @@ -886,7 +886,7 @@ "privateLinkServiceConnections": { "value": [ { - "name": "[parameters('name')]", + "name": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.CognitiveServices/accounts', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'account'), copyIndex()))]", "properties": { "privateLinkServiceId": "[resourceId('Microsoft.CognitiveServices/accounts', parameters('name'))]", "groupIds": [ @@ -896,7 +896,7 @@ } ] }, - "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.CognitiveServices/accounts', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.CognitiveServices/accounts', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'account')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", + "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.CognitiveServices/accounts', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'account'), copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.CognitiveServices/accounts', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'account')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, diff --git a/avm/res/container-registry/registry/main.bicep b/avm/res/container-registry/registry/main.bicep index 1afb601a1b..05bd6d96d4 100644 --- a/avm/res/container-registry/registry/main.bicep +++ b/avm/res/container-registry/registry/main.bicep @@ -340,7 +340,7 @@ module registry_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4 name: privateEndpoint.?name ?? 'pep-${last(split(registry.id, '/'))}-${privateEndpoint.?service ?? 'registry'}-${index}' privateLinkServiceConnections: [ { - name: name + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(registry.id, '/'))}-${privateEndpoint.?service ?? 'registry'}-${index}' properties: { privateLinkServiceId: registry.id groupIds: [ @@ -351,7 +351,7 @@ module registry_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4 ] manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(registry.id, '/'))}-${privateEndpoint.service}-${index}' + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(registry.id, '/'))}-${privateEndpoint.?service ?? 'registry'}-${index}' properties: { privateLinkServiceId: registry.id groupIds: [ diff --git a/avm/res/container-registry/registry/main.json b/avm/res/container-registry/registry/main.json index f80fd46333..e08259390f 100644 --- a/avm/res/container-registry/registry/main.json +++ b/avm/res/container-registry/registry/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "12297664192511047607" + "templateHash": "9195818754355186204" }, "name": "Azure Container Registries (ACR)", "description": "This module deploys an Azure Container Registry (ACR).", @@ -1416,7 +1416,7 @@ "privateLinkServiceConnections": { "value": [ { - "name": "[parameters('name')]", + "name": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.ContainerRegistry/registries', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'registry'), copyIndex()))]", "properties": { "privateLinkServiceId": "[resourceId('Microsoft.ContainerRegistry/registries', parameters('name'))]", "groupIds": [ @@ -1426,7 +1426,7 @@ } ] }, - "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.ContainerRegistry/registries', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.ContainerRegistry/registries', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'registry')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", + "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.ContainerRegistry/registries', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'registry'), copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.ContainerRegistry/registries', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'registry')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, diff --git a/avm/res/data-factory/factory/main.bicep b/avm/res/data-factory/factory/main.bicep index 8917493908..9f692af3d6 100644 --- a/avm/res/data-factory/factory/main.bicep +++ b/avm/res/data-factory/factory/main.bicep @@ -232,7 +232,7 @@ module dataFactory_privateEndpoints 'br/public:avm/res/network/private-endpoint: name: privateEndpoint.?name ?? 'pep-${last(split(dataFactory.id, '/'))}-${privateEndpoint.?service ?? 'dataFactory'}-${index}' privateLinkServiceConnections: [ { - name: name + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(dataFactory.id, '/'))}-${privateEndpoint.?service ?? 'dataFactory'}-${index}' properties: { privateLinkServiceId: dataFactory.id groupIds: [ @@ -243,7 +243,7 @@ module dataFactory_privateEndpoints 'br/public:avm/res/network/private-endpoint: ] manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(dataFactory.id, '/'))}-${privateEndpoint.service}-${index}' + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(dataFactory.id, '/'))}-${privateEndpoint.?service ?? 'dataFactory'}-${index}' properties: { privateLinkServiceId: dataFactory.id groupIds: [ diff --git a/avm/res/data-factory/factory/main.json b/avm/res/data-factory/factory/main.json index 68a796a21a..3d71e6ca6c 100644 --- a/avm/res/data-factory/factory/main.json +++ b/avm/res/data-factory/factory/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "1193597743314108761" + "templateHash": "15512301092613886840" }, "name": "Data Factories", "description": "This module deploys a Data Factory.", @@ -1144,7 +1144,7 @@ "privateLinkServiceConnections": { "value": [ { - "name": "[parameters('name')]", + "name": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.DataFactory/factories', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'dataFactory'), copyIndex()))]", "properties": { "privateLinkServiceId": "[resourceId('Microsoft.DataFactory/factories', parameters('name'))]", "groupIds": [ @@ -1154,7 +1154,7 @@ } ] }, - "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.DataFactory/factories', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.DataFactory/factories', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'dataFactory')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", + "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.DataFactory/factories', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'dataFactory'), copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.DataFactory/factories', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'dataFactory')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, diff --git a/avm/res/desktop-virtualization/host-pool/main.bicep b/avm/res/desktop-virtualization/host-pool/main.bicep index b7e53ae354..d173f8e6f0 100644 --- a/avm/res/desktop-virtualization/host-pool/main.bicep +++ b/avm/res/desktop-virtualization/host-pool/main.bicep @@ -202,7 +202,7 @@ module hostPool_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4 name: privateEndpoint.?name ?? 'pep-${last(split(hostPool.id, '/'))}-${privateEndpoint.?service ?? 'connection'}-${index}' privateLinkServiceConnections: [ { - name: name + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(hostPool.id, '/'))}-${privateEndpoint.?service ?? 'connection'}-${index}' properties: { privateLinkServiceId: hostPool.id groupIds: [ @@ -213,7 +213,7 @@ module hostPool_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4 ] manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(hostPool.id, '/'))}-${privateEndpoint.service}-${index}' + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(hostPool.id, '/'))}-${privateEndpoint.?service ?? 'connection'}-${index}' properties: { privateLinkServiceId: hostPool.id groupIds: [ diff --git a/avm/res/desktop-virtualization/host-pool/main.json b/avm/res/desktop-virtualization/host-pool/main.json index c2af042a65..698856fcc8 100644 --- a/avm/res/desktop-virtualization/host-pool/main.json +++ b/avm/res/desktop-virtualization/host-pool/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "16466891172149132846" + "templateHash": "17476152824582806077" }, "name": "Azure Virtual Desktop Host Pool", "description": "This module deploys an Azure Virtual Desktop Host Pool", @@ -777,7 +777,7 @@ "privateLinkServiceConnections": { "value": [ { - "name": "[parameters('name')]", + "name": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.DesktopVirtualization/hostPools', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'connection'), copyIndex()))]", "properties": { "privateLinkServiceId": "[resourceId('Microsoft.DesktopVirtualization/hostPools', parameters('name'))]", "groupIds": [ @@ -787,7 +787,7 @@ } ] }, - "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.DesktopVirtualization/hostPools', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.DesktopVirtualization/hostPools', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'connection')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", + "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.DesktopVirtualization/hostPools', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'connection'), copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.DesktopVirtualization/hostPools', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'connection')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, diff --git a/avm/res/desktop-virtualization/workspace/main.bicep b/avm/res/desktop-virtualization/workspace/main.bicep index fa2920ff20..b696e0baca 100644 --- a/avm/res/desktop-virtualization/workspace/main.bicep +++ b/avm/res/desktop-virtualization/workspace/main.bicep @@ -96,7 +96,7 @@ module workspace_privateEndpoints 'br/public:avm/res/network/private-endpoint:0. name: privateEndpoint.?name ?? 'pep-${last(split(workspace.id, '/'))}-${privateEndpoint.?service ?? 'connection'}-${index}' privateLinkServiceConnections: [ { - name: name + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(workspace.id, '/'))}-${privateEndpoint.?service ?? 'connection'}-${index}' properties: { privateLinkServiceId: workspace.id groupIds: [ @@ -107,7 +107,7 @@ module workspace_privateEndpoints 'br/public:avm/res/network/private-endpoint:0. ] manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(workspace.id, '/'))}-${privateEndpoint.service}-${index}' + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(workspace.id, '/'))}-${privateEndpoint.?service ?? 'connection'}-${index}' properties: { privateLinkServiceId: workspace.id groupIds: [ diff --git a/avm/res/desktop-virtualization/workspace/main.json b/avm/res/desktop-virtualization/workspace/main.json index 1b5bae807e..504dc0dc06 100644 --- a/avm/res/desktop-virtualization/workspace/main.json +++ b/avm/res/desktop-virtualization/workspace/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "14501453677179673661" + "templateHash": "1061929067377896447" }, "name": "Workspace", "description": "This module deploys an Azure Virtual Desktop Workspace.", @@ -591,7 +591,7 @@ "privateLinkServiceConnections": { "value": [ { - "name": "[parameters('name')]", + "name": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.DesktopVirtualization/workspaces', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'connection'), copyIndex()))]", "properties": { "privateLinkServiceId": "[resourceId('Microsoft.DesktopVirtualization/workspaces', parameters('name'))]", "groupIds": [ @@ -601,7 +601,7 @@ } ] }, - "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.DesktopVirtualization/workspaces', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.DesktopVirtualization/workspaces', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'connection')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", + "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.DesktopVirtualization/workspaces', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'connection'), copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.DesktopVirtualization/workspaces', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'connection')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, diff --git a/avm/res/event-grid/domain/main.bicep b/avm/res/event-grid/domain/main.bicep index 6d1cd95eac..2b02292287 100644 --- a/avm/res/event-grid/domain/main.bicep +++ b/avm/res/event-grid/domain/main.bicep @@ -149,7 +149,7 @@ module domain_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0 name: privateEndpoint.?name ?? 'pep-${last(split(domain.id, '/'))}-${privateEndpoint.?service ?? 'domain'}-${index}' privateLinkServiceConnections: [ { - name: name + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(domain.id, '/'))}-${privateEndpoint.?service ?? 'domain'}-${index}' properties: { privateLinkServiceId: domain.id groupIds: [ @@ -160,7 +160,7 @@ module domain_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0 ] manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(domain.id, '/'))}-${privateEndpoint.service}-${index}' + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(domain.id, '/'))}-${privateEndpoint.?service ?? 'domain'}-${index}' properties: { privateLinkServiceId: domain.id groupIds: [ diff --git a/avm/res/event-grid/domain/main.json b/avm/res/event-grid/domain/main.json index a8090f3db8..287a5989c6 100644 --- a/avm/res/event-grid/domain/main.json +++ b/avm/res/event-grid/domain/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "15505085285715148641" + "templateHash": "7406933903897002331" }, "name": "Event Grid Domains", "description": "This module deploys an Event Grid Domain.", @@ -769,7 +769,7 @@ "privateLinkServiceConnections": { "value": [ { - "name": "[parameters('name')]", + "name": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.EventGrid/domains', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'domain'), copyIndex()))]", "properties": { "privateLinkServiceId": "[resourceId('Microsoft.EventGrid/domains', parameters('name'))]", "groupIds": [ @@ -779,7 +779,7 @@ } ] }, - "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.EventGrid/domains', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.EventGrid/domains', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'domain')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", + "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.EventGrid/domains', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'domain'), copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.EventGrid/domains', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'domain')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, diff --git a/avm/res/event-grid/topic/main.bicep b/avm/res/event-grid/topic/main.bicep index bc1a0074fa..be24002758 100644 --- a/avm/res/event-grid/topic/main.bicep +++ b/avm/res/event-grid/topic/main.bicep @@ -151,7 +151,7 @@ module topic_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' name: privateEndpoint.?name ?? 'pep-${last(split(topic.id, '/'))}-${privateEndpoint.?service ?? 'topic'}-${index}' privateLinkServiceConnections: [ { - name: name + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(topic.id, '/'))}-${privateEndpoint.?service ?? 'topic'}-${index}' properties: { privateLinkServiceId: topic.id groupIds: [ @@ -162,7 +162,7 @@ module topic_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' ] manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(topic.id, '/'))}-${privateEndpoint.service}-${index}' + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(topic.id, '/'))}-${privateEndpoint.?service ?? 'topic'}-${index}' properties: { privateLinkServiceId: topic.id groupIds: [ diff --git a/avm/res/event-grid/topic/main.json b/avm/res/event-grid/topic/main.json index d5eae84af8..bd6faed608 100644 --- a/avm/res/event-grid/topic/main.json +++ b/avm/res/event-grid/topic/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "2572661825639537553" + "templateHash": "17945416734412715410" }, "name": "Event Grid Topics", "description": "This module deploys an Event Grid Topic.", @@ -850,7 +850,7 @@ "privateLinkServiceConnections": { "value": [ { - "name": "[parameters('name')]", + "name": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.EventGrid/topics', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'topic'), copyIndex()))]", "properties": { "privateLinkServiceId": "[resourceId('Microsoft.EventGrid/topics', parameters('name'))]", "groupIds": [ @@ -860,7 +860,7 @@ } ] }, - "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.EventGrid/topics', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.EventGrid/topics', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'topic')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", + "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.EventGrid/topics', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'topic'), copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.EventGrid/topics', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'topic')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, diff --git a/avm/res/insights/private-link-scope/main.bicep b/avm/res/insights/private-link-scope/main.bicep index 4e485f2962..361702d546 100644 --- a/avm/res/insights/private-link-scope/main.bicep +++ b/avm/res/insights/private-link-scope/main.bicep @@ -109,7 +109,7 @@ module privateLinkScope_privateEndpoints 'br/public:avm/res/network/private-endp name: privateEndpoint.?name ?? 'pep-${last(split(privateLinkScope.id, '/'))}-${privateEndpoint.?service ?? 'azuremonitor'}-${index}' privateLinkServiceConnections: [ { - name: name + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(privateLinkScope.id, '/'))}-${privateEndpoint.?service ?? 'azuremonitor'}-${index}' properties: { privateLinkServiceId: privateLinkScope.id groupIds: [ @@ -120,7 +120,7 @@ module privateLinkScope_privateEndpoints 'br/public:avm/res/network/private-endp ] manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(privateLinkScope.id, '/'))}-${privateEndpoint.service}-${index}' + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(privateLinkScope.id, '/'))}-${privateEndpoint.?service ?? 'azuremonitor'}-${index}' properties: { privateLinkServiceId: privateLinkScope.id groupIds: [ diff --git a/avm/res/insights/private-link-scope/main.json b/avm/res/insights/private-link-scope/main.json index 41c2df08a8..479a4c9333 100644 --- a/avm/res/insights/private-link-scope/main.json +++ b/avm/res/insights/private-link-scope/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "17632100016382700712" + "templateHash": "9103650402015462975" }, "name": "Azure Monitor Private Link Scopes", "description": "This module deploys an Azure Monitor Private Link Scope.", @@ -638,7 +638,7 @@ "privateLinkServiceConnections": { "value": [ { - "name": "[parameters('name')]", + "name": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('microsoft.insights/privateLinkScopes', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'azuremonitor'), copyIndex()))]", "properties": { "privateLinkServiceId": "[resourceId('microsoft.insights/privateLinkScopes', parameters('name'))]", "groupIds": [ @@ -648,7 +648,7 @@ } ] }, - "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('microsoft.insights/privateLinkScopes', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('microsoft.insights/privateLinkScopes', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'azuremonitor')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", + "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('microsoft.insights/privateLinkScopes', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'azuremonitor'), copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('microsoft.insights/privateLinkScopes', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'azuremonitor')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, diff --git a/avm/res/key-vault/vault/main.bicep b/avm/res/key-vault/vault/main.bicep index fbffc6f8cf..bae76f0c3f 100644 --- a/avm/res/key-vault/vault/main.bicep +++ b/avm/res/key-vault/vault/main.bicep @@ -239,10 +239,10 @@ module keyVault_keys 'key/main.bicep' = [for (key, index) in (keys ?? []): { module keyVault_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-KeyVault-PrivateEndpoint-${index}' params: { - name: privateEndpoint.?name ?? 'pep-${last(split(keyVault.id, '/'))}-${privateEndpoint.service}-${index}' + name: privateEndpoint.?name ?? 'pep-${last(split(keyVault.id, '/'))}-${privateEndpoint.?service ?? 'vault'}-${index}' privateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections != true ? [ { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(keyVault.id, '/'))}-${privateEndpoint.service}-${index}' + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(keyVault.id, '/'))}-${privateEndpoint.?service ?? 'vault'}-${index}' properties: { privateLinkServiceId: keyVault.id groupIds: [ @@ -253,7 +253,7 @@ module keyVault_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4 ] : null manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(keyVault.id, '/'))}-${privateEndpoint.service}-${index}' + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(keyVault.id, '/'))}-${privateEndpoint.?service ?? 'vault'}-${index}' properties: { privateLinkServiceId: keyVault.id groupIds: [ diff --git a/avm/res/key-vault/vault/main.json b/avm/res/key-vault/vault/main.json index a368180dfe..aeae460874 100644 --- a/avm/res/key-vault/vault/main.json +++ b/avm/res/key-vault/vault/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "14926953761133707701" + "templateHash": "18302928297760675801" }, "name": "Key Vaults", "description": "This module deploys a Key Vault.", @@ -1732,10 +1732,10 @@ "mode": "Incremental", "parameters": { "name": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.KeyVault/vaults', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex()))]" + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.KeyVault/vaults', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'vault'), copyIndex()))]" }, - "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.KeyVault/vaults', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.KeyVault/vaults', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'vault')))))), createObject('value', null()))]", - "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.KeyVault/vaults', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.KeyVault/vaults', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'vault')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", + "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.KeyVault/vaults', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'vault'), copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.KeyVault/vaults', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'vault')))))), createObject('value', null()))]", + "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.KeyVault/vaults', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'vault'), copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.KeyVault/vaults', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'vault')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, diff --git a/avm/res/search/search-service/main.bicep b/avm/res/search/search-service/main.bicep index 2a8c5a8193..3b2b2efb12 100644 --- a/avm/res/search/search-service/main.bicep +++ b/avm/res/search/search-service/main.bicep @@ -201,10 +201,10 @@ resource searchService_roleAssignments 'Microsoft.Authorization/roleAssignments@ module searchService_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-SearchService-PrivateEndpoint-${index}' params: { - name: privateEndpoint.?name ?? 'pep-${last(split(searchService.id, '/'))}-${privateEndpoint.service}-${index}' + name: privateEndpoint.?name ?? 'pep-${last(split(searchService.id, '/'))}-${privateEndpoint.?service ?? 'searchService'}-${index}' privateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections != true ? [ { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(searchService.id, '/'))}-${privateEndpoint.service}-${index}' + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(searchService.id, '/'))}-${privateEndpoint.?service ?? 'searchService'}-${index}' properties: { privateLinkServiceId: searchService.id groupIds: [ @@ -215,7 +215,7 @@ module searchService_privateEndpoints 'br/public:avm/res/network/private-endpoin ] : null manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(searchService.id, '/'))}-${privateEndpoint.service}-${index}' + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(searchService.id, '/'))}-${privateEndpoint.?service ?? 'searchService'}-${index}' properties: { privateLinkServiceId: searchService.id groupIds: [ diff --git a/avm/res/search/search-service/main.json b/avm/res/search/search-service/main.json index 9ef0bb363c..b04f222c0b 100644 --- a/avm/res/search/search-service/main.json +++ b/avm/res/search/search-service/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "7484642960267395482" + "templateHash": "8006710941721695942" }, "name": "Search Services", "description": "This module deploys a Search Service.", @@ -725,10 +725,10 @@ "mode": "Incremental", "parameters": { "name": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.Search/searchServices', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex()))]" + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.Search/searchServices', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'searchService'), copyIndex()))]" }, - "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Search/searchServices', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Search/searchServices', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'searchService')))))), createObject('value', null()))]", - "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Search/searchServices', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Search/searchServices', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'searchService')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", + "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Search/searchServices', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'searchService'), copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Search/searchServices', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'searchService')))))), createObject('value', null()))]", + "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Search/searchServices', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'searchService'), copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Search/searchServices', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'searchService')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, diff --git a/avm/res/service-bus/namespace/main.bicep b/avm/res/service-bus/namespace/main.bicep index 2de7c2a715..cfd5c17710 100644 --- a/avm/res/service-bus/namespace/main.bicep +++ b/avm/res/service-bus/namespace/main.bicep @@ -303,10 +303,10 @@ resource serviceBusNamespace_diagnosticSettings 'Microsoft.Insights/diagnosticSe module serviceBusNamespace_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-ServiceBusNamespace-PrivateEndpoint-${index}' params: { - name: privateEndpoint.?name ?? 'pep-${last(split(serviceBusNamespace.id, '/'))}-${privateEndpoint.service}-${index}' + name: privateEndpoint.?name ?? 'pep-${last(split(serviceBusNamespace.id, '/'))}-${privateEndpoint.?service ?? 'namespace'}-${index}' privateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections != true ? [ { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(serviceBusNamespace.id, '/'))}-${privateEndpoint.service}-${index}' + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(serviceBusNamespace.id, '/'))}-${privateEndpoint.?service ?? 'namespace'}-${index}' properties: { privateLinkServiceId: serviceBusNamespace.id groupIds: [ @@ -317,7 +317,7 @@ module serviceBusNamespace_privateEndpoints 'br/public:avm/res/network/private-e ] : null manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(serviceBusNamespace.id, '/'))}-${privateEndpoint.service}-${index}' + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(serviceBusNamespace.id, '/'))}-${privateEndpoint.?service ?? 'namespace'}-${index}' properties: { privateLinkServiceId: serviceBusNamespace.id groupIds: [ diff --git a/avm/res/service-bus/namespace/main.json b/avm/res/service-bus/namespace/main.json index 778a9c7000..442f596ecd 100644 --- a/avm/res/service-bus/namespace/main.json +++ b/avm/res/service-bus/namespace/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "15392017989115253" + "templateHash": "16911267296539658497" }, "name": "Service Bus Namespaces", "description": "This module deploys a Service Bus Namespace.", @@ -3401,10 +3401,10 @@ "mode": "Incremental", "parameters": { "name": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.ServiceBus/namespaces', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex()))]" + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.ServiceBus/namespaces', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'namespace'), copyIndex()))]" }, - "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.ServiceBus/namespaces', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.ServiceBus/namespaces', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'namespace')))))), createObject('value', null()))]", - "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.ServiceBus/namespaces', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.ServiceBus/namespaces', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'namespace')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", + "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.ServiceBus/namespaces', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'namespace'), copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.ServiceBus/namespaces', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'namespace')))))), createObject('value', null()))]", + "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.ServiceBus/namespaces', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'namespace'), copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.ServiceBus/namespaces', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'namespace')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, diff --git a/avm/res/sql/server/main.bicep b/avm/res/sql/server/main.bicep index f24c8ea856..26f63c5646 100644 --- a/avm/res/sql/server/main.bicep +++ b/avm/res/sql/server/main.bicep @@ -237,10 +237,10 @@ module server_elasticPools 'elastic-pool/main.bicep' = [for (elasticPool, index) module server_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-Server-PrivateEndpoint-${index}' params: { - name: privateEndpoint.?name ?? 'pep-${last(split(server.id, '/'))}-${privateEndpoint.service}-${index}' + name: privateEndpoint.?name ?? 'pep-${last(split(server.id, '/'))}-${privateEndpoint.?service ?? 'sqlServer'}-${index}' privateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections != true ? [ { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(server.id, '/'))}-${privateEndpoint.service}-${index}' + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(server.id, '/'))}-${privateEndpoint.?service ?? 'sqlServer'}-${index}' properties: { privateLinkServiceId: server.id groupIds: [ @@ -251,7 +251,7 @@ module server_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0 ] : null manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(server.id, '/'))}-${privateEndpoint.service}-${index}' + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(server.id, '/'))}-${privateEndpoint.?service ?? 'sqlServer'}-${index}' properties: { privateLinkServiceId: server.id groupIds: [ diff --git a/avm/res/sql/server/main.json b/avm/res/sql/server/main.json index 66f75f5e16..5373bb5ebe 100644 --- a/avm/res/sql/server/main.json +++ b/avm/res/sql/server/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "4920986167206372784" + "templateHash": "6171976598584344196" }, "name": "Azure SQL Servers", "description": "This module deploys an Azure SQL Server.", @@ -1601,10 +1601,10 @@ "mode": "Incremental", "parameters": { "name": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.Sql/servers', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex()))]" + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.Sql/servers', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'sqlServer'), copyIndex()))]" }, - "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Sql/servers', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Sql/servers', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'sqlServer')))))), createObject('value', null()))]", - "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Sql/servers', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Sql/servers', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'sqlServer')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", + "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Sql/servers', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'sqlServer'), copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Sql/servers', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'sqlServer')))))), createObject('value', null()))]", + "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Sql/servers', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'sqlServer'), copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Sql/servers', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'sqlServer')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, diff --git a/avm/res/synapse/private-link-hub/main.bicep b/avm/res/synapse/private-link-hub/main.bicep index a1e4abafb8..a73942f883 100644 --- a/avm/res/synapse/private-link-hub/main.bicep +++ b/avm/res/synapse/private-link-hub/main.bicep @@ -84,10 +84,10 @@ resource privateLinkHub_roleAssignments 'Microsoft.Authorization/roleAssignments module privateLinkHub_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-PrivateLinkHub-PrivateEndpoint-${index}' params: { - name: privateEndpoint.?name ?? 'pep-${last(split(privateLinkHub.id, '/'))}-${privateEndpoint.service}-${index}' + name: privateEndpoint.?name ?? 'pep-${last(split(privateLinkHub.id, '/'))}-${privateEndpoint.?service ?? 'privateLinkHubs'}-${index}' privateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections != true ? [ { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(privateLinkHub.id, '/'))}-${privateEndpoint.service}-${index}' + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(privateLinkHub.id, '/'))}-${privateEndpoint.?service ?? 'privateLinkHubs'}-${index}' properties: { privateLinkServiceId: privateLinkHub.id groupIds: [ @@ -98,7 +98,7 @@ module privateLinkHub_privateEndpoints 'br/public:avm/res/network/private-endpoi ] : null manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(privateLinkHub.id, '/'))}-${privateEndpoint.service}-${index}' + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(privateLinkHub.id, '/'))}-${privateEndpoint.?service ?? 'privateLinkHubs'}-${index}' properties: { privateLinkServiceId: privateLinkHub.id groupIds: [ diff --git a/avm/res/synapse/private-link-hub/main.json b/avm/res/synapse/private-link-hub/main.json index 5ea7cab4a6..79e020ade7 100644 --- a/avm/res/synapse/private-link-hub/main.json +++ b/avm/res/synapse/private-link-hub/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "17026026948123898340" + "templateHash": "7149218381386588115" }, "name": "Azure Synapse Analytics", "description": "This module deploys an Azure Synapse Analytics (Private Link Hub).", @@ -423,10 +423,10 @@ "mode": "Incremental", "parameters": { "name": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.Synapse/privateLinkHubs', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex()))]" + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.Synapse/privateLinkHubs', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'privateLinkHubs'), copyIndex()))]" }, - "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Synapse/privateLinkHubs', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Synapse/privateLinkHubs', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'privateLinkHubs')))))), createObject('value', null()))]", - "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Synapse/privateLinkHubs', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Synapse/privateLinkHubs', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'privateLinkHubs')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", + "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Synapse/privateLinkHubs', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'privateLinkHubs'), copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Synapse/privateLinkHubs', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'privateLinkHubs')))))), createObject('value', null()))]", + "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Synapse/privateLinkHubs', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'privateLinkHubs'), copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Synapse/privateLinkHubs', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'privateLinkHubs')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, diff --git a/avm/res/web/site/main.bicep b/avm/res/web/site/main.bicep index 8ac60bd456..ac945af7de 100644 --- a/avm/res/web/site/main.bicep +++ b/avm/res/web/site/main.bicep @@ -365,10 +365,10 @@ resource app_roleAssignments 'Microsoft.Authorization/roleAssignments@2022-04-01 module app_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-App-PrivateEndpoint-${index}' params: { - name: privateEndpoint.?name ?? 'pep-${last(split(app.id, '/'))}-${privateEndpoint.service}-${index}' + name: privateEndpoint.?name ?? 'pep-${last(split(app.id, '/'))}-${privateEndpoint.?service ?? 'sites'}-${index}' privateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections != true ? [ { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(app.id, '/'))}-${privateEndpoint.service}-${index}' + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(app.id, '/'))}-${privateEndpoint.?service ?? 'sites'}-${index}' properties: { privateLinkServiceId: app.id groupIds: [ @@ -379,7 +379,7 @@ module app_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = ] : null manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(app.id, '/'))}-${privateEndpoint.service}-${index}' + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(app.id, '/'))}-${privateEndpoint.?service ?? 'sites'}-${index}' properties: { privateLinkServiceId: app.id groupIds: [ diff --git a/avm/res/web/site/main.json b/avm/res/web/site/main.json index 0c0b4f6f40..14f78f43f4 100644 --- a/avm/res/web/site/main.json +++ b/avm/res/web/site/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "7892863393666588295" + "templateHash": "7010125481271494880" }, "name": "Web/Function Apps", "description": "This module deploys a Web or Function App.", @@ -1296,7 +1296,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "153313484532541481" + "templateHash": "7766866613475753287" }, "name": "Web/Function App Deployment Slots", "description": "This module deploys a Web or Function App Deployment Slot.", @@ -2706,10 +2706,10 @@ "mode": "Incremental", "parameters": { "name": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}-{3}', last(split(resourceId('Microsoft.Web/sites', parameters('appName')), '/')), parameters('name'), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'sites'), copyIndex()))]" + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}-{3}', last(split(resourceId('Microsoft.Web/sites', parameters('appName')), '/')), parameters('name'), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), format('sites-{0}', parameters('name'))), copyIndex()))]" }, - "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/sites', parameters('appName')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Web/sites', parameters('appName')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), format('sites-{0}', parameters('name')))))))), createObject('value', null()))]", - "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/sites', parameters('appName')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Web/sites', parameters('appName')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), format('sites-{0}', parameters('name')))), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", + "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/sites', parameters('appName')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), format('sites-{0}', parameters('name'))), copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Web/sites', parameters('appName')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), format('sites-{0}', parameters('name')))))))), createObject('value', null()))]", + "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/sites', parameters('appName')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), format('sites-{0}', parameters('name'))), copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Web/sites', parameters('appName')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), format('sites-{0}', parameters('name')))), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, @@ -3635,10 +3635,10 @@ "mode": "Incremental", "parameters": { "name": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/sites', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex()))]" + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/sites', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'sites'), copyIndex()))]" }, - "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/sites', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Web/sites', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'sites')))))), createObject('value', null()))]", - "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/sites', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Web/sites', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'sites')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", + "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/sites', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'sites'), copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Web/sites', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'sites')))))), createObject('value', null()))]", + "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/sites', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'sites'), copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Web/sites', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'sites')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, diff --git a/avm/res/web/site/slot/main.bicep b/avm/res/web/site/slot/main.bicep index 3651c856c6..fb10222b00 100644 --- a/avm/res/web/site/slot/main.bicep +++ b/avm/res/web/site/slot/main.bicep @@ -298,10 +298,10 @@ resource slot_roleAssignments 'Microsoft.Authorization/roleAssignments@2022-04-0 module slot_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-Slot-PrivateEndpoint-${index}' params: { - name: privateEndpoint.?name ?? 'pep-${last(split(app.id, '/'))}-${name}-${privateEndpoint.?service ?? 'sites'}-${index}' + name: privateEndpoint.?name ?? 'pep-${last(split(app.id, '/'))}-${name}-${privateEndpoint.?service ?? 'sites-${slot.name}'}-${index}' privateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections != true ? [ { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(app.id, '/'))}-${privateEndpoint.service}-${index}' + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(app.id, '/'))}-${privateEndpoint.?service ?? 'sites-${slot.name}'}-${index}' properties: { privateLinkServiceId: app.id // Must be set on the WebApp and not the slot groupIds: [ @@ -312,7 +312,7 @@ module slot_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' ] : null manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(app.id, '/'))}-${privateEndpoint.service}-${index}' + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(app.id, '/'))}-${privateEndpoint.?service ?? 'sites-${slot.name}'}-${index}' properties: { privateLinkServiceId: app.id // Must be set on the WebApp and not the slot groupIds: [ diff --git a/avm/res/web/site/slot/main.json b/avm/res/web/site/slot/main.json index c9fec737f8..2a2938a707 100644 --- a/avm/res/web/site/slot/main.json +++ b/avm/res/web/site/slot/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "153313484532541481" + "templateHash": "7766866613475753287" }, "name": "Web/Function App Deployment Slots", "description": "This module deploys a Web or Function App Deployment Slot.", @@ -1416,10 +1416,10 @@ "mode": "Incremental", "parameters": { "name": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}-{3}', last(split(resourceId('Microsoft.Web/sites', parameters('appName')), '/')), parameters('name'), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'sites'), copyIndex()))]" + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}-{3}', last(split(resourceId('Microsoft.Web/sites', parameters('appName')), '/')), parameters('name'), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), format('sites-{0}', parameters('name'))), copyIndex()))]" }, - "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/sites', parameters('appName')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Web/sites', parameters('appName')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), format('sites-{0}', parameters('name')))))))), createObject('value', null()))]", - "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/sites', parameters('appName')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Web/sites', parameters('appName')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), format('sites-{0}', parameters('name')))), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", + "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/sites', parameters('appName')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), format('sites-{0}', parameters('name'))), copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Web/sites', parameters('appName')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), format('sites-{0}', parameters('name')))))))), createObject('value', null()))]", + "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/sites', parameters('appName')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), format('sites-{0}', parameters('name'))), copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Web/sites', parameters('appName')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), format('sites-{0}', parameters('name')))), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, diff --git a/avm/res/web/static-site/main.bicep b/avm/res/web/static-site/main.bicep index 0a50cdeb53..78688b9023 100644 --- a/avm/res/web/static-site/main.bicep +++ b/avm/res/web/static-site/main.bicep @@ -204,10 +204,10 @@ resource staticSite_roleAssignments 'Microsoft.Authorization/roleAssignments@202 module staticSite_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-StaticSite-PrivateEndpoint-${index}' params: { - name: privateEndpoint.?name ?? 'pep-${last(split(staticSite.id, '/'))}-${privateEndpoint.service}-${index}' + name: privateEndpoint.?name ?? 'pep-${last(split(staticSite.id, '/'))}-${privateEndpoint.?service ?? 'staticSites'}-${index}' privateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections != true ? [ { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(staticSite.id, '/'))}-${privateEndpoint.service}-${index}' + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(staticSite.id, '/'))}-${privateEndpoint.?service ?? 'staticSites'}-${index}' properties: { privateLinkServiceId: staticSite.id groupIds: [ @@ -218,7 +218,7 @@ module staticSite_privateEndpoints 'br/public:avm/res/network/private-endpoint:0 ] : null manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(staticSite.id, '/'))}-${privateEndpoint.service}-${index}' + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(staticSite.id, '/'))}-${privateEndpoint.?service ?? 'staticSites'}-${index}' properties: { privateLinkServiceId: staticSite.id groupIds: [ diff --git a/avm/res/web/static-site/main.json b/avm/res/web/static-site/main.json index f41704e08b..b226d1b32c 100644 --- a/avm/res/web/static-site/main.json +++ b/avm/res/web/static-site/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "2936873399883813450" + "templateHash": "15307408528388407015" }, "name": "Static Web Apps", "description": "This module deploys a Static Web App.", @@ -971,10 +971,10 @@ "mode": "Incremental", "parameters": { "name": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/staticSites', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex()))]" + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/staticSites', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'staticSites'), copyIndex()))]" }, - "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/staticSites', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Web/staticSites', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'staticSites')))))), createObject('value', null()))]", - "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/staticSites', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Web/staticSites', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'staticSites')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", + "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/staticSites', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'staticSites'), copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Web/staticSites', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'staticSites')))))), createObject('value', null()))]", + "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/staticSites', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'staticSites'), copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Web/staticSites', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'staticSites')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, From 6e8af0435765164a2a57277c3fb461dc3ee7f508 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sun, 25 Feb 2024 14:56:07 +0100 Subject: [PATCH 14/29] Update to latest --- avm/res/insights/private-link-scope/README.md | 12 ------------ .../private-link-scope/tests/e2e/max/main.test.bicep | 6 ------ 2 files changed, 18 deletions(-) diff --git a/avm/res/insights/private-link-scope/README.md b/avm/res/insights/private-link-scope/README.md index 89d1ed507c..c4366149fd 100644 --- a/avm/res/insights/private-link-scope/README.md +++ b/avm/res/insights/private-link-scope/README.md @@ -223,12 +223,6 @@ This instance deploys the module with most of its features enabled. Role: 'DeploymentValidation' } } - { - privateDnsZoneResourceIds: [ - '' - ] - subnetResourceId: '' - } ] roleAssignments: [ { @@ -412,12 +406,6 @@ This instance deploys the module with most of its features enabled. "hidden-title": "This is visible in the resource name", "Role": "DeploymentValidation" } - }, - { - "privateDnsZoneResourceIds": [ - "" - ], - "subnetResourceId": "" } ] }, diff --git a/avm/res/insights/private-link-scope/tests/e2e/max/main.test.bicep b/avm/res/insights/private-link-scope/tests/e2e/max/main.test.bicep index 6f6c3328c3..1d3b534580 100644 --- a/avm/res/insights/private-link-scope/tests/e2e/max/main.test.bicep +++ b/avm/res/insights/private-link-scope/tests/e2e/max/main.test.bicep @@ -183,12 +183,6 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' } ] } - { - subnetResourceId: nestedDependencies.outputs.subnetResourceId - privateDnsZoneResourceIds: [ - nestedDependencies.outputs.privateDNSZoneResourceId - ] - } ] roleAssignments: [ { From b06858d69e9069afef42d159524fdc5afc2a2f79 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sun, 25 Feb 2024 17:31:08 +0100 Subject: [PATCH 15/29] Fixed incorrect groupId for synapse privateLinkHub --- avm/res/synapse/private-link-hub/main.bicep | 10 +++++----- avm/res/synapse/private-link-hub/main.json | 8 ++++---- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/avm/res/synapse/private-link-hub/main.bicep b/avm/res/synapse/private-link-hub/main.bicep index a73942f883..22d0d278ce 100644 --- a/avm/res/synapse/private-link-hub/main.bicep +++ b/avm/res/synapse/private-link-hub/main.bicep @@ -84,25 +84,25 @@ resource privateLinkHub_roleAssignments 'Microsoft.Authorization/roleAssignments module privateLinkHub_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-PrivateLinkHub-PrivateEndpoint-${index}' params: { - name: privateEndpoint.?name ?? 'pep-${last(split(privateLinkHub.id, '/'))}-${privateEndpoint.?service ?? 'privateLinkHubs'}-${index}' + name: privateEndpoint.?name ?? 'pep-${last(split(privateLinkHub.id, '/'))}-${privateEndpoint.?service ?? 'web'}-${index}' privateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections != true ? [ { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(privateLinkHub.id, '/'))}-${privateEndpoint.?service ?? 'privateLinkHubs'}-${index}' + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(privateLinkHub.id, '/'))}-${privateEndpoint.?service ?? 'web'}-${index}' properties: { privateLinkServiceId: privateLinkHub.id groupIds: [ - privateEndpoint.?service ?? 'privateLinkHubs' + privateEndpoint.?service ?? 'web' ] } } ] : null manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(privateLinkHub.id, '/'))}-${privateEndpoint.?service ?? 'privateLinkHubs'}-${index}' + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(privateLinkHub.id, '/'))}-${privateEndpoint.?service ?? 'web'}-${index}' properties: { privateLinkServiceId: privateLinkHub.id groupIds: [ - privateEndpoint.?service ?? 'privateLinkHubs' + privateEndpoint.?service ?? 'web' ] requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' } diff --git a/avm/res/synapse/private-link-hub/main.json b/avm/res/synapse/private-link-hub/main.json index 79e020ade7..d0134ae735 100644 --- a/avm/res/synapse/private-link-hub/main.json +++ b/avm/res/synapse/private-link-hub/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "7149218381386588115" + "templateHash": "16624127378809450653" }, "name": "Azure Synapse Analytics", "description": "This module deploys an Azure Synapse Analytics (Private Link Hub).", @@ -423,10 +423,10 @@ "mode": "Incremental", "parameters": { "name": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.Synapse/privateLinkHubs', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'privateLinkHubs'), copyIndex()))]" + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.Synapse/privateLinkHubs', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'web'), copyIndex()))]" }, - "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Synapse/privateLinkHubs', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'privateLinkHubs'), copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Synapse/privateLinkHubs', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'privateLinkHubs')))))), createObject('value', null()))]", - "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Synapse/privateLinkHubs', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'privateLinkHubs'), copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Synapse/privateLinkHubs', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'privateLinkHubs')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", + "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Synapse/privateLinkHubs', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'web'), copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Synapse/privateLinkHubs', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'web')))))), createObject('value', null()))]", + "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Synapse/privateLinkHubs', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'web'), copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Synapse/privateLinkHubs', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'web')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, From e79edcb37fa66e8abfdb282047209956aaaceed8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebastian=20Gr=C3=A4f?= Date: Tue, 27 Feb 2024 02:30:02 +1000 Subject: [PATCH 16/29] feat: added additional PE tests (#1077) ## Description added additional PE tests follow up to #1070 ## Pipeline Reference | Pipeline | | -------- | | [![avm.res.automation.automation-account](https://github.com/segraef/bicep-registry-modules/actions/workflows/avm.res.automation.automation-account.yml/badge.svg?branch=feat%2Fpe-tests-add)](https://github.com/segraef/bicep-registry-modules/actions/workflows/avm.res.automation.automation-account.yml) | | [![avm.res.batch.batch-account](https://github.com/segraef/bicep-registry-modules/actions/workflows/avm.res.batch.batch-account.yml/badge.svg?branch=feat%2Fpe-tests-add)](https://github.com/segraef/bicep-registry-modules/actions/workflows/avm.res.batch.batch-account.yml)| | [![avm.res.databricks.workspace](https://github.com/segraef/bicep-registry-modules/actions/workflows/avm.res.databricks.workspace.yml/badge.svg?branch=feat%2Fpe-tests-add)](https://github.com/segraef/bicep-registry-modules/actions/workflows/avm.res.databricks.workspace.yml)| | [![avm.res.document-db.database-account](https://github.com/segraef/bicep-registry-modules/actions/workflows/avm.res.document-db.database-account.yml/badge.svg?branch=feat%2Fpe-tests-add)](https://github.com/segraef/bicep-registry-modules/actions/workflows/avm.res.document-db.database-account.yml)| | [![avm.res.storage.storage-account](https://github.com/segraef/bicep-registry-modules/actions/workflows/avm.res.storage.storage-account.yml/badge.svg?branch=feat%2Fpe-tests-add)](https://github.com/segraef/bicep-registry-modules/actions/workflows/avm.res.storage.storage-account.yml)| | [![avm.res.synapse.workspace](https://github.com/segraef/bicep-registry-modules/actions/workflows/avm.res.synapse.workspace.yml/badge.svg?branch=feat%2Fpe-tests-add)](https://github.com/segraef/bicep-registry-modules/actions/workflows/avm.res.synapse.workspace.yml) | ## Type of Change - [ ] Update to CI Environment or utlities (Non-module effecting changes) - [x] Azure Verified Module updates: - [ ] Bugfix containing backwards compatible bug fixes, and I have NOT bumped the MAJOR or MINOR version in `version.json`: - [x] Someone has opened a bug report issue, and I have included "Closes #{bug_report_issue_number}" in the PR description. - [ ] The bug was found by the module author, and no one has opened an issue to report it yet. - [x] Feature update backwards compatible feature updates, and I have bumped the MINOR version in `version.json`. - [ ] Breaking changes and I have bumped the MAJOR version in `version.json`. - [x] Update to documentation ## Checklist - [x] I'm sure there are no other open Pull Requests for the same update/change - [x] I have run `Set-AVMModule` locally to generate the supporting module files. - [x] My corresponding pipelines / checks run clean and green without any errors or warnings --- .../tests/e2e/max/dependencies.bicep | 20 +++++++- .../tests/e2e/max/main.test.bicep | 16 +++++- .../tests/e2e/max/dependencies.bicep | 20 +++++++- .../tests/e2e/max/main.test.bicep | 20 ++++++-- .../tests/e2e/max/dependencies.bicep | 6 +-- .../workspace/tests/e2e/max/main.test.bicep | 15 +++++- .../tests/e2e/waf-aligned/dependencies.bicep | 2 +- .../tests/e2e/sqldb/dependencies.bicep | 20 +++++++- .../tests/e2e/sqldb/main.test.bicep | 9 +++- .../tests/e2e/waf-aligned/dependencies.bicep | 47 ----------------- .../tests/e2e/waf-aligned/main.test.bicep | 15 ------ .../tests/e2e/max/dependencies.bicep | 30 ++++++++++- .../tests/e2e/max/main.test.bicep | 24 ++++++--- avm/res/synapse/private-link-hub/main.bicep | 51 +++++++------------ .../tests/e2e/max/main.test.bicep | 7 +-- .../tests/e2e/max/dependencies.bicep | 20 +++++++- .../workspace/tests/e2e/max/main.test.bicep | 18 +++++-- 17 files changed, 211 insertions(+), 129 deletions(-) diff --git a/avm/res/automation/automation-account/tests/e2e/max/dependencies.bicep b/avm/res/automation/automation-account/tests/e2e/max/dependencies.bicep index 77af000af6..a566630ca9 100644 --- a/avm/res/automation/automation-account/tests/e2e/max/dependencies.bicep +++ b/avm/res/automation/automation-account/tests/e2e/max/dependencies.bicep @@ -22,7 +22,19 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = { { name: 'defaultSubnet' properties: { - addressPrefix: cidrSubnet(addressPrefix, 16, 0) + addressPrefix: cidrSubnet(addressPrefix, 20, 0) + } + } + { + name: 'custom-private-subnet' + properties: { + addressPrefix: cidrSubnet(addressPrefix, 20, 1) + } + } + { + name: 'custom-private-subnet-2' + properties: { + addressPrefix: cidrSubnet(addressPrefix, 20, 2) } } ] @@ -53,6 +65,12 @@ resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018- @description('The resource ID of the created Virtual Network Subnet.') output subnetResourceId string = virtualNetwork.properties.subnets[0].id +@description('The resource ID of the created Virtual Network Subnet.') +output customPrivateSubnetName string = virtualNetwork.properties.subnets[1].id + +@description('The resource ID of the created Virtual Network Subnet.') +output customPrivateSubnetName2 string = virtualNetwork.properties.subnets[2].id + @description('The principal ID of the created Managed Identity.') output managedIdentityPrincipalId string = managedIdentity.properties.principalId diff --git a/avm/res/automation/automation-account/tests/e2e/max/main.test.bicep b/avm/res/automation/automation-account/tests/e2e/max/main.test.bicep index 8067995a67..122c193ab7 100644 --- a/avm/res/automation/automation-account/tests/e2e/max/main.test.bicep +++ b/avm/res/automation/automation-account/tests/e2e/max/main.test.bicep @@ -102,7 +102,19 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' nestedDependencies.outputs.privateDNSZoneResourceId ] service: 'Webhook' - subnetResourceId: nestedDependencies.outputs.subnetResourceId + subnetResourceId: nestedDependencies.outputs.customPrivateSubnetName + tags: { + 'hidden-title': 'This is visible in the resource name' + Environment: 'Non-Prod' + Role: 'DeploymentValidation' + } + } + { + privateDnsZoneResourceIds: [ + nestedDependencies.outputs.privateDNSZoneResourceId + ] + service: 'Webhook' + subnetResourceId: nestedDependencies.outputs.customPrivateSubnetName2 tags: { 'hidden-title': 'This is visible in the resource name' Environment: 'Non-Prod' @@ -114,7 +126,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' nestedDependencies.outputs.privateDNSZoneResourceId ] service: 'DSCAndHybridWorker' - subnetResourceId: nestedDependencies.outputs.subnetResourceId + subnetResourceId: nestedDependencies.outputs.customPrivateSubnetName tags: { 'hidden-title': 'This is visible in the resource name' Environment: 'Non-Prod' diff --git a/avm/res/batch/batch-account/tests/e2e/max/dependencies.bicep b/avm/res/batch/batch-account/tests/e2e/max/dependencies.bicep index 462e8a5f27..678250b9f2 100644 --- a/avm/res/batch/batch-account/tests/e2e/max/dependencies.bicep +++ b/avm/res/batch/batch-account/tests/e2e/max/dependencies.bicep @@ -34,7 +34,19 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = { { name: 'defaultSubnet' properties: { - addressPrefix: cidrSubnet(addressPrefix, 16, 0) + addressPrefix: cidrSubnet(addressPrefix, 20, 0) + } + } + { + name: 'custom-private-subnet' + properties: { + addressPrefix: cidrSubnet(addressPrefix, 20, 1) + } + } + { + name: 'custom-private-subnet-2' + properties: { + addressPrefix: cidrSubnet(addressPrefix, 20, 2) } } ] @@ -65,6 +77,12 @@ resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018- @description('The resource ID of the created Virtual Network Subnet.') output subnetResourceId string = virtualNetwork.properties.subnets[0].id +@description('The resource ID of the created Virtual Network Subnet.') +output customPrivateSubnetName string = virtualNetwork.properties.subnets[1].id + +@description('The resource ID of the created Virtual Network Subnet.') +output customPrivateSubnetName2 string = virtualNetwork.properties.subnets[2].id + @description('The principal ID of the created Managed Identity.') output managedIdentityPrincipalId string = managedIdentity.properties.principalId diff --git a/avm/res/batch/batch-account/tests/e2e/max/main.test.bicep b/avm/res/batch/batch-account/tests/e2e/max/main.test.bicep index 20a5ba7c3b..ee43c6a1ab 100644 --- a/avm/res/batch/batch-account/tests/e2e/max/main.test.bicep +++ b/avm/res/batch/batch-account/tests/e2e/max/main.test.bicep @@ -88,7 +88,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' nestedDependencies.outputs.privateDNSZoneResourceId ] service: 'batchAccount' - subnetResourceId: nestedDependencies.outputs.subnetResourceId + subnetResourceId: nestedDependencies.outputs.customPrivateSubnetName tags: { 'hidden-title': 'This is visible in the resource name' Environment: 'Non-Prod' @@ -112,7 +112,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' properties: { groupId: 'batchAccount' memberName: 'batchAccount' - privateIPAddress: '10.0.0.10' + privateIPAddress: '10.0.16.10' } } ] @@ -120,17 +120,29 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' { fqdn: 'abc.batch.com' ipAddresses: [ - '10.0.0.10' + '10.0.16.10' ] } ] } + { + privateDnsZoneResourceIds: [ + nestedDependencies.outputs.privateDNSZoneResourceId + ] + service: 'batchAccount' + subnetResourceId: nestedDependencies.outputs.customPrivateSubnetName2 + tags: { + 'hidden-title': 'This is visible in the resource name' + Environment: 'Non-Prod' + Role: 'DeploymentValidation' + } + } { privateDnsZoneResourceIds: [ nestedDependencies.outputs.privateDNSZoneResourceId ] service: 'nodeManagement' - subnetResourceId: nestedDependencies.outputs.subnetResourceId + subnetResourceId: nestedDependencies.outputs.customPrivateSubnetName tags: { 'hidden-title': 'This is visible in the resource name' Environment: 'Non-Prod' diff --git a/avm/res/databricks/workspace/tests/e2e/max/dependencies.bicep b/avm/res/databricks/workspace/tests/e2e/max/dependencies.bicep index 9a8c73e3f6..f2caec201c 100644 --- a/avm/res/databricks/workspace/tests/e2e/max/dependencies.bicep +++ b/avm/res/databricks/workspace/tests/e2e/max/dependencies.bicep @@ -94,7 +94,7 @@ resource keyPermissions 'Microsoft.Authorization/roleAssignments@2022-04-01' = { name: guid('msi-${keyVault::key.id}-${location}-${managedIdentity.id}-Key-Key-Vault-Crypto-User-RoleAssignment') scope: keyVault::key properties: { - principalId: '711330f9-cfad-4b10-a462-d82faa92027d' // AzureDatabricks Enterprise Application Object Id (Note: this is tenant specific) + principalId: '09ef9f59-e7b6-422e-84e4-508cfc8d64e7' // '711330f9-cfad-4b10-a462-d82faa92027d' // AzureDatabricks Enterprise Application Object Id (Note: this is tenant specific) roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '12338af0-0e69-4776-bea7-57ae8d297424') // Key Vault Crypto User principalType: 'ServicePrincipal' } @@ -284,7 +284,7 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = { } } { - name: 'custom-public-subnet' + name: 'public' properties: { addressPrefix: cidrSubnet(addressPrefix, 20, 1) networkSecurityGroup: { @@ -301,7 +301,7 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = { } } { - name: 'custom-private-subnet' + name: 'private' properties: { addressPrefix: cidrSubnet(addressPrefix, 20, 2) networkSecurityGroup: { diff --git a/avm/res/databricks/workspace/tests/e2e/max/main.test.bicep b/avm/res/databricks/workspace/tests/e2e/max/main.test.bicep index 596f8857c5..08720be814 100644 --- a/avm/res/databricks/workspace/tests/e2e/max/main.test.bicep +++ b/avm/res/databricks/workspace/tests/e2e/max/main.test.bicep @@ -152,7 +152,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' nestedDependencies.outputs.privateDNSZoneResourceId ] service: 'databricks_ui_api' - subnetResourceId: nestedDependencies.outputs.defaultSubnetResourceId + subnetResourceId: nestedDependencies.outputs.customPublicSubnetName tags: { Environment: 'Non-Prod' Role: 'DeploymentValidation' @@ -162,7 +162,18 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' privateDnsZoneResourceIds: [ nestedDependencies.outputs.privateDNSZoneResourceId ] - subnetResourceId: nestedDependencies.outputs.defaultSubnetResourceId + service: 'databricks_ui_api' + subnetResourceId: nestedDependencies.outputs.customPrivateSubnetName + tags: { + Environment: 'Non-Prod' + Role: 'DeploymentValidation' + } + } + { + privateDnsZoneResourceIds: [ + nestedDependencies.outputs.privateDNSZoneResourceId + ] + subnetResourceId: nestedDependencies.outputs.customPrivateSubnetName service: 'browser_authentication' } ] diff --git a/avm/res/databricks/workspace/tests/e2e/waf-aligned/dependencies.bicep b/avm/res/databricks/workspace/tests/e2e/waf-aligned/dependencies.bicep index 9a8c73e3f6..dfc69285ca 100644 --- a/avm/res/databricks/workspace/tests/e2e/waf-aligned/dependencies.bicep +++ b/avm/res/databricks/workspace/tests/e2e/waf-aligned/dependencies.bicep @@ -94,7 +94,7 @@ resource keyPermissions 'Microsoft.Authorization/roleAssignments@2022-04-01' = { name: guid('msi-${keyVault::key.id}-${location}-${managedIdentity.id}-Key-Key-Vault-Crypto-User-RoleAssignment') scope: keyVault::key properties: { - principalId: '711330f9-cfad-4b10-a462-d82faa92027d' // AzureDatabricks Enterprise Application Object Id (Note: this is tenant specific) + principalId: '09ef9f59-e7b6-422e-84e4-508cfc8d64e7' // '711330f9-cfad-4b10-a462-d82faa92027d' // AzureDatabricks Enterprise Application Object Id (Note: this is tenant specific) roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '12338af0-0e69-4776-bea7-57ae8d297424') // Key Vault Crypto User principalType: 'ServicePrincipal' } diff --git a/avm/res/document-db/database-account/tests/e2e/sqldb/dependencies.bicep b/avm/res/document-db/database-account/tests/e2e/sqldb/dependencies.bicep index 9068571d83..581bfaef10 100644 --- a/avm/res/document-db/database-account/tests/e2e/sqldb/dependencies.bicep +++ b/avm/res/document-db/database-account/tests/e2e/sqldb/dependencies.bicep @@ -30,7 +30,19 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = { { name: 'defaultSubnet' properties: { - addressPrefix: cidrSubnet(addressPrefix, 16, 0) + addressPrefix: cidrSubnet(addressPrefix, 20, 0) + } + } + { + name: 'custom-private-subnet' + properties: { + addressPrefix: cidrSubnet(addressPrefix, 20, 1) + } + } + { + name: 'custom-private-subnet-2' + properties: { + addressPrefix: cidrSubnet(addressPrefix, 20, 2) } } ] @@ -95,5 +107,11 @@ output managedIdentityResourceId string = managedIdentity.id @description('The resource ID of the created Virtual Network Subnet.') output subnetResourceId string = virtualNetwork.properties.subnets[0].id +@description('The resource ID of the created Virtual Network Subnet.') +output customPrivateSubnetName string = virtualNetwork.properties.subnets[1].id + +@description('The resource ID of the created Virtual Network Subnet.') +output customPrivateSubnetName2 string = virtualNetwork.properties.subnets[2].id + @description('The resource ID of the created Private DNS Zone.') output privateDNSZoneResourceId string = privateDNSZone.id diff --git a/avm/res/document-db/database-account/tests/e2e/sqldb/main.test.bicep b/avm/res/document-db/database-account/tests/e2e/sqldb/main.test.bicep index 966d41060a..59807433db 100644 --- a/avm/res/document-db/database-account/tests/e2e/sqldb/main.test.bicep +++ b/avm/res/document-db/database-account/tests/e2e/sqldb/main.test.bicep @@ -98,7 +98,7 @@ module testDeployment '../../../main.bicep' = { nestedDependencies.outputs.privateDNSZoneResourceId ] service: 'Sql' - subnetResourceId: nestedDependencies.outputs.subnetResourceId + subnetResourceId: nestedDependencies.outputs.customPrivateSubnetName tags: { 'hidden-title': 'This is visible in the resource name' Environment: 'Non-Prod' @@ -110,7 +110,12 @@ module testDeployment '../../../main.bicep' = { nestedDependencies.outputs.privateDNSZoneResourceId ] service: 'Sql' - subnetResourceId: nestedDependencies.outputs.subnetResourceId + subnetResourceId: nestedDependencies.outputs.customPrivateSubnetName2 + tags: { + 'hidden-title': 'This is visible in the resource name' + Environment: 'Non-Prod' + Role: 'DeploymentValidation' + } } ] roleAssignments: [ diff --git a/avm/res/document-db/database-account/tests/e2e/waf-aligned/dependencies.bicep b/avm/res/document-db/database-account/tests/e2e/waf-aligned/dependencies.bicep index e42185366b..d9e107c4ea 100644 --- a/avm/res/document-db/database-account/tests/e2e/waf-aligned/dependencies.bicep +++ b/avm/res/document-db/database-account/tests/e2e/waf-aligned/dependencies.bicep @@ -4,50 +4,9 @@ param location string = resourceGroup().location @description('Required. The name of the Managed Identity to create.') param managedIdentityName string -@description('Required. The name of the Virtual Network to create.') -param virtualNetworkName string - @description('Required. The name of the Deployment Script to create to get the paired region name.') param pairedRegionScriptName string -var addressPrefix = '10.0.0.0/16' - -resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = { - name: virtualNetworkName - location: location - properties: { - addressSpace: { - addressPrefixes: [ - addressPrefix - ] - } - subnets: [ - { - name: 'defaultSubnet' - properties: { - addressPrefix: cidrSubnet(addressPrefix, 16, 0) - } - } - ] - } -} - -resource privateDNSZone 'Microsoft.Network/privateDnsZones@2020-06-01' = { - name: 'privatelink.documents.azure.com' - location: 'global' - - resource virtualNetworkLinks 'virtualNetworkLinks@2020-06-01' = { - name: '${virtualNetwork.name}-vnetlink' - location: 'global' - properties: { - virtualNetwork: { - id: virtualNetwork.id - } - registrationEnabled: false - } - } -} - resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = { name: managedIdentityName location: location @@ -85,9 +44,3 @@ resource getPairedRegionScript 'Microsoft.Resources/deploymentScripts@2020-10-01 @description('The name of the paired region.') output pairedRegionName string = getPairedRegionScript.properties.outputs.pairedRegionName - -@description('The resource ID of the created Virtual Network Subnet.') -output subnetResourceId string = virtualNetwork.properties.subnets[0].id - -@description('The resource ID of the created Private DNS Zone.') -output privateDNSZoneResourceId string = privateDNSZone.id diff --git a/avm/res/document-db/database-account/tests/e2e/waf-aligned/main.test.bicep b/avm/res/document-db/database-account/tests/e2e/waf-aligned/main.test.bicep index ec5d857416..4f9c11197e 100644 --- a/avm/res/document-db/database-account/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/document-db/database-account/tests/e2e/waf-aligned/main.test.bicep @@ -38,7 +38,6 @@ module nestedDependencies 'dependencies.bicep' = { name: '${uniqueString(deployment().name, resourceLocation)}-nestedDependencies' params: { managedIdentityName: 'dep-${namePrefix}-msi-${serviceShort}' - virtualNetworkName: 'dep-${namePrefix}-vnet-${serviceShort}' pairedRegionScriptName: 'dep-${namePrefix}-ds-${serviceShort}' location: resourceLocation } @@ -88,20 +87,6 @@ module testDeployment '../../../main.bicep' = { } ] location: resourceLocation - privateEndpoints: [ - { - privateDnsZoneResourceIds: [ - nestedDependencies.outputs.privateDNSZoneResourceId - ] - service: 'Sql' - subnetResourceId: nestedDependencies.outputs.subnetResourceId - tags: { - 'hidden-title': 'This is visible in the resource name' - Environment: 'Non-Prod' - Role: 'DeploymentValidation' - } - } - ] sqlDatabases: [ { containers: [ diff --git a/avm/res/storage/storage-account/tests/e2e/max/dependencies.bicep b/avm/res/storage/storage-account/tests/e2e/max/dependencies.bicep index 6e0fe47d04..7feea11a7c 100644 --- a/avm/res/storage/storage-account/tests/e2e/max/dependencies.bicep +++ b/avm/res/storage/storage-account/tests/e2e/max/dependencies.bicep @@ -22,7 +22,29 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = { { name: 'defaultSubnet' properties: { - addressPrefix: cidrSubnet(addressPrefix, 16, 0) + addressPrefix: cidrSubnet(addressPrefix, 20, 0) + serviceEndpoints: [ + { + service: 'Microsoft.Storage' + } + ] + } + } + { + name: 'custom-private-subnet' + properties: { + addressPrefix: cidrSubnet(addressPrefix, 20, 1) + serviceEndpoints: [ + { + service: 'Microsoft.Storage' + } + ] + } + } + { + name: 'custom-private-subnet-2' + properties: { + addressPrefix: cidrSubnet(addressPrefix, 20, 2) serviceEndpoints: [ { service: 'Microsoft.Storage' @@ -61,6 +83,12 @@ resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018- @description('The resource ID of the created Virtual Network Subnet.') output subnetResourceId string = virtualNetwork.properties.subnets[0].id +@description('The resource ID of the created Virtual Network Subnet.') +output customPrivateSubnetName string = virtualNetwork.properties.subnets[1].id + +@description('The resource ID of the created Virtual Network Subnet.') +output customPrivateSubnetName2 string = virtualNetwork.properties.subnets[2].id + @description('The principal ID of the created Managed Identity.') output managedIdentityPrincipalId string = managedIdentity.properties.principalId diff --git a/avm/res/storage/storage-account/tests/e2e/max/main.test.bicep b/avm/res/storage/storage-account/tests/e2e/max/main.test.bicep index 757062c60e..6e8d8ed0e3 100644 --- a/avm/res/storage/storage-account/tests/e2e/max/main.test.bicep +++ b/avm/res/storage/storage-account/tests/e2e/max/main.test.bicep @@ -80,7 +80,19 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' privateEndpoints: [ { service: 'blob' - subnetResourceId: nestedDependencies.outputs.subnetResourceId + subnetResourceId: nestedDependencies.outputs.customPrivateSubnetName + privateDnsZoneResourceIds: [ + nestedDependencies.outputs.privateDNSZoneResourceId + ] + tags: { + 'hidden-title': 'This is visible in the resource name' + Environment: 'Non-Prod' + Role: 'DeploymentValidation' + } + } + { + service: 'blob' + subnetResourceId: nestedDependencies.outputs.customPrivateSubnetName2 privateDnsZoneResourceIds: [ nestedDependencies.outputs.privateDNSZoneResourceId ] @@ -94,35 +106,35 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' privateDnsZoneResourceIds: [ nestedDependencies.outputs.privateDNSZoneResourceId ] - subnetResourceId: nestedDependencies.outputs.subnetResourceId + subnetResourceId: nestedDependencies.outputs.customPrivateSubnetName service: 'table' } { privateDnsZoneResourceIds: [ nestedDependencies.outputs.privateDNSZoneResourceId ] - subnetResourceId: nestedDependencies.outputs.subnetResourceId + subnetResourceId: nestedDependencies.outputs.customPrivateSubnetName service: 'queue' } { privateDnsZoneResourceIds: [ nestedDependencies.outputs.privateDNSZoneResourceId ] - subnetResourceId: nestedDependencies.outputs.subnetResourceId + subnetResourceId: nestedDependencies.outputs.customPrivateSubnetName service: 'file' } { privateDnsZoneResourceIds: [ nestedDependencies.outputs.privateDNSZoneResourceId ] - subnetResourceId: nestedDependencies.outputs.subnetResourceId + subnetResourceId: nestedDependencies.outputs.customPrivateSubnetName service: 'web' } { privateDnsZoneResourceIds: [ nestedDependencies.outputs.privateDNSZoneResourceId ] - subnetResourceId: nestedDependencies.outputs.subnetResourceId + subnetResourceId: nestedDependencies.outputs.customPrivateSubnetName service: 'dfs' } ] diff --git a/avm/res/synapse/private-link-hub/main.bicep b/avm/res/synapse/private-link-hub/main.bicep index 22d0d278ce..ea2d80db82 100644 --- a/avm/res/synapse/private-link-hub/main.bicep +++ b/avm/res/synapse/private-link-hub/main.bicep @@ -81,45 +81,34 @@ resource privateLinkHub_roleAssignments 'Microsoft.Authorization/roleAssignments }] // Private Endpoints -module privateLinkHub_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { - name: '${uniqueString(deployment().name, location)}-PrivateLinkHub-PrivateEndpoint-${index}' +module privateLinkHub_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.3.1' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { + name: '${uniqueString(deployment().name, location)}-privateLinkHub-PrivateEndpoint-${index}' params: { - name: privateEndpoint.?name ?? 'pep-${last(split(privateLinkHub.id, '/'))}-${privateEndpoint.?service ?? 'web'}-${index}' - privateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections != true ? [ + privateLinkServiceConnections: [ { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(privateLinkHub.id, '/'))}-${privateEndpoint.?service ?? 'web'}-${index}' + name: name properties: { privateLinkServiceId: privateLinkHub.id groupIds: [ - privateEndpoint.?service ?? 'web' + privateEndpoint.?service ?? 'privateLinkHubs' ] } } - ] : null - manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ - { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(privateLinkHub.id, '/'))}-${privateEndpoint.?service ?? 'web'}-${index}' - properties: { - privateLinkServiceId: privateLinkHub.id - groupIds: [ - privateEndpoint.?service ?? 'web' - ] - requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' - } - } - ] : null + ] + name: privateEndpoint.?name ?? 'pep-${last(split(privateLinkHub.id, '/'))}-${privateEndpoint.?service ?? privateEndpoint.service}-${index}' subnetResourceId: privateEndpoint.subnetResourceId - enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry location: privateEndpoint.?location ?? reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location lock: privateEndpoint.?lock ?? lock privateDnsZoneGroupName: privateEndpoint.?privateDnsZoneGroupName privateDnsZoneResourceIds: privateEndpoint.?privateDnsZoneResourceIds roleAssignments: privateEndpoint.?roleAssignments tags: privateEndpoint.?tags ?? tags + manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections customDnsConfigs: privateEndpoint.?customDnsConfigs ipConfigurations: privateEndpoint.?ipConfigurations applicationSecurityGroupResourceIds: privateEndpoint.?applicationSecurityGroupResourceIds customNetworkInterfaceName: privateEndpoint.?customNetworkInterfaceName + enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry } }] @@ -177,31 +166,24 @@ type privateEndpointType = { @description('Optional. The location to deploy the private endpoint to.') location: string? - @description('Optional. The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory".') - service: string? + @description('Required. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob".') + service: string @description('Required. Resource ID of the subnet where the endpoint needs to be created.') subnetResourceId: string - @description('Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided.') + @description('Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided.') privateDnsZoneGroupName: string? @description('Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.') privateDnsZoneResourceIds: string[]? - @description('Optional. If Manual Private Link Connection is required.') - isManualConnection: bool? - - @description('Optional. A message passed to the owner of the remote resource with the manual connection request.') - @maxLength(140) - manualConnectionRequestMessage: string? - @description('Optional. Custom DNS configurations.') customDnsConfigs: { - @description('Required. Fqdn that resolves to private endpoint IP address.') + @description('Required. Fqdn that resolves to private endpoint ip address.') fqdn: string? - @description('Required. A list of private IP addresses of the private endpoint.') + @description('Required. A list of private ip addresses of the private endpoint.') ipAddresses: string[] }[]? @@ -218,7 +200,7 @@ type privateEndpointType = { @description('Required. The member name of a group obtained from the remote resource that this private endpoint should connect to.') memberName: string - @description('Required. A private IP address obtained from the private endpoint\'s subnet.') + @description('Required. A private ip address obtained from the private endpoint\'s subnet.') privateIPAddress: string } }[]? @@ -238,6 +220,9 @@ type privateEndpointType = { @description('Optional. Tags to be applied on all resources/resource groups in this deployment.') tags: object? + @description('Optional. Manual PrivateLink Service Connections.') + manualPrivateLinkServiceConnections: array? + @description('Optional. Enable/Disable usage telemetry for module.') enableTelemetry: bool? }[]? diff --git a/avm/res/synapse/private-link-hub/tests/e2e/max/main.test.bicep b/avm/res/synapse/private-link-hub/tests/e2e/max/main.test.bicep index f1e31fccb2..edcbcf4ffe 100644 --- a/avm/res/synapse/private-link-hub/tests/e2e/max/main.test.bicep +++ b/avm/res/synapse/private-link-hub/tests/e2e/max/main.test.bicep @@ -62,6 +62,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' privateDnsZoneResourceIds: [ nestedDependencies.outputs.privateDNSZoneResourceId ] + service: 'Web' subnetResourceId: nestedDependencies.outputs.subnetResourceId tags: { 'hidden-title': 'This is visible in the resource name' @@ -69,12 +70,6 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } - { - privateDnsZoneResourceIds: [ - nestedDependencies.outputs.privateDNSZoneResourceId - ] - subnetResourceId: nestedDependencies.outputs.subnetResourceId - } ] roleAssignments: [ { diff --git a/avm/res/synapse/workspace/tests/e2e/max/dependencies.bicep b/avm/res/synapse/workspace/tests/e2e/max/dependencies.bicep index 52da267176..4fbdd4355c 100644 --- a/avm/res/synapse/workspace/tests/e2e/max/dependencies.bicep +++ b/avm/res/synapse/workspace/tests/e2e/max/dependencies.bicep @@ -30,7 +30,19 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = { { name: 'defaultSubnet' properties: { - addressPrefix: cidrSubnet(addressPrefix, 16, 0) + addressPrefix: cidrSubnet(addressPrefix, 20, 0) + } + } + { + name: 'custom-private-subnet' + properties: { + addressPrefix: cidrSubnet(addressPrefix, 20, 1) + } + } + { + name: 'custom-private-subnet-2' + properties: { + addressPrefix: cidrSubnet(addressPrefix, 20, 2) } } ] @@ -82,6 +94,12 @@ output managedIdentityResourceId string = managedIdentity.id @description('The resource ID of the created Virtual Network Subnet.') output subnetResourceId string = virtualNetwork.properties.subnets[0].id +@description('The resource ID of the created Virtual Network Subnet.') +output customPrivateSubnetName string = virtualNetwork.properties.subnets[1].id + +@description('The resource ID of the created Virtual Network Subnet.') +output customPrivateSubnetName2 string = virtualNetwork.properties.subnets[2].id + @description('The resource ID of the created Private DNS Zone.') output privateDNSZoneResourceId string = privateDNSZone.id diff --git a/avm/res/synapse/workspace/tests/e2e/max/main.test.bicep b/avm/res/synapse/workspace/tests/e2e/max/main.test.bicep index f96f1e9699..083293e03d 100644 --- a/avm/res/synapse/workspace/tests/e2e/max/main.test.bicep +++ b/avm/res/synapse/workspace/tests/e2e/max/main.test.bicep @@ -99,7 +99,19 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' nestedDependencies.outputs.privateDNSZoneResourceId ] service: 'SQL' - subnetResourceId: nestedDependencies.outputs.subnetResourceId + subnetResourceId: nestedDependencies.outputs.customPrivateSubnetName + tags: { + 'hidden-title': 'This is visible in the resource name' + Environment: 'Non-Prod' + Role: 'DeploymentValidation' + } + } + { + privateDnsZoneResourceIds: [ + nestedDependencies.outputs.privateDNSZoneResourceId + ] + service: 'SQL' + subnetResourceId: nestedDependencies.outputs.customPrivateSubnetName2 tags: { 'hidden-title': 'This is visible in the resource name' Environment: 'Non-Prod' @@ -111,7 +123,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' nestedDependencies.outputs.privateDNSZoneResourceId ] service: 'SqlOnDemand' - subnetResourceId: nestedDependencies.outputs.subnetResourceId + subnetResourceId: nestedDependencies.outputs.customPrivateSubnetName tags: { 'hidden-title': 'This is visible in the resource name' Environment: 'Non-Prod' @@ -123,7 +135,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' nestedDependencies.outputs.privateDNSZoneResourceId ] service: 'Dev' - subnetResourceId: nestedDependencies.outputs.subnetResourceId + subnetResourceId: nestedDependencies.outputs.customPrivateSubnetName tags: { 'hidden-title': 'This is visible in the resource name' Environment: 'Non-Prod' From c867e8e877b4e2c02b86df6e40bf4e0d969aa6be Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Mon, 26 Feb 2024 17:46:30 +0100 Subject: [PATCH 17/29] Update to latest --- .../tests/e2e/max/dependencies.bicep | 10 +++++----- .../tests/e2e/max/main.test.bicep | 6 +++--- .../tests/e2e/max/dependencies.bicep | 12 ++++++------ .../batch-account/tests/e2e/max/main.test.bicep | 6 +++--- .../workspace/tests/e2e/max/dependencies.bicep | 4 ++-- .../tests/e2e/sqldb/dependencies.bicep | 12 ++++++------ .../tests/e2e/sqldb/main.test.bicep | 4 ++-- .../tests/e2e/max/dependencies.bicep | 12 ++++++------ .../tests/e2e/max/main.test.bicep | 16 ++++++++-------- .../workspace/tests/e2e/max/dependencies.bicep | 12 ++++++------ .../workspace/tests/e2e/max/main.test.bicep | 8 ++++---- 11 files changed, 51 insertions(+), 51 deletions(-) diff --git a/avm/res/automation/automation-account/tests/e2e/max/dependencies.bicep b/avm/res/automation/automation-account/tests/e2e/max/dependencies.bicep index a566630ca9..403211cdb7 100644 --- a/avm/res/automation/automation-account/tests/e2e/max/dependencies.bicep +++ b/avm/res/automation/automation-account/tests/e2e/max/dependencies.bicep @@ -62,14 +62,14 @@ resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018- location: location } -@description('The resource ID of the created Virtual Network Subnet.') +@description('The resource ID of the created Virtual Network Default Subnet.') output subnetResourceId string = virtualNetwork.properties.subnets[0].id -@description('The resource ID of the created Virtual Network Subnet.') -output customPrivateSubnetName string = virtualNetwork.properties.subnets[1].id +@description('The resource ID of the 2nd created Virtual Network Subnet.') +output customSubnet1ResourceId string = virtualNetwork.properties.subnets[1].id -@description('The resource ID of the created Virtual Network Subnet.') -output customPrivateSubnetName2 string = virtualNetwork.properties.subnets[2].id +@description('The resource ID of the 3rd created Virtual Network Subnet.') +output customSubnet2ResourceId string = virtualNetwork.properties.subnets[2].id @description('The principal ID of the created Managed Identity.') output managedIdentityPrincipalId string = managedIdentity.properties.principalId diff --git a/avm/res/automation/automation-account/tests/e2e/max/main.test.bicep b/avm/res/automation/automation-account/tests/e2e/max/main.test.bicep index 122c193ab7..7b4b925205 100644 --- a/avm/res/automation/automation-account/tests/e2e/max/main.test.bicep +++ b/avm/res/automation/automation-account/tests/e2e/max/main.test.bicep @@ -102,7 +102,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' nestedDependencies.outputs.privateDNSZoneResourceId ] service: 'Webhook' - subnetResourceId: nestedDependencies.outputs.customPrivateSubnetName + subnetResourceId: nestedDependencies.outputs.customSubnet1ResourceId tags: { 'hidden-title': 'This is visible in the resource name' Environment: 'Non-Prod' @@ -114,7 +114,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' nestedDependencies.outputs.privateDNSZoneResourceId ] service: 'Webhook' - subnetResourceId: nestedDependencies.outputs.customPrivateSubnetName2 + subnetResourceId: nestedDependencies.outputs.customSubnet2ResourceId tags: { 'hidden-title': 'This is visible in the resource name' Environment: 'Non-Prod' @@ -126,7 +126,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' nestedDependencies.outputs.privateDNSZoneResourceId ] service: 'DSCAndHybridWorker' - subnetResourceId: nestedDependencies.outputs.customPrivateSubnetName + subnetResourceId: nestedDependencies.outputs.customSubnet1ResourceId tags: { 'hidden-title': 'This is visible in the resource name' Environment: 'Non-Prod' diff --git a/avm/res/batch/batch-account/tests/e2e/max/dependencies.bicep b/avm/res/batch/batch-account/tests/e2e/max/dependencies.bicep index 678250b9f2..a0acbbc302 100644 --- a/avm/res/batch/batch-account/tests/e2e/max/dependencies.bicep +++ b/avm/res/batch/batch-account/tests/e2e/max/dependencies.bicep @@ -74,14 +74,14 @@ resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018- location: location } -@description('The resource ID of the created Virtual Network Subnet.') -output subnetResourceId string = virtualNetwork.properties.subnets[0].id +@description('The resource ID of the created Virtual Network Default Subnet.') +output defaultSubnetResourceId string = virtualNetwork.properties.subnets[0].id -@description('The resource ID of the created Virtual Network Subnet.') -output customPrivateSubnetName string = virtualNetwork.properties.subnets[1].id +@description('The resource ID of the 2nd created Virtual Network Subnet.') +output customSubnet1ResourceId string = virtualNetwork.properties.subnets[1].id -@description('The resource ID of the created Virtual Network Subnet.') -output customPrivateSubnetName2 string = virtualNetwork.properties.subnets[2].id +@description('The resource ID of the 3rd created Virtual Network Subnet.') +output customSubnet2ResourceId string = virtualNetwork.properties.subnets[2].id @description('The principal ID of the created Managed Identity.') output managedIdentityPrincipalId string = managedIdentity.properties.principalId diff --git a/avm/res/batch/batch-account/tests/e2e/max/main.test.bicep b/avm/res/batch/batch-account/tests/e2e/max/main.test.bicep index ee43c6a1ab..eb178649c9 100644 --- a/avm/res/batch/batch-account/tests/e2e/max/main.test.bicep +++ b/avm/res/batch/batch-account/tests/e2e/max/main.test.bicep @@ -88,7 +88,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' nestedDependencies.outputs.privateDNSZoneResourceId ] service: 'batchAccount' - subnetResourceId: nestedDependencies.outputs.customPrivateSubnetName + subnetResourceId: nestedDependencies.outputs.customSubnet1ResourceId tags: { 'hidden-title': 'This is visible in the resource name' Environment: 'Non-Prod' @@ -130,7 +130,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' nestedDependencies.outputs.privateDNSZoneResourceId ] service: 'batchAccount' - subnetResourceId: nestedDependencies.outputs.customPrivateSubnetName2 + subnetResourceId: nestedDependencies.outputs.customSubnet2ResourceId tags: { 'hidden-title': 'This is visible in the resource name' Environment: 'Non-Prod' @@ -142,7 +142,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' nestedDependencies.outputs.privateDNSZoneResourceId ] service: 'nodeManagement' - subnetResourceId: nestedDependencies.outputs.customPrivateSubnetName + subnetResourceId: nestedDependencies.outputs.customSubnet1ResourceId tags: { 'hidden-title': 'This is visible in the resource name' Environment: 'Non-Prod' diff --git a/avm/res/databricks/workspace/tests/e2e/max/dependencies.bicep b/avm/res/databricks/workspace/tests/e2e/max/dependencies.bicep index f2caec201c..df51969b79 100644 --- a/avm/res/databricks/workspace/tests/e2e/max/dependencies.bicep +++ b/avm/res/databricks/workspace/tests/e2e/max/dependencies.bicep @@ -340,10 +340,10 @@ resource privateDNSZone 'Microsoft.Network/privateDnsZones@2020-06-01' = { @description('The resource ID of the created Virtual Network Default Subnet.') output defaultSubnetResourceId string = virtualNetwork.properties.subnets[0].id -@description('The name of the created Virtual Network Public Subnet.') +@description('The name of the 2nd created Virtual Network Public Subnet.') output customPublicSubnetName string = virtualNetwork.properties.subnets[1].name -@description('The name of the created Virtual Network Private Subnet.') +@description('The name of the 3rd created Virtual Network Private Subnet.') output customPrivateSubnetName string = virtualNetwork.properties.subnets[2].name @description('The resource ID of the created Virtual Network.') diff --git a/avm/res/document-db/database-account/tests/e2e/sqldb/dependencies.bicep b/avm/res/document-db/database-account/tests/e2e/sqldb/dependencies.bicep index 581bfaef10..cd88a1370a 100644 --- a/avm/res/document-db/database-account/tests/e2e/sqldb/dependencies.bicep +++ b/avm/res/document-db/database-account/tests/e2e/sqldb/dependencies.bicep @@ -104,14 +104,14 @@ output managedIdentityPrincipalId string = managedIdentity.properties.principalI @description('The resource ID of the created Managed Identity.') output managedIdentityResourceId string = managedIdentity.id -@description('The resource ID of the created Virtual Network Subnet.') -output subnetResourceId string = virtualNetwork.properties.subnets[0].id +@description('The resource ID of the created Virtual Network Default Subnet.') +output defaultSubnetResourceId string = virtualNetwork.properties.subnets[0].id -@description('The resource ID of the created Virtual Network Subnet.') -output customPrivateSubnetName string = virtualNetwork.properties.subnets[1].id +@description('The resource ID of the 2nd created Virtual Network Subnet.') +output customSubnet1ResourceId string = virtualNetwork.properties.subnets[1].id -@description('The resource ID of the created Virtual Network Subnet.') -output customPrivateSubnetName2 string = virtualNetwork.properties.subnets[2].id +@description('The resource ID of the 3rd created Virtual Network Subnet.') +output customSubnet2ResourceId string = virtualNetwork.properties.subnets[2].id @description('The resource ID of the created Private DNS Zone.') output privateDNSZoneResourceId string = privateDNSZone.id diff --git a/avm/res/document-db/database-account/tests/e2e/sqldb/main.test.bicep b/avm/res/document-db/database-account/tests/e2e/sqldb/main.test.bicep index 59807433db..5bd1596abb 100644 --- a/avm/res/document-db/database-account/tests/e2e/sqldb/main.test.bicep +++ b/avm/res/document-db/database-account/tests/e2e/sqldb/main.test.bicep @@ -98,7 +98,7 @@ module testDeployment '../../../main.bicep' = { nestedDependencies.outputs.privateDNSZoneResourceId ] service: 'Sql' - subnetResourceId: nestedDependencies.outputs.customPrivateSubnetName + subnetResourceId: nestedDependencies.outputs.customSubnet1ResourceId tags: { 'hidden-title': 'This is visible in the resource name' Environment: 'Non-Prod' @@ -110,7 +110,7 @@ module testDeployment '../../../main.bicep' = { nestedDependencies.outputs.privateDNSZoneResourceId ] service: 'Sql' - subnetResourceId: nestedDependencies.outputs.customPrivateSubnetName2 + subnetResourceId: nestedDependencies.outputs.customSubnet2ResourceId tags: { 'hidden-title': 'This is visible in the resource name' Environment: 'Non-Prod' diff --git a/avm/res/storage/storage-account/tests/e2e/max/dependencies.bicep b/avm/res/storage/storage-account/tests/e2e/max/dependencies.bicep index 7feea11a7c..2accc238d1 100644 --- a/avm/res/storage/storage-account/tests/e2e/max/dependencies.bicep +++ b/avm/res/storage/storage-account/tests/e2e/max/dependencies.bicep @@ -80,14 +80,14 @@ resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018- location: location } -@description('The resource ID of the created Virtual Network Subnet.') -output subnetResourceId string = virtualNetwork.properties.subnets[0].id +@description('The resource ID of the created Virtual Network Default Subnet.') +output defaultSubnetResourceId string = virtualNetwork.properties.subnets[0].id -@description('The resource ID of the created Virtual Network Subnet.') -output customPrivateSubnetName string = virtualNetwork.properties.subnets[1].id +@description('The resource ID of the 2nd created Virtual Network Subnet.') +output customSubnet1ResourceId string = virtualNetwork.properties.subnets[1].id -@description('The resource ID of the created Virtual Network Subnet.') -output customPrivateSubnetName2 string = virtualNetwork.properties.subnets[2].id +@description('The resource ID of the 3rd created Virtual Network Subnet.') +output customSubnet2ResourceId string = virtualNetwork.properties.subnets[2].id @description('The principal ID of the created Managed Identity.') output managedIdentityPrincipalId string = managedIdentity.properties.principalId diff --git a/avm/res/storage/storage-account/tests/e2e/max/main.test.bicep b/avm/res/storage/storage-account/tests/e2e/max/main.test.bicep index 6e8d8ed0e3..09d13f832d 100644 --- a/avm/res/storage/storage-account/tests/e2e/max/main.test.bicep +++ b/avm/res/storage/storage-account/tests/e2e/max/main.test.bicep @@ -80,7 +80,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' privateEndpoints: [ { service: 'blob' - subnetResourceId: nestedDependencies.outputs.customPrivateSubnetName + subnetResourceId: nestedDependencies.outputs.customSubnet1ResourceId privateDnsZoneResourceIds: [ nestedDependencies.outputs.privateDNSZoneResourceId ] @@ -92,7 +92,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' } { service: 'blob' - subnetResourceId: nestedDependencies.outputs.customPrivateSubnetName2 + subnetResourceId: nestedDependencies.outputs.customSubnet2ResourceId privateDnsZoneResourceIds: [ nestedDependencies.outputs.privateDNSZoneResourceId ] @@ -106,35 +106,35 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' privateDnsZoneResourceIds: [ nestedDependencies.outputs.privateDNSZoneResourceId ] - subnetResourceId: nestedDependencies.outputs.customPrivateSubnetName + subnetResourceId: nestedDependencies.outputs.customSubnet1ResourceId service: 'table' } { privateDnsZoneResourceIds: [ nestedDependencies.outputs.privateDNSZoneResourceId ] - subnetResourceId: nestedDependencies.outputs.customPrivateSubnetName + subnetResourceId: nestedDependencies.outputs.customSubnet1ResourceId service: 'queue' } { privateDnsZoneResourceIds: [ nestedDependencies.outputs.privateDNSZoneResourceId ] - subnetResourceId: nestedDependencies.outputs.customPrivateSubnetName + subnetResourceId: nestedDependencies.outputs.customSubnet1ResourceId service: 'file' } { privateDnsZoneResourceIds: [ nestedDependencies.outputs.privateDNSZoneResourceId ] - subnetResourceId: nestedDependencies.outputs.customPrivateSubnetName + subnetResourceId: nestedDependencies.outputs.customSubnet1ResourceId service: 'web' } { privateDnsZoneResourceIds: [ nestedDependencies.outputs.privateDNSZoneResourceId ] - subnetResourceId: nestedDependencies.outputs.customPrivateSubnetName + subnetResourceId: nestedDependencies.outputs.customSubnet1ResourceId service: 'dfs' } ] @@ -144,7 +144,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' virtualNetworkRules: [ { action: 'Allow' - id: nestedDependencies.outputs.subnetResourceId + id: nestedDependencies.outputs.defaultSubnetResourceId } ] ipRules: [ diff --git a/avm/res/synapse/workspace/tests/e2e/max/dependencies.bicep b/avm/res/synapse/workspace/tests/e2e/max/dependencies.bicep index 4fbdd4355c..b237c382f6 100644 --- a/avm/res/synapse/workspace/tests/e2e/max/dependencies.bicep +++ b/avm/res/synapse/workspace/tests/e2e/max/dependencies.bicep @@ -91,14 +91,14 @@ output managedIdentityPrincipalId string = managedIdentity.properties.principalI @description('The resource ID of the created Managed Identity.') output managedIdentityResourceId string = managedIdentity.id -@description('The resource ID of the created Virtual Network Subnet.') -output subnetResourceId string = virtualNetwork.properties.subnets[0].id +@description('The resource ID of the created Virtual Network Default Subnet.') +output defaultSubnetResourceId string = virtualNetwork.properties.subnets[0].id -@description('The resource ID of the created Virtual Network Subnet.') -output customPrivateSubnetName string = virtualNetwork.properties.subnets[1].id +@description('The resource ID of the 2nd created Virtual Network Subnet.') +output customSubnet1ResourceId string = virtualNetwork.properties.subnets[1].id -@description('The resource ID of the created Virtual Network Subnet.') -output customPrivateSubnetName2 string = virtualNetwork.properties.subnets[2].id +@description('The resource ID of the 3rd created Virtual Network Subnet.') +output customSubnet2ResourceId string = virtualNetwork.properties.subnets[2].id @description('The resource ID of the created Private DNS Zone.') output privateDNSZoneResourceId string = privateDNSZone.id diff --git a/avm/res/synapse/workspace/tests/e2e/max/main.test.bicep b/avm/res/synapse/workspace/tests/e2e/max/main.test.bicep index 083293e03d..19f94147e6 100644 --- a/avm/res/synapse/workspace/tests/e2e/max/main.test.bicep +++ b/avm/res/synapse/workspace/tests/e2e/max/main.test.bicep @@ -99,7 +99,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' nestedDependencies.outputs.privateDNSZoneResourceId ] service: 'SQL' - subnetResourceId: nestedDependencies.outputs.customPrivateSubnetName + subnetResourceId: nestedDependencies.outputs.customSubnet1ResourceId tags: { 'hidden-title': 'This is visible in the resource name' Environment: 'Non-Prod' @@ -111,7 +111,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' nestedDependencies.outputs.privateDNSZoneResourceId ] service: 'SQL' - subnetResourceId: nestedDependencies.outputs.customPrivateSubnetName2 + subnetResourceId: nestedDependencies.outputs.customSubnet2ResourceId tags: { 'hidden-title': 'This is visible in the resource name' Environment: 'Non-Prod' @@ -123,7 +123,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' nestedDependencies.outputs.privateDNSZoneResourceId ] service: 'SqlOnDemand' - subnetResourceId: nestedDependencies.outputs.customPrivateSubnetName + subnetResourceId: nestedDependencies.outputs.customSubnet1ResourceId tags: { 'hidden-title': 'This is visible in the resource name' Environment: 'Non-Prod' @@ -135,7 +135,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' nestedDependencies.outputs.privateDNSZoneResourceId ] service: 'Dev' - subnetResourceId: nestedDependencies.outputs.customPrivateSubnetName + subnetResourceId: nestedDependencies.outputs.customSubnet1ResourceId tags: { 'hidden-title': 'This is visible in the resource name' Environment: 'Non-Prod' From a98d5f68bbce46c2acf6ab126ccc4b142a58efb6 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Mon, 26 Feb 2024 17:50:05 +0100 Subject: [PATCH 18/29] Update to latest --- .../workspace/tests/e2e/max/dependencies.bicep | 4 ++-- .../databricks/workspace/tests/e2e/max/main.test.bicep | 10 +++++----- .../workspace/tests/e2e/waf-aligned/dependencies.bicep | 8 ++++---- .../workspace/tests/e2e/waf-aligned/main.test.bicep | 4 ++-- 4 files changed, 13 insertions(+), 13 deletions(-) diff --git a/avm/res/databricks/workspace/tests/e2e/max/dependencies.bicep b/avm/res/databricks/workspace/tests/e2e/max/dependencies.bicep index df51969b79..476db353de 100644 --- a/avm/res/databricks/workspace/tests/e2e/max/dependencies.bicep +++ b/avm/res/databricks/workspace/tests/e2e/max/dependencies.bicep @@ -341,10 +341,10 @@ resource privateDNSZone 'Microsoft.Network/privateDnsZones@2020-06-01' = { output defaultSubnetResourceId string = virtualNetwork.properties.subnets[0].id @description('The name of the 2nd created Virtual Network Public Subnet.') -output customPublicSubnetName string = virtualNetwork.properties.subnets[1].name +output customPublicSubnetResourceId string = virtualNetwork.properties.subnets[1].name @description('The name of the 3rd created Virtual Network Private Subnet.') -output customPrivateSubnetName string = virtualNetwork.properties.subnets[2].name +output customPrivateSubnetResourceId string = virtualNetwork.properties.subnets[2].name @description('The resource ID of the created Virtual Network.') output virtualNetworkResourceId string = virtualNetwork.id diff --git a/avm/res/databricks/workspace/tests/e2e/max/main.test.bicep b/avm/res/databricks/workspace/tests/e2e/max/main.test.bicep index 08720be814..a5186b97f5 100644 --- a/avm/res/databricks/workspace/tests/e2e/max/main.test.bicep +++ b/avm/res/databricks/workspace/tests/e2e/max/main.test.bicep @@ -139,8 +139,8 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' requiredNsgRules: 'NoAzureDatabricksRules' skuName: 'premium' amlWorkspaceResourceId: nestedDependencies.outputs.machineLearningWorkspaceResourceId - customPrivateSubnetName: nestedDependencies.outputs.customPrivateSubnetName - customPublicSubnetName: nestedDependencies.outputs.customPublicSubnetName + customPrivateSubnetName: nestedDependencies.outputs.customPrivateSubnetResourceId + customPublicSubnetName: nestedDependencies.outputs.customPublicSubnetResourceId publicNetworkAccess: 'Disabled' disablePublicIp: true loadBalancerResourceId: nestedDependencies.outputs.loadBalancerResourceId @@ -152,7 +152,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' nestedDependencies.outputs.privateDNSZoneResourceId ] service: 'databricks_ui_api' - subnetResourceId: nestedDependencies.outputs.customPublicSubnetName + subnetResourceId: nestedDependencies.outputs.customPublicSubnetResourceId tags: { Environment: 'Non-Prod' Role: 'DeploymentValidation' @@ -163,7 +163,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' nestedDependencies.outputs.privateDNSZoneResourceId ] service: 'databricks_ui_api' - subnetResourceId: nestedDependencies.outputs.customPrivateSubnetName + subnetResourceId: nestedDependencies.outputs.customPrivateSubnetResourceId tags: { Environment: 'Non-Prod' Role: 'DeploymentValidation' @@ -173,7 +173,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' privateDnsZoneResourceIds: [ nestedDependencies.outputs.privateDNSZoneResourceId ] - subnetResourceId: nestedDependencies.outputs.customPrivateSubnetName + subnetResourceId: nestedDependencies.outputs.customPrivateSubnetResourceId service: 'browser_authentication' } ] diff --git a/avm/res/databricks/workspace/tests/e2e/waf-aligned/dependencies.bicep b/avm/res/databricks/workspace/tests/e2e/waf-aligned/dependencies.bicep index dfc69285ca..2867a8dbc1 100644 --- a/avm/res/databricks/workspace/tests/e2e/waf-aligned/dependencies.bicep +++ b/avm/res/databricks/workspace/tests/e2e/waf-aligned/dependencies.bicep @@ -340,11 +340,11 @@ resource privateDNSZone 'Microsoft.Network/privateDnsZones@2020-06-01' = { @description('The resource ID of the created Virtual Network Default Subnet.') output defaultSubnetResourceId string = virtualNetwork.properties.subnets[0].id -@description('The name of the created Virtual Network Public Subnet.') -output customPublicSubnetName string = virtualNetwork.properties.subnets[1].name +@description('The name of the 2nd created Virtual Network Public Subnet.') +output customPublicSubnetResourceId string = virtualNetwork.properties.subnets[1].name -@description('The name of the created Virtual Network Private Subnet.') -output customPrivateSubnetName string = virtualNetwork.properties.subnets[2].name +@description('The name of the 3rd created Virtual Network Private Subnet.') +output customPrivateSubnetResourceId string = virtualNetwork.properties.subnets[2].name @description('The resource ID of the created Virtual Network.') output virtualNetworkResourceId string = virtualNetwork.id diff --git a/avm/res/databricks/workspace/tests/e2e/waf-aligned/main.test.bicep b/avm/res/databricks/workspace/tests/e2e/waf-aligned/main.test.bicep index e2542b585e..9d9871da3e 100644 --- a/avm/res/databricks/workspace/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/databricks/workspace/tests/e2e/waf-aligned/main.test.bicep @@ -122,8 +122,8 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' requiredNsgRules: 'NoAzureDatabricksRules' skuName: 'premium' amlWorkspaceResourceId: nestedDependencies.outputs.machineLearningWorkspaceResourceId - customPrivateSubnetName: nestedDependencies.outputs.customPrivateSubnetName - customPublicSubnetName: nestedDependencies.outputs.customPublicSubnetName + customPrivateSubnetName: nestedDependencies.outputs.customPrivateSubnetResourceId + customPublicSubnetName: nestedDependencies.outputs.customPublicSubnetResourceId publicNetworkAccess: 'Disabled' disablePublicIp: true loadBalancerResourceId: nestedDependencies.outputs.loadBalancerResourceId From ee1ceb915543d59454e3c7da615571f8f86e0796 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Mon, 26 Feb 2024 17:51:38 +0100 Subject: [PATCH 19/29] Update to latest --- avm/res/databricks/workspace/tests/e2e/max/dependencies.bicep | 2 +- .../workspace/tests/e2e/waf-aligned/dependencies.bicep | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/avm/res/databricks/workspace/tests/e2e/max/dependencies.bicep b/avm/res/databricks/workspace/tests/e2e/max/dependencies.bicep index 476db353de..81067f0d57 100644 --- a/avm/res/databricks/workspace/tests/e2e/max/dependencies.bicep +++ b/avm/res/databricks/workspace/tests/e2e/max/dependencies.bicep @@ -94,7 +94,7 @@ resource keyPermissions 'Microsoft.Authorization/roleAssignments@2022-04-01' = { name: guid('msi-${keyVault::key.id}-${location}-${managedIdentity.id}-Key-Key-Vault-Crypto-User-RoleAssignment') scope: keyVault::key properties: { - principalId: '09ef9f59-e7b6-422e-84e4-508cfc8d64e7' // '711330f9-cfad-4b10-a462-d82faa92027d' // AzureDatabricks Enterprise Application Object Id (Note: this is tenant specific) + principalId: '711330f9-cfad-4b10-a462-d82faa92027d' // AzureDatabricks Enterprise Application Object Id (Note: this is tenant specific) roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '12338af0-0e69-4776-bea7-57ae8d297424') // Key Vault Crypto User principalType: 'ServicePrincipal' } diff --git a/avm/res/databricks/workspace/tests/e2e/waf-aligned/dependencies.bicep b/avm/res/databricks/workspace/tests/e2e/waf-aligned/dependencies.bicep index 2867a8dbc1..1d417c0042 100644 --- a/avm/res/databricks/workspace/tests/e2e/waf-aligned/dependencies.bicep +++ b/avm/res/databricks/workspace/tests/e2e/waf-aligned/dependencies.bicep @@ -94,7 +94,7 @@ resource keyPermissions 'Microsoft.Authorization/roleAssignments@2022-04-01' = { name: guid('msi-${keyVault::key.id}-${location}-${managedIdentity.id}-Key-Key-Vault-Crypto-User-RoleAssignment') scope: keyVault::key properties: { - principalId: '09ef9f59-e7b6-422e-84e4-508cfc8d64e7' // '711330f9-cfad-4b10-a462-d82faa92027d' // AzureDatabricks Enterprise Application Object Id (Note: this is tenant specific) + principalId: '711330f9-cfad-4b10-a462-d82faa92027d' // AzureDatabricks Enterprise Application Object Id (Note: this is tenant specific) roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '12338af0-0e69-4776-bea7-57ae8d297424') // Key Vault Crypto User principalType: 'ServicePrincipal' } From b7031877b2fc6db28df20a2360e4271bcf644f94 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Mon, 26 Feb 2024 18:04:00 +0100 Subject: [PATCH 20/29] Update to latest --- .../tests/e2e/waf-aligned/dependencies.bicep | 47 +++++++++++++++++ .../tests/e2e/waf-aligned/main.test.bicep | 15 ++++++ avm/res/synapse/private-link-hub/main.bicep | 51 ++++++++++++------- .../tests/e2e/max/main.test.bicep | 7 ++- 4 files changed, 101 insertions(+), 19 deletions(-) diff --git a/avm/res/document-db/database-account/tests/e2e/waf-aligned/dependencies.bicep b/avm/res/document-db/database-account/tests/e2e/waf-aligned/dependencies.bicep index d9e107c4ea..e42185366b 100644 --- a/avm/res/document-db/database-account/tests/e2e/waf-aligned/dependencies.bicep +++ b/avm/res/document-db/database-account/tests/e2e/waf-aligned/dependencies.bicep @@ -4,9 +4,50 @@ param location string = resourceGroup().location @description('Required. The name of the Managed Identity to create.') param managedIdentityName string +@description('Required. The name of the Virtual Network to create.') +param virtualNetworkName string + @description('Required. The name of the Deployment Script to create to get the paired region name.') param pairedRegionScriptName string +var addressPrefix = '10.0.0.0/16' + +resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = { + name: virtualNetworkName + location: location + properties: { + addressSpace: { + addressPrefixes: [ + addressPrefix + ] + } + subnets: [ + { + name: 'defaultSubnet' + properties: { + addressPrefix: cidrSubnet(addressPrefix, 16, 0) + } + } + ] + } +} + +resource privateDNSZone 'Microsoft.Network/privateDnsZones@2020-06-01' = { + name: 'privatelink.documents.azure.com' + location: 'global' + + resource virtualNetworkLinks 'virtualNetworkLinks@2020-06-01' = { + name: '${virtualNetwork.name}-vnetlink' + location: 'global' + properties: { + virtualNetwork: { + id: virtualNetwork.id + } + registrationEnabled: false + } + } +} + resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = { name: managedIdentityName location: location @@ -44,3 +85,9 @@ resource getPairedRegionScript 'Microsoft.Resources/deploymentScripts@2020-10-01 @description('The name of the paired region.') output pairedRegionName string = getPairedRegionScript.properties.outputs.pairedRegionName + +@description('The resource ID of the created Virtual Network Subnet.') +output subnetResourceId string = virtualNetwork.properties.subnets[0].id + +@description('The resource ID of the created Private DNS Zone.') +output privateDNSZoneResourceId string = privateDNSZone.id diff --git a/avm/res/document-db/database-account/tests/e2e/waf-aligned/main.test.bicep b/avm/res/document-db/database-account/tests/e2e/waf-aligned/main.test.bicep index 4f9c11197e..ec5d857416 100644 --- a/avm/res/document-db/database-account/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/document-db/database-account/tests/e2e/waf-aligned/main.test.bicep @@ -38,6 +38,7 @@ module nestedDependencies 'dependencies.bicep' = { name: '${uniqueString(deployment().name, resourceLocation)}-nestedDependencies' params: { managedIdentityName: 'dep-${namePrefix}-msi-${serviceShort}' + virtualNetworkName: 'dep-${namePrefix}-vnet-${serviceShort}' pairedRegionScriptName: 'dep-${namePrefix}-ds-${serviceShort}' location: resourceLocation } @@ -87,6 +88,20 @@ module testDeployment '../../../main.bicep' = { } ] location: resourceLocation + privateEndpoints: [ + { + privateDnsZoneResourceIds: [ + nestedDependencies.outputs.privateDNSZoneResourceId + ] + service: 'Sql' + subnetResourceId: nestedDependencies.outputs.subnetResourceId + tags: { + 'hidden-title': 'This is visible in the resource name' + Environment: 'Non-Prod' + Role: 'DeploymentValidation' + } + } + ] sqlDatabases: [ { containers: [ diff --git a/avm/res/synapse/private-link-hub/main.bicep b/avm/res/synapse/private-link-hub/main.bicep index ea2d80db82..22d0d278ce 100644 --- a/avm/res/synapse/private-link-hub/main.bicep +++ b/avm/res/synapse/private-link-hub/main.bicep @@ -81,34 +81,45 @@ resource privateLinkHub_roleAssignments 'Microsoft.Authorization/roleAssignments }] // Private Endpoints -module privateLinkHub_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.3.1' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { - name: '${uniqueString(deployment().name, location)}-privateLinkHub-PrivateEndpoint-${index}' +module privateLinkHub_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { + name: '${uniqueString(deployment().name, location)}-PrivateLinkHub-PrivateEndpoint-${index}' params: { - privateLinkServiceConnections: [ + name: privateEndpoint.?name ?? 'pep-${last(split(privateLinkHub.id, '/'))}-${privateEndpoint.?service ?? 'web'}-${index}' + privateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections != true ? [ { - name: name + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(privateLinkHub.id, '/'))}-${privateEndpoint.?service ?? 'web'}-${index}' properties: { privateLinkServiceId: privateLinkHub.id groupIds: [ - privateEndpoint.?service ?? 'privateLinkHubs' + privateEndpoint.?service ?? 'web' ] } } - ] - name: privateEndpoint.?name ?? 'pep-${last(split(privateLinkHub.id, '/'))}-${privateEndpoint.?service ?? privateEndpoint.service}-${index}' + ] : null + manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ + { + name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(privateLinkHub.id, '/'))}-${privateEndpoint.?service ?? 'web'}-${index}' + properties: { + privateLinkServiceId: privateLinkHub.id + groupIds: [ + privateEndpoint.?service ?? 'web' + ] + requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' + } + } + ] : null subnetResourceId: privateEndpoint.subnetResourceId + enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry location: privateEndpoint.?location ?? reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location lock: privateEndpoint.?lock ?? lock privateDnsZoneGroupName: privateEndpoint.?privateDnsZoneGroupName privateDnsZoneResourceIds: privateEndpoint.?privateDnsZoneResourceIds roleAssignments: privateEndpoint.?roleAssignments tags: privateEndpoint.?tags ?? tags - manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections customDnsConfigs: privateEndpoint.?customDnsConfigs ipConfigurations: privateEndpoint.?ipConfigurations applicationSecurityGroupResourceIds: privateEndpoint.?applicationSecurityGroupResourceIds customNetworkInterfaceName: privateEndpoint.?customNetworkInterfaceName - enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry } }] @@ -166,24 +177,31 @@ type privateEndpointType = { @description('Optional. The location to deploy the private endpoint to.') location: string? - @description('Required. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob".') - service: string + @description('Optional. The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory".') + service: string? @description('Required. Resource ID of the subnet where the endpoint needs to be created.') subnetResourceId: string - @description('Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided.') + @description('Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided.') privateDnsZoneGroupName: string? @description('Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.') privateDnsZoneResourceIds: string[]? + @description('Optional. If Manual Private Link Connection is required.') + isManualConnection: bool? + + @description('Optional. A message passed to the owner of the remote resource with the manual connection request.') + @maxLength(140) + manualConnectionRequestMessage: string? + @description('Optional. Custom DNS configurations.') customDnsConfigs: { - @description('Required. Fqdn that resolves to private endpoint ip address.') + @description('Required. Fqdn that resolves to private endpoint IP address.') fqdn: string? - @description('Required. A list of private ip addresses of the private endpoint.') + @description('Required. A list of private IP addresses of the private endpoint.') ipAddresses: string[] }[]? @@ -200,7 +218,7 @@ type privateEndpointType = { @description('Required. The member name of a group obtained from the remote resource that this private endpoint should connect to.') memberName: string - @description('Required. A private ip address obtained from the private endpoint\'s subnet.') + @description('Required. A private IP address obtained from the private endpoint\'s subnet.') privateIPAddress: string } }[]? @@ -220,9 +238,6 @@ type privateEndpointType = { @description('Optional. Tags to be applied on all resources/resource groups in this deployment.') tags: object? - @description('Optional. Manual PrivateLink Service Connections.') - manualPrivateLinkServiceConnections: array? - @description('Optional. Enable/Disable usage telemetry for module.') enableTelemetry: bool? }[]? diff --git a/avm/res/synapse/private-link-hub/tests/e2e/max/main.test.bicep b/avm/res/synapse/private-link-hub/tests/e2e/max/main.test.bicep index edcbcf4ffe..f1e31fccb2 100644 --- a/avm/res/synapse/private-link-hub/tests/e2e/max/main.test.bicep +++ b/avm/res/synapse/private-link-hub/tests/e2e/max/main.test.bicep @@ -62,7 +62,6 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' privateDnsZoneResourceIds: [ nestedDependencies.outputs.privateDNSZoneResourceId ] - service: 'Web' subnetResourceId: nestedDependencies.outputs.subnetResourceId tags: { 'hidden-title': 'This is visible in the resource name' @@ -70,6 +69,12 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } + { + privateDnsZoneResourceIds: [ + nestedDependencies.outputs.privateDNSZoneResourceId + ] + subnetResourceId: nestedDependencies.outputs.subnetResourceId + } ] roleAssignments: [ { From b86b2db16fe5c8ec9d97b8e0aaf44d1a052394cd Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Mon, 26 Feb 2024 18:40:04 +0100 Subject: [PATCH 21/29] Regen docs --- .../automation/automation-account/README.md | 24 ++++++++++++++ avm/res/batch/batch-account/README.md | 32 ++++++++++++++++--- avm/res/databricks/workspace/README.md | 22 +++++++++++++ .../tests/e2e/sqldb/main.test.bicep | 5 --- avm/res/storage/storage-account/README.md | 14 ++++++++ .../tests/e2e/max/main.test.bicep | 5 --- avm/res/synapse/workspace/README.md | 22 ++++++++++--- .../workspace/tests/e2e/max/main.test.bicep | 5 --- 8 files changed, 106 insertions(+), 23 deletions(-) diff --git a/avm/res/automation/automation-account/README.md b/avm/res/automation/automation-account/README.md index 3951118bca..7453918030 100644 --- a/avm/res/automation/automation-account/README.md +++ b/avm/res/automation/automation-account/README.md @@ -233,6 +233,18 @@ module automationAccount 'br/public:avm/res/automation/automation-account:' + ] + service: 'Webhook' + subnetResourceId: '' + tags: { + Environment: 'Non-Prod' + 'hidden-title': 'This is visible in the resource name' + Role: 'DeploymentValidation' + } + } { privateDnsZoneResourceIds: [ '' @@ -467,6 +479,18 @@ module automationAccount 'br/public:avm/res/automation/automation-account:" + ], + "service": "Webhook", + "subnetResourceId": "", + "tags": { + "Environment": "Non-Prod", + "hidden-title": "This is visible in the resource name", + "Role": "DeploymentValidation" + } + }, { "privateDnsZoneResourceIds": [ "" diff --git a/avm/res/batch/batch-account/README.md b/avm/res/batch/batch-account/README.md index 696eaef654..1ea59e9346 100644 --- a/avm/res/batch/batch-account/README.md +++ b/avm/res/batch/batch-account/README.md @@ -231,7 +231,7 @@ module batchAccount 'br/public:avm/res/batch/batch-account:' = { { fqdn: 'abc.batch.com' ipAddresses: [ - '10.0.0.10' + '10.0.16.10' ] } ] @@ -241,7 +241,7 @@ module batchAccount 'br/public:avm/res/batch/batch-account:' = { properties: { groupId: 'batchAccount' memberName: 'batchAccount' - privateIPAddress: '10.0.0.10' + privateIPAddress: '10.0.16.10' } } ] @@ -268,6 +268,18 @@ module batchAccount 'br/public:avm/res/batch/batch-account:' = { Role: 'DeploymentValidation' } } + { + privateDnsZoneResourceIds: [ + '' + ] + service: 'batchAccount' + subnetResourceId: '' + tags: { + Environment: 'Non-Prod' + 'hidden-title': 'This is visible in the resource name' + Role: 'DeploymentValidation' + } + } { privateDnsZoneResourceIds: [ '' @@ -379,7 +391,7 @@ module batchAccount 'br/public:avm/res/batch/batch-account:' = { { "fqdn": "abc.batch.com", "ipAddresses": [ - "10.0.0.10" + "10.0.16.10" ] } ], @@ -389,7 +401,7 @@ module batchAccount 'br/public:avm/res/batch/batch-account:' = { "properties": { "groupId": "batchAccount", "memberName": "batchAccount", - "privateIPAddress": "10.0.0.10" + "privateIPAddress": "10.0.16.10" } } ], @@ -416,6 +428,18 @@ module batchAccount 'br/public:avm/res/batch/batch-account:' = { "Role": "DeploymentValidation" } }, + { + "privateDnsZoneResourceIds": [ + "" + ], + "service": "batchAccount", + "subnetResourceId": "", + "tags": { + "Environment": "Non-Prod", + "hidden-title": "This is visible in the resource name", + "Role": "DeploymentValidation" + } + }, { "privateDnsZoneResourceIds": [ "" diff --git a/avm/res/databricks/workspace/README.md b/avm/res/databricks/workspace/README.md index b82707c649..63b97e72a1 100644 --- a/avm/res/databricks/workspace/README.md +++ b/avm/res/databricks/workspace/README.md @@ -152,6 +152,17 @@ module workspace 'br/public:avm/res/databricks/workspace:' = { Role: 'DeploymentValidation' } } + { + privateDnsZoneResourceIds: [ + '' + ] + service: 'databricks_ui_api' + subnetResourceId: '' + tags: { + Environment: 'Non-Prod' + Role: 'DeploymentValidation' + } + } { privateDnsZoneResourceIds: [ '' @@ -295,6 +306,17 @@ module workspace 'br/public:avm/res/databricks/workspace:' = { "Role": "DeploymentValidation" } }, + { + "privateDnsZoneResourceIds": [ + "" + ], + "service": "databricks_ui_api", + "subnetResourceId": "", + "tags": { + "Environment": "Non-Prod", + "Role": "DeploymentValidation" + } + }, { "privateDnsZoneResourceIds": [ "" diff --git a/avm/res/document-db/database-account/tests/e2e/sqldb/main.test.bicep b/avm/res/document-db/database-account/tests/e2e/sqldb/main.test.bicep index 5bd1596abb..5ddc19855d 100644 --- a/avm/res/document-db/database-account/tests/e2e/sqldb/main.test.bicep +++ b/avm/res/document-db/database-account/tests/e2e/sqldb/main.test.bicep @@ -111,11 +111,6 @@ module testDeployment '../../../main.bicep' = { ] service: 'Sql' subnetResourceId: nestedDependencies.outputs.customSubnet2ResourceId - tags: { - 'hidden-title': 'This is visible in the resource name' - Environment: 'Non-Prod' - Role: 'DeploymentValidation' - } } ] roleAssignments: [ diff --git a/avm/res/storage/storage-account/README.md b/avm/res/storage/storage-account/README.md index a6cdb6c333..8617bfe51c 100644 --- a/avm/res/storage/storage-account/README.md +++ b/avm/res/storage/storage-account/README.md @@ -439,6 +439,13 @@ module storageAccount 'br/public:avm/res/storage/storage-account:' = { Role: 'DeploymentValidation' } } + { + privateDnsZoneResourceIds: [ + '' + ] + service: 'blob' + subnetResourceId: '' + } { privateDnsZoneResourceIds: [ '' @@ -865,6 +872,13 @@ module storageAccount 'br/public:avm/res/storage/storage-account:' = { "Role": "DeploymentValidation" } }, + { + "privateDnsZoneResourceIds": [ + "" + ], + "service": "blob", + "subnetResourceId": "" + }, { "privateDnsZoneResourceIds": [ "" diff --git a/avm/res/storage/storage-account/tests/e2e/max/main.test.bicep b/avm/res/storage/storage-account/tests/e2e/max/main.test.bicep index 09d13f832d..86a30c9ea9 100644 --- a/avm/res/storage/storage-account/tests/e2e/max/main.test.bicep +++ b/avm/res/storage/storage-account/tests/e2e/max/main.test.bicep @@ -96,11 +96,6 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' privateDnsZoneResourceIds: [ nestedDependencies.outputs.privateDNSZoneResourceId ] - tags: { - 'hidden-title': 'This is visible in the resource name' - Environment: 'Non-Prod' - Role: 'DeploymentValidation' - } } { privateDnsZoneResourceIds: [ diff --git a/avm/res/synapse/workspace/README.md b/avm/res/synapse/workspace/README.md index 3ec58eab1e..ac0814390f 100644 --- a/avm/res/synapse/workspace/README.md +++ b/avm/res/synapse/workspace/README.md @@ -394,7 +394,7 @@ module workspace 'br/public:avm/res/synapse/workspace:' = { privateDnsZoneResourceIds: [ '' ] - service: 'SqlOnDemand' + service: 'SQL' subnetResourceId: '' tags: { Environment: 'Non-Prod' @@ -406,7 +406,7 @@ module workspace 'br/public:avm/res/synapse/workspace:' = { privateDnsZoneResourceIds: [ '' ] - service: 'Dev' + service: 'SqlOnDemand' subnetResourceId: '' tags: { Environment: 'Non-Prod' @@ -414,6 +414,13 @@ module workspace 'br/public:avm/res/synapse/workspace:' = { Role: 'DeploymentValidation' } } + { + privateDnsZoneResourceIds: [ + '' + ] + service: 'Dev' + subnetResourceId: '' + } ] roleAssignments: [ { @@ -523,7 +530,7 @@ module workspace 'br/public:avm/res/synapse/workspace:' = { "privateDnsZoneResourceIds": [ "" ], - "service": "SqlOnDemand", + "service": "SQL", "subnetResourceId": "", "tags": { "Environment": "Non-Prod", @@ -535,13 +542,20 @@ module workspace 'br/public:avm/res/synapse/workspace:' = { "privateDnsZoneResourceIds": [ "" ], - "service": "Dev", + "service": "SqlOnDemand", "subnetResourceId": "", "tags": { "Environment": "Non-Prod", "hidden-title": "This is visible in the resource name", "Role": "DeploymentValidation" } + }, + { + "privateDnsZoneResourceIds": [ + "" + ], + "service": "Dev", + "subnetResourceId": "" } ] }, diff --git a/avm/res/synapse/workspace/tests/e2e/max/main.test.bicep b/avm/res/synapse/workspace/tests/e2e/max/main.test.bicep index 19f94147e6..61960dca1e 100644 --- a/avm/res/synapse/workspace/tests/e2e/max/main.test.bicep +++ b/avm/res/synapse/workspace/tests/e2e/max/main.test.bicep @@ -136,11 +136,6 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' ] service: 'Dev' subnetResourceId: nestedDependencies.outputs.customSubnet1ResourceId - tags: { - 'hidden-title': 'This is visible in the resource name' - Environment: 'Non-Prod' - Role: 'DeploymentValidation' - } } ] managedVirtualNetwork: true From 47a42d453585cb0000d4b4cf62f260fed6a0ceab Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Mon, 26 Feb 2024 19:36:24 +0100 Subject: [PATCH 22/29] Updated tests with explicit dependency --- .../automation-account/tests/e2e/max/main.test.bicep | 4 ++++ .../automation-account/tests/e2e/waf-aligned/main.test.bicep | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/avm/res/automation/automation-account/tests/e2e/max/main.test.bicep b/avm/res/automation/automation-account/tests/e2e/max/main.test.bicep index 7b4b925205..0c9b5a710d 100644 --- a/avm/res/automation/automation-account/tests/e2e/max/main.test.bicep +++ b/avm/res/automation/automation-account/tests/e2e/max/main.test.bicep @@ -268,4 +268,8 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } + dependsOn: [ + nestedDependencies + diagnosticDependencies + ] }] diff --git a/avm/res/automation/automation-account/tests/e2e/waf-aligned/main.test.bicep b/avm/res/automation/automation-account/tests/e2e/waf-aligned/main.test.bicep index fbaee4ef11..d2bbfb2033 100644 --- a/avm/res/automation/automation-account/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/automation/automation-account/tests/e2e/waf-aligned/main.test.bicep @@ -242,4 +242,8 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } + dependsOn: [ + nestedDependencies + diagnosticDependencies + ] }] From 846b512347907bf0c693c468b314a16896274a3d Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Mon, 26 Feb 2024 20:53:16 +0100 Subject: [PATCH 23/29] Added explicit dependencies --- avm/res/batch/batch-account/tests/e2e/max/main.test.bicep | 4 ++++ .../batch/batch-account/tests/e2e/waf-aligned/main.test.bicep | 4 ++++ avm/res/cache/redis/tests/e2e/max/main.test.bicep | 4 ++++ avm/res/cache/redis/tests/e2e/waf-aligned/main.test.bicep | 4 ++++ .../registry/tests/e2e/encr/main.test.bicep | 3 +++ .../container-registry/registry/tests/e2e/max/main.test.bicep | 4 ++++ .../registry/tests/e2e/waf-aligned/main.test.bicep | 4 ++++ .../workspace/tests/e2e/max/main.test.bicep | 4 ++++ .../workspace/tests/e2e/waf-aligned/main.test.bicep | 3 +++ .../database-account/tests/e2e/gremlindb/main.test.bicep | 4 ++++ .../database-account/tests/e2e/mongodb/main.test.bicep | 4 ++++ .../database-account/tests/e2e/plain/main.test.bicep | 4 ++++ .../database-account/tests/e2e/sqldb/main.test.bicep | 4 ++++ .../database-account/tests/e2e/waf-aligned/main.test.bicep | 4 ++++ avm/res/key-vault/vault/tests/e2e/max/main.test.bicep | 4 ++++ avm/res/key-vault/vault/tests/e2e/waf-aligned/main.test.bicep | 4 ++++ avm/res/search/search-service/tests/e2e/max/main.test.bicep | 4 ++++ avm/res/search/search-service/tests/e2e/pe/main.test.bicep | 3 +++ .../search-service/tests/e2e/waf-aligned/main.test.bicep | 4 ++++ avm/res/service-bus/namespace/tests/e2e/encr/main.test.bicep | 3 +++ avm/res/service-bus/namespace/tests/e2e/max/main.test.bicep | 4 ++++ .../namespace/tests/e2e/waf-aligned/main.test.bicep | 4 ++++ avm/res/sql/server/tests/e2e/admin/main.test.bicep | 3 +++ avm/res/sql/server/tests/e2e/max/main.test.bicep | 4 ++++ avm/res/sql/server/tests/e2e/secondary/main.test.bicep | 3 +++ avm/res/sql/server/tests/e2e/vulnAssm/main.test.bicep | 3 +++ avm/res/sql/server/tests/e2e/waf-aligned/main.test.bicep | 4 ++++ avm/res/storage/storage-account/tests/e2e/max/main.test.bicep | 4 ++++ .../tests/e2e/system-assigned-cmk-encryption/main.test.bicep | 3 +++ .../tests/e2e/user-assigned-cmk-encryption/main.test.bicep | 3 +++ .../storage-account/tests/e2e/waf-aligned/main.test.bicep | 4 ++++ avm/res/synapse/workspace/tests/e2e/defaults/main.test.bicep | 3 +++ avm/res/synapse/workspace/tests/e2e/encrwsai/main.test.bicep | 4 +++- avm/res/synapse/workspace/tests/e2e/encrwuai/main.test.bicep | 3 +++ .../synapse/workspace/tests/e2e/managedvnet/main.test.bicep | 4 +++- avm/res/synapse/workspace/tests/e2e/max/main.test.bicep | 4 ++++ .../synapse/workspace/tests/e2e/waf-aligned/main.test.bicep | 4 ++++ .../web/site/tests/e2e/functionApp.defaults/main.test.bicep | 3 +++ avm/res/web/site/tests/e2e/functionApp.max/main.test.bicep | 4 ++++ avm/res/web/site/tests/e2e/waf-aligned/main.test.bicep | 4 ++++ avm/res/web/site/tests/e2e/webApp.defaults/main.test.bicep | 3 +++ avm/res/web/site/tests/e2e/webApp.max/main.test.bicep | 4 ++++ 42 files changed, 153 insertions(+), 2 deletions(-) diff --git a/avm/res/batch/batch-account/tests/e2e/max/main.test.bicep b/avm/res/batch/batch-account/tests/e2e/max/main.test.bicep index eb178649c9..85afc629ca 100644 --- a/avm/res/batch/batch-account/tests/e2e/max/main.test.bicep +++ b/avm/res/batch/batch-account/tests/e2e/max/main.test.bicep @@ -191,4 +191,8 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } + dependsOn: [ + nestedDependencies + diagnosticDependencies + ] }] diff --git a/avm/res/batch/batch-account/tests/e2e/waf-aligned/main.test.bicep b/avm/res/batch/batch-account/tests/e2e/waf-aligned/main.test.bicep index 3dcc035248..b01e34b2d0 100644 --- a/avm/res/batch/batch-account/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/batch/batch-account/tests/e2e/waf-aligned/main.test.bicep @@ -101,4 +101,8 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } + dependsOn: [ + nestedDependencies + diagnosticDependencies + ] }] diff --git a/avm/res/cache/redis/tests/e2e/max/main.test.bicep b/avm/res/cache/redis/tests/e2e/max/main.test.bicep index fd70ad201b..cc8bd7dde1 100644 --- a/avm/res/cache/redis/tests/e2e/max/main.test.bicep +++ b/avm/res/cache/redis/tests/e2e/max/main.test.bicep @@ -156,4 +156,8 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' resourceType: 'Redis Cache' } } + dependsOn: [ + nestedDependencies + diagnosticDependencies + ] }] diff --git a/avm/res/cache/redis/tests/e2e/waf-aligned/main.test.bicep b/avm/res/cache/redis/tests/e2e/waf-aligned/main.test.bicep index 337a88e772..1a0542d4a3 100644 --- a/avm/res/cache/redis/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/cache/redis/tests/e2e/waf-aligned/main.test.bicep @@ -112,4 +112,8 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' resourceType: 'Redis Cache' } } + dependsOn: [ + nestedDependencies + diagnosticDependencies + ] }] diff --git a/avm/res/container-registry/registry/tests/e2e/encr/main.test.bicep b/avm/res/container-registry/registry/tests/e2e/encr/main.test.bicep index bf33665f09..740e8c19d6 100644 --- a/avm/res/container-registry/registry/tests/e2e/encr/main.test.bicep +++ b/avm/res/container-registry/registry/tests/e2e/encr/main.test.bicep @@ -70,4 +70,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' ] } } + dependsOn: [ + nestedDependencies + ] }] diff --git a/avm/res/container-registry/registry/tests/e2e/max/main.test.bicep b/avm/res/container-registry/registry/tests/e2e/max/main.test.bicep index 54dc543210..6153fdefb5 100644 --- a/avm/res/container-registry/registry/tests/e2e/max/main.test.bicep +++ b/avm/res/container-registry/registry/tests/e2e/max/main.test.bicep @@ -170,4 +170,8 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } + dependsOn: [ + nestedDependencies + diagnosticDependencies + ] }] diff --git a/avm/res/container-registry/registry/tests/e2e/waf-aligned/main.test.bicep b/avm/res/container-registry/registry/tests/e2e/waf-aligned/main.test.bicep index 284f517de9..c046264a97 100644 --- a/avm/res/container-registry/registry/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/container-registry/registry/tests/e2e/waf-aligned/main.test.bicep @@ -94,4 +94,8 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } + dependsOn: [ + nestedDependencies + diagnosticDependencies + ] }] diff --git a/avm/res/desktop-virtualization/workspace/tests/e2e/max/main.test.bicep b/avm/res/desktop-virtualization/workspace/tests/e2e/max/main.test.bicep index 5cb9db486c..e81a1febd0 100644 --- a/avm/res/desktop-virtualization/workspace/tests/e2e/max/main.test.bicep +++ b/avm/res/desktop-virtualization/workspace/tests/e2e/max/main.test.bicep @@ -178,4 +178,8 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' name: 'myCustomLockName' } } + dependsOn: [ + nestedDependencies + diagnosticDependencies + ] }] diff --git a/avm/res/desktop-virtualization/workspace/tests/e2e/waf-aligned/main.test.bicep b/avm/res/desktop-virtualization/workspace/tests/e2e/waf-aligned/main.test.bicep index 6650e01b10..1103178216 100644 --- a/avm/res/desktop-virtualization/workspace/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/desktop-virtualization/workspace/tests/e2e/waf-aligned/main.test.bicep @@ -68,4 +68,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } + dependsOn: [ + diagnosticDependencies + ] }] diff --git a/avm/res/document-db/database-account/tests/e2e/gremlindb/main.test.bicep b/avm/res/document-db/database-account/tests/e2e/gremlindb/main.test.bicep index ad94f42066..9931f2cbd2 100644 --- a/avm/res/document-db/database-account/tests/e2e/gremlindb/main.test.bicep +++ b/avm/res/document-db/database-account/tests/e2e/gremlindb/main.test.bicep @@ -170,4 +170,8 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } + dependsOn: [ + nestedDependencies + diagnosticDependencies + ] }] diff --git a/avm/res/document-db/database-account/tests/e2e/mongodb/main.test.bicep b/avm/res/document-db/database-account/tests/e2e/mongodb/main.test.bicep index 48b812836a..463ff7708e 100644 --- a/avm/res/document-db/database-account/tests/e2e/mongodb/main.test.bicep +++ b/avm/res/document-db/database-account/tests/e2e/mongodb/main.test.bicep @@ -304,4 +304,8 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } + dependsOn: [ + nestedDependencies + diagnosticDependencies + ] }] diff --git a/avm/res/document-db/database-account/tests/e2e/plain/main.test.bicep b/avm/res/document-db/database-account/tests/e2e/plain/main.test.bicep index 15f0bddb53..c67998598b 100644 --- a/avm/res/document-db/database-account/tests/e2e/plain/main.test.bicep +++ b/avm/res/document-db/database-account/tests/e2e/plain/main.test.bicep @@ -119,4 +119,8 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } + dependsOn: [ + nestedDependencies + diagnosticDependencies + ] }] diff --git a/avm/res/document-db/database-account/tests/e2e/sqldb/main.test.bicep b/avm/res/document-db/database-account/tests/e2e/sqldb/main.test.bicep index 5ddc19855d..4a839dd38f 100644 --- a/avm/res/document-db/database-account/tests/e2e/sqldb/main.test.bicep +++ b/avm/res/document-db/database-account/tests/e2e/sqldb/main.test.bicep @@ -215,4 +215,8 @@ module testDeployment '../../../main.bicep' = { Role: 'DeploymentValidation' } } + dependsOn: [ + nestedDependencies + diagnosticDependencies + ] } diff --git a/avm/res/document-db/database-account/tests/e2e/waf-aligned/main.test.bicep b/avm/res/document-db/database-account/tests/e2e/waf-aligned/main.test.bicep index ec5d857416..7829519f3d 100644 --- a/avm/res/document-db/database-account/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/document-db/database-account/tests/e2e/waf-aligned/main.test.bicep @@ -145,4 +145,8 @@ module testDeployment '../../../main.bicep' = { Role: 'DeploymentValidation' } } + dependsOn: [ + nestedDependencies + diagnosticDependencies + ] } diff --git a/avm/res/key-vault/vault/tests/e2e/max/main.test.bicep b/avm/res/key-vault/vault/tests/e2e/max/main.test.bicep index 48c8d6acf9..280869b9b8 100644 --- a/avm/res/key-vault/vault/tests/e2e/max/main.test.bicep +++ b/avm/res/key-vault/vault/tests/e2e/max/main.test.bicep @@ -287,4 +287,8 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } + dependsOn: [ + nestedDependencies + diagnosticDependencies + ] }] diff --git a/avm/res/key-vault/vault/tests/e2e/waf-aligned/main.test.bicep b/avm/res/key-vault/vault/tests/e2e/waf-aligned/main.test.bicep index 3415e5afdd..e0db10f622 100644 --- a/avm/res/key-vault/vault/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/key-vault/vault/tests/e2e/waf-aligned/main.test.bicep @@ -143,4 +143,8 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } + dependsOn: [ + nestedDependencies + diagnosticDependencies + ] }] diff --git a/avm/res/search/search-service/tests/e2e/max/main.test.bicep b/avm/res/search/search-service/tests/e2e/max/main.test.bicep index 992a44d413..606cd77eb1 100644 --- a/avm/res/search/search-service/tests/e2e/max/main.test.bicep +++ b/avm/res/search/search-service/tests/e2e/max/main.test.bicep @@ -129,4 +129,8 @@ module testDeployment '../../../main.bicep' = { Role: 'DeploymentValidation' } } + dependsOn: [ + nestedDependencies + diagnosticDependencies + ] } diff --git a/avm/res/search/search-service/tests/e2e/pe/main.test.bicep b/avm/res/search/search-service/tests/e2e/pe/main.test.bicep index 0c8f6c6692..1743c384cc 100644 --- a/avm/res/search/search-service/tests/e2e/pe/main.test.bicep +++ b/avm/res/search/search-service/tests/e2e/pe/main.test.bicep @@ -95,4 +95,7 @@ module testDeployment '../../../main.bicep' = { Role: 'DeploymentValidation' } } + dependsOn: [ + nestedDependencies + ] } diff --git a/avm/res/search/search-service/tests/e2e/waf-aligned/main.test.bicep b/avm/res/search/search-service/tests/e2e/waf-aligned/main.test.bicep index a1de915de1..343f301ded 100644 --- a/avm/res/search/search-service/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/search/search-service/tests/e2e/waf-aligned/main.test.bicep @@ -112,4 +112,8 @@ module testDeployment '../../../main.bicep' = { Role: 'DeploymentValidation' } } + dependsOn: [ + nestedDependencies + diagnosticDependencies + ] } diff --git a/avm/res/service-bus/namespace/tests/e2e/encr/main.test.bicep b/avm/res/service-bus/namespace/tests/e2e/encr/main.test.bicep index a42a0686b1..0d8f78b1fa 100644 --- a/avm/res/service-bus/namespace/tests/e2e/encr/main.test.bicep +++ b/avm/res/service-bus/namespace/tests/e2e/encr/main.test.bicep @@ -73,4 +73,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' userAssignedIdentityResourceId: nestedDependencies.outputs.managedIdentityResourceId } } + dependsOn: [ + nestedDependencies + ] }] diff --git a/avm/res/service-bus/namespace/tests/e2e/max/main.test.bicep b/avm/res/service-bus/namespace/tests/e2e/max/main.test.bicep index de69e57438..8948e8ae44 100644 --- a/avm/res/service-bus/namespace/tests/e2e/max/main.test.bicep +++ b/avm/res/service-bus/namespace/tests/e2e/max/main.test.bicep @@ -257,4 +257,8 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' publicNetworkAccess: 'Enabled' minimumTlsVersion: '1.2' } + dependsOn: [ + nestedDependencies + diagnosticDependencies + ] }] diff --git a/avm/res/service-bus/namespace/tests/e2e/waf-aligned/main.test.bicep b/avm/res/service-bus/namespace/tests/e2e/waf-aligned/main.test.bicep index 11ba61b580..543060cd91 100644 --- a/avm/res/service-bus/namespace/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/service-bus/namespace/tests/e2e/waf-aligned/main.test.bicep @@ -199,4 +199,8 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' publicNetworkAccess: 'Enabled' minimumTlsVersion: '1.2' } + dependsOn: [ + nestedDependencies + diagnosticDependencies + ] }] diff --git a/avm/res/sql/server/tests/e2e/admin/main.test.bicep b/avm/res/sql/server/tests/e2e/admin/main.test.bicep index a7143c0613..622de8c80a 100644 --- a/avm/res/sql/server/tests/e2e/admin/main.test.bicep +++ b/avm/res/sql/server/tests/e2e/admin/main.test.bicep @@ -57,4 +57,7 @@ module testDeployment '../../../main.bicep' = { principalType: 'Application' } } + dependsOn: [ + nestedDependencies + ] } diff --git a/avm/res/sql/server/tests/e2e/max/main.test.bicep b/avm/res/sql/server/tests/e2e/max/main.test.bicep index 2d2f0b944d..01ea249410 100644 --- a/avm/res/sql/server/tests/e2e/max/main.test.bicep +++ b/avm/res/sql/server/tests/e2e/max/main.test.bicep @@ -205,4 +205,8 @@ module testDeployment '../../../main.bicep' = { Role: 'DeploymentValidation' } } + dependsOn: [ + nestedDependencies + diagnosticDependencies + ] } diff --git a/avm/res/sql/server/tests/e2e/secondary/main.test.bicep b/avm/res/sql/server/tests/e2e/secondary/main.test.bicep index b04b858a3b..d86a8377b4 100644 --- a/avm/res/sql/server/tests/e2e/secondary/main.test.bicep +++ b/avm/res/sql/server/tests/e2e/secondary/main.test.bicep @@ -72,4 +72,7 @@ module testDeployment '../../../main.bicep' = { Role: 'DeploymentValidation' } } + dependsOn: [ + nestedDependencies + ] } diff --git a/avm/res/sql/server/tests/e2e/vulnAssm/main.test.bicep b/avm/res/sql/server/tests/e2e/vulnAssm/main.test.bicep index 367a939783..3b01629f48 100644 --- a/avm/res/sql/server/tests/e2e/vulnAssm/main.test.bicep +++ b/avm/res/sql/server/tests/e2e/vulnAssm/main.test.bicep @@ -89,4 +89,7 @@ module testDeployment '../../../main.bicep' = { Role: 'DeploymentValidation' } } + dependsOn: [ + nestedDependencies + ] } diff --git a/avm/res/sql/server/tests/e2e/waf-aligned/main.test.bicep b/avm/res/sql/server/tests/e2e/waf-aligned/main.test.bicep index e8cfdc3d1e..d0c16ff2b9 100644 --- a/avm/res/sql/server/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/sql/server/tests/e2e/waf-aligned/main.test.bicep @@ -172,4 +172,8 @@ module testDeployment '../../../main.bicep' = { Role: 'DeploymentValidation' } } + dependsOn: [ + nestedDependencies + diagnosticDependencies + ] } diff --git a/avm/res/storage/storage-account/tests/e2e/max/main.test.bicep b/avm/res/storage/storage-account/tests/e2e/max/main.test.bicep index 86a30c9ea9..684eca60e3 100644 --- a/avm/res/storage/storage-account/tests/e2e/max/main.test.bicep +++ b/avm/res/storage/storage-account/tests/e2e/max/main.test.bicep @@ -449,4 +449,8 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } + dependsOn: [ + nestedDependencies + diagnosticDependencies + ] }] diff --git a/avm/res/storage/storage-account/tests/e2e/system-assigned-cmk-encryption/main.test.bicep b/avm/res/storage/storage-account/tests/e2e/system-assigned-cmk-encryption/main.test.bicep index 936455ba72..2c2bfc3700 100644 --- a/avm/res/storage/storage-account/tests/e2e/system-assigned-cmk-encryption/main.test.bicep +++ b/avm/res/storage/storage-account/tests/e2e/system-assigned-cmk-encryption/main.test.bicep @@ -82,4 +82,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' keyVaultResourceId: nestedDependencies.outputs.keyVaultResourceId } } + dependsOn: [ + nestedDependencies + ] }] diff --git a/avm/res/storage/storage-account/tests/e2e/user-assigned-cmk-encryption/main.test.bicep b/avm/res/storage/storage-account/tests/e2e/user-assigned-cmk-encryption/main.test.bicep index 505551c7aa..3997f6a7f1 100644 --- a/avm/res/storage/storage-account/tests/e2e/user-assigned-cmk-encryption/main.test.bicep +++ b/avm/res/storage/storage-account/tests/e2e/user-assigned-cmk-encryption/main.test.bicep @@ -89,4 +89,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' userAssignedIdentityResourceId: nestedDependencies.outputs.managedIdentityResourceId } } + dependsOn: [ + nestedDependencies + ] }] diff --git a/avm/res/storage/storage-account/tests/e2e/waf-aligned/main.test.bicep b/avm/res/storage/storage-account/tests/e2e/waf-aligned/main.test.bicep index 8d3c2cb47c..0fdbb91dff 100644 --- a/avm/res/storage/storage-account/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/storage/storage-account/tests/e2e/waf-aligned/main.test.bicep @@ -301,4 +301,8 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } + dependsOn: [ + nestedDependencies + diagnosticDependencies + ] }] diff --git a/avm/res/synapse/workspace/tests/e2e/defaults/main.test.bicep b/avm/res/synapse/workspace/tests/e2e/defaults/main.test.bicep index 30ec5ae1be..5b96756401 100644 --- a/avm/res/synapse/workspace/tests/e2e/defaults/main.test.bicep +++ b/avm/res/synapse/workspace/tests/e2e/defaults/main.test.bicep @@ -55,4 +55,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' defaultDataLakeStorageFilesystem: nestedDependencies.outputs.storageContainerName sqlAdministratorLogin: 'synwsadmin' } + dependsOn: [ + nestedDependencies + ] }] diff --git a/avm/res/synapse/workspace/tests/e2e/encrwsai/main.test.bicep b/avm/res/synapse/workspace/tests/e2e/encrwsai/main.test.bicep index 3f52c9ae3a..1099ded9b2 100644 --- a/avm/res/synapse/workspace/tests/e2e/encrwsai/main.test.bicep +++ b/avm/res/synapse/workspace/tests/e2e/encrwsai/main.test.bicep @@ -3,7 +3,6 @@ targetScope = 'subscription' metadata name = 'Using encryption with Customer-Managed-Key' metadata description = 'This instance deploys the module using Customer-Managed-Keys using a System-Assigned Identity to access the Customer-Managed-Key secret.' - // ========== // // Parameters // // ========== // @@ -66,4 +65,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' encryptionActivateWorkspace: true location: resourceLocation } + dependsOn: [ + nestedDependencies + ] }] diff --git a/avm/res/synapse/workspace/tests/e2e/encrwuai/main.test.bicep b/avm/res/synapse/workspace/tests/e2e/encrwuai/main.test.bicep index 79a8fdebb3..b1905e7fd0 100644 --- a/avm/res/synapse/workspace/tests/e2e/encrwuai/main.test.bicep +++ b/avm/res/synapse/workspace/tests/e2e/encrwuai/main.test.bicep @@ -66,4 +66,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' userAssignedIdentityResourceId: nestedDependencies.outputs.managedIdentityResourceId } } + dependsOn: [ + nestedDependencies + ] }] diff --git a/avm/res/synapse/workspace/tests/e2e/managedvnet/main.test.bicep b/avm/res/synapse/workspace/tests/e2e/managedvnet/main.test.bicep index 80e9d4ebdb..4cbe44aa95 100644 --- a/avm/res/synapse/workspace/tests/e2e/managedvnet/main.test.bicep +++ b/avm/res/synapse/workspace/tests/e2e/managedvnet/main.test.bicep @@ -3,7 +3,6 @@ targetScope = 'subscription' metadata name = 'Using managed Vnet' metadata description = 'This instance deploys the module using a managed Vnet.' - // ========== // // Parameters // // ========== // @@ -61,4 +60,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' tenant().tenantId ] } + dependsOn: [ + nestedDependencies + ] }] diff --git a/avm/res/synapse/workspace/tests/e2e/max/main.test.bicep b/avm/res/synapse/workspace/tests/e2e/max/main.test.bicep index 61960dca1e..b798023efb 100644 --- a/avm/res/synapse/workspace/tests/e2e/max/main.test.bicep +++ b/avm/res/synapse/workspace/tests/e2e/max/main.test.bicep @@ -163,4 +163,8 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' } ] } + dependsOn: [ + nestedDependencies + diagnosticDependencies + ] }] diff --git a/avm/res/synapse/workspace/tests/e2e/waf-aligned/main.test.bicep b/avm/res/synapse/workspace/tests/e2e/waf-aligned/main.test.bicep index 8eed631785..f47275aa9e 100644 --- a/avm/res/synapse/workspace/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/synapse/workspace/tests/e2e/waf-aligned/main.test.bicep @@ -113,4 +113,8 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } + dependsOn: [ + nestedDependencies + diagnosticDependencies + ] }] diff --git a/avm/res/web/site/tests/e2e/functionApp.defaults/main.test.bicep b/avm/res/web/site/tests/e2e/functionApp.defaults/main.test.bicep index 802c4c8ca4..a9d3e90e3a 100644 --- a/avm/res/web/site/tests/e2e/functionApp.defaults/main.test.bicep +++ b/avm/res/web/site/tests/e2e/functionApp.defaults/main.test.bicep @@ -57,4 +57,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' alwaysOn: true } } + dependsOn: [ + nestedDependencies + ] }] diff --git a/avm/res/web/site/tests/e2e/functionApp.max/main.test.bicep b/avm/res/web/site/tests/e2e/functionApp.max/main.test.bicep index 632b06414e..06353e92cf 100644 --- a/avm/res/web/site/tests/e2e/functionApp.max/main.test.bicep +++ b/avm/res/web/site/tests/e2e/functionApp.max/main.test.bicep @@ -226,4 +226,8 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' } ] } + dependsOn: [ + nestedDependencies + diagnosticDependencies + ] }] diff --git a/avm/res/web/site/tests/e2e/waf-aligned/main.test.bicep b/avm/res/web/site/tests/e2e/waf-aligned/main.test.bicep index df56fc271f..3a0c5c9f24 100644 --- a/avm/res/web/site/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/web/site/tests/e2e/waf-aligned/main.test.bicep @@ -100,4 +100,8 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' vnetRouteAllEnabled: true publicNetworkAccess: 'Disabled' } + dependsOn: [ + nestedDependencies + diagnosticDependencies + ] }] diff --git a/avm/res/web/site/tests/e2e/webApp.defaults/main.test.bicep b/avm/res/web/site/tests/e2e/webApp.defaults/main.test.bicep index afa3b51e11..327bfd6495 100644 --- a/avm/res/web/site/tests/e2e/webApp.defaults/main.test.bicep +++ b/avm/res/web/site/tests/e2e/webApp.defaults/main.test.bicep @@ -54,4 +54,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' kind: 'app' serverFarmResourceId: nestedDependencies.outputs.serverFarmResourceId } + dependsOn: [ + nestedDependencies + ] }] diff --git a/avm/res/web/site/tests/e2e/webApp.max/main.test.bicep b/avm/res/web/site/tests/e2e/webApp.max/main.test.bicep index 58763b8e53..c1dba11860 100644 --- a/avm/res/web/site/tests/e2e/webApp.max/main.test.bicep +++ b/avm/res/web/site/tests/e2e/webApp.max/main.test.bicep @@ -244,4 +244,8 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' vnetRouteAllEnabled: true publicNetworkAccess: 'Disabled' } + dependsOn: [ + nestedDependencies + diagnosticDependencies + ] }] From 3befb2529ec62982a2207572dba1520c056722e0 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Mon, 26 Feb 2024 21:06:24 +0100 Subject: [PATCH 24/29] Update to latest --- .../cognitive-services/account/tests/e2e/max/main.test.bicep | 4 ++++ .../account/tests/e2e/speech/main.test.bicep | 3 +++ .../tests/e2e/system-assigned-cmk-encryption/main.test.bicep | 3 +++ .../tests/e2e/user-assigned-cmk-encryption/main.test.bicep | 3 +++ .../account/tests/e2e/waf-aligned/main.test.bicep | 4 ++++ .../host-pool/tests/e2e/max/main.test.bicep | 4 ++++ .../host-pool/tests/e2e/waf-aligned/main.test.bicep | 3 +++ avm/res/event-grid/domain/tests/e2e/max/main.test.bicep | 4 ++++ .../event-grid/domain/tests/e2e/waf-aligned/main.test.bicep | 4 ++++ avm/res/event-grid/topic/tests/e2e/max/main.test.bicep | 4 ++++ .../event-grid/topic/tests/e2e/waf-aligned/main.test.bicep | 4 ++++ .../insights/private-link-scope/tests/e2e/max/main.test.bicep | 3 +++ .../private-link-scope/tests/e2e/waf-aligned/main.test.bicep | 3 +++ .../synapse/private-link-hub/tests/e2e/max/main.test.bicep | 3 +++ .../private-link-hub/tests/e2e/waf-aligned/main.test.bicep | 3 +++ avm/res/web/static-site/tests/e2e/max/main.test.bicep | 3 +++ avm/res/web/static-site/tests/e2e/waf-aligned/main.test.bicep | 3 +++ 17 files changed, 58 insertions(+) diff --git a/avm/res/cognitive-services/account/tests/e2e/max/main.test.bicep b/avm/res/cognitive-services/account/tests/e2e/max/main.test.bicep index 82b05d5555..c133cecb59 100644 --- a/avm/res/cognitive-services/account/tests/e2e/max/main.test.bicep +++ b/avm/res/cognitive-services/account/tests/e2e/max/main.test.bicep @@ -175,4 +175,8 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } + dependsOn: [ + nestedDependencies + diagnosticDependencies + ] }] diff --git a/avm/res/cognitive-services/account/tests/e2e/speech/main.test.bicep b/avm/res/cognitive-services/account/tests/e2e/speech/main.test.bicep index e349981b03..d115398bf1 100644 --- a/avm/res/cognitive-services/account/tests/e2e/speech/main.test.bicep +++ b/avm/res/cognitive-services/account/tests/e2e/speech/main.test.bicep @@ -79,4 +79,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } + dependsOn: [ + nestedDependencies + ] }] diff --git a/avm/res/cognitive-services/account/tests/e2e/system-assigned-cmk-encryption/main.test.bicep b/avm/res/cognitive-services/account/tests/e2e/system-assigned-cmk-encryption/main.test.bicep index e657ba486b..3e79483631 100644 --- a/avm/res/cognitive-services/account/tests/e2e/system-assigned-cmk-encryption/main.test.bicep +++ b/avm/res/cognitive-services/account/tests/e2e/system-assigned-cmk-encryption/main.test.bicep @@ -68,4 +68,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' } restrictOutboundNetworkAccess: false } + dependsOn: [ + nestedDependencies + ] }] diff --git a/avm/res/cognitive-services/account/tests/e2e/user-assigned-cmk-encryption/main.test.bicep b/avm/res/cognitive-services/account/tests/e2e/user-assigned-cmk-encryption/main.test.bicep index 241ca59ae4..f161025c18 100644 --- a/avm/res/cognitive-services/account/tests/e2e/user-assigned-cmk-encryption/main.test.bicep +++ b/avm/res/cognitive-services/account/tests/e2e/user-assigned-cmk-encryption/main.test.bicep @@ -71,4 +71,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' } restrictOutboundNetworkAccess: false } + dependsOn: [ + nestedDependencies + ] }] diff --git a/avm/res/cognitive-services/account/tests/e2e/waf-aligned/main.test.bicep b/avm/res/cognitive-services/account/tests/e2e/waf-aligned/main.test.bicep index 41d53958ca..362a8ade16 100644 --- a/avm/res/cognitive-services/account/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/cognitive-services/account/tests/e2e/waf-aligned/main.test.bicep @@ -102,4 +102,8 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' systemAssigned: true } } + dependsOn: [ + nestedDependencies + diagnosticDependencies + ] }] diff --git a/avm/res/desktop-virtualization/host-pool/tests/e2e/max/main.test.bicep b/avm/res/desktop-virtualization/host-pool/tests/e2e/max/main.test.bicep index 2c05f337d8..bda485891a 100644 --- a/avm/res/desktop-virtualization/host-pool/tests/e2e/max/main.test.bicep +++ b/avm/res/desktop-virtualization/host-pool/tests/e2e/max/main.test.bicep @@ -159,4 +159,8 @@ module testDeployment '../../../main.bicep' = { ] } } + dependsOn: [ + nestedDependencies + diagnosticDependencies + ] } diff --git a/avm/res/desktop-virtualization/host-pool/tests/e2e/waf-aligned/main.test.bicep b/avm/res/desktop-virtualization/host-pool/tests/e2e/waf-aligned/main.test.bicep index d77316a896..91b13e6544 100644 --- a/avm/res/desktop-virtualization/host-pool/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/desktop-virtualization/host-pool/tests/e2e/waf-aligned/main.test.bicep @@ -67,4 +67,7 @@ module testDeployment '../../../main.bicep' = { Role: 'DeploymentValidation' } } + dependsOn: [ + diagnosticDependencies + ] } diff --git a/avm/res/event-grid/domain/tests/e2e/max/main.test.bicep b/avm/res/event-grid/domain/tests/e2e/max/main.test.bicep index 814e11f2e9..8e80b695fd 100644 --- a/avm/res/event-grid/domain/tests/e2e/max/main.test.bicep +++ b/avm/res/event-grid/domain/tests/e2e/max/main.test.bicep @@ -135,4 +135,8 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' '${namePrefix}-topic-${serviceShort}001' ] } + dependsOn: [ + nestedDependencies + diagnosticDependencies + ] }] diff --git a/avm/res/event-grid/domain/tests/e2e/waf-aligned/main.test.bicep b/avm/res/event-grid/domain/tests/e2e/waf-aligned/main.test.bicep index eaea4d3716..17923ede99 100644 --- a/avm/res/event-grid/domain/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/event-grid/domain/tests/e2e/waf-aligned/main.test.bicep @@ -107,4 +107,8 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' '${namePrefix}-topic-${serviceShort}001' ] } + dependsOn: [ + nestedDependencies + diagnosticDependencies + ] }] diff --git a/avm/res/event-grid/topic/tests/e2e/max/main.test.bicep b/avm/res/event-grid/topic/tests/e2e/max/main.test.bicep index 7208e4a1ba..755f0a4793 100644 --- a/avm/res/event-grid/topic/tests/e2e/max/main.test.bicep +++ b/avm/res/event-grid/topic/tests/e2e/max/main.test.bicep @@ -167,4 +167,8 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } + dependsOn: [ + nestedDependencies + diagnosticDependencies + ] }] diff --git a/avm/res/event-grid/topic/tests/e2e/waf-aligned/main.test.bicep b/avm/res/event-grid/topic/tests/e2e/waf-aligned/main.test.bicep index 087a0bb796..e053ff5149 100644 --- a/avm/res/event-grid/topic/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/event-grid/topic/tests/e2e/waf-aligned/main.test.bicep @@ -128,4 +128,8 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } + dependsOn: [ + nestedDependencies + diagnosticDependencies + ] }] diff --git a/avm/res/insights/private-link-scope/tests/e2e/max/main.test.bicep b/avm/res/insights/private-link-scope/tests/e2e/max/main.test.bicep index 1d3b534580..30cc132bcc 100644 --- a/avm/res/insights/private-link-scope/tests/e2e/max/main.test.bicep +++ b/avm/res/insights/private-link-scope/tests/e2e/max/main.test.bicep @@ -211,4 +211,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' name: 'myCustomLockName' } } + dependsOn: [ + nestedDependencies + ] }] diff --git a/avm/res/insights/private-link-scope/tests/e2e/waf-aligned/main.test.bicep b/avm/res/insights/private-link-scope/tests/e2e/waf-aligned/main.test.bicep index f298c29766..3dead88b70 100644 --- a/avm/res/insights/private-link-scope/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/insights/private-link-scope/tests/e2e/waf-aligned/main.test.bicep @@ -170,4 +170,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } + dependsOn: [ + nestedDependencies + ] }] diff --git a/avm/res/synapse/private-link-hub/tests/e2e/max/main.test.bicep b/avm/res/synapse/private-link-hub/tests/e2e/max/main.test.bicep index f1e31fccb2..26749a1732 100644 --- a/avm/res/synapse/private-link-hub/tests/e2e/max/main.test.bicep +++ b/avm/res/synapse/private-link-hub/tests/e2e/max/main.test.bicep @@ -94,4 +94,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } + dependsOn: [ + nestedDependencies + ] }] diff --git a/avm/res/synapse/private-link-hub/tests/e2e/waf-aligned/main.test.bicep b/avm/res/synapse/private-link-hub/tests/e2e/waf-aligned/main.test.bicep index f25303df35..7a5577e6b5 100644 --- a/avm/res/synapse/private-link-hub/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/synapse/private-link-hub/tests/e2e/waf-aligned/main.test.bicep @@ -72,4 +72,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } + dependsOn: [ + nestedDependencies + ] }] diff --git a/avm/res/web/static-site/tests/e2e/max/main.test.bicep b/avm/res/web/static-site/tests/e2e/max/main.test.bicep index 520c6ff0cc..4db79418e9 100644 --- a/avm/res/web/static-site/tests/e2e/max/main.test.bicep +++ b/avm/res/web/static-site/tests/e2e/max/main.test.bicep @@ -121,4 +121,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } + dependsOn: [ + nestedDependencies + ] }] diff --git a/avm/res/web/static-site/tests/e2e/waf-aligned/main.test.bicep b/avm/res/web/static-site/tests/e2e/waf-aligned/main.test.bicep index 98025ccbc8..e95bd5db2b 100644 --- a/avm/res/web/static-site/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/web/static-site/tests/e2e/waf-aligned/main.test.bicep @@ -91,4 +91,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } + dependsOn: [ + nestedDependencies + ] }] From 88055742aa0172b86c1db39021aca646a3a48693 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Mon, 26 Feb 2024 22:58:01 +0100 Subject: [PATCH 25/29] Update to latest --- avm/res/databricks/workspace/tests/e2e/max/dependencies.bicep | 4 ++-- .../workspace/tests/e2e/waf-aligned/dependencies.bicep | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/avm/res/databricks/workspace/tests/e2e/max/dependencies.bicep b/avm/res/databricks/workspace/tests/e2e/max/dependencies.bicep index 81067f0d57..be76c13962 100644 --- a/avm/res/databricks/workspace/tests/e2e/max/dependencies.bicep +++ b/avm/res/databricks/workspace/tests/e2e/max/dependencies.bicep @@ -284,7 +284,7 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = { } } { - name: 'public' + name: 'publicSubnet' properties: { addressPrefix: cidrSubnet(addressPrefix, 20, 1) networkSecurityGroup: { @@ -301,7 +301,7 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = { } } { - name: 'private' + name: 'privateSubnet' properties: { addressPrefix: cidrSubnet(addressPrefix, 20, 2) networkSecurityGroup: { diff --git a/avm/res/databricks/workspace/tests/e2e/waf-aligned/dependencies.bicep b/avm/res/databricks/workspace/tests/e2e/waf-aligned/dependencies.bicep index 1d417c0042..be76c13962 100644 --- a/avm/res/databricks/workspace/tests/e2e/waf-aligned/dependencies.bicep +++ b/avm/res/databricks/workspace/tests/e2e/waf-aligned/dependencies.bicep @@ -284,7 +284,7 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = { } } { - name: 'custom-public-subnet' + name: 'publicSubnet' properties: { addressPrefix: cidrSubnet(addressPrefix, 20, 1) networkSecurityGroup: { @@ -301,7 +301,7 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = { } } { - name: 'custom-private-subnet' + name: 'privateSubnet' properties: { addressPrefix: cidrSubnet(addressPrefix, 20, 2) networkSecurityGroup: { From d5292d3e5d95eae2e6d57b06627ca230a2759484 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Tue, 27 Feb 2024 21:27:22 +0100 Subject: [PATCH 26/29] Update to latest --- .../automation/automation-account/README.md | 46 +-- .../automation/automation-account/main.bicep | 39 +-- .../automation/automation-account/main.json | 77 +++-- .../tests/e2e/max/dependencies.bicep | 22 +- .../tests/e2e/max/main.test.bicep | 20 +- .../tests/e2e/waf-aligned/main.test.bicep | 4 - .../automation-account/version.json | 2 +- avm/res/batch/batch-account/README.md | 94 ++---- avm/res/batch/batch-account/main.bicep | 39 +-- avm/res/batch/batch-account/main.json | 72 ++--- .../tests/e2e/max/dependencies.bicep | 24 +- .../tests/e2e/max/main.test.bicep | 35 +-- .../tests/e2e/waf-aligned/main.test.bicep | 5 - avm/res/batch/batch-account/version.json | 2 +- avm/res/cache/redis/README.md | 34 +-- avm/res/cache/redis/main.bicep | 32 +- avm/res/cache/redis/main.json | 63 ++-- .../cache/redis/tests/e2e/max/main.test.bicep | 10 - .../tests/e2e/waf-aligned/main.test.bicep | 4 - avm/res/cache/redis/version.json | 4 +- avm/res/cognitive-services/account/README.md | 34 +-- avm/res/cognitive-services/account/main.bicep | 33 +-- avm/res/cognitive-services/account/main.json | 64 ++-- .../account/tests/e2e/max/main.test.bicep | 10 - .../account/tests/e2e/speech/main.test.bicep | 3 - .../main.test.bicep | 3 - .../main.test.bicep | 3 - .../tests/e2e/waf-aligned/main.test.bicep | 4 - .../cognitive-services/account/version.json | 2 +- avm/res/container-registry/registry/README.md | 127 +++++--- .../container-registry/registry/main.bicep | 39 +-- avm/res/container-registry/registry/main.json | 65 ++-- .../registry/tests/e2e/encr/main.test.bicep | 3 - .../registry/tests/e2e/max/main.test.bicep | 11 +- .../registry/tests/e2e/pe/dependencies.bicep | 49 ++++ .../registry/tests/e2e/pe/main.test.bicep | 64 ++++ .../tests/e2e/waf-aligned/main.test.bicep | 4 - .../container-registry/registry/version.json | 2 +- avm/res/data-factory/factory/README.md | 54 ++-- avm/res/data-factory/factory/main.bicep | 39 +-- avm/res/data-factory/factory/main.json | 65 ++-- .../factory/tests/e2e/max/main.test.bicep | 8 +- avm/res/data-factory/factory/version.json | 2 +- .../host-pool/README.md | 109 +++++-- .../host-pool/main.bicep | 46 +-- .../host-pool/main.json | 268 ++++------------- .../host-pool/tests/e2e/max/main.test.bicep | 10 - .../e2e/private-endpoint/dependencies.bicep | 49 ++++ .../e2e/private-endpoint/main.test.bicep | 61 ++++ .../tests/e2e/waf-aligned/main.test.bicep | 3 - .../host-pool/version.json | 12 +- .../workspace/README.md | 247 +++++++++++++++- .../workspace/main.bicep | 44 +-- .../workspace/main.json | 268 ++++------------- .../workspace/tests/e2e/max/main.test.bicep | 4 - .../e2e/private-endpoint/dependencies.bicep | 59 ++++ .../e2e/private-endpoint/main.test.bicep | 139 +++++++++ .../tests/e2e/waf-aligned/main.test.bicep | 3 - .../workspace/version.json | 12 +- .../document-db/database-account/README.md | 66 +---- .../document-db/database-account/main.bicep | 37 +-- .../document-db/database-account/main.json | 71 +++-- .../tests/e2e/gremlindb/main.test.bicep | 4 - .../tests/e2e/mongodb/main.test.bicep | 4 - .../tests/e2e/plain/main.test.bicep | 4 - .../tests/e2e/sqldb/dependencies.bicep | 24 +- .../tests/e2e/sqldb/main.test.bicep | 13 +- .../tests/e2e/waf-aligned/dependencies.bicep | 47 --- .../tests/e2e/waf-aligned/main.test.bicep | 19 -- .../document-db/database-account/version.json | 2 +- avm/res/event-grid/domain/README.md | 145 ++++++--- avm/res/event-grid/domain/main.bicep | 54 +--- avm/res/event-grid/domain/main.json | 277 ++++-------------- .../domain/tests/e2e/max/main.test.bicep | 11 +- .../domain/tests/e2e/pe/dependencies.bicep | 49 ++++ .../domain/tests/e2e/pe/main.test.bicep | 73 +++++ .../tests/e2e/waf-aligned/main.test.bicep | 4 - avm/res/event-grid/domain/version.json | 4 +- avm/res/event-grid/topic/README.md | 145 ++++++--- avm/res/event-grid/topic/main.bicep | 54 +--- avm/res/event-grid/topic/main.json | 277 ++++-------------- .../topic/tests/e2e/max/main.test.bicep | 11 +- .../topic/tests/e2e/pe/dependencies.bicep | 49 ++++ .../topic/tests/e2e/pe/main.test.bicep | 73 +++++ .../tests/e2e/waf-aligned/main.test.bicep | 4 - avm/res/event-grid/topic/version.json | 4 +- avm/res/insights/private-link-scope/README.md | 38 +-- .../insights/private-link-scope/main.bicep | 41 +-- avm/res/insights/private-link-scope/main.json | 77 ++--- .../tests/e2e/max/main.test.bicep | 3 - .../tests/e2e/waf-aligned/main.test.bicep | 3 - .../insights/private-link-scope/version.json | 2 +- avm/res/key-vault/vault/README.md | 183 ++++++++++-- avm/res/key-vault/vault/main.bicep | 36 +-- avm/res/key-vault/vault/main.json | 69 +++-- .../vault/tests/e2e/max/main.test.bicep | 11 +- .../e2e/private-endpoint/dependencies.bicep | 65 ++++ .../e2e/private-endpoint/main.test.bicep | 101 +++++++ .../tests/e2e/waf-aligned/main.test.bicep | 4 - avm/res/key-vault/vault/version.json | 2 +- avm/res/search/search-service/README.md | 50 +--- avm/res/search/search-service/main.bicep | 47 +-- avm/res/search/search-service/main.json | 85 +++--- .../tests/e2e/max/main.test.bicep | 4 - .../tests/e2e/pe/main.test.bicep | 9 - .../tests/e2e/waf-aligned/main.test.bicep | 4 - avm/res/search/search-service/version.json | 2 +- avm/res/service-bus/namespace/README.md | 183 ++++++++++-- avm/res/service-bus/namespace/main.bicep | 39 +-- avm/res/service-bus/namespace/main.json | 75 +++-- .../namespace/tests/e2e/encr/main.test.bicep | 3 - .../namespace/tests/e2e/max/main.test.bicep | 11 +- .../namespace/tests/e2e/pe/dependencies.bicep | 60 ++++ .../namespace/tests/e2e/pe/main.test.bicep | 98 +++++++ .../tests/e2e/waf-aligned/main.test.bicep | 4 - avm/res/service-bus/namespace/version.json | 4 +- avm/res/sql/server/README.md | 181 +++++++++--- avm/res/sql/server/main.bicep | 40 +-- avm/res/sql/server/main.json | 77 +++-- .../server/tests/e2e/admin/main.test.bicep | 3 - .../sql/server/tests/e2e/max/main.test.bicep | 11 +- .../server/tests/e2e/pe/dependencies.bicep | 50 ++++ .../sql/server/tests/e2e/pe/main.test.bicep | 96 ++++++ .../tests/e2e/secondary/main.test.bicep | 3 - .../server/tests/e2e/vulnAssm/main.test.bicep | 3 - .../tests/e2e/waf-aligned/main.test.bicep | 4 - avm/res/sql/server/version.json | 2 +- avm/res/storage/storage-account/README.md | 102 +------ avm/res/storage/storage-account/main.bicep | 33 +-- avm/res/storage/storage-account/main.json | 67 +++-- .../tests/e2e/max/dependencies.bicep | 34 +-- .../tests/e2e/max/main.test.bicep | 50 +--- .../main.test.bicep | 3 - .../main.test.bicep | 3 - .../tests/e2e/waf-aligned/main.test.bicep | 4 - avm/res/storage/storage-account/version.json | 2 +- avm/res/synapse/private-link-hub/README.md | 64 ++-- avm/res/synapse/private-link-hub/main.bicep | 51 ++-- avm/res/synapse/private-link-hub/main.json | 88 +++--- .../tests/e2e/max/main.test.bicep | 10 +- .../tests/e2e/waf-aligned/main.test.bicep | 3 - avm/res/synapse/private-link-hub/version.json | 2 +- avm/res/web/site/README.md | 62 +--- avm/res/web/site/main.bicep | 45 +-- avm/res/web/site/main.json | 146 +++++---- avm/res/web/site/slot/README.md | 38 +-- avm/res/web/site/slot/main.bicep | 43 +-- avm/res/web/site/slot/main.json | 73 +++-- .../e2e/functionApp.defaults/main.test.bicep | 3 - .../tests/e2e/functionApp.max/main.test.bicep | 10 - .../tests/e2e/waf-aligned/main.test.bicep | 4 - .../tests/e2e/webApp.defaults/main.test.bicep | 3 - .../site/tests/e2e/webApp.max/main.test.bicep | 10 - avm/res/web/site/version.json | 2 +- avm/res/web/static-site/README.md | 50 +--- avm/res/web/static-site/main.bicep | 45 +-- avm/res/web/static-site/main.json | 79 +++-- .../static-site/tests/e2e/max/main.test.bicep | 9 - .../tests/e2e/waf-aligned/main.test.bicep | 3 - avm/res/web/static-site/version.json | 4 +- 160 files changed, 3564 insertions(+), 3539 deletions(-) create mode 100644 avm/res/container-registry/registry/tests/e2e/pe/dependencies.bicep create mode 100644 avm/res/container-registry/registry/tests/e2e/pe/main.test.bicep create mode 100644 avm/res/desktop-virtualization/host-pool/tests/e2e/private-endpoint/dependencies.bicep create mode 100644 avm/res/desktop-virtualization/host-pool/tests/e2e/private-endpoint/main.test.bicep create mode 100644 avm/res/desktop-virtualization/workspace/tests/e2e/private-endpoint/dependencies.bicep create mode 100644 avm/res/desktop-virtualization/workspace/tests/e2e/private-endpoint/main.test.bicep create mode 100644 avm/res/event-grid/domain/tests/e2e/pe/dependencies.bicep create mode 100644 avm/res/event-grid/domain/tests/e2e/pe/main.test.bicep create mode 100644 avm/res/event-grid/topic/tests/e2e/pe/dependencies.bicep create mode 100644 avm/res/event-grid/topic/tests/e2e/pe/main.test.bicep create mode 100644 avm/res/key-vault/vault/tests/e2e/private-endpoint/dependencies.bicep create mode 100644 avm/res/key-vault/vault/tests/e2e/private-endpoint/main.test.bicep create mode 100644 avm/res/service-bus/namespace/tests/e2e/pe/dependencies.bicep create mode 100644 avm/res/service-bus/namespace/tests/e2e/pe/main.test.bicep create mode 100644 avm/res/sql/server/tests/e2e/pe/dependencies.bicep create mode 100644 avm/res/sql/server/tests/e2e/pe/main.test.bicep diff --git a/avm/res/automation/automation-account/README.md b/avm/res/automation/automation-account/README.md index 7453918030..43a4f43ccf 100644 --- a/avm/res/automation/automation-account/README.md +++ b/avm/res/automation/automation-account/README.md @@ -233,18 +233,6 @@ module automationAccount 'br/public:avm/res/automation/automation-account:' - ] - service: 'Webhook' - subnetResourceId: '' - tags: { - Environment: 'Non-Prod' - 'hidden-title': 'This is visible in the resource name' - Role: 'DeploymentValidation' - } - } { privateDnsZoneResourceIds: [ '' @@ -479,18 +467,6 @@ module automationAccount 'br/public:avm/res/automation/automation-account:" - ], - "service": "Webhook", - "subnetResourceId": "", - "tags": { - "Environment": "Non-Prod", - "hidden-title": "This is visible in the resource name", - "Role": "DeploymentValidation" - } - }, { "privateDnsZoneResourceIds": [ "" @@ -1444,7 +1420,7 @@ Configuration details for private endpoints. For security reasons, it is recomme | Parameter | Type | Description | | :-- | :-- | :-- | -| [`service`](#parameter-privateendpointsservice) | string | The subresource to deploy the private endpoint for. For example "blob", "table", "queue" or "file". | +| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | | [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | string | Resource ID of the subnet where the endpoint needs to be created. | **Optional parameters** @@ -1456,10 +1432,9 @@ Configuration details for private endpoints. For security reasons, it is recomme | [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | | [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | | [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | -| [`isManualConnection`](#parameter-privateendpointsismanualconnection) | bool | If Manual Private Link Connection is required. | | [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | | [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | -| [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | A message passed to the owner of the remote resource with the manual connection request. | +| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | | [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | | [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | | [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | @@ -1468,7 +1443,7 @@ Configuration details for private endpoints. For security reasons, it is recomme ### Parameter: `privateEndpoints.service` -The subresource to deploy the private endpoint for. For example "blob", "table", "queue" or "file". +The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". - Required: Yes - Type: string @@ -1586,13 +1561,6 @@ A private ip address obtained from the private endpoint's subnet. - Required: Yes - Type: string -### Parameter: `privateEndpoints.isManualConnection` - -If Manual Private Link Connection is required. - -- Required: No -- Type: bool - ### Parameter: `privateEndpoints.location` The location to deploy the private endpoint to. @@ -1636,12 +1604,12 @@ Specify the name of lock. - Required: No - Type: string -### Parameter: `privateEndpoints.manualConnectionRequestMessage` +### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` -A message passed to the owner of the remote resource with the manual connection request. +Manual PrivateLink Service Connections. - Required: No -- Type: string +- Type: array ### Parameter: `privateEndpoints.name` @@ -1937,7 +1905,7 @@ This section gives you an overview of all local-referenced module files (i.e., o | Reference | Type | | :-- | :-- | | `res/operational-insights/workspace/linked-service` | Local reference | -| `br/public:avm/res/network/private-endpoint:0.4.0` | Remote reference | +| `br/public:avm/res/network/private-endpoint:0.3.1` | Remote reference | | `br/public:avm/res/operations-management/solution:0.1.0` | Remote reference | ## Data Collection diff --git a/avm/res/automation/automation-account/main.bicep b/avm/res/automation/automation-account/main.bicep index 9db1af88c2..512aa2354a 100644 --- a/avm/res/automation/automation-account/main.bicep +++ b/avm/res/automation/automation-account/main.bicep @@ -328,45 +328,34 @@ resource automationAccount_diagnosticSettings 'Microsoft.Insights/diagnosticSett scope: automationAccount }] -module automationAccount_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { +module automationAccount_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.3.1' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-automationAccount-PrivateEndpoint-${index}' params: { - name: privateEndpoint.?name ?? 'pep-${last(split(automationAccount.id, '/'))}-${privateEndpoint.service}-${index}' - privateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections != true ? [ + privateLinkServiceConnections: [ { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(automationAccount.id, '/'))}-${privateEndpoint.service}-${index}' + name: name properties: { privateLinkServiceId: automationAccount.id groupIds: [ - privateEndpoint.service + privateEndpoint.?service ?? 'automationaccount' ] } } - ] : null - manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ - { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(automationAccount.id, '/'))}-${privateEndpoint.service}-${index}' - properties: { - privateLinkServiceId: automationAccount.id - groupIds: [ - privateEndpoint.service - ] - requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' - } - } - ] : null + ] + name: privateEndpoint.?name ?? 'pep-${last(split(automationAccount.id, '/'))}-${privateEndpoint.?service ?? privateEndpoint.service}-${index}' subnetResourceId: privateEndpoint.subnetResourceId - enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry location: privateEndpoint.?location ?? reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location lock: privateEndpoint.?lock ?? lock privateDnsZoneGroupName: privateEndpoint.?privateDnsZoneGroupName privateDnsZoneResourceIds: privateEndpoint.?privateDnsZoneResourceIds roleAssignments: privateEndpoint.?roleAssignments tags: privateEndpoint.?tags ?? tags + manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections customDnsConfigs: privateEndpoint.?customDnsConfigs ipConfigurations: privateEndpoint.?ipConfigurations applicationSecurityGroupResourceIds: privateEndpoint.?applicationSecurityGroupResourceIds customNetworkInterfaceName: privateEndpoint.?customNetworkInterfaceName + enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry } }] @@ -449,7 +438,7 @@ type privateEndpointType = { @description('Optional. The location to deploy the private endpoint to.') location: string? - @description('Required. The subresource to deploy the private endpoint for. For example "blob", "table", "queue" or "file".') + @description('Required. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob".') service: string @description('Required. Resource ID of the subnet where the endpoint needs to be created.') @@ -461,13 +450,6 @@ type privateEndpointType = { @description('Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.') privateDnsZoneResourceIds: string[]? - @description('Optional. If Manual Private Link Connection is required.') - isManualConnection: bool? - - @description('Optional. A message passed to the owner of the remote resource with the manual connection request.') - @maxLength(140) - manualConnectionRequestMessage: string? - @description('Optional. Custom DNS configurations.') customDnsConfigs: { @description('Required. Fqdn that resolves to private endpoint ip address.') @@ -510,6 +492,9 @@ type privateEndpointType = { @description('Optional. Tags to be applied on all resources/resource groups in this deployment.') tags: object? + @description('Optional. Manual PrivateLink Service Connections.') + manualPrivateLinkServiceConnections: array? + @description('Optional. Enable/Disable usage telemetry for module.') enableTelemetry: bool? }[]? diff --git a/avm/res/automation/automation-account/main.json b/avm/res/automation/automation-account/main.json index feb3919fc8..0a24cab446 100644 --- a/avm/res/automation/automation-account/main.json +++ b/avm/res/automation/automation-account/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "17457652611185300575" + "templateHash": "3223894986476226816" }, "name": "Automation Accounts", "description": "This module deploys an Azure Automation Account.", @@ -149,7 +149,7 @@ "service": { "type": "string", "metadata": { - "description": "Required. The subresource to deploy the private endpoint for. For example \"blob\", \"table\", \"queue\" or \"file\"." + "description": "Required. The service (sub-) type to deploy the private endpoint for. For example \"vault\" or \"blob\"." } }, "subnetResourceId": { @@ -175,21 +175,6 @@ "description": "Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones." } }, - "isManualConnection": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. If Manual Private Link Connection is required." - } - }, - "manualConnectionRequestMessage": { - "type": "string", - "nullable": true, - "maxLength": 140, - "metadata": { - "description": "Optional. A message passed to the owner of the remote resource with the manual connection request." - } - }, "customDnsConfigs": { "type": "array", "items": { @@ -298,6 +283,13 @@ "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." } }, + "manualPrivateLinkServiceConnections": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. Manual PrivateLink Service Connections." + } + }, "enableTelemetry": { "type": "bool", "nullable": true, @@ -2318,17 +2310,25 @@ }, "mode": "Incremental", "parameters": { + "privateLinkServiceConnections": { + "value": [ + { + "name": "[parameters('name')]", + "properties": { + "privateLinkServiceId": "[resourceId('Microsoft.Automation/automationAccounts', parameters('name'))]", + "groupIds": [ + "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'automationaccount')]" + ] + } + } + ] + }, "name": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.Automation/automationAccounts', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex()))]" + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.Automation/automationAccounts', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service), copyIndex()))]" }, - "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Automation/automationAccounts', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Automation/automationAccounts', parameters('name')), 'groupIds', createArray(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service))))), createObject('value', null()))]", - "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Automation/automationAccounts', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Automation/automationAccounts', parameters('name')), 'groupIds', createArray(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, - "enableTelemetry": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'enableTelemetry'), parameters('enableTelemetry'))]" - }, "location": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'location'), reference(split(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location)]" }, @@ -2347,6 +2347,9 @@ "tags": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'tags'), parameters('tags'))]" }, + "manualPrivateLinkServiceConnections": { + "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections')]" + }, "customDnsConfigs": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customDnsConfigs')]" }, @@ -2358,6 +2361,9 @@ }, "customNetworkInterfaceName": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customNetworkInterfaceName')]" + }, + "enableTelemetry": { + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'enableTelemetry'), parameters('enableTelemetry'))]" } }, "template": { @@ -2367,8 +2373,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "2592884001616184297" + "version": "0.23.1.45101", + "templateHash": "2821141217598568122" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -2417,7 +2423,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" } }, "conditionVersion": { @@ -2495,7 +2501,7 @@ "privateIPAddress": { "type": "string", "metadata": { - "description": "Required. A private IP address obtained from the private endpoint's subnet." + "description": "Required. A private ip address obtained from the private endpoint's subnet." } } }, @@ -2598,7 +2604,7 @@ "fqdn": { "type": "string", "metadata": { - "description": "Required. Fqdn that resolves to private endpoint IP address." + "description": "Required. Fqdn that resolves to private endpoint ip address." } }, "ipAddresses": { @@ -2607,7 +2613,7 @@ "type": "string" }, "metadata": { - "description": "Required. A list of private IP addresses of the private endpoint." + "description": "Required. A list of private ip addresses of the private endpoint." } } } @@ -2733,7 +2739,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2023-07-01", - "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.4.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.3.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -2838,8 +2844,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "9321937464667207030" + "version": "0.23.1.45101", + "templateHash": "18168683629401652671" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -2950,13 +2956,6 @@ "description": "The location the resource was deployed into." }, "value": "[reference('privateEndpoint', '2023-04-01', 'full').location]" - }, - "groupId": { - "type": "string", - "metadata": { - "description": "The group Id for the private endpoint Group." - }, - "value": "[if(not(empty(reference('privateEndpoint').manualPrivateLinkServiceConnections)), reference('privateEndpoint').manualPrivateLinkServiceConnections[0].properties.groupIds[0], reference('privateEndpoint').privateLinkServiceConnections[0].properties.groupIds[0])]" } } } diff --git a/avm/res/automation/automation-account/tests/e2e/max/dependencies.bicep b/avm/res/automation/automation-account/tests/e2e/max/dependencies.bicep index 403211cdb7..77af000af6 100644 --- a/avm/res/automation/automation-account/tests/e2e/max/dependencies.bicep +++ b/avm/res/automation/automation-account/tests/e2e/max/dependencies.bicep @@ -22,19 +22,7 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = { { name: 'defaultSubnet' properties: { - addressPrefix: cidrSubnet(addressPrefix, 20, 0) - } - } - { - name: 'custom-private-subnet' - properties: { - addressPrefix: cidrSubnet(addressPrefix, 20, 1) - } - } - { - name: 'custom-private-subnet-2' - properties: { - addressPrefix: cidrSubnet(addressPrefix, 20, 2) + addressPrefix: cidrSubnet(addressPrefix, 16, 0) } } ] @@ -62,15 +50,9 @@ resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018- location: location } -@description('The resource ID of the created Virtual Network Default Subnet.') +@description('The resource ID of the created Virtual Network Subnet.') output subnetResourceId string = virtualNetwork.properties.subnets[0].id -@description('The resource ID of the 2nd created Virtual Network Subnet.') -output customSubnet1ResourceId string = virtualNetwork.properties.subnets[1].id - -@description('The resource ID of the 3rd created Virtual Network Subnet.') -output customSubnet2ResourceId string = virtualNetwork.properties.subnets[2].id - @description('The principal ID of the created Managed Identity.') output managedIdentityPrincipalId string = managedIdentity.properties.principalId diff --git a/avm/res/automation/automation-account/tests/e2e/max/main.test.bicep b/avm/res/automation/automation-account/tests/e2e/max/main.test.bicep index 0c9b5a710d..8067995a67 100644 --- a/avm/res/automation/automation-account/tests/e2e/max/main.test.bicep +++ b/avm/res/automation/automation-account/tests/e2e/max/main.test.bicep @@ -102,19 +102,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' nestedDependencies.outputs.privateDNSZoneResourceId ] service: 'Webhook' - subnetResourceId: nestedDependencies.outputs.customSubnet1ResourceId - tags: { - 'hidden-title': 'This is visible in the resource name' - Environment: 'Non-Prod' - Role: 'DeploymentValidation' - } - } - { - privateDnsZoneResourceIds: [ - nestedDependencies.outputs.privateDNSZoneResourceId - ] - service: 'Webhook' - subnetResourceId: nestedDependencies.outputs.customSubnet2ResourceId + subnetResourceId: nestedDependencies.outputs.subnetResourceId tags: { 'hidden-title': 'This is visible in the resource name' Environment: 'Non-Prod' @@ -126,7 +114,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' nestedDependencies.outputs.privateDNSZoneResourceId ] service: 'DSCAndHybridWorker' - subnetResourceId: nestedDependencies.outputs.customSubnet1ResourceId + subnetResourceId: nestedDependencies.outputs.subnetResourceId tags: { 'hidden-title': 'This is visible in the resource name' Environment: 'Non-Prod' @@ -268,8 +256,4 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } - dependsOn: [ - nestedDependencies - diagnosticDependencies - ] }] diff --git a/avm/res/automation/automation-account/tests/e2e/waf-aligned/main.test.bicep b/avm/res/automation/automation-account/tests/e2e/waf-aligned/main.test.bicep index d2bbfb2033..fbaee4ef11 100644 --- a/avm/res/automation/automation-account/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/automation/automation-account/tests/e2e/waf-aligned/main.test.bicep @@ -242,8 +242,4 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } - dependsOn: [ - nestedDependencies - diagnosticDependencies - ] }] diff --git a/avm/res/automation/automation-account/version.json b/avm/res/automation/automation-account/version.json index c177b1bb58..83083db694 100644 --- a/avm/res/automation/automation-account/version.json +++ b/avm/res/automation/automation-account/version.json @@ -1,6 +1,6 @@ { "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.3", + "version": "0.1", "pathFilters": [ "./main.json" ] diff --git a/avm/res/batch/batch-account/README.md b/avm/res/batch/batch-account/README.md index 1ea59e9346..b7a08c4390 100644 --- a/avm/res/batch/batch-account/README.md +++ b/avm/res/batch/batch-account/README.md @@ -231,7 +231,7 @@ module batchAccount 'br/public:avm/res/batch/batch-account:' = { { fqdn: 'abc.batch.com' ipAddresses: [ - '10.0.16.10' + '10.0.0.10' ] } ] @@ -241,7 +241,7 @@ module batchAccount 'br/public:avm/res/batch/batch-account:' = { properties: { groupId: 'batchAccount' memberName: 'batchAccount' - privateIPAddress: '10.0.16.10' + privateIPAddress: '10.0.0.10' } } ] @@ -260,31 +260,6 @@ module batchAccount 'br/public:avm/res/batch/batch-account:' = { roleDefinitionIdOrName: '' } ] - service: 'batchAccount' - subnetResourceId: '' - tags: { - Environment: 'Non-Prod' - 'hidden-title': 'This is visible in the resource name' - Role: 'DeploymentValidation' - } - } - { - privateDnsZoneResourceIds: [ - '' - ] - service: 'batchAccount' - subnetResourceId: '' - tags: { - Environment: 'Non-Prod' - 'hidden-title': 'This is visible in the resource name' - Role: 'DeploymentValidation' - } - } - { - privateDnsZoneResourceIds: [ - '' - ] - service: 'nodeManagement' subnetResourceId: '' tags: { Environment: 'Non-Prod' @@ -391,7 +366,7 @@ module batchAccount 'br/public:avm/res/batch/batch-account:' = { { "fqdn": "abc.batch.com", "ipAddresses": [ - "10.0.16.10" + "10.0.0.10" ] } ], @@ -401,7 +376,7 @@ module batchAccount 'br/public:avm/res/batch/batch-account:' = { "properties": { "groupId": "batchAccount", "memberName": "batchAccount", - "privateIPAddress": "10.0.16.10" + "privateIPAddress": "10.0.0.10" } } ], @@ -420,31 +395,6 @@ module batchAccount 'br/public:avm/res/batch/batch-account:' = { "roleDefinitionIdOrName": "" } ], - "service": "batchAccount", - "subnetResourceId": "", - "tags": { - "Environment": "Non-Prod", - "hidden-title": "This is visible in the resource name", - "Role": "DeploymentValidation" - } - }, - { - "privateDnsZoneResourceIds": [ - "" - ], - "service": "batchAccount", - "subnetResourceId": "", - "tags": { - "Environment": "Non-Prod", - "hidden-title": "This is visible in the resource name", - "Role": "DeploymentValidation" - } - }, - { - "privateDnsZoneResourceIds": [ - "" - ], - "service": "nodeManagement", "subnetResourceId": "", "tags": { "Environment": "Non-Prod", @@ -532,7 +482,6 @@ module batchAccount 'br/public:avm/res/batch/batch-account:' = { privateDnsZoneResourceIds: [ '' ] - service: 'batchAccount' subnetResourceId: '' } ] @@ -600,7 +549,6 @@ module batchAccount 'br/public:avm/res/batch/batch-account:' = { "privateDnsZoneResourceIds": [ "" ], - "service": "batchAccount", "subnetResourceId": "" } ] @@ -1074,7 +1022,6 @@ Configuration details for private endpoints. For security reasons, it is recomme | Parameter | Type | Description | | :-- | :-- | :-- | -| [`service`](#parameter-privateendpointsservice) | string | The subresource to deploy the private endpoint for. For example "blob", "table", "queue" or "file". | | [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | string | Resource ID of the subnet where the endpoint needs to be created. | **Optional parameters** @@ -1086,23 +1033,16 @@ Configuration details for private endpoints. For security reasons, it is recomme | [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | | [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | | [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | -| [`isManualConnection`](#parameter-privateendpointsismanualconnection) | bool | If Manual Private Link Connection is required. | | [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | | [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | -| [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | A message passed to the owner of the remote resource with the manual connection request. | +| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | | [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | | [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. | | [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | | [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | +| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | | [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | -### Parameter: `privateEndpoints.service` - -The subresource to deploy the private endpoint for. For example "blob", "table", "queue" or "file". - -- Required: Yes -- Type: string - ### Parameter: `privateEndpoints.subnetResourceId` Resource ID of the subnet where the endpoint needs to be created. @@ -1216,13 +1156,6 @@ A private IP address obtained from the private endpoint's subnet. - Required: Yes - Type: string -### Parameter: `privateEndpoints.isManualConnection` - -If Manual Private Link Connection is required. - -- Required: No -- Type: bool - ### Parameter: `privateEndpoints.location` The location to deploy the private endpoint to. @@ -1266,12 +1199,12 @@ Specify the name of lock. - Required: No - Type: string -### Parameter: `privateEndpoints.manualConnectionRequestMessage` +### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` -A message passed to the owner of the remote resource with the manual connection request. +Manual PrivateLink Service Connections. - Required: No -- Type: string +- Type: array ### Parameter: `privateEndpoints.name` @@ -1383,6 +1316,13 @@ The principal type of the assigned principal ID. ] ``` +### Parameter: `privateEndpoints.service` + +The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". + +- Required: No +- Type: string + ### Parameter: `privateEndpoints.tags` Tags to be applied on all resources/resource groups in this deployment. @@ -1541,7 +1481,7 @@ This section gives you an overview of all local-referenced module files (i.e., o | Reference | Type | | :-- | :-- | -| `br/public:avm/res/network/private-endpoint:0.4.0` | Remote reference | +| `br/public:avm/res/network/private-endpoint:0.3.1` | Remote reference | ## Data Collection diff --git a/avm/res/batch/batch-account/main.bicep b/avm/res/batch/batch-account/main.bicep index 8d7cbddb36..4326c505b0 100644 --- a/avm/res/batch/batch-account/main.bicep +++ b/avm/res/batch/batch-account/main.bicep @@ -201,33 +201,21 @@ resource batchAccount_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@ scope: batchAccount }] -module batchAccount_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { +module batchAccount_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.3.1' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-BatchAccount-PrivateEndpoint-${index}' params: { - name: privateEndpoint.?name ?? 'pep-${last(split(batchAccount.id, '/'))}-${privateEndpoint.service}-${index}' - privateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections != true ? [ + privateLinkServiceConnections: [ { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(batchAccount.id, '/'))}-${privateEndpoint.service}-${index}' + name: name properties: { privateLinkServiceId: batchAccount.id groupIds: [ - privateEndpoint.service + privateEndpoint.?service ?? 'batchAccount' ] } } - ] : null - manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ - { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(batchAccount.id, '/'))}-${privateEndpoint.service}-${index}' - properties: { - privateLinkServiceId: batchAccount.id - groupIds: [ - privateEndpoint.service - ] - requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' - } - } - ] : null + ] + name: privateEndpoint.?name ?? 'pep-${last(split(batchAccount.id, '/'))}-${privateEndpoint.?service ?? 'batchAccount'}-${index}' subnetResourceId: privateEndpoint.subnetResourceId enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry location: privateEndpoint.?location ?? reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location @@ -236,6 +224,7 @@ module batchAccount_privateEndpoints 'br/public:avm/res/network/private-endpoint privateDnsZoneResourceIds: privateEndpoint.?privateDnsZoneResourceIds roleAssignments: privateEndpoint.?roleAssignments tags: privateEndpoint.?tags ?? tags + manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections customDnsConfigs: privateEndpoint.?customDnsConfigs ipConfigurations: privateEndpoint.?ipConfigurations applicationSecurityGroupResourceIds: privateEndpoint.?applicationSecurityGroupResourceIds @@ -350,8 +339,8 @@ type privateEndpointType = { @description('Optional. The location to deploy the private endpoint to.') location: string? - @description('Required. The subresource to deploy the private endpoint for. For example "blob", "table", "queue" or "file".') - service: string + @description('Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob".') + service: string? @description('Required. Resource ID of the subnet where the endpoint needs to be created.') subnetResourceId: string @@ -362,13 +351,6 @@ type privateEndpointType = { @description('Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.') privateDnsZoneResourceIds: string[]? - @description('Optional. If Manual Private Link Connection is required.') - isManualConnection: bool? - - @description('Optional. A message passed to the owner of the remote resource with the manual connection request.') - @maxLength(140) - manualConnectionRequestMessage: string? - @description('Optional. Custom DNS configurations.') customDnsConfigs: { @description('Required. Fqdn that resolves to private endpoint IP address.') @@ -411,6 +393,9 @@ type privateEndpointType = { @description('Optional. Tags to be applied on all resources/resource groups in this deployment.') tags: object? + @description('Optional. Manual PrivateLink Service Connections.') + manualPrivateLinkServiceConnections: array? + @description('Optional. Enable/Disable usage telemetry for module.') enableTelemetry: bool? }[]? diff --git a/avm/res/batch/batch-account/main.json b/avm/res/batch/batch-account/main.json index 925fe85130..3731161e53 100644 --- a/avm/res/batch/batch-account/main.json +++ b/avm/res/batch/batch-account/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "11102129881431176996" + "templateHash": "2397736043296643387" }, "name": "Batch Accounts", "description": "This module deploys a Batch Account.", @@ -220,8 +220,9 @@ }, "service": { "type": "string", + "nullable": true, "metadata": { - "description": "Required. The subresource to deploy the private endpoint for. For example \"blob\", \"table\", \"queue\" or \"file\"." + "description": "Optional. The service (sub-) type to deploy the private endpoint for. For example \"vault\" or \"blob\"." } }, "subnetResourceId": { @@ -247,21 +248,6 @@ "description": "Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones." } }, - "isManualConnection": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. If Manual Private Link Connection is required." - } - }, - "manualConnectionRequestMessage": { - "type": "string", - "nullable": true, - "maxLength": 140, - "metadata": { - "description": "Optional. A message passed to the owner of the remote resource with the manual connection request." - } - }, "customDnsConfigs": { "type": "array", "items": { @@ -371,6 +357,13 @@ "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." } }, + "manualPrivateLinkServiceConnections": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. Manual PrivateLink Service Connections." + } + }, "enableTelemetry": { "type": "bool", "nullable": true, @@ -833,11 +826,22 @@ }, "mode": "Incremental", "parameters": { + "privateLinkServiceConnections": { + "value": [ + { + "name": "[parameters('name')]", + "properties": { + "privateLinkServiceId": "[resourceId('Microsoft.Batch/batchAccounts', parameters('name'))]", + "groupIds": [ + "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'batchAccount')]" + ] + } + } + ] + }, "name": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.Batch/batchAccounts', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex()))]" + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.Batch/batchAccounts', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'batchAccount'), copyIndex()))]" }, - "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Batch/batchAccounts', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Batch/batchAccounts', parameters('name')), 'groupIds', createArray(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service))))), createObject('value', null()))]", - "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Batch/batchAccounts', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Batch/batchAccounts', parameters('name')), 'groupIds', createArray(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, @@ -862,6 +866,9 @@ "tags": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'tags'), parameters('tags'))]" }, + "manualPrivateLinkServiceConnections": { + "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections')]" + }, "customDnsConfigs": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customDnsConfigs')]" }, @@ -882,8 +889,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "2592884001616184297" + "version": "0.23.1.45101", + "templateHash": "2821141217598568122" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -932,7 +939,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" } }, "conditionVersion": { @@ -1010,7 +1017,7 @@ "privateIPAddress": { "type": "string", "metadata": { - "description": "Required. A private IP address obtained from the private endpoint's subnet." + "description": "Required. A private ip address obtained from the private endpoint's subnet." } } }, @@ -1113,7 +1120,7 @@ "fqdn": { "type": "string", "metadata": { - "description": "Required. Fqdn that resolves to private endpoint IP address." + "description": "Required. Fqdn that resolves to private endpoint ip address." } }, "ipAddresses": { @@ -1122,7 +1129,7 @@ "type": "string" }, "metadata": { - "description": "Required. A list of private IP addresses of the private endpoint." + "description": "Required. A list of private ip addresses of the private endpoint." } } } @@ -1248,7 +1255,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2023-07-01", - "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.4.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.3.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -1353,8 +1360,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "9321937464667207030" + "version": "0.23.1.45101", + "templateHash": "18168683629401652671" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -1465,13 +1472,6 @@ "description": "The location the resource was deployed into." }, "value": "[reference('privateEndpoint', '2023-04-01', 'full').location]" - }, - "groupId": { - "type": "string", - "metadata": { - "description": "The group Id for the private endpoint Group." - }, - "value": "[if(not(empty(reference('privateEndpoint').manualPrivateLinkServiceConnections)), reference('privateEndpoint').manualPrivateLinkServiceConnections[0].properties.groupIds[0], reference('privateEndpoint').privateLinkServiceConnections[0].properties.groupIds[0])]" } } } diff --git a/avm/res/batch/batch-account/tests/e2e/max/dependencies.bicep b/avm/res/batch/batch-account/tests/e2e/max/dependencies.bicep index a0acbbc302..462e8a5f27 100644 --- a/avm/res/batch/batch-account/tests/e2e/max/dependencies.bicep +++ b/avm/res/batch/batch-account/tests/e2e/max/dependencies.bicep @@ -34,19 +34,7 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = { { name: 'defaultSubnet' properties: { - addressPrefix: cidrSubnet(addressPrefix, 20, 0) - } - } - { - name: 'custom-private-subnet' - properties: { - addressPrefix: cidrSubnet(addressPrefix, 20, 1) - } - } - { - name: 'custom-private-subnet-2' - properties: { - addressPrefix: cidrSubnet(addressPrefix, 20, 2) + addressPrefix: cidrSubnet(addressPrefix, 16, 0) } } ] @@ -74,14 +62,8 @@ resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018- location: location } -@description('The resource ID of the created Virtual Network Default Subnet.') -output defaultSubnetResourceId string = virtualNetwork.properties.subnets[0].id - -@description('The resource ID of the 2nd created Virtual Network Subnet.') -output customSubnet1ResourceId string = virtualNetwork.properties.subnets[1].id - -@description('The resource ID of the 3rd created Virtual Network Subnet.') -output customSubnet2ResourceId string = virtualNetwork.properties.subnets[2].id +@description('The resource ID of the created Virtual Network Subnet.') +output subnetResourceId string = virtualNetwork.properties.subnets[0].id @description('The principal ID of the created Managed Identity.') output managedIdentityPrincipalId string = managedIdentity.properties.principalId diff --git a/avm/res/batch/batch-account/tests/e2e/max/main.test.bicep b/avm/res/batch/batch-account/tests/e2e/max/main.test.bicep index 85afc629ca..1a31a13cce 100644 --- a/avm/res/batch/batch-account/tests/e2e/max/main.test.bicep +++ b/avm/res/batch/batch-account/tests/e2e/max/main.test.bicep @@ -87,8 +87,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' privateDnsZoneResourceIds: [ nestedDependencies.outputs.privateDNSZoneResourceId ] - service: 'batchAccount' - subnetResourceId: nestedDependencies.outputs.customSubnet1ResourceId + subnetResourceId: nestedDependencies.outputs.subnetResourceId tags: { 'hidden-title': 'This is visible in the resource name' Environment: 'Non-Prod' @@ -112,7 +111,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' properties: { groupId: 'batchAccount' memberName: 'batchAccount' - privateIPAddress: '10.0.16.10' + privateIPAddress: '10.0.0.10' } } ] @@ -120,35 +119,11 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' { fqdn: 'abc.batch.com' ipAddresses: [ - '10.0.16.10' + '10.0.0.10' ] } ] } - { - privateDnsZoneResourceIds: [ - nestedDependencies.outputs.privateDNSZoneResourceId - ] - service: 'batchAccount' - subnetResourceId: nestedDependencies.outputs.customSubnet2ResourceId - tags: { - 'hidden-title': 'This is visible in the resource name' - Environment: 'Non-Prod' - Role: 'DeploymentValidation' - } - } - { - privateDnsZoneResourceIds: [ - nestedDependencies.outputs.privateDNSZoneResourceId - ] - service: 'nodeManagement' - subnetResourceId: nestedDependencies.outputs.customSubnet1ResourceId - tags: { - 'hidden-title': 'This is visible in the resource name' - Environment: 'Non-Prod' - Role: 'DeploymentValidation' - } - } ] networkProfile: { accountAccess: { @@ -191,8 +166,4 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } - dependsOn: [ - nestedDependencies - diagnosticDependencies - ] }] diff --git a/avm/res/batch/batch-account/tests/e2e/waf-aligned/main.test.bicep b/avm/res/batch/batch-account/tests/e2e/waf-aligned/main.test.bicep index b01e34b2d0..f66d2bac7a 100644 --- a/avm/res/batch/batch-account/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/batch/batch-account/tests/e2e/waf-aligned/main.test.bicep @@ -86,7 +86,6 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' privateDnsZoneResourceIds: [ nestedDependencies.outputs.privateDNSZoneResourceId ] - service: 'batchAccount' subnetResourceId: nestedDependencies.outputs.subnetResourceId } ] @@ -101,8 +100,4 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } - dependsOn: [ - nestedDependencies - diagnosticDependencies - ] }] diff --git a/avm/res/batch/batch-account/version.json b/avm/res/batch/batch-account/version.json index a8eda31021..c177b1bb58 100644 --- a/avm/res/batch/batch-account/version.json +++ b/avm/res/batch/batch-account/version.json @@ -1,6 +1,6 @@ { "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.5", + "version": "0.3", "pathFilters": [ "./main.json" ] diff --git a/avm/res/cache/redis/README.md b/avm/res/cache/redis/README.md index 11b99c963d..1b8ef80cda 100644 --- a/avm/res/cache/redis/README.md +++ b/avm/res/cache/redis/README.md @@ -156,12 +156,6 @@ module redis 'br/public:avm/res/cache/redis:' = { Role: 'DeploymentValidation' } } - { - privateDnsZoneResourceIds: [ - '' - ] - subnetResourceId: '' - } ] redisVersion: '6' roleAssignments: [ @@ -284,12 +278,6 @@ module redis 'br/public:avm/res/cache/redis:' = { "hidden-title": "This is visible in the resource name", "Role": "DeploymentValidation" } - }, - { - "privateDnsZoneResourceIds": [ - "" - ], - "subnetResourceId": "" } ] }, @@ -851,15 +839,14 @@ Configuration details for private endpoints. For security reasons, it is recomme | [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | | [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | | [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | -| [`isManualConnection`](#parameter-privateendpointsismanualconnection) | bool | If Manual Private Link Connection is required. | | [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | | [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | -| [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | A message passed to the owner of the remote resource with the manual connection request. | +| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | | [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | | [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. | | [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | | [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | -| [`service`](#parameter-privateendpointsservice) | string | The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". | +| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | | [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | ### Parameter: `privateEndpoints.subnetResourceId` @@ -975,13 +962,6 @@ A private IP address obtained from the private endpoint's subnet. - Required: Yes - Type: string -### Parameter: `privateEndpoints.isManualConnection` - -If Manual Private Link Connection is required. - -- Required: No -- Type: bool - ### Parameter: `privateEndpoints.location` The location to deploy the private endpoint to. @@ -1025,12 +1005,12 @@ Specify the name of lock. - Required: No - Type: string -### Parameter: `privateEndpoints.manualConnectionRequestMessage` +### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` -A message passed to the owner of the remote resource with the manual connection request. +Manual PrivateLink Service Connections. - Required: No -- Type: string +- Type: array ### Parameter: `privateEndpoints.name` @@ -1144,7 +1124,7 @@ The principal type of the assigned principal ID. ### Parameter: `privateEndpoints.service` -The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". +The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". - Required: No - Type: string @@ -1391,7 +1371,7 @@ This section gives you an overview of all local-referenced module files (i.e., o | Reference | Type | | :-- | :-- | -| `br/public:avm/res/network/private-endpoint:0.4.0` | Remote reference | +| `br/public:avm/res/network/private-endpoint:0.3.1` | Remote reference | ## Notes diff --git a/avm/res/cache/redis/main.bicep b/avm/res/cache/redis/main.bicep index 38ffba3aab..de47057248 100644 --- a/avm/res/cache/redis/main.bicep +++ b/avm/res/cache/redis/main.bicep @@ -213,13 +213,12 @@ resource redis_roleAssignments 'Microsoft.Authorization/roleAssignments@2022-04- scope: redis }] -module redis_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { +module redis_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.3.1' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-KeyVault-PrivateEndpoint-${index}' params: { - name: privateEndpoint.?name ?? 'pep-${last(split(redis.id, '/'))}-${privateEndpoint.?service ?? 'redisCache'}-${index}' privateLinkServiceConnections: [ { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(redis.id, '/'))}-${privateEndpoint.?service ?? 'redisCache'}-${index}' + name: name properties: { privateLinkServiceId: redis.id groupIds: [ @@ -228,18 +227,7 @@ module redis_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' } } ] - manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ - { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(redis.id, '/'))}-${privateEndpoint.?service ?? 'redisCache'}-${index}' - properties: { - privateLinkServiceId: redis.id - groupIds: [ - privateEndpoint.?service ?? 'redisCache' - ] - requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' - } - } - ] : null + name: privateEndpoint.?name ?? 'pep-${last(split(redis.id, '/'))}-${privateEndpoint.?service ?? 'redisCache'}-${index}' subnetResourceId: privateEndpoint.subnetResourceId enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry location: privateEndpoint.?location ?? reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location @@ -248,6 +236,7 @@ module redis_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' privateDnsZoneResourceIds: privateEndpoint.?privateDnsZoneResourceIds roleAssignments: privateEndpoint.?roleAssignments tags: privateEndpoint.?tags ?? tags + manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections customDnsConfigs: privateEndpoint.?customDnsConfigs ipConfigurations: privateEndpoint.?ipConfigurations applicationSecurityGroupResourceIds: privateEndpoint.?applicationSecurityGroupResourceIds @@ -300,13 +289,14 @@ type lockType = { }? type privateEndpointType = { + @description('Optional. The name of the private endpoint.') name: string? @description('Optional. The location to deploy the private endpoint to.') location: string? - @description('Optional. The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory".') + @description('Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob".') service: string? @description('Required. Resource ID of the subnet where the endpoint needs to be created.') @@ -318,13 +308,6 @@ type privateEndpointType = { @description('Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.') privateDnsZoneResourceIds: string[]? - @description('Optional. If Manual Private Link Connection is required.') - isManualConnection: bool? - - @description('Optional. A message passed to the owner of the remote resource with the manual connection request.') - @maxLength(140) - manualConnectionRequestMessage: string? - @description('Optional. Custom DNS configurations.') customDnsConfigs: { @description('Required. Fqdn that resolves to private endpoint IP address.') @@ -367,6 +350,9 @@ type privateEndpointType = { @description('Optional. Tags to be applied on all resources/resource groups in this deployment.') tags: object? + @description('Optional. Manual PrivateLink Service Connections.') + manualPrivateLinkServiceConnections: array? + @description('Optional. Enable/Disable usage telemetry for module.') enableTelemetry: bool? }[]? diff --git a/avm/res/cache/redis/main.json b/avm/res/cache/redis/main.json index 9a90df4cd8..85d840b572 100644 --- a/avm/res/cache/redis/main.json +++ b/avm/res/cache/redis/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "798005420934456091" + "templateHash": "16070478115038910597" }, "name": "Redis Cache", "description": "This module deploys a Redis Cache.", @@ -84,7 +84,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The subresource to deploy the private endpoint for. For example \"vault\", \"mysqlServer\" or \"dataFactory\"." + "description": "Optional. The service (sub-) type to deploy the private endpoint for. For example \"vault\" or \"blob\"." } }, "subnetResourceId": { @@ -110,21 +110,6 @@ "description": "Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones." } }, - "isManualConnection": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. If Manual Private Link Connection is required." - } - }, - "manualConnectionRequestMessage": { - "type": "string", - "nullable": true, - "maxLength": 140, - "metadata": { - "description": "Optional. A message passed to the owner of the remote resource with the manual connection request." - } - }, "customDnsConfigs": { "type": "array", "items": { @@ -233,6 +218,13 @@ "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." } }, + "manualPrivateLinkServiceConnections": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. Manual PrivateLink Service Connections." + } + }, "enableTelemetry": { "type": "bool", "nullable": true, @@ -778,13 +770,10 @@ }, "mode": "Incremental", "parameters": { - "name": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.Cache/redis', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'redisCache'), copyIndex()))]" - }, "privateLinkServiceConnections": { "value": [ { - "name": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Cache/redis', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'redisCache'), copyIndex()))]", + "name": "[parameters('name')]", "properties": { "privateLinkServiceId": "[resourceId('Microsoft.Cache/redis', parameters('name'))]", "groupIds": [ @@ -794,7 +783,9 @@ } ] }, - "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Cache/redis', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'redisCache'), copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Cache/redis', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'redisCache')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", + "name": { + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.Cache/redis', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'redisCache'), copyIndex()))]" + }, "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, @@ -819,6 +810,9 @@ "tags": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'tags'), parameters('tags'))]" }, + "manualPrivateLinkServiceConnections": { + "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections')]" + }, "customDnsConfigs": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customDnsConfigs')]" }, @@ -839,8 +833,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "2592884001616184297" + "version": "0.23.1.45101", + "templateHash": "2821141217598568122" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -889,7 +883,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" } }, "conditionVersion": { @@ -967,7 +961,7 @@ "privateIPAddress": { "type": "string", "metadata": { - "description": "Required. A private IP address obtained from the private endpoint's subnet." + "description": "Required. A private ip address obtained from the private endpoint's subnet." } } }, @@ -1070,7 +1064,7 @@ "fqdn": { "type": "string", "metadata": { - "description": "Required. Fqdn that resolves to private endpoint IP address." + "description": "Required. Fqdn that resolves to private endpoint ip address." } }, "ipAddresses": { @@ -1079,7 +1073,7 @@ "type": "string" }, "metadata": { - "description": "Required. A list of private IP addresses of the private endpoint." + "description": "Required. A list of private ip addresses of the private endpoint." } } } @@ -1205,7 +1199,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2023-07-01", - "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.4.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.3.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -1310,8 +1304,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "9321937464667207030" + "version": "0.23.1.45101", + "templateHash": "18168683629401652671" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -1422,13 +1416,6 @@ "description": "The location the resource was deployed into." }, "value": "[reference('privateEndpoint', '2023-04-01', 'full').location]" - }, - "groupId": { - "type": "string", - "metadata": { - "description": "The group Id for the private endpoint Group." - }, - "value": "[if(not(empty(reference('privateEndpoint').manualPrivateLinkServiceConnections)), reference('privateEndpoint').manualPrivateLinkServiceConnections[0].properties.groupIds[0], reference('privateEndpoint').privateLinkServiceConnections[0].properties.groupIds[0])]" } } } diff --git a/avm/res/cache/redis/tests/e2e/max/main.test.bicep b/avm/res/cache/redis/tests/e2e/max/main.test.bicep index cc8bd7dde1..5ba333465d 100644 --- a/avm/res/cache/redis/tests/e2e/max/main.test.bicep +++ b/avm/res/cache/redis/tests/e2e/max/main.test.bicep @@ -118,12 +118,6 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } - { - privateDnsZoneResourceIds: [ - nestedDependencies.outputs.privateDNSZoneResourceId - ] - subnetResourceId: nestedDependencies.outputs.subnetResourceId - } ] redisVersion: '6' shardCount: 1 @@ -156,8 +150,4 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' resourceType: 'Redis Cache' } } - dependsOn: [ - nestedDependencies - diagnosticDependencies - ] }] diff --git a/avm/res/cache/redis/tests/e2e/waf-aligned/main.test.bicep b/avm/res/cache/redis/tests/e2e/waf-aligned/main.test.bicep index 1a0542d4a3..337a88e772 100644 --- a/avm/res/cache/redis/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/cache/redis/tests/e2e/waf-aligned/main.test.bicep @@ -112,8 +112,4 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' resourceType: 'Redis Cache' } } - dependsOn: [ - nestedDependencies - diagnosticDependencies - ] }] diff --git a/avm/res/cache/redis/version.json b/avm/res/cache/redis/version.json index 1c035df49f..7fa401bdf7 100644 --- a/avm/res/cache/redis/version.json +++ b/avm/res/cache/redis/version.json @@ -1,7 +1,7 @@ { "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.2", + "version": "0.1", "pathFilters": [ "./main.json" ] -} \ No newline at end of file +} diff --git a/avm/res/cognitive-services/account/README.md b/avm/res/cognitive-services/account/README.md index 7829d5f201..2e5dc2db5d 100644 --- a/avm/res/cognitive-services/account/README.md +++ b/avm/res/cognitive-services/account/README.md @@ -184,12 +184,6 @@ module account 'br/public:avm/res/cognitive-services/account:' = { Role: 'DeploymentValidation' } } - { - privateDnsZoneResourceIds: [ - '' - ] - subnetResourceId: '' - } ] publicNetworkAccess: 'Disabled' roleAssignments: [ @@ -329,12 +323,6 @@ module account 'br/public:avm/res/cognitive-services/account:' = { "hidden-title": "This is visible in the resource name", "Role": "DeploymentValidation" } - }, - { - "privateDnsZoneResourceIds": [ - "" - ], - "subnetResourceId": "" } ] }, @@ -1234,15 +1222,14 @@ Configuration details for private endpoints. For security reasons, it is recomme | [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | | [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | | [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | -| [`isManualConnection`](#parameter-privateendpointsismanualconnection) | bool | If Manual Private Link Connection is required. | | [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | | [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | -| [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | A message passed to the owner of the remote resource with the manual connection request. | +| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | | [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | | [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. | | [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | | [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | -| [`service`](#parameter-privateendpointsservice) | string | The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". | +| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | | [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | ### Parameter: `privateEndpoints.subnetResourceId` @@ -1358,13 +1345,6 @@ A private IP address obtained from the private endpoint's subnet. - Required: Yes - Type: string -### Parameter: `privateEndpoints.isManualConnection` - -If Manual Private Link Connection is required. - -- Required: No -- Type: bool - ### Parameter: `privateEndpoints.location` The location to deploy the private endpoint to. @@ -1408,12 +1388,12 @@ Specify the name of lock. - Required: No - Type: string -### Parameter: `privateEndpoints.manualConnectionRequestMessage` +### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` -A message passed to the owner of the remote resource with the manual connection request. +Manual PrivateLink Service Connections. - Required: No -- Type: string +- Type: array ### Parameter: `privateEndpoints.name` @@ -1527,7 +1507,7 @@ The principal type of the assigned principal ID. ### Parameter: `privateEndpoints.service` -The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". +The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". - Required: No - Type: string @@ -1722,7 +1702,7 @@ This section gives you an overview of all local-referenced module files (i.e., o | Reference | Type | | :-- | :-- | -| `br/public:avm/res/network/private-endpoint:0.4.0` | Remote reference | +| `br/public:avm/res/network/private-endpoint:0.3.1` | Remote reference | ## Data Collection diff --git a/avm/res/cognitive-services/account/main.bicep b/avm/res/cognitive-services/account/main.bicep index 55a51646ae..05149ac191 100644 --- a/avm/res/cognitive-services/account/main.bicep +++ b/avm/res/cognitive-services/account/main.bicep @@ -265,13 +265,12 @@ resource cognitiveService_diagnosticSettings 'Microsoft.Insights/diagnosticSetti scope: cognitiveService }] -module cognitiveService_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { +module cognitiveService_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.3.1' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-CognitiveService-PrivateEndpoint-${index}' params: { - name: privateEndpoint.?name ?? 'pep-${last(split(cognitiveService.id, '/'))}-${privateEndpoint.?service ?? 'account'}-${index}' privateLinkServiceConnections: [ { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(cognitiveService.id, '/'))}-${privateEndpoint.?service ?? 'account'}-${index}' + name: name properties: { privateLinkServiceId: cognitiveService.id groupIds: [ @@ -280,18 +279,7 @@ module cognitiveService_privateEndpoints 'br/public:avm/res/network/private-endp } } ] - manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ - { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(cognitiveService.id, '/'))}-${privateEndpoint.?service ?? 'account'}-${index}' - properties: { - privateLinkServiceId: cognitiveService.id - groupIds: [ - privateEndpoint.?service ?? 'account' - ] - requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' - } - } - ] : null + name: privateEndpoint.?name ?? 'pep-${last(split(cognitiveService.id, '/'))}-${privateEndpoint.?service ?? 'account'}-${index}' subnetResourceId: privateEndpoint.subnetResourceId enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry location: privateEndpoint.?location ?? reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location @@ -300,6 +288,7 @@ module cognitiveService_privateEndpoints 'br/public:avm/res/network/private-endp privateDnsZoneResourceIds: privateEndpoint.?privateDnsZoneResourceIds roleAssignments: privateEndpoint.?roleAssignments tags: privateEndpoint.?tags ?? tags + manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections customDnsConfigs: privateEndpoint.?customDnsConfigs ipConfigurations: privateEndpoint.?ipConfigurations applicationSecurityGroupResourceIds: privateEndpoint.?applicationSecurityGroupResourceIds @@ -417,7 +406,7 @@ type privateEndpointType = { @description('Optional. The location to deploy the private endpoint to.') location: string? - @description('Optional. The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory".') + @description('Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob".') service: string? @description('Required. Resource ID of the subnet where the endpoint needs to be created.') @@ -429,13 +418,6 @@ type privateEndpointType = { @description('Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.') privateDnsZoneResourceIds: string[]? - @description('Optional. If Manual Private Link Connection is required.') - isManualConnection: bool? - - @description('Optional. A message passed to the owner of the remote resource with the manual connection request.') - @maxLength(140) - manualConnectionRequestMessage: string? - @description('Optional. Custom DNS configurations.') customDnsConfigs: { @description('Required. Fqdn that resolves to private endpoint IP address.') @@ -473,11 +455,14 @@ type privateEndpointType = { lock: lockType @description('Optional. Array of role assignments to create.') - roleAssignments: roleAssignmentType + roleAssignments: roleAssignmentType? @description('Optional. Tags to be applied on all resources/resource groups in this deployment.') tags: object? + @description('Optional. Manual PrivateLink Service Connections.') + manualPrivateLinkServiceConnections: array? + @description('Optional. Enable/Disable usage telemetry for module.') enableTelemetry: bool? }[]? diff --git a/avm/res/cognitive-services/account/main.json b/avm/res/cognitive-services/account/main.json index a45302ba9e..97ad908e5b 100644 --- a/avm/res/cognitive-services/account/main.json +++ b/avm/res/cognitive-services/account/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "6670691272648355802" + "templateHash": "6619617132004799661" }, "name": "Cognitive Services", "description": "This module deploys a Cognitive Service.", @@ -222,7 +222,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The subresource to deploy the private endpoint for. For example \"vault\", \"mysqlServer\" or \"dataFactory\"." + "description": "Optional. The service (sub-) type to deploy the private endpoint for. For example \"vault\" or \"blob\"." } }, "subnetResourceId": { @@ -248,21 +248,6 @@ "description": "Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones." } }, - "isManualConnection": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. If Manual Private Link Connection is required." - } - }, - "manualConnectionRequestMessage": { - "type": "string", - "nullable": true, - "maxLength": 140, - "metadata": { - "description": "Optional. A message passed to the owner of the remote resource with the manual connection request." - } - }, "customDnsConfigs": { "type": "array", "items": { @@ -360,6 +345,7 @@ }, "roleAssignments": { "$ref": "#/definitions/roleAssignmentType", + "nullable": true, "metadata": { "description": "Optional. Array of role assignments to create." } @@ -371,6 +357,13 @@ "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." } }, + "manualPrivateLinkServiceConnections": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. Manual PrivateLink Service Connections." + } + }, "enableTelemetry": { "type": "bool", "nullable": true, @@ -880,13 +873,10 @@ }, "mode": "Incremental", "parameters": { - "name": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.CognitiveServices/accounts', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'account'), copyIndex()))]" - }, "privateLinkServiceConnections": { "value": [ { - "name": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.CognitiveServices/accounts', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'account'), copyIndex()))]", + "name": "[parameters('name')]", "properties": { "privateLinkServiceId": "[resourceId('Microsoft.CognitiveServices/accounts', parameters('name'))]", "groupIds": [ @@ -896,7 +886,9 @@ } ] }, - "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.CognitiveServices/accounts', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'account'), copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.CognitiveServices/accounts', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'account')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", + "name": { + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.CognitiveServices/accounts', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'account'), copyIndex()))]" + }, "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, @@ -921,6 +913,9 @@ "tags": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'tags'), parameters('tags'))]" }, + "manualPrivateLinkServiceConnections": { + "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections')]" + }, "customDnsConfigs": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customDnsConfigs')]" }, @@ -941,8 +936,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "2592884001616184297" + "version": "0.23.1.45101", + "templateHash": "2821141217598568122" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -991,7 +986,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" } }, "conditionVersion": { @@ -1069,7 +1064,7 @@ "privateIPAddress": { "type": "string", "metadata": { - "description": "Required. A private IP address obtained from the private endpoint's subnet." + "description": "Required. A private ip address obtained from the private endpoint's subnet." } } }, @@ -1172,7 +1167,7 @@ "fqdn": { "type": "string", "metadata": { - "description": "Required. Fqdn that resolves to private endpoint IP address." + "description": "Required. Fqdn that resolves to private endpoint ip address." } }, "ipAddresses": { @@ -1181,7 +1176,7 @@ "type": "string" }, "metadata": { - "description": "Required. A list of private IP addresses of the private endpoint." + "description": "Required. A list of private ip addresses of the private endpoint." } } } @@ -1307,7 +1302,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2023-07-01", - "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.4.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.3.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -1412,8 +1407,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "9321937464667207030" + "version": "0.23.1.45101", + "templateHash": "18168683629401652671" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -1524,13 +1519,6 @@ "description": "The location the resource was deployed into." }, "value": "[reference('privateEndpoint', '2023-04-01', 'full').location]" - }, - "groupId": { - "type": "string", - "metadata": { - "description": "The group Id for the private endpoint Group." - }, - "value": "[if(not(empty(reference('privateEndpoint').manualPrivateLinkServiceConnections)), reference('privateEndpoint').manualPrivateLinkServiceConnections[0].properties.groupIds[0], reference('privateEndpoint').privateLinkServiceConnections[0].properties.groupIds[0])]" } } } diff --git a/avm/res/cognitive-services/account/tests/e2e/max/main.test.bicep b/avm/res/cognitive-services/account/tests/e2e/max/main.test.bicep index c133cecb59..e13f8afd9f 100644 --- a/avm/res/cognitive-services/account/tests/e2e/max/main.test.bicep +++ b/avm/res/cognitive-services/account/tests/e2e/max/main.test.bicep @@ -162,12 +162,6 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' } ] } - { - privateDnsZoneResourceIds: [ - nestedDependencies.outputs.privateDNSZoneResourceId - ] - subnetResourceId: nestedDependencies.outputs.subnetResourceId - } ] tags: { 'hidden-title': 'This is visible in the resource name' @@ -175,8 +169,4 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } - dependsOn: [ - nestedDependencies - diagnosticDependencies - ] }] diff --git a/avm/res/cognitive-services/account/tests/e2e/speech/main.test.bicep b/avm/res/cognitive-services/account/tests/e2e/speech/main.test.bicep index d115398bf1..e349981b03 100644 --- a/avm/res/cognitive-services/account/tests/e2e/speech/main.test.bicep +++ b/avm/res/cognitive-services/account/tests/e2e/speech/main.test.bicep @@ -79,7 +79,4 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } - dependsOn: [ - nestedDependencies - ] }] diff --git a/avm/res/cognitive-services/account/tests/e2e/system-assigned-cmk-encryption/main.test.bicep b/avm/res/cognitive-services/account/tests/e2e/system-assigned-cmk-encryption/main.test.bicep index 3e79483631..e657ba486b 100644 --- a/avm/res/cognitive-services/account/tests/e2e/system-assigned-cmk-encryption/main.test.bicep +++ b/avm/res/cognitive-services/account/tests/e2e/system-assigned-cmk-encryption/main.test.bicep @@ -68,7 +68,4 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' } restrictOutboundNetworkAccess: false } - dependsOn: [ - nestedDependencies - ] }] diff --git a/avm/res/cognitive-services/account/tests/e2e/user-assigned-cmk-encryption/main.test.bicep b/avm/res/cognitive-services/account/tests/e2e/user-assigned-cmk-encryption/main.test.bicep index f161025c18..241ca59ae4 100644 --- a/avm/res/cognitive-services/account/tests/e2e/user-assigned-cmk-encryption/main.test.bicep +++ b/avm/res/cognitive-services/account/tests/e2e/user-assigned-cmk-encryption/main.test.bicep @@ -71,7 +71,4 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' } restrictOutboundNetworkAccess: false } - dependsOn: [ - nestedDependencies - ] }] diff --git a/avm/res/cognitive-services/account/tests/e2e/waf-aligned/main.test.bicep b/avm/res/cognitive-services/account/tests/e2e/waf-aligned/main.test.bicep index 362a8ade16..41d53958ca 100644 --- a/avm/res/cognitive-services/account/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/cognitive-services/account/tests/e2e/waf-aligned/main.test.bicep @@ -102,8 +102,4 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' systemAssigned: true } } - dependsOn: [ - nestedDependencies - diagnosticDependencies - ] }] diff --git a/avm/res/cognitive-services/account/version.json b/avm/res/cognitive-services/account/version.json index 3f863a2bec..c177b1bb58 100644 --- a/avm/res/cognitive-services/account/version.json +++ b/avm/res/cognitive-services/account/version.json @@ -1,6 +1,6 @@ { "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.4", + "version": "0.3", "pathFilters": [ "./main.json" ] diff --git a/avm/res/container-registry/registry/README.md b/avm/res/container-registry/registry/README.md index 12a6dca930..9c96fdf622 100644 --- a/avm/res/container-registry/registry/README.md +++ b/avm/res/container-registry/registry/README.md @@ -36,7 +36,8 @@ The following section provides usage examples for the module, which were used to - [Using only defaults](#example-1-using-only-defaults) - [Using encryption with Customer-Managed-Key](#example-2-using-encryption-with-customer-managed-key) - [Using large parameter set](#example-3-using-large-parameter-set) -- [WAF-aligned](#example-4-waf-aligned) +- [Using private endpoint](#example-4-using-private-endpoint) +- [WAF-aligned](#example-5-waf-aligned) ### Example 1: _Using only defaults_ @@ -232,6 +233,7 @@ module registry 'br/public:avm/res/container-registry/registry:' = { privateDnsZoneResourceIds: [ '' ] + service: 'registry' subnetResourceId: '' tags: { Environment: 'Non-Prod' @@ -239,12 +241,6 @@ module registry 'br/public:avm/res/container-registry/registry:' = { Role: 'DeploymentValidation' } } - { - privateDnsZoneResourceIds: [ - '' - ] - subnetResourceId: '' - } ] quarantinePolicyStatus: 'enabled' replications: [ @@ -376,18 +372,13 @@ module registry 'br/public:avm/res/container-registry/registry:' = { "privateDnsZoneResourceIds": [ "" ], + "service": "registry", "subnetResourceId": "", "tags": { "Environment": "Non-Prod", "hidden-title": "This is visible in the resource name", "Role": "DeploymentValidation" } - }, - { - "privateDnsZoneResourceIds": [ - "" - ], - "subnetResourceId": "" } ] }, @@ -452,7 +443,77 @@ module registry 'br/public:avm/res/container-registry/registry:' = {

-### Example 4: _WAF-aligned_ +### Example 4: _Using private endpoint_ + +This instance deploys the module with a private endpoint. + + +

+ +via Bicep module + +```bicep +module registry 'br/public:avm/res/container-registry/registry:' = { + name: '${uniqueString(deployment().name, resourceLocation)}-test-crrpe' + params: { + // Required parameters + name: 'crrpe001' + // Non-required parameters + acrSku: 'Premium' + location: '' + privateEndpoints: [ + { + privateDnsZoneResourceIds: [ + '' + ] + subnetResourceId: '' + } + ] + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "name": { + "value": "crrpe001" + }, + // Non-required parameters + "acrSku": { + "value": "Premium" + }, + "location": { + "value": "" + }, + "privateEndpoints": { + "value": [ + { + "privateDnsZoneResourceIds": [ + "" + ], + "subnetResourceId": "" + } + ] + } + } +} +``` + +
+

+ +### Example 5: _WAF-aligned_ This instance deploys the module in alignment with the best-practices of the Azure Well-Architected Framework. @@ -1037,15 +1098,14 @@ Configuration details for private endpoints. For security reasons, it is recomme | [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | | [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | | [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | -| [`isManualConnection`](#parameter-privateendpointsismanualconnection) | bool | If Manual Private Link Connection is required. | | [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | | [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | -| [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | A message passed to the owner of the remote resource with the manual connection request. | +| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | | [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | -| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. | +| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | | [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | | [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | -| [`service`](#parameter-privateendpointsservice) | string | The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". | +| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | | [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | ### Parameter: `privateEndpoints.subnetResourceId` @@ -1073,19 +1133,19 @@ Custom DNS configurations. | Parameter | Type | Description | | :-- | :-- | :-- | -| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | string | Fqdn that resolves to private endpoint IP address. | -| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | array | A list of private IP addresses of the private endpoint. | +| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | string | Fqdn that resolves to private endpoint ip address. | +| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | array | A list of private ip addresses of the private endpoint. | ### Parameter: `privateEndpoints.customDnsConfigs.fqdn` -Fqdn that resolves to private endpoint IP address. +Fqdn that resolves to private endpoint ip address. - Required: No - Type: string ### Parameter: `privateEndpoints.customDnsConfigs.ipAddresses` -A list of private IP addresses of the private endpoint. +A list of private ip addresses of the private endpoint. - Required: Yes - Type: array @@ -1138,7 +1198,7 @@ Properties of private endpoint IP configurations. | :-- | :-- | :-- | | [`groupId`](#parameter-privateendpointsipconfigurationspropertiesgroupid) | string | The ID of a group obtained from the remote resource that this private endpoint should connect to. | | [`memberName`](#parameter-privateendpointsipconfigurationspropertiesmembername) | string | The member name of a group obtained from the remote resource that this private endpoint should connect to. | -| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | string | A private IP address obtained from the private endpoint's subnet. | +| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | string | A private ip address obtained from the private endpoint's subnet. | ### Parameter: `privateEndpoints.ipConfigurations.properties.groupId` @@ -1156,18 +1216,11 @@ The member name of a group obtained from the remote resource that this private e ### Parameter: `privateEndpoints.ipConfigurations.properties.privateIPAddress` -A private IP address obtained from the private endpoint's subnet. +A private ip address obtained from the private endpoint's subnet. - Required: Yes - Type: string -### Parameter: `privateEndpoints.isManualConnection` - -If Manual Private Link Connection is required. - -- Required: No -- Type: bool - ### Parameter: `privateEndpoints.location` The location to deploy the private endpoint to. @@ -1211,12 +1264,12 @@ Specify the name of lock. - Required: No - Type: string -### Parameter: `privateEndpoints.manualConnectionRequestMessage` +### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` -A message passed to the owner of the remote resource with the manual connection request. +Manual PrivateLink Service Connections. - Required: No -- Type: string +- Type: array ### Parameter: `privateEndpoints.name` @@ -1227,7 +1280,7 @@ The name of the private endpoint. ### Parameter: `privateEndpoints.privateDnsZoneGroupName` -The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. +The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. - Required: No - Type: string @@ -1330,7 +1383,7 @@ The principal type of the assigned principal ID. ### Parameter: `privateEndpoints.service` -The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". +The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". - Required: No - Type: string @@ -1575,7 +1628,7 @@ This section gives you an overview of all local-referenced module files (i.e., o | Reference | Type | | :-- | :-- | -| `br/public:avm/res/network/private-endpoint:0.4.0` | Remote reference | +| `br/public:avm/res/network/private-endpoint:0.3.2` | Remote reference | ## Data Collection diff --git a/avm/res/container-registry/registry/main.bicep b/avm/res/container-registry/registry/main.bicep index 05bd6d96d4..8c33bc7154 100644 --- a/avm/res/container-registry/registry/main.bicep +++ b/avm/res/container-registry/registry/main.bicep @@ -334,13 +334,12 @@ resource registry_roleAssignments 'Microsoft.Authorization/roleAssignments@2022- scope: registry }] -module registry_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { +module registry_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.3.2' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-registry-PrivateEndpoint-${index}' params: { - name: privateEndpoint.?name ?? 'pep-${last(split(registry.id, '/'))}-${privateEndpoint.?service ?? 'registry'}-${index}' privateLinkServiceConnections: [ { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(registry.id, '/'))}-${privateEndpoint.?service ?? 'registry'}-${index}' + name: name properties: { privateLinkServiceId: registry.id groupIds: [ @@ -349,18 +348,7 @@ module registry_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4 } } ] - manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ - { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(registry.id, '/'))}-${privateEndpoint.?service ?? 'registry'}-${index}' - properties: { - privateLinkServiceId: registry.id - groupIds: [ - privateEndpoint.?service ?? 'registry' - ] - requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' - } - } - ] : null + name: privateEndpoint.?name ?? 'pep-${last(split(registry.id, '/'))}-${privateEndpoint.?service ?? 'registry'}-${index}' subnetResourceId: privateEndpoint.subnetResourceId enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry location: privateEndpoint.?location ?? reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location @@ -369,6 +357,7 @@ module registry_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4 privateDnsZoneResourceIds: privateEndpoint.?privateDnsZoneResourceIds roleAssignments: privateEndpoint.?roleAssignments tags: privateEndpoint.?tags ?? tags + manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections customDnsConfigs: privateEndpoint.?customDnsConfigs ipConfigurations: privateEndpoint.?ipConfigurations applicationSecurityGroupResourceIds: privateEndpoint.?applicationSecurityGroupResourceIds @@ -444,31 +433,24 @@ type privateEndpointType = { @description('Optional. The location to deploy the private endpoint to.') location: string? - @description('Optional. The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory".') + @description('Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob".') service: string? @description('Required. Resource ID of the subnet where the endpoint needs to be created.') subnetResourceId: string - @description('Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided.') + @description('Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided.') privateDnsZoneGroupName: string? @description('Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.') privateDnsZoneResourceIds: string[]? - @description('Optional. If Manual Private Link Connection is required.') - isManualConnection: bool? - - @description('Optional. A message passed to the owner of the remote resource with the manual connection request.') - @maxLength(140) - manualConnectionRequestMessage: string? - @description('Optional. Custom DNS configurations.') customDnsConfigs: { - @description('Required. Fqdn that resolves to private endpoint IP address.') + @description('Required. Fqdn that resolves to private endpoint ip address.') fqdn: string? - @description('Required. A list of private IP addresses of the private endpoint.') + @description('Required. A list of private ip addresses of the private endpoint.') ipAddresses: string[] }[]? @@ -485,7 +467,7 @@ type privateEndpointType = { @description('Required. The member name of a group obtained from the remote resource that this private endpoint should connect to.') memberName: string - @description('Required. A private IP address obtained from the private endpoint\'s subnet.') + @description('Required. A private ip address obtained from the private endpoint\'s subnet.') privateIPAddress: string } }[]? @@ -505,6 +487,9 @@ type privateEndpointType = { @description('Optional. Tags to be applied on all resources/resource groups in this deployment.') tags: object? + @description('Optional. Manual PrivateLink Service Connections.') + manualPrivateLinkServiceConnections: array? + @description('Optional. Enable/Disable usage telemetry for module.') enableTelemetry: bool? }[]? diff --git a/avm/res/container-registry/registry/main.json b/avm/res/container-registry/registry/main.json index e08259390f..fb6accc837 100644 --- a/avm/res/container-registry/registry/main.json +++ b/avm/res/container-registry/registry/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "9195818754355186204" + "templateHash": "3316618601179718411" }, "name": "Azure Container Registries (ACR)", "description": "This module deploys an Azure Container Registry (ACR).", @@ -150,7 +150,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The subresource to deploy the private endpoint for. For example \"vault\", \"mysqlServer\" or \"dataFactory\"." + "description": "Optional. The service (sub-) type to deploy the private endpoint for. For example \"vault\" or \"blob\"." } }, "subnetResourceId": { @@ -163,7 +163,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided." + "description": "Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided." } }, "privateDnsZoneResourceIds": { @@ -176,21 +176,6 @@ "description": "Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones." } }, - "isManualConnection": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. If Manual Private Link Connection is required." - } - }, - "manualConnectionRequestMessage": { - "type": "string", - "nullable": true, - "maxLength": 140, - "metadata": { - "description": "Optional. A message passed to the owner of the remote resource with the manual connection request." - } - }, "customDnsConfigs": { "type": "array", "items": { @@ -200,7 +185,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Required. Fqdn that resolves to private endpoint IP address." + "description": "Required. Fqdn that resolves to private endpoint ip address." } }, "ipAddresses": { @@ -209,7 +194,7 @@ "type": "string" }, "metadata": { - "description": "Required. A list of private IP addresses of the private endpoint." + "description": "Required. A list of private ip addresses of the private endpoint." } } } @@ -248,7 +233,7 @@ "privateIPAddress": { "type": "string", "metadata": { - "description": "Required. A private IP address obtained from the private endpoint's subnet." + "description": "Required. A private ip address obtained from the private endpoint's subnet." } } }, @@ -299,6 +284,13 @@ "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." } }, + "manualPrivateLinkServiceConnections": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. Manual PrivateLink Service Connections." + } + }, "enableTelemetry": { "type": "bool", "nullable": true, @@ -1410,13 +1402,10 @@ }, "mode": "Incremental", "parameters": { - "name": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.ContainerRegistry/registries', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'registry'), copyIndex()))]" - }, "privateLinkServiceConnections": { "value": [ { - "name": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.ContainerRegistry/registries', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'registry'), copyIndex()))]", + "name": "[parameters('name')]", "properties": { "privateLinkServiceId": "[resourceId('Microsoft.ContainerRegistry/registries', parameters('name'))]", "groupIds": [ @@ -1426,7 +1415,9 @@ } ] }, - "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.ContainerRegistry/registries', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'registry'), copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.ContainerRegistry/registries', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'registry')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", + "name": { + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.ContainerRegistry/registries', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'registry'), copyIndex()))]" + }, "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, @@ -1451,6 +1442,9 @@ "tags": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'tags'), parameters('tags'))]" }, + "manualPrivateLinkServiceConnections": { + "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections')]" + }, "customDnsConfigs": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customDnsConfigs')]" }, @@ -1471,8 +1465,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "2592884001616184297" + "version": "0.23.1.45101", + "templateHash": "2821141217598568122" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -1521,7 +1515,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" } }, "conditionVersion": { @@ -1837,7 +1831,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2023-07-01", - "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.4.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.3.2', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -1942,8 +1936,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "9321937464667207030" + "version": "0.23.1.45101", + "templateHash": "18168683629401652671" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -2054,13 +2048,6 @@ "description": "The location the resource was deployed into." }, "value": "[reference('privateEndpoint', '2023-04-01', 'full').location]" - }, - "groupId": { - "type": "string", - "metadata": { - "description": "The group Id for the private endpoint Group." - }, - "value": "[if(not(empty(reference('privateEndpoint').manualPrivateLinkServiceConnections)), reference('privateEndpoint').manualPrivateLinkServiceConnections[0].properties.groupIds[0], reference('privateEndpoint').privateLinkServiceConnections[0].properties.groupIds[0])]" } } } diff --git a/avm/res/container-registry/registry/tests/e2e/encr/main.test.bicep b/avm/res/container-registry/registry/tests/e2e/encr/main.test.bicep index 740e8c19d6..bf33665f09 100644 --- a/avm/res/container-registry/registry/tests/e2e/encr/main.test.bicep +++ b/avm/res/container-registry/registry/tests/e2e/encr/main.test.bicep @@ -70,7 +70,4 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' ] } } - dependsOn: [ - nestedDependencies - ] }] diff --git a/avm/res/container-registry/registry/tests/e2e/max/main.test.bicep b/avm/res/container-registry/registry/tests/e2e/max/main.test.bicep index 6153fdefb5..38d182fd5a 100644 --- a/avm/res/container-registry/registry/tests/e2e/max/main.test.bicep +++ b/avm/res/container-registry/registry/tests/e2e/max/main.test.bicep @@ -94,6 +94,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' } privateEndpoints: [ { + service: 'registry' subnetResourceId: nestedDependencies.outputs.subnetResourceId privateDnsZoneResourceIds: [ nestedDependencies.outputs.privateDNSZoneResourceId @@ -104,12 +105,6 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } - { - subnetResourceId: nestedDependencies.outputs.subnetResourceId - privateDnsZoneResourceIds: [ - nestedDependencies.outputs.privateDNSZoneResourceId - ] - } ] networkRuleSetIpRules: [ { @@ -170,8 +165,4 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } - dependsOn: [ - nestedDependencies - diagnosticDependencies - ] }] diff --git a/avm/res/container-registry/registry/tests/e2e/pe/dependencies.bicep b/avm/res/container-registry/registry/tests/e2e/pe/dependencies.bicep new file mode 100644 index 0000000000..0422180c41 --- /dev/null +++ b/avm/res/container-registry/registry/tests/e2e/pe/dependencies.bicep @@ -0,0 +1,49 @@ +@description('Optional. The location to deploy resources to.') +param location string = resourceGroup().location + +@description('Required. The name of the Virtual Network to create.') +param virtualNetworkName string + +var addressPrefix = '10.0.0.0/16' + +resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = { + name: virtualNetworkName + location: location + properties: { + addressSpace: { + addressPrefixes: [ + addressPrefix + ] + } + subnets: [ + { + name: 'defaultSubnet' + properties: { + addressPrefix: cidrSubnet(addressPrefix, 16, 0) + } + } + ] + } +} + +resource privateDNSZone 'Microsoft.Network/privateDnsZones@2020-06-01' = { + name: 'privatelink${environment().suffixes.acrLoginServer}' + location: 'global' + + resource virtualNetworkLinks 'virtualNetworkLinks@2020-06-01' = { + name: '${virtualNetwork.name}-vnetlink' + location: 'global' + properties: { + virtualNetwork: { + id: virtualNetwork.id + } + registrationEnabled: false + } + } +} + +@description('The resource ID of the created Virtual Network Subnet.') +output subnetResourceId string = virtualNetwork.properties.subnets[0].id + +@description('The resource ID of the created Private DNS Zone.') +output privateDNSZoneResourceId string = privateDNSZone.id diff --git a/avm/res/container-registry/registry/tests/e2e/pe/main.test.bicep b/avm/res/container-registry/registry/tests/e2e/pe/main.test.bicep new file mode 100644 index 0000000000..f56d0c49e3 --- /dev/null +++ b/avm/res/container-registry/registry/tests/e2e/pe/main.test.bicep @@ -0,0 +1,64 @@ +targetScope = 'subscription' + +metadata name = 'Using private endpoint' +metadata description = 'This instance deploys the module with a private endpoint.' + +// ========== // +// Parameters // +// ========== // + +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +param resourceGroupName string = 'dep-${namePrefix}-containerregistry.registries-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param resourceLocation string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'crrpe' + +@description('Optional. A token to inject into the name of each resource.') +param namePrefix string = '#_namePrefix_#' + +// ============ // +// Dependencies // +// ============ // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: resourceLocation +} + +module nestedDependencies 'dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, resourceLocation)}-nestedDependencies' + params: { + virtualNetworkName: 'dep-${namePrefix}-vnet-${serviceShort}' + location: resourceLocation + } +} + +// ============== // +// Test Execution // +// ============== // + +@batchSize(1) +module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' ]: { + scope: resourceGroup + name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}' + params: { + name: '${namePrefix}${serviceShort}001' + location: resourceLocation + acrSku: 'Premium' + privateEndpoints: [ + { + subnetResourceId: nestedDependencies.outputs.subnetResourceId + privateDnsZoneResourceIds: [ + nestedDependencies.outputs.privateDNSZoneResourceId + ] + } + ] + } +}] diff --git a/avm/res/container-registry/registry/tests/e2e/waf-aligned/main.test.bicep b/avm/res/container-registry/registry/tests/e2e/waf-aligned/main.test.bicep index c046264a97..284f517de9 100644 --- a/avm/res/container-registry/registry/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/container-registry/registry/tests/e2e/waf-aligned/main.test.bicep @@ -94,8 +94,4 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } - dependsOn: [ - nestedDependencies - diagnosticDependencies - ] }] diff --git a/avm/res/container-registry/registry/version.json b/avm/res/container-registry/registry/version.json index 1c035df49f..83083db694 100644 --- a/avm/res/container-registry/registry/version.json +++ b/avm/res/container-registry/registry/version.json @@ -1,6 +1,6 @@ { "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.2", + "version": "0.1", "pathFilters": [ "./main.json" ] diff --git a/avm/res/data-factory/factory/README.md b/avm/res/data-factory/factory/README.md index c66b9c79f3..779fdc9c32 100644 --- a/avm/res/data-factory/factory/README.md +++ b/avm/res/data-factory/factory/README.md @@ -173,16 +173,10 @@ module factory 'br/public:avm/res/data-factory/factory:' = { ] subnetResourceId: '' tags: { - application: 'AVM' + application: 'CARML' 'hidden-title': 'This is visible in the resource name' } } - { - privateDnsZoneResourceIds: [ - '' - ] - subnetResourceId: '' - } ] roleAssignments: [ { @@ -319,15 +313,9 @@ module factory 'br/public:avm/res/data-factory/factory:' = { ], "subnetResourceId": "", "tags": { - "application": "AVM", + "application": "CARML", "hidden-title": "This is visible in the resource name" } - }, - { - "privateDnsZoneResourceIds": [ - "" - ], - "subnetResourceId": "" } ] }, @@ -905,15 +893,14 @@ Configuration Details for private endpoints. For security reasons, it is recomme | [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | | [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | | [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | -| [`isManualConnection`](#parameter-privateendpointsismanualconnection) | bool | If Manual Private Link Connection is required. | | [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | | [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | -| [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | A message passed to the owner of the remote resource with the manual connection request. | +| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | | [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | -| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. | +| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | | [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | | [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | -| [`service`](#parameter-privateendpointsservice) | string | The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". | +| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | | [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | ### Parameter: `privateEndpoints.subnetResourceId` @@ -941,19 +928,19 @@ Custom DNS configurations. | Parameter | Type | Description | | :-- | :-- | :-- | -| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | string | Fqdn that resolves to private endpoint IP address. | -| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | array | A list of private IP addresses of the private endpoint. | +| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | string | Fqdn that resolves to private endpoint ip address. | +| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | array | A list of private ip addresses of the private endpoint. | ### Parameter: `privateEndpoints.customDnsConfigs.fqdn` -Fqdn that resolves to private endpoint IP address. +Fqdn that resolves to private endpoint ip address. - Required: No - Type: string ### Parameter: `privateEndpoints.customDnsConfigs.ipAddresses` -A list of private IP addresses of the private endpoint. +A list of private ip addresses of the private endpoint. - Required: Yes - Type: array @@ -1006,7 +993,7 @@ Properties of private endpoint IP configurations. | :-- | :-- | :-- | | [`groupId`](#parameter-privateendpointsipconfigurationspropertiesgroupid) | string | The ID of a group obtained from the remote resource that this private endpoint should connect to. | | [`memberName`](#parameter-privateendpointsipconfigurationspropertiesmembername) | string | The member name of a group obtained from the remote resource that this private endpoint should connect to. | -| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | string | A private IP address obtained from the private endpoint's subnet. | +| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | string | A private ip address obtained from the private endpoint's subnet. | ### Parameter: `privateEndpoints.ipConfigurations.properties.groupId` @@ -1024,18 +1011,11 @@ The member name of a group obtained from the remote resource that this private e ### Parameter: `privateEndpoints.ipConfigurations.properties.privateIPAddress` -A private IP address obtained from the private endpoint's subnet. +A private ip address obtained from the private endpoint's subnet. - Required: Yes - Type: string -### Parameter: `privateEndpoints.isManualConnection` - -If Manual Private Link Connection is required. - -- Required: No -- Type: bool - ### Parameter: `privateEndpoints.location` The location to deploy the private endpoint to. @@ -1079,12 +1059,12 @@ Specify the name of lock. - Required: No - Type: string -### Parameter: `privateEndpoints.manualConnectionRequestMessage` +### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` -A message passed to the owner of the remote resource with the manual connection request. +Manual PrivateLink Service Connections. - Required: No -- Type: string +- Type: array ### Parameter: `privateEndpoints.name` @@ -1095,7 +1075,7 @@ The name of the private endpoint. ### Parameter: `privateEndpoints.privateDnsZoneGroupName` -The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. +The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. - Required: No - Type: string @@ -1198,7 +1178,7 @@ The principal type of the assigned principal ID. ### Parameter: `privateEndpoints.service` -The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". +The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". - Required: No - Type: string @@ -1339,7 +1319,7 @@ This section gives you an overview of all local-referenced module files (i.e., o | Reference | Type | | :-- | :-- | -| `br/public:avm/res/network/private-endpoint:0.4.0` | Remote reference | +| `br/public:avm/res/network/private-endpoint:0.3.2` | Remote reference | ## Notes diff --git a/avm/res/data-factory/factory/main.bicep b/avm/res/data-factory/factory/main.bicep index 9f692af3d6..77562721b6 100644 --- a/avm/res/data-factory/factory/main.bicep +++ b/avm/res/data-factory/factory/main.bicep @@ -226,13 +226,12 @@ resource dataFactory_roleAssignments 'Microsoft.Authorization/roleAssignments@20 scope: dataFactory }] -module dataFactory_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { +module dataFactory_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.3.2' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-dataFactory-PrivateEndpoint-${index}' params: { - name: privateEndpoint.?name ?? 'pep-${last(split(dataFactory.id, '/'))}-${privateEndpoint.?service ?? 'dataFactory'}-${index}' privateLinkServiceConnections: [ { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(dataFactory.id, '/'))}-${privateEndpoint.?service ?? 'dataFactory'}-${index}' + name: name properties: { privateLinkServiceId: dataFactory.id groupIds: [ @@ -241,18 +240,7 @@ module dataFactory_privateEndpoints 'br/public:avm/res/network/private-endpoint: } } ] - manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ - { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(dataFactory.id, '/'))}-${privateEndpoint.?service ?? 'dataFactory'}-${index}' - properties: { - privateLinkServiceId: dataFactory.id - groupIds: [ - privateEndpoint.?service ?? 'dataFactory' - ] - requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' - } - } - ] : null + name: privateEndpoint.?name ?? 'pep-${last(split(dataFactory.id, '/'))}-${privateEndpoint.?service ?? 'dataFactory'}-${index}' subnetResourceId: privateEndpoint.subnetResourceId location: privateEndpoint.?location ?? reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location lock: privateEndpoint.?lock ?? lock @@ -261,6 +249,7 @@ module dataFactory_privateEndpoints 'br/public:avm/res/network/private-endpoint: privateDnsZoneResourceIds: privateEndpoint.?privateDnsZoneResourceIds roleAssignments: privateEndpoint.?roleAssignments tags: privateEndpoint.?tags ?? tags + manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections customDnsConfigs: privateEndpoint.?customDnsConfigs ipConfigurations: privateEndpoint.?ipConfigurations applicationSecurityGroupResourceIds: privateEndpoint.?applicationSecurityGroupResourceIds @@ -333,31 +322,24 @@ type privateEndpointType = { @description('Optional. The location to deploy the private endpoint to.') location: string? - @description('Optional. The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory".') + @description('Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob".') service: string? @description('Required. Resource ID of the subnet where the endpoint needs to be created.') subnetResourceId: string - @description('Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided.') + @description('Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided.') privateDnsZoneGroupName: string? @description('Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.') privateDnsZoneResourceIds: string[]? - @description('Optional. If Manual Private Link Connection is required.') - isManualConnection: bool? - - @description('Optional. A message passed to the owner of the remote resource with the manual connection request.') - @maxLength(140) - manualConnectionRequestMessage: string? - @description('Optional. Custom DNS configurations.') customDnsConfigs: { - @description('Required. Fqdn that resolves to private endpoint IP address.') + @description('Required. Fqdn that resolves to private endpoint ip address.') fqdn: string? - @description('Required. A list of private IP addresses of the private endpoint.') + @description('Required. A list of private ip addresses of the private endpoint.') ipAddresses: string[] }[]? @@ -374,7 +356,7 @@ type privateEndpointType = { @description('Required. The member name of a group obtained from the remote resource that this private endpoint should connect to.') memberName: string - @description('Required. A private IP address obtained from the private endpoint\'s subnet.') + @description('Required. A private ip address obtained from the private endpoint\'s subnet.') privateIPAddress: string } }[]? @@ -394,6 +376,9 @@ type privateEndpointType = { @description('Optional. Tags to be applied on all resources/resource groups in this deployment.') tags: object? + @description('Optional. Manual PrivateLink Service Connections.') + manualPrivateLinkServiceConnections: array? + @description('Optional. Enable/Disable usage telemetry for module.') enableTelemetry: bool? }[]? diff --git a/avm/res/data-factory/factory/main.json b/avm/res/data-factory/factory/main.json index 3d71e6ca6c..ec293b4da5 100644 --- a/avm/res/data-factory/factory/main.json +++ b/avm/res/data-factory/factory/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "15512301092613886840" + "templateHash": "6048154575317305583" }, "name": "Data Factories", "description": "This module deploys a Data Factory.", @@ -150,7 +150,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The subresource to deploy the private endpoint for. For example \"vault\", \"mysqlServer\" or \"dataFactory\"." + "description": "Optional. The service (sub-) type to deploy the private endpoint for. For example \"vault\" or \"blob\"." } }, "subnetResourceId": { @@ -163,7 +163,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided." + "description": "Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided." } }, "privateDnsZoneResourceIds": { @@ -176,21 +176,6 @@ "description": "Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones." } }, - "isManualConnection": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. If Manual Private Link Connection is required." - } - }, - "manualConnectionRequestMessage": { - "type": "string", - "nullable": true, - "maxLength": 140, - "metadata": { - "description": "Optional. A message passed to the owner of the remote resource with the manual connection request." - } - }, "customDnsConfigs": { "type": "array", "items": { @@ -200,7 +185,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Required. Fqdn that resolves to private endpoint IP address." + "description": "Required. Fqdn that resolves to private endpoint ip address." } }, "ipAddresses": { @@ -209,7 +194,7 @@ "type": "string" }, "metadata": { - "description": "Required. A list of private IP addresses of the private endpoint." + "description": "Required. A list of private ip addresses of the private endpoint." } } } @@ -248,7 +233,7 @@ "privateIPAddress": { "type": "string", "metadata": { - "description": "Required. A private IP address obtained from the private endpoint's subnet." + "description": "Required. A private ip address obtained from the private endpoint's subnet." } } }, @@ -299,6 +284,13 @@ "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." } }, + "manualPrivateLinkServiceConnections": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. Manual PrivateLink Service Connections." + } + }, "enableTelemetry": { "type": "bool", "nullable": true, @@ -1138,13 +1130,10 @@ }, "mode": "Incremental", "parameters": { - "name": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.DataFactory/factories', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'dataFactory'), copyIndex()))]" - }, "privateLinkServiceConnections": { "value": [ { - "name": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.DataFactory/factories', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'dataFactory'), copyIndex()))]", + "name": "[parameters('name')]", "properties": { "privateLinkServiceId": "[resourceId('Microsoft.DataFactory/factories', parameters('name'))]", "groupIds": [ @@ -1154,7 +1143,9 @@ } ] }, - "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.DataFactory/factories', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'dataFactory'), copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.DataFactory/factories', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'dataFactory')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", + "name": { + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.DataFactory/factories', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'dataFactory'), copyIndex()))]" + }, "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, @@ -1179,6 +1170,9 @@ "tags": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'tags'), parameters('tags'))]" }, + "manualPrivateLinkServiceConnections": { + "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections')]" + }, "customDnsConfigs": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customDnsConfigs')]" }, @@ -1199,8 +1193,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "2592884001616184297" + "version": "0.23.1.45101", + "templateHash": "2821141217598568122" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -1249,7 +1243,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" } }, "conditionVersion": { @@ -1565,7 +1559,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2023-07-01", - "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.4.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.3.2', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -1670,8 +1664,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "9321937464667207030" + "version": "0.23.1.45101", + "templateHash": "18168683629401652671" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -1782,13 +1776,6 @@ "description": "The location the resource was deployed into." }, "value": "[reference('privateEndpoint', '2023-04-01', 'full').location]" - }, - "groupId": { - "type": "string", - "metadata": { - "description": "The group Id for the private endpoint Group." - }, - "value": "[if(not(empty(reference('privateEndpoint').manualPrivateLinkServiceConnections)), reference('privateEndpoint').manualPrivateLinkServiceConnections[0].properties.groupIds[0], reference('privateEndpoint').privateLinkServiceConnections[0].properties.groupIds[0])]" } } } diff --git a/avm/res/data-factory/factory/tests/e2e/max/main.test.bicep b/avm/res/data-factory/factory/tests/e2e/max/main.test.bicep index e825639f2e..7cabaa0fc7 100644 --- a/avm/res/data-factory/factory/tests/e2e/max/main.test.bicep +++ b/avm/res/data-factory/factory/tests/e2e/max/main.test.bicep @@ -134,15 +134,9 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' subnetResourceId: nestedDependencies.outputs.subnetResourceId tags: { 'hidden-title': 'This is visible in the resource name' - application: 'AVM' + application: 'CARML' } } - { - privateDnsZoneResourceIds: [ - nestedDependencies.outputs.privateDNSZoneResourceId - ] - subnetResourceId: nestedDependencies.outputs.subnetResourceId - } ] roleAssignments: [ { diff --git a/avm/res/data-factory/factory/version.json b/avm/res/data-factory/factory/version.json index 1c035df49f..83083db694 100644 --- a/avm/res/data-factory/factory/version.json +++ b/avm/res/data-factory/factory/version.json @@ -1,6 +1,6 @@ { "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.2", + "version": "0.1", "pathFilters": [ "./main.json" ] diff --git a/avm/res/desktop-virtualization/host-pool/README.md b/avm/res/desktop-virtualization/host-pool/README.md index c38e99d1ea..3c31139d59 100644 --- a/avm/res/desktop-virtualization/host-pool/README.md +++ b/avm/res/desktop-virtualization/host-pool/README.md @@ -32,7 +32,8 @@ The following section provides usage examples for the module, which were used to - [Using only defaults](#example-1-using-only-defaults) - [Using large parameter set](#example-2-using-large-parameter-set) -- [WAF-aligned](#example-3-waf-aligned) +- [Using Private Endpoints](#example-3-using-private-endpoints) +- [WAF-aligned](#example-4-waf-aligned) ### Example 1: _Using only defaults_ @@ -147,12 +148,6 @@ module hostPool 'br/public:avm/res/desktop-virtualization/host-pool:' = ] subnetResourceId: '' } - { - privateDnsZoneResourceIds: [ - '' - ] - subnetResourceId: '' - } ] publicNetworkAccess: 'Disabled' roleAssignments: [ @@ -283,12 +278,6 @@ module hostPool 'br/public:avm/res/desktop-virtualization/host-pool:' = }, "privateEndpoints": { "value": [ - { - "privateDnsZoneResourceIds": [ - "" - ], - "subnetResourceId": "" - }, { "privateDnsZoneResourceIds": [ "" @@ -352,7 +341,77 @@ module hostPool 'br/public:avm/res/desktop-virtualization/host-pool:' =

-### Example 3: _WAF-aligned_ +### Example 3: _Using Private Endpoints_ + +This instance deploys the module with Private Endpoints. + + +

+ +via Bicep module + +```bicep +module hostPool 'br/public:avm/res/desktop-virtualization/host-pool:' = { + name: '${uniqueString(deployment().name, resourceLocation)}-test-dvhppe' + params: { + // Required parameters + name: 'dvhppe001' + // Non-required parameters + location: '' + privateEndpoints: [ + { + privateDnsZoneResourceIds: [ + '' + ] + subnetResourceId: '' + } + ] + publicNetworkAccess: 'Disabled' + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "name": { + "value": "dvhppe001" + }, + // Non-required parameters + "location": { + "value": "" + }, + "privateEndpoints": { + "value": [ + { + "privateDnsZoneResourceIds": [ + "" + ], + "subnetResourceId": "" + } + ] + }, + "publicNetworkAccess": { + "value": "Disabled" + } + } +} +``` + +
+

+ +### Example 4: _WAF-aligned_ This instance deploys the module in alignment with the best-practices of the Azure Well-Architected Framework. @@ -777,15 +836,14 @@ Configuration details for private endpoints. | [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | | [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | | [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | -| [`isManualConnection`](#parameter-privateendpointsismanualconnection) | bool | If Manual Private Link Connection is required. | | [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | | [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | -| [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | A message passed to the owner of the remote resource with the manual connection request. | +| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | | [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | | [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. | | [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | | [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | -| [`service`](#parameter-privateendpointsservice) | string | The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". | +| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "connection". | | [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | ### Parameter: `privateEndpoints.subnetResourceId` @@ -901,13 +959,6 @@ A private IP address obtained from the private endpoint's subnet. - Required: Yes - Type: string -### Parameter: `privateEndpoints.isManualConnection` - -If Manual Private Link Connection is required. - -- Required: No -- Type: bool - ### Parameter: `privateEndpoints.location` The location to deploy the private endpoint to. @@ -951,12 +1002,12 @@ Specify the name of lock. - Required: No - Type: string -### Parameter: `privateEndpoints.manualConnectionRequestMessage` +### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` -A message passed to the owner of the remote resource with the manual connection request. +Manual PrivateLink Service Connections. - Required: No -- Type: string +- Type: array ### Parameter: `privateEndpoints.name` @@ -1070,7 +1121,7 @@ The principal type of the assigned principal ID. ### Parameter: `privateEndpoints.service` -The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". +The service (sub-) type to deploy the private endpoint for. For example "connection". - Required: No - Type: string @@ -1301,7 +1352,7 @@ This section gives you an overview of all local-referenced module files (i.e., o | Reference | Type | | :-- | :-- | -| `br/public:avm/res/network/private-endpoint:0.4.0` | Remote reference | +| `br/public:avm-res-network-privateendpoint:0.1.1` | Remote reference | ## Data Collection diff --git a/avm/res/desktop-virtualization/host-pool/main.bicep b/avm/res/desktop-virtualization/host-pool/main.bicep index d173f8e6f0..9e4cb17472 100644 --- a/avm/res/desktop-virtualization/host-pool/main.bicep +++ b/avm/res/desktop-virtualization/host-pool/main.bicep @@ -196,41 +196,22 @@ resource hostPool 'Microsoft.DesktopVirtualization/hostPools@2023-09-05' = { } } -module hostPool_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { +module hostPool_privateEndpoints 'br/public:avm-res-network-privateendpoint:0.1.1' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-HostPool-PrivateEndpoint-${index}' params: { - name: privateEndpoint.?name ?? 'pep-${last(split(hostPool.id, '/'))}-${privateEndpoint.?service ?? 'connection'}-${index}' - privateLinkServiceConnections: [ - { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(hostPool.id, '/'))}-${privateEndpoint.?service ?? 'connection'}-${index}' - properties: { - privateLinkServiceId: hostPool.id - groupIds: [ - privateEndpoint.?service ?? 'connection' - ] - } - } + groupIds: [ + privateEndpoint.?service ?? 'connection' ] - manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ - { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(hostPool.id, '/'))}-${privateEndpoint.?service ?? 'connection'}-${index}' - properties: { - privateLinkServiceId: hostPool.id - groupIds: [ - privateEndpoint.?service ?? 'connection' - ] - requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' - } - } - ] : null + name: privateEndpoint.?name ?? 'pep-${last(split(hostPool.id, '/'))}-${privateEndpoint.?service ?? 'connection'}-${index}' + serviceResourceId: hostPool.id subnetResourceId: privateEndpoint.subnetResourceId - location: privateEndpoint.?location ?? reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location - lock: privateEndpoint.?lock ?? lock enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry + lock: privateEndpoint.?lock ?? lock privateDnsZoneGroupName: privateEndpoint.?privateDnsZoneGroupName privateDnsZoneResourceIds: privateEndpoint.?privateDnsZoneResourceIds roleAssignments: privateEndpoint.?roleAssignments tags: privateEndpoint.?tags ?? tags + manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections customDnsConfigs: privateEndpoint.?customDnsConfigs ipConfigurations: privateEndpoint.?ipConfigurations applicationSecurityGroupResourceIds: privateEndpoint.?applicationSecurityGroupResourceIds @@ -354,13 +335,14 @@ type roleAssignmentType = { }[]? type privateEndpointType = { + @sys.description('Optional. The name of the private endpoint.') name: string? @sys.description('Optional. The location to deploy the private endpoint to.') location: string? - @sys.description('Optional. The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory".') + @sys.description('Optional. The service (sub-) type to deploy the private endpoint for. For example "connection".') service: string? @sys.description('Required. Resource ID of the subnet where the endpoint needs to be created.') @@ -372,13 +354,6 @@ type privateEndpointType = { @sys.description('Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.') privateDnsZoneResourceIds: string[]? - @sys.description('Optional. If Manual Private Link Connection is required.') - isManualConnection: bool? - - @sys.description('Optional. A message passed to the owner of the remote resource with the manual connection request.') - @maxLength(140) - manualConnectionRequestMessage: string? - @sys.description('Optional. Custom DNS configurations.') customDnsConfigs: { @sys.description('Required. Fqdn that resolves to private endpoint IP address.') @@ -421,6 +396,9 @@ type privateEndpointType = { @sys.description('Optional. Tags to be applied on all resources/resource groups in this deployment.') tags: object? + @sys.description('Optional. Manual PrivateLink Service Connections.') + manualPrivateLinkServiceConnections: array? + @sys.description('Optional. Enable/Disable usage telemetry for module.') enableTelemetry: bool? }[]? diff --git a/avm/res/desktop-virtualization/host-pool/main.json b/avm/res/desktop-virtualization/host-pool/main.json index 698856fcc8..6719f26b5d 100644 --- a/avm/res/desktop-virtualization/host-pool/main.json +++ b/avm/res/desktop-virtualization/host-pool/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "17476152824582806077" + "templateHash": "4511420670498379838" }, "name": "Azure Virtual Desktop Host Pool", "description": "This module deploys an Azure Virtual Desktop Host Pool", @@ -197,7 +197,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The subresource to deploy the private endpoint for. For example \"vault\", \"mysqlServer\" or \"dataFactory\"." + "description": "Optional. The service (sub-) type to deploy the private endpoint for. For example \"connection\"." } }, "subnetResourceId": { @@ -223,21 +223,6 @@ "description": "Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones." } }, - "isManualConnection": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. If Manual Private Link Connection is required." - } - }, - "manualConnectionRequestMessage": { - "type": "string", - "nullable": true, - "maxLength": 140, - "metadata": { - "description": "Optional. A message passed to the owner of the remote resource with the manual connection request." - } - }, "customDnsConfigs": { "type": "array", "items": { @@ -346,6 +331,13 @@ "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." } }, + "manualPrivateLinkServiceConnections": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. Manual PrivateLink Service Connections." + } + }, "enableTelemetry": { "type": "bool", "nullable": true, @@ -771,35 +763,26 @@ }, "mode": "Incremental", "parameters": { + "groupIds": { + "value": [ + "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'connection')]" + ] + }, "name": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.DesktopVirtualization/hostPools', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'connection'), copyIndex()))]" }, - "privateLinkServiceConnections": { - "value": [ - { - "name": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.DesktopVirtualization/hostPools', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'connection'), copyIndex()))]", - "properties": { - "privateLinkServiceId": "[resourceId('Microsoft.DesktopVirtualization/hostPools', parameters('name'))]", - "groupIds": [ - "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'connection')]" - ] - } - } - ] + "serviceResourceId": { + "value": "[resourceId('Microsoft.DesktopVirtualization/hostPools', parameters('name'))]" }, - "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.DesktopVirtualization/hostPools', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'connection'), copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.DesktopVirtualization/hostPools', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'connection')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, - "location": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'location'), reference(split(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location)]" + "enableTelemetry": { + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'enableTelemetry'), parameters('enableTelemetry'))]" }, "lock": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'lock'), parameters('lock'))]" }, - "enableTelemetry": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'enableTelemetry'), parameters('enableTelemetry'))]" - }, "privateDnsZoneGroupName": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateDnsZoneGroupName')]" }, @@ -812,6 +795,9 @@ "tags": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'tags'), parameters('tags'))]" }, + "manualPrivateLinkServiceConnections": { + "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections')]" + }, "customDnsConfigs": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customDnsConfigs')]" }, @@ -832,8 +818,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "2592884001616184297" + "version": "0.21.1.54444", + "templateHash": "13152465847704433697" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -848,7 +834,7 @@ "roleDefinitionIdOrName": { "type": "string", "metadata": { - "description": "Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead." } }, "principalId": { @@ -882,7 +868,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" } }, "conditionVersion": { @@ -930,154 +916,6 @@ } }, "nullable": true - }, - "ipConfigurationsType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string", - "metadata": { - "description": "Required. The name of the resource that is unique within a resource group." - } - }, - "properties": { - "type": "object", - "properties": { - "groupId": { - "type": "string", - "metadata": { - "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to." - } - }, - "memberName": { - "type": "string", - "metadata": { - "description": "Required. The member name of a group obtained from the remote resource that this private endpoint should connect to." - } - }, - "privateIPAddress": { - "type": "string", - "metadata": { - "description": "Required. A private IP address obtained from the private endpoint's subnet." - } - } - }, - "metadata": { - "description": "Required. Properties of private endpoint IP configurations." - } - } - } - }, - "nullable": true - }, - "manualPrivateLinkServiceConnectionsType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string", - "metadata": { - "description": "Required. The name of the private link service connection." - } - }, - "properties": { - "type": "object", - "properties": { - "groupIds": { - "type": "array", - "metadata": { - "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to." - } - }, - "privateLinkServiceId": { - "type": "string", - "metadata": { - "description": "Required. The resource id of private link service." - } - }, - "requestMessage": { - "type": "string", - "metadata": { - "description": "Optional. A message passed to the owner of the remote resource with this connection request. Restricted to 140 chars." - } - } - }, - "metadata": { - "description": "Required. Properties of private link service connection." - } - } - } - }, - "nullable": true - }, - "privateLinkServiceConnectionsType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string", - "metadata": { - "description": "Required. The name of the private link service connection." - } - }, - "properties": { - "type": "object", - "properties": { - "groupIds": { - "type": "array", - "metadata": { - "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to." - } - }, - "privateLinkServiceId": { - "type": "string", - "metadata": { - "description": "Required. The resource id of private link service." - } - }, - "requestMessage": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. A message passed to the owner of the remote resource with this connection request. Restricted to 140 chars." - } - } - }, - "metadata": { - "description": "Required. Properties of private link service connection." - } - } - } - }, - "nullable": true - }, - "customDnsConfigType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "fqdn": { - "type": "string", - "metadata": { - "description": "Required. Fqdn that resolves to private endpoint IP address." - } - }, - "ipAddresses": { - "type": "array", - "items": { - "type": "string" - }, - "metadata": { - "description": "Required. A list of private IP addresses of the private endpoint." - } - } - } - }, - "nullable": true } }, "parameters": { @@ -1093,6 +931,12 @@ "description": "Required. Resource ID of the subnet where the endpoint needs to be created." } }, + "serviceResourceId": { + "type": "string", + "metadata": { + "description": "Required. Resource ID of the resource that needs to be connected to the network." + } + }, "applicationSecurityGroupResourceIds": { "type": "array", "nullable": true, @@ -1108,11 +952,18 @@ } }, "ipConfigurations": { - "$ref": "#/definitions/ipConfigurationsType", + "type": "array", + "nullable": true, "metadata": { "description": "Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints." } }, + "groupIds": { + "type": "array", + "metadata": { + "description": "Required. Subtype(s) of the connection to be created. The allowed values depend on the type serviceResourceId refers to." + } + }, "privateDnsZoneGroupName": { "type": "string", "nullable": true, @@ -1143,7 +994,7 @@ "roleAssignments": { "$ref": "#/definitions/roleAssignmentType", "metadata": { - "description": "Optional. Array of role assignments to create." + "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." } }, "tags": { @@ -1154,21 +1005,17 @@ } }, "customDnsConfigs": { - "$ref": "#/definitions/customDnsConfigType", + "type": "array", + "nullable": true, "metadata": { "description": "Optional. Custom DNS configurations." } }, "manualPrivateLinkServiceConnections": { - "$ref": "#/definitions/manualPrivateLinkServiceConnectionsType", - "metadata": { - "description": "Optional. A grouping of information about the connection to the remote resource. Used when the network admin does not have access to approve connections to the remote resource." - } - }, - "privateLinkServiceConnections": { - "$ref": "#/definitions/privateLinkServiceConnectionsType", + "type": "array", + "nullable": true, "metadata": { - "description": "Optional. A grouping of information about the connection to the remote resource." + "description": "Optional. Manual PrivateLink Service Connections." } }, "enableTelemetry": { @@ -1198,7 +1045,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2023-07-01", - "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.4.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.1.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -1234,7 +1081,15 @@ "customNetworkInterfaceName": "[coalesce(parameters('customNetworkInterfaceName'), '')]", "ipConfigurations": "[coalesce(parameters('ipConfigurations'), createArray())]", "manualPrivateLinkServiceConnections": "[coalesce(parameters('manualPrivateLinkServiceConnections'), createArray())]", - "privateLinkServiceConnections": "[coalesce(parameters('privateLinkServiceConnections'), createArray())]", + "privateLinkServiceConnections": [ + { + "name": "[parameters('name')]", + "properties": { + "privateLinkServiceId": "[parameters('serviceResourceId')]", + "groupIds": "[parameters('groupIds')]" + } + } + ], "subnet": { "id": "[parameters('subnetResourceId')]" } @@ -1264,7 +1119,7 @@ "scope": "[format('Microsoft.Network/privateEndpoints/{0}', parameters('name'))]", "name": "[guid(resourceId('Microsoft.Network/privateEndpoints', parameters('name')), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId, coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]", "properties": { - "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName), variables('builtInRoleNames')[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName], if(contains(coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName, '/providers/Microsoft.Authorization/roleDefinitions/'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)))]", + "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName), variables('builtInRoleNames')[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName], coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]", "principalId": "[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId]", "description": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'description')]", "principalType": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'principalType')]", @@ -1303,8 +1158,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "9321937464667207030" + "version": "0.21.1.54444", + "templateHash": "1698104586574073002" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -1415,13 +1270,6 @@ "description": "The location the resource was deployed into." }, "value": "[reference('privateEndpoint', '2023-04-01', 'full').location]" - }, - "groupId": { - "type": "string", - "metadata": { - "description": "The group Id for the private endpoint Group." - }, - "value": "[if(not(empty(reference('privateEndpoint').manualPrivateLinkServiceConnections)), reference('privateEndpoint').manualPrivateLinkServiceConnections[0].properties.groupIds[0], reference('privateEndpoint').privateLinkServiceConnections[0].properties.groupIds[0])]" } } } diff --git a/avm/res/desktop-virtualization/host-pool/tests/e2e/max/main.test.bicep b/avm/res/desktop-virtualization/host-pool/tests/e2e/max/main.test.bicep index bda485891a..1150a73b43 100644 --- a/avm/res/desktop-virtualization/host-pool/tests/e2e/max/main.test.bicep +++ b/avm/res/desktop-virtualization/host-pool/tests/e2e/max/main.test.bicep @@ -89,12 +89,6 @@ module testDeployment '../../../main.bicep' = { ] subnetResourceId: nestedDependencies.outputs.subnetResourceId } - { - privateDnsZoneResourceIds: [ - nestedDependencies.outputs.privateDNSZoneResourceId - ] - subnetResourceId: nestedDependencies.outputs.subnetResourceId - } ] loadBalancerType: 'BreadthFirst' location: resourceLocation @@ -159,8 +153,4 @@ module testDeployment '../../../main.bicep' = { ] } } - dependsOn: [ - nestedDependencies - diagnosticDependencies - ] } diff --git a/avm/res/desktop-virtualization/host-pool/tests/e2e/private-endpoint/dependencies.bicep b/avm/res/desktop-virtualization/host-pool/tests/e2e/private-endpoint/dependencies.bicep new file mode 100644 index 0000000000..f18c0628e3 --- /dev/null +++ b/avm/res/desktop-virtualization/host-pool/tests/e2e/private-endpoint/dependencies.bicep @@ -0,0 +1,49 @@ +@description('Optional. The location to deploy to.') +param location string = resourceGroup().location + +@description('Required. The name of the Virtual Network to create.') +param virtualNetworkName string + +var addressPrefix = '10.0.0.0/16' + +resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = { + name: virtualNetworkName + location: location + properties: { + addressSpace: { + addressPrefixes: [ + addressPrefix + ] + } + subnets: [ + { + name: 'defaultSubnet' + properties: { + addressPrefix: cidrSubnet(addressPrefix, 16, 0) + } + } + ] + } +} + +resource privateDNSZone 'Microsoft.Network/privateDnsZones@2020-06-01' = { + name: 'privatelink.wvd.microsoft.com' + location: 'global' + + resource virtualNetworkLinks 'virtualNetworkLinks@2020-06-01' = { + name: '${virtualNetwork.name}-vnetlink' + location: 'global' + properties: { + virtualNetwork: { + id: virtualNetwork.id + } + registrationEnabled: false + } + } +} + +@description('The resource ID of the created Virtual Network Subnet.') +output subnetResourceId string = virtualNetwork.properties.subnets[0].id + +@description('The resource ID of the created Private DNS Zone.') +output privateDNSZoneResourceId string = privateDNSZone.id diff --git a/avm/res/desktop-virtualization/host-pool/tests/e2e/private-endpoint/main.test.bicep b/avm/res/desktop-virtualization/host-pool/tests/e2e/private-endpoint/main.test.bicep new file mode 100644 index 0000000000..0cf73ba6a0 --- /dev/null +++ b/avm/res/desktop-virtualization/host-pool/tests/e2e/private-endpoint/main.test.bicep @@ -0,0 +1,61 @@ +targetScope = 'subscription' + +metadata name = 'Using Private Endpoints' +metadata description = 'This instance deploys the module with Private Endpoints.' + +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +param resourceGroupName string = 'dep-${namePrefix}-desktopvirtualization.hostpools-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param resourceLocation string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'dvhppe' + +@description('Optional. A token to inject into the name of each resource. This value can be automatically injected by the CI.') +param namePrefix string = '#_namePrefix_#' + +// ============ // +// Dependencies // +// ============ // + +// General resources +// ================= + +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: resourceLocation +} + +module nestedDependencies 'dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, resourceLocation)}-nestedDependencies' + params: { + virtualNetworkName: 'dep-${namePrefix}-vnet-${serviceShort}' + location: resourceLocation + } +} + +// ============== // +// Test Execution // +// ============== // + +@batchSize(1) +module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' ]: { + scope: resourceGroup + name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}' + params: { + name: '${namePrefix}${serviceShort}001' + location: resourceLocation + publicNetworkAccess: 'Disabled' + privateEndpoints: [ + { + privateDnsZoneResourceIds: [ + nestedDependencies.outputs.privateDNSZoneResourceId + ] + subnetResourceId: nestedDependencies.outputs.subnetResourceId + } + ] + } +}] diff --git a/avm/res/desktop-virtualization/host-pool/tests/e2e/waf-aligned/main.test.bicep b/avm/res/desktop-virtualization/host-pool/tests/e2e/waf-aligned/main.test.bicep index 91b13e6544..d77316a896 100644 --- a/avm/res/desktop-virtualization/host-pool/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/desktop-virtualization/host-pool/tests/e2e/waf-aligned/main.test.bicep @@ -67,7 +67,4 @@ module testDeployment '../../../main.bicep' = { Role: 'DeploymentValidation' } } - dependsOn: [ - diagnosticDependencies - ] } diff --git a/avm/res/desktop-virtualization/host-pool/version.json b/avm/res/desktop-virtualization/host-pool/version.json index 729ac87673..7245f14872 100644 --- a/avm/res/desktop-virtualization/host-pool/version.json +++ b/avm/res/desktop-virtualization/host-pool/version.json @@ -1,7 +1,7 @@ { - "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.2", - "pathFilters": [ - "./main.json" - ] -} \ No newline at end of file + "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", + "version": "0.1", + "pathFilters": [ + "./main.json" + ] + } \ No newline at end of file diff --git a/avm/res/desktop-virtualization/workspace/README.md b/avm/res/desktop-virtualization/workspace/README.md index 614a16878a..398a16117c 100644 --- a/avm/res/desktop-virtualization/workspace/README.md +++ b/avm/res/desktop-virtualization/workspace/README.md @@ -32,7 +32,8 @@ The following section provides usage examples for the module, which were used to - [Using only defaults](#example-1-using-only-defaults) - [Using large parameter set](#example-2-using-large-parameter-set) -- [WAF-aligned](#example-3-waf-aligned) +- [Using Private Endpoints](#example-3-using-private-endpoints) +- [WAF-aligned](#example-4-waf-aligned) ### Example 1: _Using only defaults_ @@ -372,7 +373,231 @@ module workspace 'br/public:avm/res/desktop-virtualization/workspace:'

-### Example 3: _WAF-aligned_ +### Example 3: _Using Private Endpoints_ + +This instance deploys the module with Private Endpoints. + + +

+ +via Bicep module + +```bicep +module workspace 'br/public:avm/res/desktop-virtualization/workspace:' = { + name: '${uniqueString(deployment().name, resourceLocation)}-test-dvwspe' + params: { + // Required parameters + name: 'dvwspe001' + // Non-required parameters + location: '' + privateEndpoints: [ + { + customDnsConfigs: [ + { + fqdn: 'abc.workspace.com' + ipAddresses: [ + '10.0.0.10' + '10.0.0.13' + ] + } + ] + ipConfigurations: [ + { + name: 'myIPconfig-feed1' + properties: { + groupId: 'feed' + memberName: 'web-r0' + privateIPAddress: '10.0.0.10' + } + } + { + name: 'myIPconfig-feed2' + properties: { + groupId: 'feed' + memberName: 'web-r1' + privateIPAddress: '10.0.0.13' + } + } + ] + privateDnsZoneResourceIds: [ + '' + ] + roleAssignments: [ + { + principalId: '' + principalType: 'ServicePrincipal' + roleDefinitionIdOrName: 'Reader' + } + ] + service: 'feed' + subnetResourceId: '' + tags: { + Environment: 'Non-Prod' + 'hidden-title': 'This is visible in the resource name' + Role: 'DeploymentValidation' + } + } + { + customDnsConfigs: [ + { + fqdn: 'abc.workspace.com' + ipAddresses: [ + '10.0.0.11' + ] + } + ] + ipConfigurations: [ + { + name: 'myIPconfig-global' + properties: { + groupId: 'global' + memberName: 'web' + privateIPAddress: '10.0.0.11' + } + } + ] + privateDnsZoneResourceIds: [ + '' + ] + roleAssignments: [ + { + principalId: '' + principalType: 'ServicePrincipal' + roleDefinitionIdOrName: 'Reader' + } + ] + service: 'global' + subnetResourceId: '' + tags: { + Environment: 'Non-Prod' + 'hidden-title': 'This is visible in the resource name' + Role: 'DeploymentValidation' + } + } + ] + publicNetworkAccess: 'Disabled' + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "name": { + "value": "dvwspe001" + }, + // Non-required parameters + "location": { + "value": "" + }, + "privateEndpoints": { + "value": [ + { + "customDnsConfigs": [ + { + "fqdn": "abc.workspace.com", + "ipAddresses": [ + "10.0.0.10", + "10.0.0.13" + ] + } + ], + "ipConfigurations": [ + { + "name": "myIPconfig-feed1", + "properties": { + "groupId": "feed", + "memberName": "web-r0", + "privateIPAddress": "10.0.0.10" + } + }, + { + "name": "myIPconfig-feed2", + "properties": { + "groupId": "feed", + "memberName": "web-r1", + "privateIPAddress": "10.0.0.13" + } + } + ], + "privateDnsZoneResourceIds": [ + "" + ], + "roleAssignments": [ + { + "principalId": "", + "principalType": "ServicePrincipal", + "roleDefinitionIdOrName": "Reader" + } + ], + "service": "feed", + "subnetResourceId": "", + "tags": { + "Environment": "Non-Prod", + "hidden-title": "This is visible in the resource name", + "Role": "DeploymentValidation" + } + }, + { + "customDnsConfigs": [ + { + "fqdn": "abc.workspace.com", + "ipAddresses": [ + "10.0.0.11" + ] + } + ], + "ipConfigurations": [ + { + "name": "myIPconfig-global", + "properties": { + "groupId": "global", + "memberName": "web", + "privateIPAddress": "10.0.0.11" + } + } + ], + "privateDnsZoneResourceIds": [ + "" + ], + "roleAssignments": [ + { + "principalId": "", + "principalType": "ServicePrincipal", + "roleDefinitionIdOrName": "Reader" + } + ], + "service": "global", + "subnetResourceId": "", + "tags": { + "Environment": "Non-Prod", + "hidden-title": "This is visible in the resource name", + "Role": "DeploymentValidation" + } + } + ] + }, + "publicNetworkAccess": { + "value": "Disabled" + } + } +} +``` + +
+

+ +### Example 4: _WAF-aligned_ This instance deploys the module in alignment with the best-practices of the Well-Architected Framework. @@ -685,10 +910,9 @@ Configuration details for private endpoints. | [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | | [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | | [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | -| [`isManualConnection`](#parameter-privateendpointsismanualconnection) | bool | If Manual Private Link Connection is required. | | [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | | [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | -| [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | A message passed to the owner of the remote resource with the manual connection request. | +| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | | [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | | [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. | | [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | @@ -815,13 +1039,6 @@ A private IP address obtained from the private endpoint's subnet. - Required: Yes - Type: string -### Parameter: `privateEndpoints.isManualConnection` - -If Manual Private Link Connection is required. - -- Required: No -- Type: bool - ### Parameter: `privateEndpoints.location` The location to deploy the private endpoint to. @@ -865,12 +1082,12 @@ Specify the name of lock. - Required: No - Type: string -### Parameter: `privateEndpoints.manualConnectionRequestMessage` +### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` -A message passed to the owner of the remote resource with the manual connection request. +Manual PrivateLink Service Connections. - Required: No -- Type: string +- Type: array ### Parameter: `privateEndpoints.name` @@ -1109,7 +1326,7 @@ This section gives you an overview of all local-referenced module files (i.e., o | Reference | Type | | :-- | :-- | -| `br/public:avm/res/network/private-endpoint:0.4.0` | Remote reference | +| `br/public:avm-res-network-privateendpoint:0.1.1` | Remote reference | ## Data Collection diff --git a/avm/res/desktop-virtualization/workspace/main.bicep b/avm/res/desktop-virtualization/workspace/main.bicep index b696e0baca..76b833e555 100644 --- a/avm/res/desktop-virtualization/workspace/main.bicep +++ b/avm/res/desktop-virtualization/workspace/main.bicep @@ -90,41 +90,22 @@ resource workspace 'Microsoft.DesktopVirtualization/workspaces@2022-10-14-previe } } -module workspace_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { +module workspace_privateEndpoints 'br/public:avm-res-network-privateendpoint:0.1.1' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-Workspace-PrivateEndpoint-${index}' params: { - name: privateEndpoint.?name ?? 'pep-${last(split(workspace.id, '/'))}-${privateEndpoint.?service ?? 'connection'}-${index}' - privateLinkServiceConnections: [ - { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(workspace.id, '/'))}-${privateEndpoint.?service ?? 'connection'}-${index}' - properties: { - privateLinkServiceId: workspace.id - groupIds: [ - privateEndpoint.?service ?? 'connection' - ] - } - } + groupIds: [ + privateEndpoint.service ] - manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ - { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(workspace.id, '/'))}-${privateEndpoint.?service ?? 'connection'}-${index}' - properties: { - privateLinkServiceId: workspace.id - groupIds: [ - privateEndpoint.?service ?? 'connection' - ] - requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' - } - } - ] : null + name: privateEndpoint.?name ?? 'pep-${last(split(workspace.id, '/'))}-${privateEndpoint.?service}-${index}' + serviceResourceId: workspace.id subnetResourceId: privateEndpoint.subnetResourceId - location: privateEndpoint.?location ?? reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location - lock: privateEndpoint.?lock ?? lock enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry + lock: privateEndpoint.?lock ?? lock privateDnsZoneGroupName: privateEndpoint.?privateDnsZoneGroupName privateDnsZoneResourceIds: privateEndpoint.?privateDnsZoneResourceIds roleAssignments: privateEndpoint.?roleAssignments tags: privateEndpoint.?tags ?? tags + manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections customDnsConfigs: privateEndpoint.?customDnsConfigs ipConfigurations: privateEndpoint.?ipConfigurations applicationSecurityGroupResourceIds: privateEndpoint.?applicationSecurityGroupResourceIds @@ -246,6 +227,7 @@ type roleAssignmentType = { }[]? type privateEndpointType = { + @sys.description('Optional. The name of the private endpoint.') name: string? @@ -264,13 +246,6 @@ type privateEndpointType = { @sys.description('Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.') privateDnsZoneResourceIds: string[]? - @sys.description('Optional. If Manual Private Link Connection is required.') - isManualConnection: bool? - - @sys.description('Optional. A message passed to the owner of the remote resource with the manual connection request.') - @maxLength(140) - manualConnectionRequestMessage: string? - @sys.description('Optional. Custom DNS configurations.') customDnsConfigs: { @sys.description('Required. Fqdn that resolves to private endpoint IP address.') @@ -313,6 +288,9 @@ type privateEndpointType = { @sys.description('Optional. Tags to be applied on all resources/resource groups in this deployment.') tags: object? + @sys.description('Optional. Manual PrivateLink Service Connections.') + manualPrivateLinkServiceConnections: array? + @sys.description('Optional. Enable/Disable usage telemetry for module.') enableTelemetry: bool? }[]? diff --git a/avm/res/desktop-virtualization/workspace/main.json b/avm/res/desktop-virtualization/workspace/main.json index 504dc0dc06..ac075c7a41 100644 --- a/avm/res/desktop-virtualization/workspace/main.json +++ b/avm/res/desktop-virtualization/workspace/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "1061929067377896447" + "templateHash": "4530090726614666900" }, "name": "Workspace", "description": "This module deploys an Azure Virtual Desktop Workspace.", @@ -215,21 +215,6 @@ "description": "Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones." } }, - "isManualConnection": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. If Manual Private Link Connection is required." - } - }, - "manualConnectionRequestMessage": { - "type": "string", - "nullable": true, - "maxLength": 140, - "metadata": { - "description": "Optional. A message passed to the owner of the remote resource with the manual connection request." - } - }, "customDnsConfigs": { "type": "array", "items": { @@ -338,6 +323,13 @@ "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." } }, + "manualPrivateLinkServiceConnections": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. Manual PrivateLink Service Connections." + } + }, "enableTelemetry": { "type": "bool", "nullable": true, @@ -585,35 +577,26 @@ }, "mode": "Incremental", "parameters": { - "name": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.DesktopVirtualization/workspaces', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'connection'), copyIndex()))]" - }, - "privateLinkServiceConnections": { + "groupIds": { "value": [ - { - "name": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.DesktopVirtualization/workspaces', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'connection'), copyIndex()))]", - "properties": { - "privateLinkServiceId": "[resourceId('Microsoft.DesktopVirtualization/workspaces', parameters('name'))]", - "groupIds": [ - "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'connection')]" - ] - } - } + "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service]" ] }, - "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.DesktopVirtualization/workspaces', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'connection'), copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.DesktopVirtualization/workspaces', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'connection')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", + "name": { + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.DesktopVirtualization/workspaces', parameters('name')), '/')), tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), copyIndex()))]" + }, + "serviceResourceId": { + "value": "[resourceId('Microsoft.DesktopVirtualization/workspaces', parameters('name'))]" + }, "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, - "location": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'location'), reference(split(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location)]" + "enableTelemetry": { + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'enableTelemetry'), parameters('enableTelemetry'))]" }, "lock": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'lock'), parameters('lock'))]" }, - "enableTelemetry": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'enableTelemetry'), parameters('enableTelemetry'))]" - }, "privateDnsZoneGroupName": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateDnsZoneGroupName')]" }, @@ -626,6 +609,9 @@ "tags": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'tags'), parameters('tags'))]" }, + "manualPrivateLinkServiceConnections": { + "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections')]" + }, "customDnsConfigs": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customDnsConfigs')]" }, @@ -646,8 +632,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "2592884001616184297" + "version": "0.21.1.54444", + "templateHash": "13152465847704433697" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -662,7 +648,7 @@ "roleDefinitionIdOrName": { "type": "string", "metadata": { - "description": "Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead." } }, "principalId": { @@ -696,7 +682,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" } }, "conditionVersion": { @@ -744,154 +730,6 @@ } }, "nullable": true - }, - "ipConfigurationsType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string", - "metadata": { - "description": "Required. The name of the resource that is unique within a resource group." - } - }, - "properties": { - "type": "object", - "properties": { - "groupId": { - "type": "string", - "metadata": { - "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to." - } - }, - "memberName": { - "type": "string", - "metadata": { - "description": "Required. The member name of a group obtained from the remote resource that this private endpoint should connect to." - } - }, - "privateIPAddress": { - "type": "string", - "metadata": { - "description": "Required. A private IP address obtained from the private endpoint's subnet." - } - } - }, - "metadata": { - "description": "Required. Properties of private endpoint IP configurations." - } - } - } - }, - "nullable": true - }, - "manualPrivateLinkServiceConnectionsType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string", - "metadata": { - "description": "Required. The name of the private link service connection." - } - }, - "properties": { - "type": "object", - "properties": { - "groupIds": { - "type": "array", - "metadata": { - "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to." - } - }, - "privateLinkServiceId": { - "type": "string", - "metadata": { - "description": "Required. The resource id of private link service." - } - }, - "requestMessage": { - "type": "string", - "metadata": { - "description": "Optional. A message passed to the owner of the remote resource with this connection request. Restricted to 140 chars." - } - } - }, - "metadata": { - "description": "Required. Properties of private link service connection." - } - } - } - }, - "nullable": true - }, - "privateLinkServiceConnectionsType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string", - "metadata": { - "description": "Required. The name of the private link service connection." - } - }, - "properties": { - "type": "object", - "properties": { - "groupIds": { - "type": "array", - "metadata": { - "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to." - } - }, - "privateLinkServiceId": { - "type": "string", - "metadata": { - "description": "Required. The resource id of private link service." - } - }, - "requestMessage": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. A message passed to the owner of the remote resource with this connection request. Restricted to 140 chars." - } - } - }, - "metadata": { - "description": "Required. Properties of private link service connection." - } - } - } - }, - "nullable": true - }, - "customDnsConfigType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "fqdn": { - "type": "string", - "metadata": { - "description": "Required. Fqdn that resolves to private endpoint IP address." - } - }, - "ipAddresses": { - "type": "array", - "items": { - "type": "string" - }, - "metadata": { - "description": "Required. A list of private IP addresses of the private endpoint." - } - } - } - }, - "nullable": true } }, "parameters": { @@ -907,6 +745,12 @@ "description": "Required. Resource ID of the subnet where the endpoint needs to be created." } }, + "serviceResourceId": { + "type": "string", + "metadata": { + "description": "Required. Resource ID of the resource that needs to be connected to the network." + } + }, "applicationSecurityGroupResourceIds": { "type": "array", "nullable": true, @@ -922,11 +766,18 @@ } }, "ipConfigurations": { - "$ref": "#/definitions/ipConfigurationsType", + "type": "array", + "nullable": true, "metadata": { "description": "Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints." } }, + "groupIds": { + "type": "array", + "metadata": { + "description": "Required. Subtype(s) of the connection to be created. The allowed values depend on the type serviceResourceId refers to." + } + }, "privateDnsZoneGroupName": { "type": "string", "nullable": true, @@ -957,7 +808,7 @@ "roleAssignments": { "$ref": "#/definitions/roleAssignmentType", "metadata": { - "description": "Optional. Array of role assignments to create." + "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." } }, "tags": { @@ -968,21 +819,17 @@ } }, "customDnsConfigs": { - "$ref": "#/definitions/customDnsConfigType", + "type": "array", + "nullable": true, "metadata": { "description": "Optional. Custom DNS configurations." } }, "manualPrivateLinkServiceConnections": { - "$ref": "#/definitions/manualPrivateLinkServiceConnectionsType", - "metadata": { - "description": "Optional. A grouping of information about the connection to the remote resource. Used when the network admin does not have access to approve connections to the remote resource." - } - }, - "privateLinkServiceConnections": { - "$ref": "#/definitions/privateLinkServiceConnectionsType", + "type": "array", + "nullable": true, "metadata": { - "description": "Optional. A grouping of information about the connection to the remote resource." + "description": "Optional. Manual PrivateLink Service Connections." } }, "enableTelemetry": { @@ -1012,7 +859,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2023-07-01", - "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.4.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.1.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -1048,7 +895,15 @@ "customNetworkInterfaceName": "[coalesce(parameters('customNetworkInterfaceName'), '')]", "ipConfigurations": "[coalesce(parameters('ipConfigurations'), createArray())]", "manualPrivateLinkServiceConnections": "[coalesce(parameters('manualPrivateLinkServiceConnections'), createArray())]", - "privateLinkServiceConnections": "[coalesce(parameters('privateLinkServiceConnections'), createArray())]", + "privateLinkServiceConnections": [ + { + "name": "[parameters('name')]", + "properties": { + "privateLinkServiceId": "[parameters('serviceResourceId')]", + "groupIds": "[parameters('groupIds')]" + } + } + ], "subnet": { "id": "[parameters('subnetResourceId')]" } @@ -1078,7 +933,7 @@ "scope": "[format('Microsoft.Network/privateEndpoints/{0}', parameters('name'))]", "name": "[guid(resourceId('Microsoft.Network/privateEndpoints', parameters('name')), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId, coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]", "properties": { - "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName), variables('builtInRoleNames')[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName], if(contains(coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName, '/providers/Microsoft.Authorization/roleDefinitions/'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)))]", + "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName), variables('builtInRoleNames')[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName], coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]", "principalId": "[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId]", "description": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'description')]", "principalType": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'principalType')]", @@ -1117,8 +972,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "9321937464667207030" + "version": "0.21.1.54444", + "templateHash": "1698104586574073002" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -1229,13 +1084,6 @@ "description": "The location the resource was deployed into." }, "value": "[reference('privateEndpoint', '2023-04-01', 'full').location]" - }, - "groupId": { - "type": "string", - "metadata": { - "description": "The group Id for the private endpoint Group." - }, - "value": "[if(not(empty(reference('privateEndpoint').manualPrivateLinkServiceConnections)), reference('privateEndpoint').manualPrivateLinkServiceConnections[0].properties.groupIds[0], reference('privateEndpoint').privateLinkServiceConnections[0].properties.groupIds[0])]" } } } diff --git a/avm/res/desktop-virtualization/workspace/tests/e2e/max/main.test.bicep b/avm/res/desktop-virtualization/workspace/tests/e2e/max/main.test.bicep index e81a1febd0..5cb9db486c 100644 --- a/avm/res/desktop-virtualization/workspace/tests/e2e/max/main.test.bicep +++ b/avm/res/desktop-virtualization/workspace/tests/e2e/max/main.test.bicep @@ -178,8 +178,4 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' name: 'myCustomLockName' } } - dependsOn: [ - nestedDependencies - diagnosticDependencies - ] }] diff --git a/avm/res/desktop-virtualization/workspace/tests/e2e/private-endpoint/dependencies.bicep b/avm/res/desktop-virtualization/workspace/tests/e2e/private-endpoint/dependencies.bicep new file mode 100644 index 0000000000..2e1877ac5d --- /dev/null +++ b/avm/res/desktop-virtualization/workspace/tests/e2e/private-endpoint/dependencies.bicep @@ -0,0 +1,59 @@ +@description('Optional. The location to deploy to.') +param location string = resourceGroup().location + +@description('Required. The name of the Virtual Network to create.') +param virtualNetworkName string + +@description('Required. The name of the Managed Identity to create.') +param managedIdentityName string + +var addressPrefix = '10.0.0.0/16' + +resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = { + name: managedIdentityName + location: location +} + +resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = { + name: virtualNetworkName + location: location + properties: { + addressSpace: { + addressPrefixes: [ + addressPrefix + ] + } + subnets: [ + { + name: 'defaultSubnet' + properties: { + addressPrefix: cidrSubnet(addressPrefix, 16, 0) + } + } + ] + } +} + +resource privateDNSZone 'Microsoft.Network/privateDnsZones@2020-06-01' = { + name: 'privatelink.wvd.microsoft.com' + location: 'global' + resource virtualNetworkLinks 'virtualNetworkLinks@2020-06-01' = { + name: '${virtualNetwork.name}-vnetlink' + location: 'global' + properties: { + virtualNetwork: { + id: virtualNetwork.id + } + registrationEnabled: false + } + } +} + +@description('The resource ID of the created Virtual Network Subnet.') +output subnetResourceId string = virtualNetwork.properties.subnets[0].id + +@description('The resource ID of the created Private DNS Zone.') +output privateDNSZoneResourceId string = privateDNSZone.id + +@description('The principal ID of the created Managed Identity.') +output managedIdentityPrincipalId string = managedIdentity.properties.principalId diff --git a/avm/res/desktop-virtualization/workspace/tests/e2e/private-endpoint/main.test.bicep b/avm/res/desktop-virtualization/workspace/tests/e2e/private-endpoint/main.test.bicep new file mode 100644 index 0000000000..2bef56353d --- /dev/null +++ b/avm/res/desktop-virtualization/workspace/tests/e2e/private-endpoint/main.test.bicep @@ -0,0 +1,139 @@ +targetScope = 'subscription' + +metadata name = 'Using Private Endpoints' +metadata description = 'This instance deploys the module with Private Endpoints.' + +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +param resourceGroupName string = 'dep-${namePrefix}-desktopvirtualization.workspace-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param resourceLocation string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'dvwspe' + +@description('Optional. A token to inject into the name of each resource. This value can be automatically injected by the CI.') +param namePrefix string = '#_namePrefix_#' + +// ============ // +// Dependencies // +// ============ // + +// General resources +// ================= + +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: resourceLocation +} + +module nestedDependencies 'dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, resourceLocation)}-nestedDependencies' + params: { + virtualNetworkName: 'dep-${namePrefix}-vnet-${serviceShort}' + location: resourceLocation + managedIdentityName: 'dvwspe-managedidentity' + } +} + +// ============== // +// Test Execution // +// ============== // + +@batchSize(1) +module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' ]: { + scope: resourceGroup + name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}' + params: { + name: '${namePrefix}${serviceShort}001' + location: resourceLocation + publicNetworkAccess: 'Disabled' + privateEndpoints: [ + { + service: 'feed' + privateDnsZoneResourceIds: [ + nestedDependencies.outputs.privateDNSZoneResourceId + ] + subnetResourceId: nestedDependencies.outputs.subnetResourceId + tags: { + 'hidden-title': 'This is visible in the resource name' + Environment: 'Non-Prod' + Role: 'DeploymentValidation' + } + roleAssignments: [ + { + roleDefinitionIdOrName: 'Reader' + principalId: nestedDependencies.outputs.managedIdentityPrincipalId + principalType: 'ServicePrincipal' + } + ] + ipConfigurations: [ + { + name: 'myIPconfig-feed1' + properties: { + groupId: 'feed' + memberName: 'web-r0' + privateIPAddress: '10.0.0.10' + } + } + { + name: 'myIPconfig-feed2' + properties: { + groupId: 'feed' + memberName: 'web-r1' + privateIPAddress: '10.0.0.13' + } + } + ] + customDnsConfigs: [ + { + fqdn: 'abc.workspace.com' + ipAddresses: [ + '10.0.0.10' + '10.0.0.13' + ] + } + ] + } + { + service: 'global' + privateDnsZoneResourceIds: [ + nestedDependencies.outputs.privateDNSZoneResourceId + ] + subnetResourceId: nestedDependencies.outputs.subnetResourceId + tags: { + 'hidden-title': 'This is visible in the resource name' + Environment: 'Non-Prod' + Role: 'DeploymentValidation' + } + roleAssignments: [ + { + roleDefinitionIdOrName: 'Reader' + principalId: nestedDependencies.outputs.managedIdentityPrincipalId + principalType: 'ServicePrincipal' + } + ] + ipConfigurations: [ + { + name: 'myIPconfig-global' + properties: { + groupId: 'global' + memberName: 'web' + privateIPAddress: '10.0.0.11' + } + } + ] + customDnsConfigs: [ + { + fqdn: 'abc.workspace.com' + ipAddresses: [ + '10.0.0.11' + ] + } + ] + } + ] + } +}] diff --git a/avm/res/desktop-virtualization/workspace/tests/e2e/waf-aligned/main.test.bicep b/avm/res/desktop-virtualization/workspace/tests/e2e/waf-aligned/main.test.bicep index 1103178216..6650e01b10 100644 --- a/avm/res/desktop-virtualization/workspace/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/desktop-virtualization/workspace/tests/e2e/waf-aligned/main.test.bicep @@ -68,7 +68,4 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } - dependsOn: [ - diagnosticDependencies - ] }] diff --git a/avm/res/desktop-virtualization/workspace/version.json b/avm/res/desktop-virtualization/workspace/version.json index 76049e1c4a..7245f14872 100644 --- a/avm/res/desktop-virtualization/workspace/version.json +++ b/avm/res/desktop-virtualization/workspace/version.json @@ -1,7 +1,7 @@ { - "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.3", - "pathFilters": [ - "./main.json" - ] -} \ No newline at end of file + "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", + "version": "0.1", + "pathFilters": [ + "./main.json" + ] + } \ No newline at end of file diff --git a/avm/res/document-db/database-account/README.md b/avm/res/document-db/database-account/README.md index 5202d4df23..beb99218f9 100644 --- a/avm/res/document-db/database-account/README.md +++ b/avm/res/document-db/database-account/README.md @@ -1132,13 +1132,6 @@ module databaseAccount 'br/public:avm/res/document-db/database-account: Role: 'DeploymentValidation' } } - { - privateDnsZoneResourceIds: [ - '' - ] - service: 'Sql' - subnetResourceId: '' - } ] roleAssignments: [ { @@ -1310,13 +1303,6 @@ module databaseAccount 'br/public:avm/res/document-db/database-account: "hidden-title": "This is visible in the resource name", "Role": "DeploymentValidation" } - }, - { - "privateDnsZoneResourceIds": [ - "" - ], - "service": "Sql", - "subnetResourceId": "" } ] }, @@ -1466,20 +1452,6 @@ module databaseAccount 'br/public:avm/res/document-db/database-account: } ] location: '' - privateEndpoints: [ - { - privateDnsZoneResourceIds: [ - '' - ] - service: 'Sql' - subnetResourceId: '' - tags: { - Environment: 'Non-Prod' - 'hidden-title': 'This is visible in the resource name' - Role: 'DeploymentValidation' - } - } - ] sqlDatabases: [ { containers: [ @@ -1570,22 +1542,6 @@ module databaseAccount 'br/public:avm/res/document-db/database-account: "location": { "value": "" }, - "privateEndpoints": { - "value": [ - { - "privateDnsZoneResourceIds": [ - "" - ], - "service": "Sql", - "subnetResourceId": "", - "tags": { - "Environment": "Non-Prod", - "hidden-title": "This is visible in the resource name", - "Role": "DeploymentValidation" - } - } - ] - }, "sqlDatabases": { "value": [ { @@ -2090,7 +2046,7 @@ Configuration details for private endpoints. For security reasons, it is recomme | Parameter | Type | Description | | :-- | :-- | :-- | -| [`service`](#parameter-privateendpointsservice) | string | The subresource to deploy the private endpoint for. For example "blob", "table", "queue" or "file". | +| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | | [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | string | Resource ID of the subnet where the endpoint needs to be created. | **Optional parameters** @@ -2102,10 +2058,9 @@ Configuration details for private endpoints. For security reasons, it is recomme | [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | | [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | | [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | -| [`isManualConnection`](#parameter-privateendpointsismanualconnection) | bool | If Manual Private Link Connection is required. | | [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | | [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | -| [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | A message passed to the owner of the remote resource with the manual connection request. | +| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | | [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | | [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | | [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | @@ -2114,7 +2069,7 @@ Configuration details for private endpoints. For security reasons, it is recomme ### Parameter: `privateEndpoints.service` -The subresource to deploy the private endpoint for. For example "blob", "table", "queue" or "file". +The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". - Required: Yes - Type: string @@ -2232,13 +2187,6 @@ A private ip address obtained from the private endpoint's subnet. - Required: Yes - Type: string -### Parameter: `privateEndpoints.isManualConnection` - -If Manual Private Link Connection is required. - -- Required: No -- Type: bool - ### Parameter: `privateEndpoints.location` The location to deploy the private endpoint to. @@ -2282,12 +2230,12 @@ Specify the name of lock. - Required: No - Type: string -### Parameter: `privateEndpoints.manualConnectionRequestMessage` +### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` -A message passed to the owner of the remote resource with the manual connection request. +Manual PrivateLink Service Connections. - Required: No -- Type: string +- Type: array ### Parameter: `privateEndpoints.name` @@ -2544,7 +2492,7 @@ This section gives you an overview of all local-referenced module files (i.e., o | Reference | Type | | :-- | :-- | -| `br/public:avm/res/network/private-endpoint:0.4.0` | Remote reference | +| `br/public:avm/res/network/private-endpoint:0.3.1` | Remote reference | ## Data Collection diff --git a/avm/res/document-db/database-account/main.bicep b/avm/res/document-db/database-account/main.bicep index 7adb1ac997..e472d947fc 100644 --- a/avm/res/document-db/database-account/main.bicep +++ b/avm/res/document-db/database-account/main.bicep @@ -317,33 +317,21 @@ module databaseAccount_gremlinDatabases 'gremlin-database/main.bicep' = [for gre } }] -module databaseAccount_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { +module databaseAccount_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.3.1' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-databaseAccount-PrivateEndpoint-${index}' params: { - name: privateEndpoint.?name ?? 'pep-${last(split(databaseAccount.id, '/'))}-${privateEndpoint.service}-${index}' - privateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections != true ? [ + privateLinkServiceConnections: [ { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(databaseAccount.id, '/'))}-${privateEndpoint.service}-${index}' + name: name properties: { privateLinkServiceId: databaseAccount.id groupIds: [ - privateEndpoint.service + privateEndpoint.?service ?? 'Sql' ] } } - ] : null - manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ - { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(databaseAccount.id, '/'))}-${privateEndpoint.service}-${index}' - properties: { - privateLinkServiceId: databaseAccount.id - groupIds: [ - privateEndpoint.service - ] - requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' - } - } - ] : null + ] + name: privateEndpoint.?name ?? 'pep-${last(split(databaseAccount.id, '/'))}-${privateEndpoint.?service ?? 'vault'}-${index}' subnetResourceId: privateEndpoint.subnetResourceId enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry location: privateEndpoint.?location ?? reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location @@ -352,6 +340,7 @@ module databaseAccount_privateEndpoints 'br/public:avm/res/network/private-endpo privateDnsZoneResourceIds: privateEndpoint.?privateDnsZoneResourceIds roleAssignments: privateEndpoint.?roleAssignments tags: privateEndpoint.?tags ?? tags + manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections customDnsConfigs: privateEndpoint.?customDnsConfigs ipConfigurations: privateEndpoint.?ipConfigurations applicationSecurityGroupResourceIds: privateEndpoint.?applicationSecurityGroupResourceIds @@ -424,7 +413,7 @@ type privateEndpointType = { @description('Optional. The location to deploy the private endpoint to.') location: string? - @description('Required. The subresource to deploy the private endpoint for. For example "blob", "table", "queue" or "file".') + @description('Required. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob".') service: string @description('Required. Resource ID of the subnet where the endpoint needs to be created.') @@ -436,13 +425,6 @@ type privateEndpointType = { @description('Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.') privateDnsZoneResourceIds: string[]? - @description('Optional. If Manual Private Link Connection is required.') - isManualConnection: bool? - - @description('Optional. A message passed to the owner of the remote resource with the manual connection request.') - @maxLength(140) - manualConnectionRequestMessage: string? - @description('Optional. Custom DNS configurations.') customDnsConfigs: { @description('Required. Fqdn that resolves to private endpoint ip address.') @@ -485,6 +467,9 @@ type privateEndpointType = { @description('Optional. Tags to be applied on all resources/resource groups in this deployment.') tags: object? + @description('Optional. Manual PrivateLink Service Connections.') + manualPrivateLinkServiceConnections: array? + @description('Optional. Enable/Disable usage telemetry for module.') enableTelemetry: bool? }[]? diff --git a/avm/res/document-db/database-account/main.json b/avm/res/document-db/database-account/main.json index 3a3f8d75a5..454bcda8db 100644 --- a/avm/res/document-db/database-account/main.json +++ b/avm/res/document-db/database-account/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "6178968809986230954" + "templateHash": "14608365683973460476" }, "name": "DocumentDB Database Accounts", "description": "This module deploys a DocumentDB Database Account.", @@ -149,7 +149,7 @@ "service": { "type": "string", "metadata": { - "description": "Required. The subresource to deploy the private endpoint for. For example \"blob\", \"table\", \"queue\" or \"file\"." + "description": "Required. The service (sub-) type to deploy the private endpoint for. For example \"vault\" or \"blob\"." } }, "subnetResourceId": { @@ -175,21 +175,6 @@ "description": "Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones." } }, - "isManualConnection": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. If Manual Private Link Connection is required." - } - }, - "manualConnectionRequestMessage": { - "type": "string", - "nullable": true, - "maxLength": 140, - "metadata": { - "description": "Optional. A message passed to the owner of the remote resource with the manual connection request." - } - }, "customDnsConfigs": { "type": "array", "items": { @@ -298,6 +283,13 @@ "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." } }, + "manualPrivateLinkServiceConnections": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. Manual PrivateLink Service Connections." + } + }, "enableTelemetry": { "type": "bool", "nullable": true, @@ -1723,11 +1715,22 @@ }, "mode": "Incremental", "parameters": { + "privateLinkServiceConnections": { + "value": [ + { + "name": "[parameters('name')]", + "properties": { + "privateLinkServiceId": "[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('name'))]", + "groupIds": [ + "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'Sql')]" + ] + } + } + ] + }, "name": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex()))]" + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'vault'), copyIndex()))]" }, - "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('name')), 'groupIds', createArray(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service))))), createObject('value', null()))]", - "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('name')), 'groupIds', createArray(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, @@ -1752,6 +1755,9 @@ "tags": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'tags'), parameters('tags'))]" }, + "manualPrivateLinkServiceConnections": { + "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections')]" + }, "customDnsConfigs": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customDnsConfigs')]" }, @@ -1772,8 +1778,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "2592884001616184297" + "version": "0.23.1.45101", + "templateHash": "2821141217598568122" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -1822,7 +1828,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" } }, "conditionVersion": { @@ -1900,7 +1906,7 @@ "privateIPAddress": { "type": "string", "metadata": { - "description": "Required. A private IP address obtained from the private endpoint's subnet." + "description": "Required. A private ip address obtained from the private endpoint's subnet." } } }, @@ -2003,7 +2009,7 @@ "fqdn": { "type": "string", "metadata": { - "description": "Required. Fqdn that resolves to private endpoint IP address." + "description": "Required. Fqdn that resolves to private endpoint ip address." } }, "ipAddresses": { @@ -2012,7 +2018,7 @@ "type": "string" }, "metadata": { - "description": "Required. A list of private IP addresses of the private endpoint." + "description": "Required. A list of private ip addresses of the private endpoint." } } } @@ -2138,7 +2144,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2023-07-01", - "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.4.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.3.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -2243,8 +2249,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "9321937464667207030" + "version": "0.23.1.45101", + "templateHash": "18168683629401652671" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -2355,13 +2361,6 @@ "description": "The location the resource was deployed into." }, "value": "[reference('privateEndpoint', '2023-04-01', 'full').location]" - }, - "groupId": { - "type": "string", - "metadata": { - "description": "The group Id for the private endpoint Group." - }, - "value": "[if(not(empty(reference('privateEndpoint').manualPrivateLinkServiceConnections)), reference('privateEndpoint').manualPrivateLinkServiceConnections[0].properties.groupIds[0], reference('privateEndpoint').privateLinkServiceConnections[0].properties.groupIds[0])]" } } } diff --git a/avm/res/document-db/database-account/tests/e2e/gremlindb/main.test.bicep b/avm/res/document-db/database-account/tests/e2e/gremlindb/main.test.bicep index 9931f2cbd2..ad94f42066 100644 --- a/avm/res/document-db/database-account/tests/e2e/gremlindb/main.test.bicep +++ b/avm/res/document-db/database-account/tests/e2e/gremlindb/main.test.bicep @@ -170,8 +170,4 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } - dependsOn: [ - nestedDependencies - diagnosticDependencies - ] }] diff --git a/avm/res/document-db/database-account/tests/e2e/mongodb/main.test.bicep b/avm/res/document-db/database-account/tests/e2e/mongodb/main.test.bicep index 463ff7708e..48b812836a 100644 --- a/avm/res/document-db/database-account/tests/e2e/mongodb/main.test.bicep +++ b/avm/res/document-db/database-account/tests/e2e/mongodb/main.test.bicep @@ -304,8 +304,4 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } - dependsOn: [ - nestedDependencies - diagnosticDependencies - ] }] diff --git a/avm/res/document-db/database-account/tests/e2e/plain/main.test.bicep b/avm/res/document-db/database-account/tests/e2e/plain/main.test.bicep index c67998598b..15f0bddb53 100644 --- a/avm/res/document-db/database-account/tests/e2e/plain/main.test.bicep +++ b/avm/res/document-db/database-account/tests/e2e/plain/main.test.bicep @@ -119,8 +119,4 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } - dependsOn: [ - nestedDependencies - diagnosticDependencies - ] }] diff --git a/avm/res/document-db/database-account/tests/e2e/sqldb/dependencies.bicep b/avm/res/document-db/database-account/tests/e2e/sqldb/dependencies.bicep index cd88a1370a..9068571d83 100644 --- a/avm/res/document-db/database-account/tests/e2e/sqldb/dependencies.bicep +++ b/avm/res/document-db/database-account/tests/e2e/sqldb/dependencies.bicep @@ -30,19 +30,7 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = { { name: 'defaultSubnet' properties: { - addressPrefix: cidrSubnet(addressPrefix, 20, 0) - } - } - { - name: 'custom-private-subnet' - properties: { - addressPrefix: cidrSubnet(addressPrefix, 20, 1) - } - } - { - name: 'custom-private-subnet-2' - properties: { - addressPrefix: cidrSubnet(addressPrefix, 20, 2) + addressPrefix: cidrSubnet(addressPrefix, 16, 0) } } ] @@ -104,14 +92,8 @@ output managedIdentityPrincipalId string = managedIdentity.properties.principalI @description('The resource ID of the created Managed Identity.') output managedIdentityResourceId string = managedIdentity.id -@description('The resource ID of the created Virtual Network Default Subnet.') -output defaultSubnetResourceId string = virtualNetwork.properties.subnets[0].id - -@description('The resource ID of the 2nd created Virtual Network Subnet.') -output customSubnet1ResourceId string = virtualNetwork.properties.subnets[1].id - -@description('The resource ID of the 3rd created Virtual Network Subnet.') -output customSubnet2ResourceId string = virtualNetwork.properties.subnets[2].id +@description('The resource ID of the created Virtual Network Subnet.') +output subnetResourceId string = virtualNetwork.properties.subnets[0].id @description('The resource ID of the created Private DNS Zone.') output privateDNSZoneResourceId string = privateDNSZone.id diff --git a/avm/res/document-db/database-account/tests/e2e/sqldb/main.test.bicep b/avm/res/document-db/database-account/tests/e2e/sqldb/main.test.bicep index 4a839dd38f..70a0d82469 100644 --- a/avm/res/document-db/database-account/tests/e2e/sqldb/main.test.bicep +++ b/avm/res/document-db/database-account/tests/e2e/sqldb/main.test.bicep @@ -98,20 +98,13 @@ module testDeployment '../../../main.bicep' = { nestedDependencies.outputs.privateDNSZoneResourceId ] service: 'Sql' - subnetResourceId: nestedDependencies.outputs.customSubnet1ResourceId + subnetResourceId: nestedDependencies.outputs.subnetResourceId tags: { 'hidden-title': 'This is visible in the resource name' Environment: 'Non-Prod' Role: 'DeploymentValidation' } } - { - privateDnsZoneResourceIds: [ - nestedDependencies.outputs.privateDNSZoneResourceId - ] - service: 'Sql' - subnetResourceId: nestedDependencies.outputs.customSubnet2ResourceId - } ] roleAssignments: [ { @@ -215,8 +208,4 @@ module testDeployment '../../../main.bicep' = { Role: 'DeploymentValidation' } } - dependsOn: [ - nestedDependencies - diagnosticDependencies - ] } diff --git a/avm/res/document-db/database-account/tests/e2e/waf-aligned/dependencies.bicep b/avm/res/document-db/database-account/tests/e2e/waf-aligned/dependencies.bicep index e42185366b..d9e107c4ea 100644 --- a/avm/res/document-db/database-account/tests/e2e/waf-aligned/dependencies.bicep +++ b/avm/res/document-db/database-account/tests/e2e/waf-aligned/dependencies.bicep @@ -4,50 +4,9 @@ param location string = resourceGroup().location @description('Required. The name of the Managed Identity to create.') param managedIdentityName string -@description('Required. The name of the Virtual Network to create.') -param virtualNetworkName string - @description('Required. The name of the Deployment Script to create to get the paired region name.') param pairedRegionScriptName string -var addressPrefix = '10.0.0.0/16' - -resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = { - name: virtualNetworkName - location: location - properties: { - addressSpace: { - addressPrefixes: [ - addressPrefix - ] - } - subnets: [ - { - name: 'defaultSubnet' - properties: { - addressPrefix: cidrSubnet(addressPrefix, 16, 0) - } - } - ] - } -} - -resource privateDNSZone 'Microsoft.Network/privateDnsZones@2020-06-01' = { - name: 'privatelink.documents.azure.com' - location: 'global' - - resource virtualNetworkLinks 'virtualNetworkLinks@2020-06-01' = { - name: '${virtualNetwork.name}-vnetlink' - location: 'global' - properties: { - virtualNetwork: { - id: virtualNetwork.id - } - registrationEnabled: false - } - } -} - resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = { name: managedIdentityName location: location @@ -85,9 +44,3 @@ resource getPairedRegionScript 'Microsoft.Resources/deploymentScripts@2020-10-01 @description('The name of the paired region.') output pairedRegionName string = getPairedRegionScript.properties.outputs.pairedRegionName - -@description('The resource ID of the created Virtual Network Subnet.') -output subnetResourceId string = virtualNetwork.properties.subnets[0].id - -@description('The resource ID of the created Private DNS Zone.') -output privateDNSZoneResourceId string = privateDNSZone.id diff --git a/avm/res/document-db/database-account/tests/e2e/waf-aligned/main.test.bicep b/avm/res/document-db/database-account/tests/e2e/waf-aligned/main.test.bicep index 7829519f3d..4f9c11197e 100644 --- a/avm/res/document-db/database-account/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/document-db/database-account/tests/e2e/waf-aligned/main.test.bicep @@ -38,7 +38,6 @@ module nestedDependencies 'dependencies.bicep' = { name: '${uniqueString(deployment().name, resourceLocation)}-nestedDependencies' params: { managedIdentityName: 'dep-${namePrefix}-msi-${serviceShort}' - virtualNetworkName: 'dep-${namePrefix}-vnet-${serviceShort}' pairedRegionScriptName: 'dep-${namePrefix}-ds-${serviceShort}' location: resourceLocation } @@ -88,20 +87,6 @@ module testDeployment '../../../main.bicep' = { } ] location: resourceLocation - privateEndpoints: [ - { - privateDnsZoneResourceIds: [ - nestedDependencies.outputs.privateDNSZoneResourceId - ] - service: 'Sql' - subnetResourceId: nestedDependencies.outputs.subnetResourceId - tags: { - 'hidden-title': 'This is visible in the resource name' - Environment: 'Non-Prod' - Role: 'DeploymentValidation' - } - } - ] sqlDatabases: [ { containers: [ @@ -145,8 +130,4 @@ module testDeployment '../../../main.bicep' = { Role: 'DeploymentValidation' } } - dependsOn: [ - nestedDependencies - diagnosticDependencies - ] } diff --git a/avm/res/document-db/database-account/version.json b/avm/res/document-db/database-account/version.json index c177b1bb58..83083db694 100644 --- a/avm/res/document-db/database-account/version.json +++ b/avm/res/document-db/database-account/version.json @@ -1,6 +1,6 @@ { "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.3", + "version": "0.1", "pathFilters": [ "./main.json" ] diff --git a/avm/res/event-grid/domain/README.md b/avm/res/event-grid/domain/README.md index 229f56e444..10afb3de29 100644 --- a/avm/res/event-grid/domain/README.md +++ b/avm/res/event-grid/domain/README.md @@ -33,7 +33,8 @@ The following section provides usage examples for the module, which were used to - [Using only defaults](#example-1-using-only-defaults) - [Using large parameter set](#example-2-using-large-parameter-set) -- [WAF-aligned](#example-3-waf-aligned) +- [Using private endpoint](#example-3-using-private-endpoint) +- [WAF-aligned](#example-4-waf-aligned) ### Example 1: _Using only defaults_ @@ -129,6 +130,7 @@ module domain 'br/public:avm/res/event-grid/domain:' = { privateDnsZoneResourceIds: [ '' ] + service: 'domain' subnetResourceId: '' tags: { Environment: 'Non-Prod' @@ -136,12 +138,6 @@ module domain 'br/public:avm/res/event-grid/domain:' = { Role: 'DeploymentValidation' } } - { - privateDnsZoneResourceIds: [ - '' - ] - subnetResourceId: '' - } ] roleAssignments: [ { @@ -228,18 +224,13 @@ module domain 'br/public:avm/res/event-grid/domain:' = { "privateDnsZoneResourceIds": [ "" ], + "service": "domain", "subnetResourceId": "", "tags": { "Environment": "Non-Prod", "hidden-title": "This is visible in the resource name", "Role": "DeploymentValidation" } - }, - { - "privateDnsZoneResourceIds": [ - "" - ], - "subnetResourceId": "" } ] }, @@ -281,7 +272,95 @@ module domain 'br/public:avm/res/event-grid/domain:' = {

-### Example 3: _WAF-aligned_ +### Example 3: _Using private endpoint_ + +This instance deploys the module with private endpoint. + + +

+ +via Bicep module + +```bicep +module domain 'br/public:avm/res/event-grid/domain:' = { + name: '${uniqueString(deployment().name, resourceLocation)}-test-egdpe' + params: { + // Required parameters + name: 'egdpe001' + // Non-required parameters + location: '' + privateEndpoints: [ + { + privateDnsZoneResourceIds: [ + '' + ] + subnetResourceId: '' + tags: { + Environment: 'Non-Prod' + 'hidden-title': 'This is visible in the resource name' + Role: 'DeploymentValidation' + } + } + ] + tags: { + Environment: 'Non-Prod' + 'hidden-title': 'This is visible in the resource name' + Role: 'DeploymentValidation' + } + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "name": { + "value": "egdpe001" + }, + // Non-required parameters + "location": { + "value": "" + }, + "privateEndpoints": { + "value": [ + { + "privateDnsZoneResourceIds": [ + "" + ], + "subnetResourceId": "", + "tags": { + "Environment": "Non-Prod", + "hidden-title": "This is visible in the resource name", + "Role": "DeploymentValidation" + } + } + ] + }, + "tags": { + "value": { + "Environment": "Non-Prod", + "hidden-title": "This is visible in the resource name", + "Role": "DeploymentValidation" + } + } + } +} +``` + +
+

+ +### Example 4: _WAF-aligned_ This instance deploys the module in alignment with the best-practices of the Azure Well-Architected Framework. @@ -738,15 +817,14 @@ Configuration details for private endpoints. For security reasons, it is recomme | [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | | [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | | [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | -| [`isManualConnection`](#parameter-privateendpointsismanualconnection) | bool | If Manual Private Link Connection is required. | | [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | | [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | -| [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | A message passed to the owner of the remote resource with the manual connection request. | +| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | | [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | -| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. | +| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | | [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | | [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | -| [`service`](#parameter-privateendpointsservice) | string | The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". | +| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | | [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | ### Parameter: `privateEndpoints.subnetResourceId` @@ -774,19 +852,19 @@ Custom DNS configurations. | Parameter | Type | Description | | :-- | :-- | :-- | -| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | string | Fqdn that resolves to private endpoint IP address. | -| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | array | A list of private IP addresses of the private endpoint. | +| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | string | Fqdn that resolves to private endpoint ip address. | +| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | array | A list of private ip addresses of the private endpoint. | ### Parameter: `privateEndpoints.customDnsConfigs.fqdn` -Fqdn that resolves to private endpoint IP address. +Fqdn that resolves to private endpoint ip address. - Required: No - Type: string ### Parameter: `privateEndpoints.customDnsConfigs.ipAddresses` -A list of private IP addresses of the private endpoint. +A list of private ip addresses of the private endpoint. - Required: Yes - Type: array @@ -839,7 +917,7 @@ Properties of private endpoint IP configurations. | :-- | :-- | :-- | | [`groupId`](#parameter-privateendpointsipconfigurationspropertiesgroupid) | string | The ID of a group obtained from the remote resource that this private endpoint should connect to. | | [`memberName`](#parameter-privateendpointsipconfigurationspropertiesmembername) | string | The member name of a group obtained from the remote resource that this private endpoint should connect to. | -| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | string | A private IP address obtained from the private endpoint's subnet. | +| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | string | A private ip address obtained from the private endpoint's subnet. | ### Parameter: `privateEndpoints.ipConfigurations.properties.groupId` @@ -857,18 +935,11 @@ The member name of a group obtained from the remote resource that this private e ### Parameter: `privateEndpoints.ipConfigurations.properties.privateIPAddress` -A private IP address obtained from the private endpoint's subnet. +A private ip address obtained from the private endpoint's subnet. - Required: Yes - Type: string -### Parameter: `privateEndpoints.isManualConnection` - -If Manual Private Link Connection is required. - -- Required: No -- Type: bool - ### Parameter: `privateEndpoints.location` The location to deploy the private endpoint to. @@ -912,12 +983,12 @@ Specify the name of lock. - Required: No - Type: string -### Parameter: `privateEndpoints.manualConnectionRequestMessage` +### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` -A message passed to the owner of the remote resource with the manual connection request. +Manual PrivateLink Service Connections. - Required: No -- Type: string +- Type: array ### Parameter: `privateEndpoints.name` @@ -928,7 +999,7 @@ The name of the private endpoint. ### Parameter: `privateEndpoints.privateDnsZoneGroupName` -The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. +The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. - Required: No - Type: string @@ -1031,7 +1102,7 @@ The principal type of the assigned principal ID. ### Parameter: `privateEndpoints.service` -The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". +The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". - Required: No - Type: string @@ -1179,7 +1250,7 @@ This section gives you an overview of all local-referenced module files (i.e., o | Reference | Type | | :-- | :-- | -| `br/public:avm/res/network/private-endpoint:0.4.0` | Remote reference | +| `br/public:avm-res-network-privateendpoint:0.1.1` | Remote reference | ## Data Collection diff --git a/avm/res/event-grid/domain/main.bicep b/avm/res/event-grid/domain/main.bicep index 2b02292287..7cf3d9fa9e 100644 --- a/avm/res/event-grid/domain/main.bicep +++ b/avm/res/event-grid/domain/main.bicep @@ -143,45 +143,27 @@ resource domain_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-0 scope: domain }] -module domain_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { - name: '${uniqueString(deployment().name, location)}-Domain-PrivateEndpoint-${index}' +module domain_privateEndpoints 'br/public:avm-res-network-privateendpoint:0.1.1' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { + name: '${uniqueString(deployment().name, location)}-domain-PrivateEndpoint-${index}' params: { - name: privateEndpoint.?name ?? 'pep-${last(split(domain.id, '/'))}-${privateEndpoint.?service ?? 'domain'}-${index}' - privateLinkServiceConnections: [ - { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(domain.id, '/'))}-${privateEndpoint.?service ?? 'domain'}-${index}' - properties: { - privateLinkServiceId: domain.id - groupIds: [ - privateEndpoint.?service ?? 'domain' - ] - } - } + groupIds: [ + privateEndpoint.?service ?? 'domain' ] - manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ - { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(domain.id, '/'))}-${privateEndpoint.?service ?? 'domain'}-${index}' - properties: { - privateLinkServiceId: domain.id - groupIds: [ - privateEndpoint.?service ?? 'domain' - ] - requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' - } - } - ] : null + name: privateEndpoint.?name ?? 'pep-${last(split(domain.id, '/'))}-${privateEndpoint.?service ?? 'domain'}-${index}' + serviceResourceId: domain.id subnetResourceId: privateEndpoint.subnetResourceId location: privateEndpoint.?location ?? reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location lock: privateEndpoint.?lock ?? lock - enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry privateDnsZoneGroupName: privateEndpoint.?privateDnsZoneGroupName privateDnsZoneResourceIds: privateEndpoint.?privateDnsZoneResourceIds roleAssignments: privateEndpoint.?roleAssignments tags: privateEndpoint.?tags ?? tags + manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections customDnsConfigs: privateEndpoint.?customDnsConfigs ipConfigurations: privateEndpoint.?ipConfigurations applicationSecurityGroupResourceIds: privateEndpoint.?applicationSecurityGroupResourceIds customNetworkInterfaceName: privateEndpoint.?customNetworkInterfaceName + enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry } }] @@ -264,31 +246,24 @@ type privateEndpointType = { @description('Optional. The location to deploy the private endpoint to.') location: string? - @description('Optional. The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory".') + @description('Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob".') service: string? @description('Required. Resource ID of the subnet where the endpoint needs to be created.') subnetResourceId: string - @description('Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided.') + @description('Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided.') privateDnsZoneGroupName: string? @description('Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.') privateDnsZoneResourceIds: string[]? - @description('Optional. If Manual Private Link Connection is required.') - isManualConnection: bool? - - @description('Optional. A message passed to the owner of the remote resource with the manual connection request.') - @maxLength(140) - manualConnectionRequestMessage: string? - @description('Optional. Custom DNS configurations.') customDnsConfigs: { - @description('Required. Fqdn that resolves to private endpoint IP address.') + @description('Required. Fqdn that resolves to private endpoint ip address.') fqdn: string? - @description('Required. A list of private IP addresses of the private endpoint.') + @description('Required. A list of private ip addresses of the private endpoint.') ipAddresses: string[] }[]? @@ -305,7 +280,7 @@ type privateEndpointType = { @description('Required. The member name of a group obtained from the remote resource that this private endpoint should connect to.') memberName: string - @description('Required. A private IP address obtained from the private endpoint\'s subnet.') + @description('Required. A private ip address obtained from the private endpoint\'s subnet.') privateIPAddress: string } }[]? @@ -325,6 +300,9 @@ type privateEndpointType = { @description('Optional. Tags to be applied on all resources/resource groups in this deployment.') tags: object? + @description('Optional. Manual PrivateLink Service Connections.') + manualPrivateLinkServiceConnections: array? + @description('Optional. Enable/Disable usage telemetry for module.') enableTelemetry: bool? }[]? diff --git a/avm/res/event-grid/domain/main.json b/avm/res/event-grid/domain/main.json index 287a5989c6..6c5b06c183 100644 --- a/avm/res/event-grid/domain/main.json +++ b/avm/res/event-grid/domain/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "7406933903897002331" + "templateHash": "13095982235255644248" }, "name": "Event Grid Domains", "description": "This module deploys an Event Grid Domain.", @@ -150,7 +150,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The subresource to deploy the private endpoint for. For example \"vault\", \"mysqlServer\" or \"dataFactory\"." + "description": "Optional. The service (sub-) type to deploy the private endpoint for. For example \"vault\" or \"blob\"." } }, "subnetResourceId": { @@ -163,7 +163,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided." + "description": "Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided." } }, "privateDnsZoneResourceIds": { @@ -176,21 +176,6 @@ "description": "Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones." } }, - "isManualConnection": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. If Manual Private Link Connection is required." - } - }, - "manualConnectionRequestMessage": { - "type": "string", - "nullable": true, - "maxLength": 140, - "metadata": { - "description": "Optional. A message passed to the owner of the remote resource with the manual connection request." - } - }, "customDnsConfigs": { "type": "array", "items": { @@ -200,7 +185,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Required. Fqdn that resolves to private endpoint IP address." + "description": "Required. Fqdn that resolves to private endpoint ip address." } }, "ipAddresses": { @@ -209,7 +194,7 @@ "type": "string" }, "metadata": { - "description": "Required. A list of private IP addresses of the private endpoint." + "description": "Required. A list of private ip addresses of the private endpoint." } } } @@ -248,7 +233,7 @@ "privateIPAddress": { "type": "string", "metadata": { - "description": "Required. A private IP address obtained from the private endpoint's subnet." + "description": "Required. A private ip address obtained from the private endpoint's subnet." } } }, @@ -299,6 +284,13 @@ "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." } }, + "manualPrivateLinkServiceConnections": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. Manual PrivateLink Service Connections." + } + }, "enableTelemetry": { "type": "bool", "nullable": true, @@ -756,30 +748,24 @@ }, "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('{0}-Domain-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "name": "[format('{0}-domain-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { "scope": "inner" }, "mode": "Incremental", "parameters": { + "groupIds": { + "value": [ + "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'domain')]" + ] + }, "name": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.EventGrid/domains', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'domain'), copyIndex()))]" }, - "privateLinkServiceConnections": { - "value": [ - { - "name": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.EventGrid/domains', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'domain'), copyIndex()))]", - "properties": { - "privateLinkServiceId": "[resourceId('Microsoft.EventGrid/domains', parameters('name'))]", - "groupIds": [ - "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'domain')]" - ] - } - } - ] + "serviceResourceId": { + "value": "[resourceId('Microsoft.EventGrid/domains', parameters('name'))]" }, - "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.EventGrid/domains', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'domain'), copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.EventGrid/domains', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'domain')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, @@ -789,9 +775,6 @@ "lock": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'lock'), parameters('lock'))]" }, - "enableTelemetry": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'enableTelemetry'), parameters('enableTelemetry'))]" - }, "privateDnsZoneGroupName": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateDnsZoneGroupName')]" }, @@ -804,6 +787,9 @@ "tags": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'tags'), parameters('tags'))]" }, + "manualPrivateLinkServiceConnections": { + "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections')]" + }, "customDnsConfigs": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customDnsConfigs')]" }, @@ -815,6 +801,9 @@ }, "customNetworkInterfaceName": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customNetworkInterfaceName')]" + }, + "enableTelemetry": { + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'enableTelemetry'), parameters('enableTelemetry'))]" } }, "template": { @@ -824,8 +813,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "2592884001616184297" + "version": "0.21.1.54444", + "templateHash": "13152465847704433697" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -840,7 +829,7 @@ "roleDefinitionIdOrName": { "type": "string", "metadata": { - "description": "Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead." } }, "principalId": { @@ -874,7 +863,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" } }, "conditionVersion": { @@ -922,154 +911,6 @@ } }, "nullable": true - }, - "ipConfigurationsType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string", - "metadata": { - "description": "Required. The name of the resource that is unique within a resource group." - } - }, - "properties": { - "type": "object", - "properties": { - "groupId": { - "type": "string", - "metadata": { - "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to." - } - }, - "memberName": { - "type": "string", - "metadata": { - "description": "Required. The member name of a group obtained from the remote resource that this private endpoint should connect to." - } - }, - "privateIPAddress": { - "type": "string", - "metadata": { - "description": "Required. A private IP address obtained from the private endpoint's subnet." - } - } - }, - "metadata": { - "description": "Required. Properties of private endpoint IP configurations." - } - } - } - }, - "nullable": true - }, - "manualPrivateLinkServiceConnectionsType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string", - "metadata": { - "description": "Required. The name of the private link service connection." - } - }, - "properties": { - "type": "object", - "properties": { - "groupIds": { - "type": "array", - "metadata": { - "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to." - } - }, - "privateLinkServiceId": { - "type": "string", - "metadata": { - "description": "Required. The resource id of private link service." - } - }, - "requestMessage": { - "type": "string", - "metadata": { - "description": "Optional. A message passed to the owner of the remote resource with this connection request. Restricted to 140 chars." - } - } - }, - "metadata": { - "description": "Required. Properties of private link service connection." - } - } - } - }, - "nullable": true - }, - "privateLinkServiceConnectionsType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string", - "metadata": { - "description": "Required. The name of the private link service connection." - } - }, - "properties": { - "type": "object", - "properties": { - "groupIds": { - "type": "array", - "metadata": { - "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to." - } - }, - "privateLinkServiceId": { - "type": "string", - "metadata": { - "description": "Required. The resource id of private link service." - } - }, - "requestMessage": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. A message passed to the owner of the remote resource with this connection request. Restricted to 140 chars." - } - } - }, - "metadata": { - "description": "Required. Properties of private link service connection." - } - } - } - }, - "nullable": true - }, - "customDnsConfigType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "fqdn": { - "type": "string", - "metadata": { - "description": "Required. Fqdn that resolves to private endpoint IP address." - } - }, - "ipAddresses": { - "type": "array", - "items": { - "type": "string" - }, - "metadata": { - "description": "Required. A list of private IP addresses of the private endpoint." - } - } - } - }, - "nullable": true } }, "parameters": { @@ -1085,6 +926,12 @@ "description": "Required. Resource ID of the subnet where the endpoint needs to be created." } }, + "serviceResourceId": { + "type": "string", + "metadata": { + "description": "Required. Resource ID of the resource that needs to be connected to the network." + } + }, "applicationSecurityGroupResourceIds": { "type": "array", "nullable": true, @@ -1100,11 +947,18 @@ } }, "ipConfigurations": { - "$ref": "#/definitions/ipConfigurationsType", + "type": "array", + "nullable": true, "metadata": { "description": "Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints." } }, + "groupIds": { + "type": "array", + "metadata": { + "description": "Required. Subtype(s) of the connection to be created. The allowed values depend on the type serviceResourceId refers to." + } + }, "privateDnsZoneGroupName": { "type": "string", "nullable": true, @@ -1135,7 +989,7 @@ "roleAssignments": { "$ref": "#/definitions/roleAssignmentType", "metadata": { - "description": "Optional. Array of role assignments to create." + "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." } }, "tags": { @@ -1146,21 +1000,17 @@ } }, "customDnsConfigs": { - "$ref": "#/definitions/customDnsConfigType", + "type": "array", + "nullable": true, "metadata": { "description": "Optional. Custom DNS configurations." } }, "manualPrivateLinkServiceConnections": { - "$ref": "#/definitions/manualPrivateLinkServiceConnectionsType", - "metadata": { - "description": "Optional. A grouping of information about the connection to the remote resource. Used when the network admin does not have access to approve connections to the remote resource." - } - }, - "privateLinkServiceConnections": { - "$ref": "#/definitions/privateLinkServiceConnectionsType", + "type": "array", + "nullable": true, "metadata": { - "description": "Optional. A grouping of information about the connection to the remote resource." + "description": "Optional. Manual PrivateLink Service Connections." } }, "enableTelemetry": { @@ -1190,7 +1040,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2023-07-01", - "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.4.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.1.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -1226,7 +1076,15 @@ "customNetworkInterfaceName": "[coalesce(parameters('customNetworkInterfaceName'), '')]", "ipConfigurations": "[coalesce(parameters('ipConfigurations'), createArray())]", "manualPrivateLinkServiceConnections": "[coalesce(parameters('manualPrivateLinkServiceConnections'), createArray())]", - "privateLinkServiceConnections": "[coalesce(parameters('privateLinkServiceConnections'), createArray())]", + "privateLinkServiceConnections": [ + { + "name": "[parameters('name')]", + "properties": { + "privateLinkServiceId": "[parameters('serviceResourceId')]", + "groupIds": "[parameters('groupIds')]" + } + } + ], "subnet": { "id": "[parameters('subnetResourceId')]" } @@ -1256,7 +1114,7 @@ "scope": "[format('Microsoft.Network/privateEndpoints/{0}', parameters('name'))]", "name": "[guid(resourceId('Microsoft.Network/privateEndpoints', parameters('name')), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId, coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]", "properties": { - "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName), variables('builtInRoleNames')[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName], if(contains(coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName, '/providers/Microsoft.Authorization/roleDefinitions/'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)))]", + "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName), variables('builtInRoleNames')[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName], coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]", "principalId": "[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId]", "description": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'description')]", "principalType": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'principalType')]", @@ -1295,8 +1153,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "9321937464667207030" + "version": "0.21.1.54444", + "templateHash": "1698104586574073002" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -1407,13 +1265,6 @@ "description": "The location the resource was deployed into." }, "value": "[reference('privateEndpoint', '2023-04-01', 'full').location]" - }, - "groupId": { - "type": "string", - "metadata": { - "description": "The group Id for the private endpoint Group." - }, - "value": "[if(not(empty(reference('privateEndpoint').manualPrivateLinkServiceConnections)), reference('privateEndpoint').manualPrivateLinkServiceConnections[0].properties.groupIds[0], reference('privateEndpoint').privateLinkServiceConnections[0].properties.groupIds[0])]" } } } diff --git a/avm/res/event-grid/domain/tests/e2e/max/main.test.bicep b/avm/res/event-grid/domain/tests/e2e/max/main.test.bicep index 8e80b695fd..2f2e04933a 100644 --- a/avm/res/event-grid/domain/tests/e2e/max/main.test.bicep +++ b/avm/res/event-grid/domain/tests/e2e/max/main.test.bicep @@ -95,6 +95,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' privateDnsZoneResourceIds: [ nestedDependencies.outputs.privateDNSZoneResourceId ] + service: 'domain' subnetResourceId: nestedDependencies.outputs.subnetResourceId tags: { 'hidden-title': 'This is visible in the resource name' @@ -102,12 +103,6 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } - { - privateDnsZoneResourceIds: [ - nestedDependencies.outputs.privateDNSZoneResourceId - ] - subnetResourceId: nestedDependencies.outputs.subnetResourceId - } ] roleAssignments: [ { @@ -135,8 +130,4 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' '${namePrefix}-topic-${serviceShort}001' ] } - dependsOn: [ - nestedDependencies - diagnosticDependencies - ] }] diff --git a/avm/res/event-grid/domain/tests/e2e/pe/dependencies.bicep b/avm/res/event-grid/domain/tests/e2e/pe/dependencies.bicep new file mode 100644 index 0000000000..4d31fc9282 --- /dev/null +++ b/avm/res/event-grid/domain/tests/e2e/pe/dependencies.bicep @@ -0,0 +1,49 @@ +@description('Optional. The location to deploy to.') +param location string = resourceGroup().location + +@description('Required. The name of the Virtual Network to create.') +param virtualNetworkName string + +var addressPrefix = '10.0.0.0/16' + +resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = { + name: virtualNetworkName + location: location + properties: { + addressSpace: { + addressPrefixes: [ + addressPrefix + ] + } + subnets: [ + { + name: 'defaultSubnet' + properties: { + addressPrefix: cidrSubnet(addressPrefix, 16, 0) + } + } + ] + } +} + +resource privateDNSZone 'Microsoft.Network/privateDnsZones@2020-06-01' = { + name: 'privatelink.eventgrid.azure.net' + location: 'global' + + resource virtualNetworkLinks 'virtualNetworkLinks@2020-06-01' = { + name: '${virtualNetwork.name}-vnetlink' + location: 'global' + properties: { + virtualNetwork: { + id: virtualNetwork.id + } + registrationEnabled: false + } + } +} + +@description('The resource ID of the created Virtual Network Subnet.') +output subnetResourceId string = virtualNetwork.properties.subnets[0].id + +@description('The resource ID of the created Private DNS Zone.') +output privateDNSZoneResourceId string = privateDNSZone.id diff --git a/avm/res/event-grid/domain/tests/e2e/pe/main.test.bicep b/avm/res/event-grid/domain/tests/e2e/pe/main.test.bicep new file mode 100644 index 0000000000..49b2014da2 --- /dev/null +++ b/avm/res/event-grid/domain/tests/e2e/pe/main.test.bicep @@ -0,0 +1,73 @@ +targetScope = 'subscription' + +metadata name = 'Using private endpoint' +metadata description = 'This instance deploys the module with private endpoint.' + +// ========== // +// Parameters // +// ========== // + +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +param resourceGroupName string = 'dep-${namePrefix}-eventgrid.domains-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param resourceLocation string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'egdpe' + +@description('Optional. A token to inject into the name of each resource.') +param namePrefix string = '#_namePrefix_#' + +// ============ // +// Dependencies // +// ============ // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: resourceLocation +} + +module nestedDependencies 'dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, resourceLocation)}-nestedDependencies' + params: { + virtualNetworkName: 'dep-${namePrefix}-vnet-${serviceShort}' + location: resourceLocation + } +} + +// ============== // +// Test Execution // +// ============== // + +@batchSize(1) +module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' ]: { + scope: resourceGroup + name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}' + params: { + name: '${namePrefix}${serviceShort}001' + location: resourceLocation + privateEndpoints: [ + { + privateDnsZoneResourceIds: [ + nestedDependencies.outputs.privateDNSZoneResourceId + ] + subnetResourceId: nestedDependencies.outputs.subnetResourceId + tags: { + 'hidden-title': 'This is visible in the resource name' + Environment: 'Non-Prod' + Role: 'DeploymentValidation' + } + } + ] + tags: { + 'hidden-title': 'This is visible in the resource name' + Environment: 'Non-Prod' + Role: 'DeploymentValidation' + } + } +}] diff --git a/avm/res/event-grid/domain/tests/e2e/waf-aligned/main.test.bicep b/avm/res/event-grid/domain/tests/e2e/waf-aligned/main.test.bicep index 17923ede99..eaea4d3716 100644 --- a/avm/res/event-grid/domain/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/event-grid/domain/tests/e2e/waf-aligned/main.test.bicep @@ -107,8 +107,4 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' '${namePrefix}-topic-${serviceShort}001' ] } - dependsOn: [ - nestedDependencies - diagnosticDependencies - ] }] diff --git a/avm/res/event-grid/domain/version.json b/avm/res/event-grid/domain/version.json index 729ac87673..8def869ede 100644 --- a/avm/res/event-grid/domain/version.json +++ b/avm/res/event-grid/domain/version.json @@ -1,7 +1,7 @@ { "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.2", + "version": "0.1", "pathFilters": [ "./main.json" ] -} \ No newline at end of file +} diff --git a/avm/res/event-grid/topic/README.md b/avm/res/event-grid/topic/README.md index a8e91be495..8ec0604200 100644 --- a/avm/res/event-grid/topic/README.md +++ b/avm/res/event-grid/topic/README.md @@ -33,7 +33,8 @@ The following section provides usage examples for the module, which were used to - [Using only defaults](#example-1-using-only-defaults) - [Using large parameter set](#example-2-using-large-parameter-set) -- [WAF-aligned](#example-3-waf-aligned) +- [Using private endpoint](#example-3-using-private-endpoint) +- [WAF-aligned](#example-4-waf-aligned) ### Example 1: _Using only defaults_ @@ -164,6 +165,7 @@ module topic 'br/public:avm/res/event-grid/topic:' = { roleDefinitionIdOrName: '' } ] + service: 'topic' subnetResourceId: '' tags: { Environment: 'Non-Prod' @@ -171,12 +173,6 @@ module topic 'br/public:avm/res/event-grid/topic:' = { Role: 'DeploymentValidation' } } - { - privateDnsZoneResourceIds: [ - '' - ] - subnetResourceId: '' - } ] roleAssignments: [ { @@ -297,18 +293,13 @@ module topic 'br/public:avm/res/event-grid/topic:' = { "roleDefinitionIdOrName": "" } ], + "service": "topic", "subnetResourceId": "", "tags": { "Environment": "Non-Prod", "hidden-title": "This is visible in the resource name", "Role": "DeploymentValidation" } - }, - { - "privateDnsZoneResourceIds": [ - "" - ], - "subnetResourceId": "" } ] }, @@ -345,7 +336,95 @@ module topic 'br/public:avm/res/event-grid/topic:' = {

-### Example 3: _WAF-aligned_ +### Example 3: _Using private endpoint_ + +This instance deploys the module with the private endpoint. + + +

+ +via Bicep module + +```bicep +module topic 'br/public:avm/res/event-grid/topic:' = { + name: '${uniqueString(deployment().name, resourceLocation)}-test-egtpe' + params: { + // Required parameters + name: 'egtpe001' + // Non-required parameters + location: '' + privateEndpoints: [ + { + privateDnsZoneResourceIds: [ + '' + ] + subnetResourceId: '' + tags: { + Environment: 'Non-Prod' + 'hidden-title': 'This is visible in the resource name' + Role: 'DeploymentValidation' + } + } + ] + tags: { + Environment: 'Non-Prod' + 'hidden-title': 'This is visible in the resource name' + Role: 'DeploymentValidation' + } + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "name": { + "value": "egtpe001" + }, + // Non-required parameters + "location": { + "value": "" + }, + "privateEndpoints": { + "value": [ + { + "privateDnsZoneResourceIds": [ + "" + ], + "subnetResourceId": "", + "tags": { + "Environment": "Non-Prod", + "hidden-title": "This is visible in the resource name", + "Role": "DeploymentValidation" + } + } + ] + }, + "tags": { + "value": { + "Environment": "Non-Prod", + "hidden-title": "This is visible in the resource name", + "Role": "DeploymentValidation" + } + } + } +} +``` + +
+

+ +### Example 4: _WAF-aligned_ This instance deploys the module in alignment with the best-practices of the Azure Well-Architected Framework. @@ -832,15 +911,14 @@ Configuration details for private endpoints. For security reasons, it is recomme | [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | | [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | | [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | -| [`isManualConnection`](#parameter-privateendpointsismanualconnection) | bool | If Manual Private Link Connection is required. | | [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | | [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | -| [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | A message passed to the owner of the remote resource with the manual connection request. | +| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | | [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | -| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. | +| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | | [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | | [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | -| [`service`](#parameter-privateendpointsservice) | string | The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". | +| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | | [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | ### Parameter: `privateEndpoints.subnetResourceId` @@ -868,19 +946,19 @@ Custom DNS configurations. | Parameter | Type | Description | | :-- | :-- | :-- | -| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | string | Fqdn that resolves to private endpoint IP address. | -| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | array | A list of private IP addresses of the private endpoint. | +| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | string | Fqdn that resolves to private endpoint ip address. | +| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | array | A list of private ip addresses of the private endpoint. | ### Parameter: `privateEndpoints.customDnsConfigs.fqdn` -Fqdn that resolves to private endpoint IP address. +Fqdn that resolves to private endpoint ip address. - Required: No - Type: string ### Parameter: `privateEndpoints.customDnsConfigs.ipAddresses` -A list of private IP addresses of the private endpoint. +A list of private ip addresses of the private endpoint. - Required: Yes - Type: array @@ -933,7 +1011,7 @@ Properties of private endpoint IP configurations. | :-- | :-- | :-- | | [`groupId`](#parameter-privateendpointsipconfigurationspropertiesgroupid) | string | The ID of a group obtained from the remote resource that this private endpoint should connect to. | | [`memberName`](#parameter-privateendpointsipconfigurationspropertiesmembername) | string | The member name of a group obtained from the remote resource that this private endpoint should connect to. | -| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | string | A private IP address obtained from the private endpoint's subnet. | +| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | string | A private ip address obtained from the private endpoint's subnet. | ### Parameter: `privateEndpoints.ipConfigurations.properties.groupId` @@ -951,18 +1029,11 @@ The member name of a group obtained from the remote resource that this private e ### Parameter: `privateEndpoints.ipConfigurations.properties.privateIPAddress` -A private IP address obtained from the private endpoint's subnet. +A private ip address obtained from the private endpoint's subnet. - Required: Yes - Type: string -### Parameter: `privateEndpoints.isManualConnection` - -If Manual Private Link Connection is required. - -- Required: No -- Type: bool - ### Parameter: `privateEndpoints.location` The location to deploy the private endpoint to. @@ -1006,12 +1077,12 @@ Specify the name of lock. - Required: No - Type: string -### Parameter: `privateEndpoints.manualConnectionRequestMessage` +### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` -A message passed to the owner of the remote resource with the manual connection request. +Manual PrivateLink Service Connections. - Required: No -- Type: string +- Type: array ### Parameter: `privateEndpoints.name` @@ -1022,7 +1093,7 @@ The name of the private endpoint. ### Parameter: `privateEndpoints.privateDnsZoneGroupName` -The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. +The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. - Required: No - Type: string @@ -1125,7 +1196,7 @@ The principal type of the assigned principal ID. ### Parameter: `privateEndpoints.service` -The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". +The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". - Required: No - Type: string @@ -1266,7 +1337,7 @@ This section gives you an overview of all local-referenced module files (i.e., o | Reference | Type | | :-- | :-- | -| `br/public:avm/res/network/private-endpoint:0.4.0` | Remote reference | +| `br/public:avm-res-network-privateendpoint:0.1.1` | Remote reference | ## Data Collection diff --git a/avm/res/event-grid/topic/main.bicep b/avm/res/event-grid/topic/main.bicep index be24002758..f6ce5a84bf 100644 --- a/avm/res/event-grid/topic/main.bicep +++ b/avm/res/event-grid/topic/main.bicep @@ -145,45 +145,27 @@ resource topic_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05 scope: topic }] -module topic_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { - name: '${uniqueString(deployment().name, location)}-Topic-PrivateEndpoint-${index}' +module topic_privateEndpoints 'br/public:avm-res-network-privateendpoint:0.1.1' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { + name: '${uniqueString(deployment().name, location)}-topic-PrivateEndpoint-${index}' params: { - name: privateEndpoint.?name ?? 'pep-${last(split(topic.id, '/'))}-${privateEndpoint.?service ?? 'topic'}-${index}' - privateLinkServiceConnections: [ - { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(topic.id, '/'))}-${privateEndpoint.?service ?? 'topic'}-${index}' - properties: { - privateLinkServiceId: topic.id - groupIds: [ - privateEndpoint.?service ?? 'topic' - ] - } - } + groupIds: [ + privateEndpoint.?service ?? 'topic' ] - manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ - { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(topic.id, '/'))}-${privateEndpoint.?service ?? 'topic'}-${index}' - properties: { - privateLinkServiceId: topic.id - groupIds: [ - privateEndpoint.?service ?? 'topic' - ] - requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' - } - } - ] : null + name: privateEndpoint.?name ?? 'pep-${last(split(topic.id, '/'))}-${privateEndpoint.?service ?? 'topic'}-${index}' + serviceResourceId: topic.id subnetResourceId: privateEndpoint.subnetResourceId location: privateEndpoint.?location ?? reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location lock: privateEndpoint.?lock ?? lock - enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry privateDnsZoneGroupName: privateEndpoint.?privateDnsZoneGroupName privateDnsZoneResourceIds: privateEndpoint.?privateDnsZoneResourceIds roleAssignments: privateEndpoint.?roleAssignments tags: privateEndpoint.?tags ?? tags + manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections customDnsConfigs: privateEndpoint.?customDnsConfigs ipConfigurations: privateEndpoint.?ipConfigurations applicationSecurityGroupResourceIds: privateEndpoint.?applicationSecurityGroupResourceIds customNetworkInterfaceName: privateEndpoint.?customNetworkInterfaceName + enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry } }] @@ -266,31 +248,24 @@ type privateEndpointType = { @description('Optional. The location to deploy the private endpoint to.') location: string? - @description('Optional. The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory".') + @description('Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob".') service: string? @description('Required. Resource ID of the subnet where the endpoint needs to be created.') subnetResourceId: string - @description('Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided.') + @description('Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided.') privateDnsZoneGroupName: string? @description('Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.') privateDnsZoneResourceIds: string[]? - @description('Optional. If Manual Private Link Connection is required.') - isManualConnection: bool? - - @description('Optional. A message passed to the owner of the remote resource with the manual connection request.') - @maxLength(140) - manualConnectionRequestMessage: string? - @description('Optional. Custom DNS configurations.') customDnsConfigs: { - @description('Required. Fqdn that resolves to private endpoint IP address.') + @description('Required. Fqdn that resolves to private endpoint ip address.') fqdn: string? - @description('Required. A list of private IP addresses of the private endpoint.') + @description('Required. A list of private ip addresses of the private endpoint.') ipAddresses: string[] }[]? @@ -307,7 +282,7 @@ type privateEndpointType = { @description('Required. The member name of a group obtained from the remote resource that this private endpoint should connect to.') memberName: string - @description('Required. A private IP address obtained from the private endpoint\'s subnet.') + @description('Required. A private ip address obtained from the private endpoint\'s subnet.') privateIPAddress: string } }[]? @@ -327,6 +302,9 @@ type privateEndpointType = { @description('Optional. Tags to be applied on all resources/resource groups in this deployment.') tags: object? + @description('Optional. Manual PrivateLink Service Connections.') + manualPrivateLinkServiceConnections: array? + @description('Optional. Enable/Disable usage telemetry for module.') enableTelemetry: bool? }[]? diff --git a/avm/res/event-grid/topic/main.json b/avm/res/event-grid/topic/main.json index bd6faed608..c3ef671cd3 100644 --- a/avm/res/event-grid/topic/main.json +++ b/avm/res/event-grid/topic/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "17945416734412715410" + "templateHash": "11641318899572418269" }, "name": "Event Grid Topics", "description": "This module deploys an Event Grid Topic.", @@ -150,7 +150,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The subresource to deploy the private endpoint for. For example \"vault\", \"mysqlServer\" or \"dataFactory\"." + "description": "Optional. The service (sub-) type to deploy the private endpoint for. For example \"vault\" or \"blob\"." } }, "subnetResourceId": { @@ -163,7 +163,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided." + "description": "Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided." } }, "privateDnsZoneResourceIds": { @@ -176,21 +176,6 @@ "description": "Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones." } }, - "isManualConnection": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. If Manual Private Link Connection is required." - } - }, - "manualConnectionRequestMessage": { - "type": "string", - "nullable": true, - "maxLength": 140, - "metadata": { - "description": "Optional. A message passed to the owner of the remote resource with the manual connection request." - } - }, "customDnsConfigs": { "type": "array", "items": { @@ -200,7 +185,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Required. Fqdn that resolves to private endpoint IP address." + "description": "Required. Fqdn that resolves to private endpoint ip address." } }, "ipAddresses": { @@ -209,7 +194,7 @@ "type": "string" }, "metadata": { - "description": "Required. A list of private IP addresses of the private endpoint." + "description": "Required. A list of private ip addresses of the private endpoint." } } } @@ -248,7 +233,7 @@ "privateIPAddress": { "type": "string", "metadata": { - "description": "Required. A private IP address obtained from the private endpoint's subnet." + "description": "Required. A private ip address obtained from the private endpoint's subnet." } } }, @@ -299,6 +284,13 @@ "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." } }, + "manualPrivateLinkServiceConnections": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. Manual PrivateLink Service Connections." + } + }, "enableTelemetry": { "type": "bool", "nullable": true, @@ -837,30 +829,24 @@ }, "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('{0}-Topic-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "name": "[format('{0}-topic-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { "scope": "inner" }, "mode": "Incremental", "parameters": { + "groupIds": { + "value": [ + "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'topic')]" + ] + }, "name": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.EventGrid/topics', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'topic'), copyIndex()))]" }, - "privateLinkServiceConnections": { - "value": [ - { - "name": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.EventGrid/topics', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'topic'), copyIndex()))]", - "properties": { - "privateLinkServiceId": "[resourceId('Microsoft.EventGrid/topics', parameters('name'))]", - "groupIds": [ - "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'topic')]" - ] - } - } - ] + "serviceResourceId": { + "value": "[resourceId('Microsoft.EventGrid/topics', parameters('name'))]" }, - "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.EventGrid/topics', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'topic'), copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.EventGrid/topics', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'topic')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, @@ -870,9 +856,6 @@ "lock": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'lock'), parameters('lock'))]" }, - "enableTelemetry": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'enableTelemetry'), parameters('enableTelemetry'))]" - }, "privateDnsZoneGroupName": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateDnsZoneGroupName')]" }, @@ -885,6 +868,9 @@ "tags": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'tags'), parameters('tags'))]" }, + "manualPrivateLinkServiceConnections": { + "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections')]" + }, "customDnsConfigs": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customDnsConfigs')]" }, @@ -896,6 +882,9 @@ }, "customNetworkInterfaceName": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customNetworkInterfaceName')]" + }, + "enableTelemetry": { + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'enableTelemetry'), parameters('enableTelemetry'))]" } }, "template": { @@ -905,8 +894,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "2592884001616184297" + "version": "0.21.1.54444", + "templateHash": "13152465847704433697" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -921,7 +910,7 @@ "roleDefinitionIdOrName": { "type": "string", "metadata": { - "description": "Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead." } }, "principalId": { @@ -955,7 +944,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" } }, "conditionVersion": { @@ -1003,154 +992,6 @@ } }, "nullable": true - }, - "ipConfigurationsType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string", - "metadata": { - "description": "Required. The name of the resource that is unique within a resource group." - } - }, - "properties": { - "type": "object", - "properties": { - "groupId": { - "type": "string", - "metadata": { - "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to." - } - }, - "memberName": { - "type": "string", - "metadata": { - "description": "Required. The member name of a group obtained from the remote resource that this private endpoint should connect to." - } - }, - "privateIPAddress": { - "type": "string", - "metadata": { - "description": "Required. A private IP address obtained from the private endpoint's subnet." - } - } - }, - "metadata": { - "description": "Required. Properties of private endpoint IP configurations." - } - } - } - }, - "nullable": true - }, - "manualPrivateLinkServiceConnectionsType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string", - "metadata": { - "description": "Required. The name of the private link service connection." - } - }, - "properties": { - "type": "object", - "properties": { - "groupIds": { - "type": "array", - "metadata": { - "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to." - } - }, - "privateLinkServiceId": { - "type": "string", - "metadata": { - "description": "Required. The resource id of private link service." - } - }, - "requestMessage": { - "type": "string", - "metadata": { - "description": "Optional. A message passed to the owner of the remote resource with this connection request. Restricted to 140 chars." - } - } - }, - "metadata": { - "description": "Required. Properties of private link service connection." - } - } - } - }, - "nullable": true - }, - "privateLinkServiceConnectionsType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string", - "metadata": { - "description": "Required. The name of the private link service connection." - } - }, - "properties": { - "type": "object", - "properties": { - "groupIds": { - "type": "array", - "metadata": { - "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to." - } - }, - "privateLinkServiceId": { - "type": "string", - "metadata": { - "description": "Required. The resource id of private link service." - } - }, - "requestMessage": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. A message passed to the owner of the remote resource with this connection request. Restricted to 140 chars." - } - } - }, - "metadata": { - "description": "Required. Properties of private link service connection." - } - } - } - }, - "nullable": true - }, - "customDnsConfigType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "fqdn": { - "type": "string", - "metadata": { - "description": "Required. Fqdn that resolves to private endpoint IP address." - } - }, - "ipAddresses": { - "type": "array", - "items": { - "type": "string" - }, - "metadata": { - "description": "Required. A list of private IP addresses of the private endpoint." - } - } - } - }, - "nullable": true } }, "parameters": { @@ -1166,6 +1007,12 @@ "description": "Required. Resource ID of the subnet where the endpoint needs to be created." } }, + "serviceResourceId": { + "type": "string", + "metadata": { + "description": "Required. Resource ID of the resource that needs to be connected to the network." + } + }, "applicationSecurityGroupResourceIds": { "type": "array", "nullable": true, @@ -1181,11 +1028,18 @@ } }, "ipConfigurations": { - "$ref": "#/definitions/ipConfigurationsType", + "type": "array", + "nullable": true, "metadata": { "description": "Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints." } }, + "groupIds": { + "type": "array", + "metadata": { + "description": "Required. Subtype(s) of the connection to be created. The allowed values depend on the type serviceResourceId refers to." + } + }, "privateDnsZoneGroupName": { "type": "string", "nullable": true, @@ -1216,7 +1070,7 @@ "roleAssignments": { "$ref": "#/definitions/roleAssignmentType", "metadata": { - "description": "Optional. Array of role assignments to create." + "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." } }, "tags": { @@ -1227,21 +1081,17 @@ } }, "customDnsConfigs": { - "$ref": "#/definitions/customDnsConfigType", + "type": "array", + "nullable": true, "metadata": { "description": "Optional. Custom DNS configurations." } }, "manualPrivateLinkServiceConnections": { - "$ref": "#/definitions/manualPrivateLinkServiceConnectionsType", - "metadata": { - "description": "Optional. A grouping of information about the connection to the remote resource. Used when the network admin does not have access to approve connections to the remote resource." - } - }, - "privateLinkServiceConnections": { - "$ref": "#/definitions/privateLinkServiceConnectionsType", + "type": "array", + "nullable": true, "metadata": { - "description": "Optional. A grouping of information about the connection to the remote resource." + "description": "Optional. Manual PrivateLink Service Connections." } }, "enableTelemetry": { @@ -1271,7 +1121,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2023-07-01", - "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.4.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.1.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -1307,7 +1157,15 @@ "customNetworkInterfaceName": "[coalesce(parameters('customNetworkInterfaceName'), '')]", "ipConfigurations": "[coalesce(parameters('ipConfigurations'), createArray())]", "manualPrivateLinkServiceConnections": "[coalesce(parameters('manualPrivateLinkServiceConnections'), createArray())]", - "privateLinkServiceConnections": "[coalesce(parameters('privateLinkServiceConnections'), createArray())]", + "privateLinkServiceConnections": [ + { + "name": "[parameters('name')]", + "properties": { + "privateLinkServiceId": "[parameters('serviceResourceId')]", + "groupIds": "[parameters('groupIds')]" + } + } + ], "subnet": { "id": "[parameters('subnetResourceId')]" } @@ -1337,7 +1195,7 @@ "scope": "[format('Microsoft.Network/privateEndpoints/{0}', parameters('name'))]", "name": "[guid(resourceId('Microsoft.Network/privateEndpoints', parameters('name')), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId, coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]", "properties": { - "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName), variables('builtInRoleNames')[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName], if(contains(coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName, '/providers/Microsoft.Authorization/roleDefinitions/'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)))]", + "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName), variables('builtInRoleNames')[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName], coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]", "principalId": "[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId]", "description": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'description')]", "principalType": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'principalType')]", @@ -1376,8 +1234,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "9321937464667207030" + "version": "0.21.1.54444", + "templateHash": "1698104586574073002" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -1488,13 +1346,6 @@ "description": "The location the resource was deployed into." }, "value": "[reference('privateEndpoint', '2023-04-01', 'full').location]" - }, - "groupId": { - "type": "string", - "metadata": { - "description": "The group Id for the private endpoint Group." - }, - "value": "[if(not(empty(reference('privateEndpoint').manualPrivateLinkServiceConnections)), reference('privateEndpoint').manualPrivateLinkServiceConnections[0].properties.groupIds[0], reference('privateEndpoint').privateLinkServiceConnections[0].properties.groupIds[0])]" } } } diff --git a/avm/res/event-grid/topic/tests/e2e/max/main.test.bicep b/avm/res/event-grid/topic/tests/e2e/max/main.test.bicep index 755f0a4793..ddd5fb048b 100644 --- a/avm/res/event-grid/topic/tests/e2e/max/main.test.bicep +++ b/avm/res/event-grid/topic/tests/e2e/max/main.test.bicep @@ -118,6 +118,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' privateDnsZoneResourceIds: [ nestedDependencies.outputs.privateDNSZoneResourceId ] + service: 'topic' subnetResourceId: nestedDependencies.outputs.subnetResourceId roleAssignments: [ { @@ -137,12 +138,6 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } - { - privateDnsZoneResourceIds: [ - nestedDependencies.outputs.privateDNSZoneResourceId - ] - subnetResourceId: nestedDependencies.outputs.subnetResourceId - } ] roleAssignments: [ { @@ -167,8 +162,4 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } - dependsOn: [ - nestedDependencies - diagnosticDependencies - ] }] diff --git a/avm/res/event-grid/topic/tests/e2e/pe/dependencies.bicep b/avm/res/event-grid/topic/tests/e2e/pe/dependencies.bicep new file mode 100644 index 0000000000..4d31fc9282 --- /dev/null +++ b/avm/res/event-grid/topic/tests/e2e/pe/dependencies.bicep @@ -0,0 +1,49 @@ +@description('Optional. The location to deploy to.') +param location string = resourceGroup().location + +@description('Required. The name of the Virtual Network to create.') +param virtualNetworkName string + +var addressPrefix = '10.0.0.0/16' + +resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = { + name: virtualNetworkName + location: location + properties: { + addressSpace: { + addressPrefixes: [ + addressPrefix + ] + } + subnets: [ + { + name: 'defaultSubnet' + properties: { + addressPrefix: cidrSubnet(addressPrefix, 16, 0) + } + } + ] + } +} + +resource privateDNSZone 'Microsoft.Network/privateDnsZones@2020-06-01' = { + name: 'privatelink.eventgrid.azure.net' + location: 'global' + + resource virtualNetworkLinks 'virtualNetworkLinks@2020-06-01' = { + name: '${virtualNetwork.name}-vnetlink' + location: 'global' + properties: { + virtualNetwork: { + id: virtualNetwork.id + } + registrationEnabled: false + } + } +} + +@description('The resource ID of the created Virtual Network Subnet.') +output subnetResourceId string = virtualNetwork.properties.subnets[0].id + +@description('The resource ID of the created Private DNS Zone.') +output privateDNSZoneResourceId string = privateDNSZone.id diff --git a/avm/res/event-grid/topic/tests/e2e/pe/main.test.bicep b/avm/res/event-grid/topic/tests/e2e/pe/main.test.bicep new file mode 100644 index 0000000000..95900fbe39 --- /dev/null +++ b/avm/res/event-grid/topic/tests/e2e/pe/main.test.bicep @@ -0,0 +1,73 @@ +targetScope = 'subscription' + +metadata name = 'Using private endpoint' +metadata description = 'This instance deploys the module with the private endpoint.' + +// ========== // +// Parameters // +// ========== // + +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +param resourceGroupName string = 'dep-${namePrefix}-eventgrid.topics-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param resourceLocation string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'egtpe' + +@description('Optional. A token to inject into the name of each resource.') +param namePrefix string = '#_namePrefix_#' + +// ============ // +// Dependencies // +// ============ // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: resourceLocation +} + +module nestedDependencies 'dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, resourceLocation)}-nestedDependencies' + params: { + virtualNetworkName: 'dep-${namePrefix}-vnet-${serviceShort}' + location: resourceLocation + } +} + +// ============== // +// Test Execution // +// ============== // + +@batchSize(1) +module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' ]: { + scope: resourceGroup + name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}' + params: { + name: '${namePrefix}${serviceShort}001' + location: resourceLocation + privateEndpoints: [ + { + privateDnsZoneResourceIds: [ + nestedDependencies.outputs.privateDNSZoneResourceId + ] + subnetResourceId: nestedDependencies.outputs.subnetResourceId + tags: { + 'hidden-title': 'This is visible in the resource name' + Environment: 'Non-Prod' + Role: 'DeploymentValidation' + } + } + ] + tags: { + 'hidden-title': 'This is visible in the resource name' + Environment: 'Non-Prod' + Role: 'DeploymentValidation' + } + } +}] diff --git a/avm/res/event-grid/topic/tests/e2e/waf-aligned/main.test.bicep b/avm/res/event-grid/topic/tests/e2e/waf-aligned/main.test.bicep index e053ff5149..087a0bb796 100644 --- a/avm/res/event-grid/topic/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/event-grid/topic/tests/e2e/waf-aligned/main.test.bicep @@ -128,8 +128,4 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } - dependsOn: [ - nestedDependencies - diagnosticDependencies - ] }] diff --git a/avm/res/event-grid/topic/version.json b/avm/res/event-grid/topic/version.json index 729ac87673..8def869ede 100644 --- a/avm/res/event-grid/topic/version.json +++ b/avm/res/event-grid/topic/version.json @@ -1,7 +1,7 @@ { "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.2", + "version": "0.1", "pathFilters": [ "./main.json" ] -} \ No newline at end of file +} diff --git a/avm/res/insights/private-link-scope/README.md b/avm/res/insights/private-link-scope/README.md index c4366149fd..a156c4214e 100644 --- a/avm/res/insights/private-link-scope/README.md +++ b/avm/res/insights/private-link-scope/README.md @@ -931,15 +931,14 @@ Configuration details for private endpoints. For security reasons, it is recomme | [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | | [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | | [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | -| [`isManualConnection`](#parameter-privateendpointsismanualconnection) | bool | If Manual Private Link Connection is required. | | [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | | [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | -| [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | A message passed to the owner of the remote resource with the manual connection request. | +| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | | [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | -| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. | +| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | | [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | | [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | -| [`service`](#parameter-privateendpointsservice) | string | The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". | +| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | | [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | ### Parameter: `privateEndpoints.subnetResourceId` @@ -967,19 +966,19 @@ Custom DNS configurations. | Parameter | Type | Description | | :-- | :-- | :-- | -| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | string | Fqdn that resolves to private endpoint IP address. | -| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | array | A list of private IP addresses of the private endpoint. | +| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | string | Fqdn that resolves to private endpoint ip address. | +| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | array | A list of private ip addresses of the private endpoint. | ### Parameter: `privateEndpoints.customDnsConfigs.fqdn` -Fqdn that resolves to private endpoint IP address. +Fqdn that resolves to private endpoint ip address. - Required: No - Type: string ### Parameter: `privateEndpoints.customDnsConfigs.ipAddresses` -A list of private IP addresses of the private endpoint. +A list of private ip addresses of the private endpoint. - Required: Yes - Type: array @@ -1032,7 +1031,7 @@ Properties of private endpoint IP configurations. | :-- | :-- | :-- | | [`groupId`](#parameter-privateendpointsipconfigurationspropertiesgroupid) | string | The ID of a group obtained from the remote resource that this private endpoint should connect to. | | [`memberName`](#parameter-privateendpointsipconfigurationspropertiesmembername) | string | The member name of a group obtained from the remote resource that this private endpoint should connect to. | -| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | string | A private IP address obtained from the private endpoint's subnet. | +| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | string | A private ip address obtained from the private endpoint's subnet. | ### Parameter: `privateEndpoints.ipConfigurations.properties.groupId` @@ -1050,18 +1049,11 @@ The member name of a group obtained from the remote resource that this private e ### Parameter: `privateEndpoints.ipConfigurations.properties.privateIPAddress` -A private IP address obtained from the private endpoint's subnet. +A private ip address obtained from the private endpoint's subnet. - Required: Yes - Type: string -### Parameter: `privateEndpoints.isManualConnection` - -If Manual Private Link Connection is required. - -- Required: No -- Type: bool - ### Parameter: `privateEndpoints.location` The location to deploy the private endpoint to. @@ -1105,12 +1097,12 @@ Specify the name of lock. - Required: No - Type: string -### Parameter: `privateEndpoints.manualConnectionRequestMessage` +### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` -A message passed to the owner of the remote resource with the manual connection request. +Manual PrivateLink Service Connections. - Required: No -- Type: string +- Type: array ### Parameter: `privateEndpoints.name` @@ -1121,7 +1113,7 @@ The name of the private endpoint. ### Parameter: `privateEndpoints.privateDnsZoneGroupName` -The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. +The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. - Required: No - Type: string @@ -1224,7 +1216,7 @@ The principal type of the assigned principal ID. ### Parameter: `privateEndpoints.service` -The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". +The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". - Required: No - Type: string @@ -1376,7 +1368,7 @@ This section gives you an overview of all local-referenced module files (i.e., o | Reference | Type | | :-- | :-- | -| `br/public:avm/res/network/private-endpoint:0.4.0` | Remote reference | +| `br/public:avm/res/network/private-endpoint:0.3.1` | Remote reference | ## Data Collection diff --git a/avm/res/insights/private-link-scope/main.bicep b/avm/res/insights/private-link-scope/main.bicep index 361702d546..bd1a98c4be 100644 --- a/avm/res/insights/private-link-scope/main.bicep +++ b/avm/res/insights/private-link-scope/main.bicep @@ -103,13 +103,12 @@ resource privateLinkScope_lock 'Microsoft.Authorization/locks@2020-05-01' = if ( scope: privateLinkScope } -module privateLinkScope_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { +module privateLinkScope_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.3.1' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-PrivateLinkScope-PrivateEndpoint-${index}' params: { - name: privateEndpoint.?name ?? 'pep-${last(split(privateLinkScope.id, '/'))}-${privateEndpoint.?service ?? 'azuremonitor'}-${index}' privateLinkServiceConnections: [ { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(privateLinkScope.id, '/'))}-${privateEndpoint.?service ?? 'azuremonitor'}-${index}' + name: name properties: { privateLinkServiceId: privateLinkScope.id groupIds: [ @@ -118,26 +117,16 @@ module privateLinkScope_privateEndpoints 'br/public:avm/res/network/private-endp } } ] - manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ - { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(privateLinkScope.id, '/'))}-${privateEndpoint.?service ?? 'azuremonitor'}-${index}' - properties: { - privateLinkServiceId: privateLinkScope.id - groupIds: [ - privateEndpoint.?service ?? 'azuremonitor' - ] - requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' - } - } - ] : null + name: privateEndpoint.?name ?? 'pep-${last(split(privateLinkScope.id, '/'))}-${privateEndpoint.?service ?? 'azuremonitor'}-${index}' subnetResourceId: privateEndpoint.subnetResourceId + enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry location: privateEndpoint.?location ?? reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location lock: privateEndpoint.?lock ?? lock - enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry privateDnsZoneGroupName: privateEndpoint.?privateDnsZoneGroupName privateDnsZoneResourceIds: privateEndpoint.?privateDnsZoneResourceIds roleAssignments: privateEndpoint.?roleAssignments tags: privateEndpoint.?tags ?? tags + manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections customDnsConfigs: privateEndpoint.?customDnsConfigs ipConfigurations: privateEndpoint.?ipConfigurations applicationSecurityGroupResourceIds: privateEndpoint.?applicationSecurityGroupResourceIds @@ -213,31 +202,24 @@ type privateEndpointType = { @description('Optional. The location to deploy the private endpoint to.') location: string? - @description('Optional. The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory".') + @description('Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob".') service: string? @description('Required. Resource ID of the subnet where the endpoint needs to be created.') subnetResourceId: string - @description('Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided.') + @description('Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided.') privateDnsZoneGroupName: string? @description('Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.') privateDnsZoneResourceIds: string[]? - @description('Optional. If Manual Private Link Connection is required.') - isManualConnection: bool? - - @description('Optional. A message passed to the owner of the remote resource with the manual connection request.') - @maxLength(140) - manualConnectionRequestMessage: string? - @description('Optional. Custom DNS configurations.') customDnsConfigs: { - @description('Required. Fqdn that resolves to private endpoint IP address.') + @description('Required. Fqdn that resolves to private endpoint ip address.') fqdn: string? - @description('Required. A list of private IP addresses of the private endpoint.') + @description('Required. A list of private ip addresses of the private endpoint.') ipAddresses: string[] }[]? @@ -254,7 +236,7 @@ type privateEndpointType = { @description('Required. The member name of a group obtained from the remote resource that this private endpoint should connect to.') memberName: string - @description('Required. A private IP address obtained from the private endpoint\'s subnet.') + @description('Required. A private ip address obtained from the private endpoint\'s subnet.') privateIPAddress: string } }[]? @@ -274,6 +256,9 @@ type privateEndpointType = { @description('Optional. Tags to be applied on all resources/resource groups in this deployment.') tags: object? + @description('Optional. Manual PrivateLink Service Connections.') + manualPrivateLinkServiceConnections: array? + @description('Optional. Enable/Disable usage telemetry for module.') enableTelemetry: bool? }[]? diff --git a/avm/res/insights/private-link-scope/main.json b/avm/res/insights/private-link-scope/main.json index 479a4c9333..bb0d88d038 100644 --- a/avm/res/insights/private-link-scope/main.json +++ b/avm/res/insights/private-link-scope/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "9103650402015462975" + "templateHash": "12578290654061226677" }, "name": "Azure Monitor Private Link Scopes", "description": "This module deploys an Azure Monitor Private Link Scope.", @@ -127,7 +127,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The subresource to deploy the private endpoint for. For example \"vault\", \"mysqlServer\" or \"dataFactory\"." + "description": "Optional. The service (sub-) type to deploy the private endpoint for. For example \"vault\" or \"blob\"." } }, "subnetResourceId": { @@ -140,7 +140,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided." + "description": "Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided." } }, "privateDnsZoneResourceIds": { @@ -153,21 +153,6 @@ "description": "Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones." } }, - "isManualConnection": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. If Manual Private Link Connection is required." - } - }, - "manualConnectionRequestMessage": { - "type": "string", - "nullable": true, - "maxLength": 140, - "metadata": { - "description": "Optional. A message passed to the owner of the remote resource with the manual connection request." - } - }, "customDnsConfigs": { "type": "array", "items": { @@ -177,7 +162,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Required. Fqdn that resolves to private endpoint IP address." + "description": "Required. Fqdn that resolves to private endpoint ip address." } }, "ipAddresses": { @@ -186,7 +171,7 @@ "type": "string" }, "metadata": { - "description": "Required. A list of private IP addresses of the private endpoint." + "description": "Required. A list of private ip addresses of the private endpoint." } } } @@ -225,7 +210,7 @@ "privateIPAddress": { "type": "string", "metadata": { - "description": "Required. A private IP address obtained from the private endpoint's subnet." + "description": "Required. A private ip address obtained from the private endpoint's subnet." } } }, @@ -276,6 +261,13 @@ "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." } }, + "manualPrivateLinkServiceConnections": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. Manual PrivateLink Service Connections." + } + }, "enableTelemetry": { "type": "bool", "nullable": true, @@ -632,13 +624,10 @@ }, "mode": "Incremental", "parameters": { - "name": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('microsoft.insights/privateLinkScopes', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'azuremonitor'), copyIndex()))]" - }, "privateLinkServiceConnections": { "value": [ { - "name": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('microsoft.insights/privateLinkScopes', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'azuremonitor'), copyIndex()))]", + "name": "[parameters('name')]", "properties": { "privateLinkServiceId": "[resourceId('microsoft.insights/privateLinkScopes', parameters('name'))]", "groupIds": [ @@ -648,19 +637,21 @@ } ] }, - "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('microsoft.insights/privateLinkScopes', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'azuremonitor'), copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('microsoft.insights/privateLinkScopes', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'azuremonitor')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", + "name": { + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('microsoft.insights/privateLinkScopes', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'azuremonitor'), copyIndex()))]" + }, "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, + "enableTelemetry": { + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'enableTelemetry'), parameters('enableTelemetry'))]" + }, "location": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'location'), reference(split(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location)]" }, "lock": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'lock'), parameters('lock'))]" }, - "enableTelemetry": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'enableTelemetry'), parameters('enableTelemetry'))]" - }, "privateDnsZoneGroupName": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateDnsZoneGroupName')]" }, @@ -673,6 +664,9 @@ "tags": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'tags'), parameters('tags'))]" }, + "manualPrivateLinkServiceConnections": { + "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections')]" + }, "customDnsConfigs": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customDnsConfigs')]" }, @@ -693,8 +687,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "2592884001616184297" + "version": "0.23.1.45101", + "templateHash": "2821141217598568122" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -743,7 +737,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" } }, "conditionVersion": { @@ -821,7 +815,7 @@ "privateIPAddress": { "type": "string", "metadata": { - "description": "Required. A private IP address obtained from the private endpoint's subnet." + "description": "Required. A private ip address obtained from the private endpoint's subnet." } } }, @@ -924,7 +918,7 @@ "fqdn": { "type": "string", "metadata": { - "description": "Required. Fqdn that resolves to private endpoint IP address." + "description": "Required. Fqdn that resolves to private endpoint ip address." } }, "ipAddresses": { @@ -933,7 +927,7 @@ "type": "string" }, "metadata": { - "description": "Required. A list of private IP addresses of the private endpoint." + "description": "Required. A list of private ip addresses of the private endpoint." } } } @@ -1059,7 +1053,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2023-07-01", - "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.4.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.3.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -1164,8 +1158,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "9321937464667207030" + "version": "0.23.1.45101", + "templateHash": "18168683629401652671" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -1276,13 +1270,6 @@ "description": "The location the resource was deployed into." }, "value": "[reference('privateEndpoint', '2023-04-01', 'full').location]" - }, - "groupId": { - "type": "string", - "metadata": { - "description": "The group Id for the private endpoint Group." - }, - "value": "[if(not(empty(reference('privateEndpoint').manualPrivateLinkServiceConnections)), reference('privateEndpoint').manualPrivateLinkServiceConnections[0].properties.groupIds[0], reference('privateEndpoint').privateLinkServiceConnections[0].properties.groupIds[0])]" } } } diff --git a/avm/res/insights/private-link-scope/tests/e2e/max/main.test.bicep b/avm/res/insights/private-link-scope/tests/e2e/max/main.test.bicep index 30cc132bcc..1d3b534580 100644 --- a/avm/res/insights/private-link-scope/tests/e2e/max/main.test.bicep +++ b/avm/res/insights/private-link-scope/tests/e2e/max/main.test.bicep @@ -211,7 +211,4 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' name: 'myCustomLockName' } } - dependsOn: [ - nestedDependencies - ] }] diff --git a/avm/res/insights/private-link-scope/tests/e2e/waf-aligned/main.test.bicep b/avm/res/insights/private-link-scope/tests/e2e/waf-aligned/main.test.bicep index 3dead88b70..f298c29766 100644 --- a/avm/res/insights/private-link-scope/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/insights/private-link-scope/tests/e2e/waf-aligned/main.test.bicep @@ -170,7 +170,4 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } - dependsOn: [ - nestedDependencies - ] }] diff --git a/avm/res/insights/private-link-scope/version.json b/avm/res/insights/private-link-scope/version.json index 1c035df49f..83083db694 100644 --- a/avm/res/insights/private-link-scope/version.json +++ b/avm/res/insights/private-link-scope/version.json @@ -1,6 +1,6 @@ { "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.2", + "version": "0.1", "pathFilters": [ "./main.json" ] diff --git a/avm/res/key-vault/vault/README.md b/avm/res/key-vault/vault/README.md index c6e2340873..5dba112ffb 100644 --- a/avm/res/key-vault/vault/README.md +++ b/avm/res/key-vault/vault/README.md @@ -35,7 +35,8 @@ The following section provides usage examples for the module, which were used to - [Using only defaults](#example-1-using-only-defaults) - [Using large parameter set](#example-2-using-large-parameter-set) -- [WAF-aligned](#example-3-waf-aligned) +- [Using Private Endpoints](#example-3-using-private-endpoints) +- [WAF-aligned](#example-4-waf-aligned) ### Example 1: _Using only defaults_ @@ -260,6 +261,7 @@ module vault 'br/public:avm/res/key-vault/vault:' = { roleDefinitionIdOrName: '' } ] + service: 'vault' subnetResourceId: '' tags: { Environment: 'Non-Prod' @@ -267,12 +269,6 @@ module vault 'br/public:avm/res/key-vault/vault:' = { Role: 'DeploymentValidation' } } - { - privateDnsZoneResourceIds: [ - '' - ] - subnetResourceId: '' - } ] roleAssignments: [ { @@ -516,18 +512,13 @@ module vault 'br/public:avm/res/key-vault/vault:' = { "roleDefinitionIdOrName": "" } ], + "service": "vault", "subnetResourceId": "", "tags": { "Environment": "Non-Prod", "hidden-title": "This is visible in the resource name", "Role": "DeploymentValidation" } - }, - { - "privateDnsZoneResourceIds": [ - "" - ], - "subnetResourceId": "" } ] }, @@ -597,7 +588,149 @@ module vault 'br/public:avm/res/key-vault/vault:' = {

-### Example 3: _WAF-aligned_ +### Example 3: _Using Private Endpoints_ + +This instance deploys the module with Private Endpoints. + + +

+ +via Bicep module + +```bicep +module vault 'br/public:avm/res/key-vault/vault:' = { + name: '${uniqueString(deployment().name, resourceLocation)}-test-kvvpe' + params: { + // Required parameters + name: 'kvvpe001' + // Non-required parameters + enablePurgeProtection: false + location: '' + privateEndpoints: [ + { + customDnsConfigs: [ + { + fqdn: 'abc.keyvault.com' + ipAddresses: [ + '10.0.0.10' + ] + } + ] + ipConfigurations: [ + { + name: 'myIPconfig' + properties: { + groupId: 'vault' + memberName: 'default' + privateIPAddress: '10.0.0.10' + } + } + ] + privateDnsZoneResourceIds: [ + '' + ] + roleAssignments: [ + { + principalId: '' + principalType: 'ServicePrincipal' + roleDefinitionIdOrName: 'Reader' + } + ] + subnetResourceId: '' + tags: { + Environment: 'Non-Prod' + 'hidden-title': 'This is visible in the resource name' + Role: 'DeploymentValidation' + } + } + ] + tags: { + Environment: 'Non-Prod' + 'hidden-title': 'This is visible in the resource name' + Role: 'DeploymentValidation' + } + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "name": { + "value": "kvvpe001" + }, + // Non-required parameters + "enablePurgeProtection": { + "value": false + }, + "location": { + "value": "" + }, + "privateEndpoints": { + "value": [ + { + "customDnsConfigs": [ + { + "fqdn": "abc.keyvault.com", + "ipAddresses": [ + "10.0.0.10" + ] + } + ], + "ipConfigurations": [ + { + "name": "myIPconfig", + "properties": { + "groupId": "vault", + "memberName": "default", + "privateIPAddress": "10.0.0.10" + } + } + ], + "privateDnsZoneResourceIds": [ + "" + ], + "roleAssignments": [ + { + "principalId": "", + "principalType": "ServicePrincipal", + "roleDefinitionIdOrName": "Reader" + } + ], + "subnetResourceId": "", + "tags": { + "Environment": "Non-Prod", + "hidden-title": "This is visible in the resource name", + "Role": "DeploymentValidation" + } + } + ] + }, + "tags": { + "value": { + "Environment": "Non-Prod", + "hidden-title": "This is visible in the resource name", + "Role": "DeploymentValidation" + } + } + } +} +``` + +
+

+ +### Example 4: _WAF-aligned_ This instance deploys the module in alignment with the best-practices of the Well-Architected Framework. @@ -1313,15 +1446,14 @@ Configuration details for private endpoints. For security reasons, it is recomme | [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | | [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | | [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | -| [`isManualConnection`](#parameter-privateendpointsismanualconnection) | bool | If Manual Private Link Connection is required. | | [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | | [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | -| [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | A message passed to the owner of the remote resource with the manual connection request. | +| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | | [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | | [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. | | [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | | [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | -| [`service`](#parameter-privateendpointsservice) | string | The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". | +| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | | [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | ### Parameter: `privateEndpoints.subnetResourceId` @@ -1437,13 +1569,6 @@ A private IP address obtained from the private endpoint's subnet. - Required: Yes - Type: string -### Parameter: `privateEndpoints.isManualConnection` - -If Manual Private Link Connection is required. - -- Required: No -- Type: bool - ### Parameter: `privateEndpoints.location` The location to deploy the private endpoint to. @@ -1487,12 +1612,12 @@ Specify the name of lock. - Required: No - Type: string -### Parameter: `privateEndpoints.manualConnectionRequestMessage` +### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` -A message passed to the owner of the remote resource with the manual connection request. +Manual PrivateLink Service Connections. - Required: No -- Type: string +- Type: array ### Parameter: `privateEndpoints.name` @@ -1606,7 +1731,7 @@ The principal type of the assigned principal ID. ### Parameter: `privateEndpoints.service` -The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". +The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". - Required: No - Type: string @@ -1777,7 +1902,7 @@ This section gives you an overview of all local-referenced module files (i.e., o | Reference | Type | | :-- | :-- | -| `br/public:avm/res/network/private-endpoint:0.4.0` | Remote reference | +| `br/public:avm/res/network/private-endpoint:0.3.1` | Remote reference | ## Data Collection diff --git a/avm/res/key-vault/vault/main.bicep b/avm/res/key-vault/vault/main.bicep index bae76f0c3f..55a5bc90f2 100644 --- a/avm/res/key-vault/vault/main.bicep +++ b/avm/res/key-vault/vault/main.bicep @@ -236,33 +236,21 @@ module keyVault_keys 'key/main.bicep' = [for (key, index) in (keys ?? []): { } }] -module keyVault_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { +module keyVault_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.3.1' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-KeyVault-PrivateEndpoint-${index}' params: { - name: privateEndpoint.?name ?? 'pep-${last(split(keyVault.id, '/'))}-${privateEndpoint.?service ?? 'vault'}-${index}' - privateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections != true ? [ - { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(keyVault.id, '/'))}-${privateEndpoint.?service ?? 'vault'}-${index}' - properties: { - privateLinkServiceId: keyVault.id - groupIds: [ - privateEndpoint.?service ?? 'vault' - ] - } - } - ] : null - manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ + privateLinkServiceConnections: [ { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(keyVault.id, '/'))}-${privateEndpoint.?service ?? 'vault'}-${index}' + name: name properties: { privateLinkServiceId: keyVault.id groupIds: [ privateEndpoint.?service ?? 'vault' ] - requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' } } - ] : null + ] + name: privateEndpoint.?name ?? 'pep-${last(split(keyVault.id, '/'))}-${privateEndpoint.?service ?? 'vault'}-${index}' subnetResourceId: privateEndpoint.subnetResourceId enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry location: privateEndpoint.?location ?? reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location @@ -271,6 +259,7 @@ module keyVault_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4 privateDnsZoneResourceIds: privateEndpoint.?privateDnsZoneResourceIds roleAssignments: privateEndpoint.?roleAssignments tags: privateEndpoint.?tags ?? tags + manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections customDnsConfigs: privateEndpoint.?customDnsConfigs ipConfigurations: privateEndpoint.?ipConfigurations applicationSecurityGroupResourceIds: privateEndpoint.?applicationSecurityGroupResourceIds @@ -382,13 +371,14 @@ type roleAssignmentType = { }[]? type privateEndpointType = { + @description('Optional. The name of the private endpoint.') name: string? @description('Optional. The location to deploy the private endpoint to.') location: string? - @description('Optional. The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory".') + @description('Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob".') service: string? @description('Required. Resource ID of the subnet where the endpoint needs to be created.') @@ -400,13 +390,6 @@ type privateEndpointType = { @description('Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.') privateDnsZoneResourceIds: string[]? - @description('Optional. If Manual Private Link Connection is required.') - isManualConnection: bool? - - @description('Optional. A message passed to the owner of the remote resource with the manual connection request.') - @maxLength(140) - manualConnectionRequestMessage: string? - @description('Optional. Custom DNS configurations.') customDnsConfigs: { @description('Required. Fqdn that resolves to private endpoint IP address.') @@ -449,6 +432,9 @@ type privateEndpointType = { @description('Optional. Tags to be applied on all resources/resource groups in this deployment.') tags: object? + @description('Optional. Manual PrivateLink Service Connections.') + manualPrivateLinkServiceConnections: array? + @description('Optional. Enable/Disable usage telemetry for module.') enableTelemetry: bool? }[]? diff --git a/avm/res/key-vault/vault/main.json b/avm/res/key-vault/vault/main.json index aeae460874..2dc432b2e9 100644 --- a/avm/res/key-vault/vault/main.json +++ b/avm/res/key-vault/vault/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "18302928297760675801" + "templateHash": "5160127432215154568" }, "name": "Key Vaults", "description": "This module deploys a Key Vault.", @@ -222,7 +222,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The subresource to deploy the private endpoint for. For example \"vault\", \"mysqlServer\" or \"dataFactory\"." + "description": "Optional. The service (sub-) type to deploy the private endpoint for. For example \"vault\" or \"blob\"." } }, "subnetResourceId": { @@ -248,21 +248,6 @@ "description": "Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones." } }, - "isManualConnection": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. If Manual Private Link Connection is required." - } - }, - "manualConnectionRequestMessage": { - "type": "string", - "nullable": true, - "maxLength": 140, - "metadata": { - "description": "Optional. A message passed to the owner of the remote resource with the manual connection request." - } - }, "customDnsConfigs": { "type": "array", "items": { @@ -371,6 +356,13 @@ "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." } }, + "manualPrivateLinkServiceConnections": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. Manual PrivateLink Service Connections." + } + }, "enableTelemetry": { "type": "bool", "nullable": true, @@ -1731,11 +1723,22 @@ }, "mode": "Incremental", "parameters": { + "privateLinkServiceConnections": { + "value": [ + { + "name": "[parameters('name')]", + "properties": { + "privateLinkServiceId": "[resourceId('Microsoft.KeyVault/vaults', parameters('name'))]", + "groupIds": [ + "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'vault')]" + ] + } + } + ] + }, "name": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.KeyVault/vaults', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'vault'), copyIndex()))]" }, - "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.KeyVault/vaults', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'vault'), copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.KeyVault/vaults', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'vault')))))), createObject('value', null()))]", - "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.KeyVault/vaults', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'vault'), copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.KeyVault/vaults', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'vault')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, @@ -1760,6 +1763,9 @@ "tags": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'tags'), parameters('tags'))]" }, + "manualPrivateLinkServiceConnections": { + "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections')]" + }, "customDnsConfigs": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customDnsConfigs')]" }, @@ -1780,8 +1786,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "2592884001616184297" + "version": "0.23.1.45101", + "templateHash": "2821141217598568122" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -1830,7 +1836,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" } }, "conditionVersion": { @@ -1908,7 +1914,7 @@ "privateIPAddress": { "type": "string", "metadata": { - "description": "Required. A private IP address obtained from the private endpoint's subnet." + "description": "Required. A private ip address obtained from the private endpoint's subnet." } } }, @@ -2011,7 +2017,7 @@ "fqdn": { "type": "string", "metadata": { - "description": "Required. Fqdn that resolves to private endpoint IP address." + "description": "Required. Fqdn that resolves to private endpoint ip address." } }, "ipAddresses": { @@ -2020,7 +2026,7 @@ "type": "string" }, "metadata": { - "description": "Required. A list of private IP addresses of the private endpoint." + "description": "Required. A list of private ip addresses of the private endpoint." } } } @@ -2146,7 +2152,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2023-07-01", - "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.4.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.3.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -2251,8 +2257,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "9321937464667207030" + "version": "0.23.1.45101", + "templateHash": "18168683629401652671" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -2363,13 +2369,6 @@ "description": "The location the resource was deployed into." }, "value": "[reference('privateEndpoint', '2023-04-01', 'full').location]" - }, - "groupId": { - "type": "string", - "metadata": { - "description": "The group Id for the private endpoint Group." - }, - "value": "[if(not(empty(reference('privateEndpoint').manualPrivateLinkServiceConnections)), reference('privateEndpoint').manualPrivateLinkServiceConnections[0].properties.groupIds[0], reference('privateEndpoint').privateLinkServiceConnections[0].properties.groupIds[0])]" } } } diff --git a/avm/res/key-vault/vault/tests/e2e/max/main.test.bicep b/avm/res/key-vault/vault/tests/e2e/max/main.test.bicep index 280869b9b8..9a629f5218 100644 --- a/avm/res/key-vault/vault/tests/e2e/max/main.test.bicep +++ b/avm/res/key-vault/vault/tests/e2e/max/main.test.bicep @@ -191,6 +191,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' privateDnsZoneResourceIds: [ nestedDependencies.outputs.privateDNSResourceId ] + service: 'vault' subnetResourceId: nestedDependencies.outputs.subnetResourceId tags: { 'hidden-title': 'This is visible in the resource name' @@ -228,12 +229,6 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' } ] } - { - privateDnsZoneResourceIds: [ - nestedDependencies.outputs.privateDNSResourceId - ] - subnetResourceId: nestedDependencies.outputs.subnetResourceId - } ] roleAssignments: [ { @@ -287,8 +282,4 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } - dependsOn: [ - nestedDependencies - diagnosticDependencies - ] }] diff --git a/avm/res/key-vault/vault/tests/e2e/private-endpoint/dependencies.bicep b/avm/res/key-vault/vault/tests/e2e/private-endpoint/dependencies.bicep new file mode 100644 index 0000000000..a9999dcb53 --- /dev/null +++ b/avm/res/key-vault/vault/tests/e2e/private-endpoint/dependencies.bicep @@ -0,0 +1,65 @@ +@description('Optional. The location to deploy to.') +param location string = resourceGroup().location + +@description('Required. The name of the Virtual Network to create.') +param virtualNetworkName string + +@description('Required. The name of the Managed Identity to create.') +param managedIdentityName string + +var addressPrefix = '10.0.0.0/16' + +resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = { + name: virtualNetworkName + location: location + properties: { + addressSpace: { + addressPrefixes: [ + addressPrefix + ] + } + subnets: [ + { + name: 'defaultSubnet' + properties: { + addressPrefix: cidrSubnet(addressPrefix, 16, 0) + serviceEndpoints: [ + { + service: 'Microsoft.KeyVault' + } + ] + } + } + ] + } +} + +resource privateDNSZone 'Microsoft.Network/privateDnsZones@2020-06-01' = { + name: 'privatelink.vaultcore.azure.net' + location: 'global' + + resource virtualNetworkLinks 'virtualNetworkLinks@2020-06-01' = { + name: '${virtualNetwork.name}-vnetlink' + location: 'global' + properties: { + virtualNetwork: { + id: virtualNetwork.id + } + registrationEnabled: false + } + } +} + +resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = { + name: managedIdentityName + location: location +} + +@description('The resource ID of the created Virtual Network Subnet.') +output subnetResourceId string = virtualNetwork.properties.subnets[0].id + +@description('The resource ID of the created Private DNS Zone.') +output privateDNSResourceId string = privateDNSZone.id + +@description('The principal ID of the created Managed Identity.') +output managedIdentityPrincipalId string = managedIdentity.properties.principalId diff --git a/avm/res/key-vault/vault/tests/e2e/private-endpoint/main.test.bicep b/avm/res/key-vault/vault/tests/e2e/private-endpoint/main.test.bicep new file mode 100644 index 0000000000..6694323ecc --- /dev/null +++ b/avm/res/key-vault/vault/tests/e2e/private-endpoint/main.test.bicep @@ -0,0 +1,101 @@ +targetScope = 'subscription' + +metadata name = 'Using Private Endpoints' +metadata description = 'This instance deploys the module with Private Endpoints.' + +// ========== // +// Parameters // +// ========== // + +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +param resourceGroupName string = 'dep-${namePrefix}-keyvault.vaults-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param resourceLocation string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'kvvpe' + +@description('Optional. A token to inject into the name of each resource. This value can be automatically injected by the CI.') +param namePrefix string = '#_namePrefix_#' + +// ============ // +// Dependencies // +// ============ // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: resourceLocation +} + +module nestedDependencies 'dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, resourceLocation)}-nestedDependencies' + params: { + virtualNetworkName: 'dep-${namePrefix}-vnet-${serviceShort}' + managedIdentityName: 'dep-${namePrefix}-msi-${serviceShort}' + location: resourceLocation + } +} + +// ============== // +// Test Execution // +// ============== // + +@batchSize(1) +module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' ]: { + scope: resourceGroup + name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}' + params: { + name: '${namePrefix}${serviceShort}001' + location: resourceLocation + privateEndpoints: [ + { + privateDnsZoneResourceIds: [ + nestedDependencies.outputs.privateDNSResourceId + ] + subnetResourceId: nestedDependencies.outputs.subnetResourceId + tags: { + 'hidden-title': 'This is visible in the resource name' + Environment: 'Non-Prod' + Role: 'DeploymentValidation' + } + roleAssignments: [ + { + roleDefinitionIdOrName: 'Reader' + principalId: nestedDependencies.outputs.managedIdentityPrincipalId + principalType: 'ServicePrincipal' + } + ] + ipConfigurations: [ + { + name: 'myIPconfig' + properties: { + groupId: 'vault' + memberName: 'default' + privateIPAddress: '10.0.0.10' + } + } + ] + customDnsConfigs: [ + { + fqdn: 'abc.keyvault.com' + ipAddresses: [ + '10.0.0.10' + ] + } + ] + } + ] + tags: { + 'hidden-title': 'This is visible in the resource name' + Environment: 'Non-Prod' + Role: 'DeploymentValidation' + } + // Only for testing purposes + enablePurgeProtection: false + } +}] diff --git a/avm/res/key-vault/vault/tests/e2e/waf-aligned/main.test.bicep b/avm/res/key-vault/vault/tests/e2e/waf-aligned/main.test.bicep index e0db10f622..3415e5afdd 100644 --- a/avm/res/key-vault/vault/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/key-vault/vault/tests/e2e/waf-aligned/main.test.bicep @@ -143,8 +143,4 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } - dependsOn: [ - nestedDependencies - diagnosticDependencies - ] }] diff --git a/avm/res/key-vault/vault/version.json b/avm/res/key-vault/vault/version.json index 3f863a2bec..c177b1bb58 100644 --- a/avm/res/key-vault/vault/version.json +++ b/avm/res/key-vault/vault/version.json @@ -1,6 +1,6 @@ { "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.4", + "version": "0.3", "pathFilters": [ "./main.json" ] diff --git a/avm/res/search/search-service/README.md b/avm/res/search/search-service/README.md index 3768b8ef1c..31c7aed1bf 100644 --- a/avm/res/search/search-service/README.md +++ b/avm/res/search/search-service/README.md @@ -317,12 +317,6 @@ module searchService 'br/public:avm/res/search/search-service:' = { Role: 'DeploymentValidation' } } - { - privateDnsZoneResourceIds: [ - '' - ] - subnetResourceId: '' - } ] publicNetworkAccess: 'disabled' sharedPrivateLinkResources: [ @@ -381,12 +375,6 @@ module searchService 'br/public:avm/res/search/search-service:' = { "Environment": "Non-Prod", "Role": "DeploymentValidation" } - }, - { - "privateDnsZoneResourceIds": [ - "" - ], - "subnetResourceId": "" } ] }, @@ -930,15 +918,14 @@ Configuration details for private endpoints. For security reasons, it is recomme | [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | | [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | | [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | -| [`isManualConnection`](#parameter-privateendpointsismanualconnection) | bool | If Manual Private Link Connection is required. | | [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | | [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | -| [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | A message passed to the owner of the remote resource with the manual connection request. | +| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | | [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | -| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. | +| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | | [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | | [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | -| [`service`](#parameter-privateendpointsservice) | string | The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". | +| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | | [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | ### Parameter: `privateEndpoints.subnetResourceId` @@ -966,19 +953,19 @@ Custom DNS configurations. | Parameter | Type | Description | | :-- | :-- | :-- | -| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | string | Fqdn that resolves to private endpoint IP address. | -| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | array | A list of private IP addresses of the private endpoint. | +| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | string | Fqdn that resolves to private endpoint ip address. | +| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | array | A list of private ip addresses of the private endpoint. | ### Parameter: `privateEndpoints.customDnsConfigs.fqdn` -Fqdn that resolves to private endpoint IP address. +Fqdn that resolves to private endpoint ip address. - Required: No - Type: string ### Parameter: `privateEndpoints.customDnsConfigs.ipAddresses` -A list of private IP addresses of the private endpoint. +A list of private ip addresses of the private endpoint. - Required: Yes - Type: array @@ -1031,7 +1018,7 @@ Properties of private endpoint IP configurations. | :-- | :-- | :-- | | [`groupId`](#parameter-privateendpointsipconfigurationspropertiesgroupid) | string | The ID of a group obtained from the remote resource that this private endpoint should connect to. | | [`memberName`](#parameter-privateendpointsipconfigurationspropertiesmembername) | string | The member name of a group obtained from the remote resource that this private endpoint should connect to. | -| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | string | A private IP address obtained from the private endpoint's subnet. | +| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | string | A private ip address obtained from the private endpoint's subnet. | ### Parameter: `privateEndpoints.ipConfigurations.properties.groupId` @@ -1049,18 +1036,11 @@ The member name of a group obtained from the remote resource that this private e ### Parameter: `privateEndpoints.ipConfigurations.properties.privateIPAddress` -A private IP address obtained from the private endpoint's subnet. +A private ip address obtained from the private endpoint's subnet. - Required: Yes - Type: string -### Parameter: `privateEndpoints.isManualConnection` - -If Manual Private Link Connection is required. - -- Required: No -- Type: bool - ### Parameter: `privateEndpoints.location` The location to deploy the private endpoint to. @@ -1104,12 +1084,12 @@ Specify the name of lock. - Required: No - Type: string -### Parameter: `privateEndpoints.manualConnectionRequestMessage` +### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` -A message passed to the owner of the remote resource with the manual connection request. +Manual PrivateLink Service Connections. - Required: No -- Type: string +- Type: array ### Parameter: `privateEndpoints.name` @@ -1120,7 +1100,7 @@ The name of the private endpoint. ### Parameter: `privateEndpoints.privateDnsZoneGroupName` -The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. +The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. - Required: No - Type: string @@ -1223,7 +1203,7 @@ The principal type of the assigned principal ID. ### Parameter: `privateEndpoints.service` -The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". +The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". - Required: No - Type: string @@ -1399,7 +1379,7 @@ This section gives you an overview of all local-referenced module files (i.e., o | Reference | Type | | :-- | :-- | -| `br/public:avm/res/network/private-endpoint:0.4.0` | Remote reference | +| `br/public:avm/res/network/private-endpoint:0.3.1` | Remote reference | ## Data Collection diff --git a/avm/res/search/search-service/main.bicep b/avm/res/search/search-service/main.bicep index 3b2b2efb12..41841fe704 100644 --- a/avm/res/search/search-service/main.bicep +++ b/avm/res/search/search-service/main.bicep @@ -198,13 +198,12 @@ resource searchService_roleAssignments 'Microsoft.Authorization/roleAssignments@ scope: searchService }] -module searchService_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { - name: '${uniqueString(deployment().name, location)}-SearchService-PrivateEndpoint-${index}' +module searchService_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.3.1' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { + name: '${uniqueString(deployment().name, location)}-searchService-PrivateEndpoint-${index}' params: { - name: privateEndpoint.?name ?? 'pep-${last(split(searchService.id, '/'))}-${privateEndpoint.?service ?? 'searchService'}-${index}' - privateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections != true ? [ + privateLinkServiceConnections: [ { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(searchService.id, '/'))}-${privateEndpoint.?service ?? 'searchService'}-${index}' + name: name properties: { privateLinkServiceId: searchService.id groupIds: [ @@ -212,31 +211,21 @@ module searchService_privateEndpoints 'br/public:avm/res/network/private-endpoin ] } } - ] : null - manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ - { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(searchService.id, '/'))}-${privateEndpoint.?service ?? 'searchService'}-${index}' - properties: { - privateLinkServiceId: searchService.id - groupIds: [ - privateEndpoint.?service ?? 'searchService' - ] - requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' - } - } - ] : null + ] + name: privateEndpoint.?name ?? 'pep-${last(split(searchService.id, '/'))}-${privateEndpoint.?service ?? 'searchService'}-${index}' subnetResourceId: privateEndpoint.subnetResourceId - enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry location: privateEndpoint.?location ?? reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location lock: privateEndpoint.?lock ?? lock privateDnsZoneGroupName: privateEndpoint.?privateDnsZoneGroupName privateDnsZoneResourceIds: privateEndpoint.?privateDnsZoneResourceIds roleAssignments: privateEndpoint.?roleAssignments tags: privateEndpoint.?tags ?? tags + manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections customDnsConfigs: privateEndpoint.?customDnsConfigs ipConfigurations: privateEndpoint.?ipConfigurations applicationSecurityGroupResourceIds: privateEndpoint.?applicationSecurityGroupResourceIds customNetworkInterfaceName: privateEndpoint.?customNetworkInterfaceName + enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry } }] @@ -322,31 +311,24 @@ type privateEndpointType = { @description('Optional. The location to deploy the private endpoint to.') location: string? - @description('Optional. The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory".') + @description('Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob".') service: string? @description('Required. Resource ID of the subnet where the endpoint needs to be created.') subnetResourceId: string - @description('Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided.') + @description('Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided.') privateDnsZoneGroupName: string? @description('Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.') privateDnsZoneResourceIds: string[]? - @description('Optional. If Manual Private Link Connection is required.') - isManualConnection: bool? - - @description('Optional. A message passed to the owner of the remote resource with the manual connection request.') - @maxLength(140) - manualConnectionRequestMessage: string? - @description('Optional. Custom DNS configurations.') customDnsConfigs: { - @description('Required. Fqdn that resolves to private endpoint IP address.') + @description('Required. Fqdn that resolves to private endpoint ip address.') fqdn: string? - @description('Required. A list of private IP addresses of the private endpoint.') + @description('Required. A list of private ip addresses of the private endpoint.') ipAddresses: string[] }[]? @@ -363,7 +345,7 @@ type privateEndpointType = { @description('Required. The member name of a group obtained from the remote resource that this private endpoint should connect to.') memberName: string - @description('Required. A private IP address obtained from the private endpoint\'s subnet.') + @description('Required. A private ip address obtained from the private endpoint\'s subnet.') privateIPAddress: string } }[]? @@ -383,6 +365,9 @@ type privateEndpointType = { @description('Optional. Tags to be applied on all resources/resource groups in this deployment.') tags: object? + @description('Optional. Manual PrivateLink Service Connections.') + manualPrivateLinkServiceConnections: array? + @description('Optional. Enable/Disable usage telemetry for module.') enableTelemetry: bool? }[]? diff --git a/avm/res/search/search-service/main.json b/avm/res/search/search-service/main.json index b04f222c0b..126db0c411 100644 --- a/avm/res/search/search-service/main.json +++ b/avm/res/search/search-service/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "8006710941721695942" + "templateHash": "1009124214102909652" }, "name": "Search Services", "description": "This module deploys a Search Service.", @@ -140,7 +140,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The subresource to deploy the private endpoint for. For example \"vault\", \"mysqlServer\" or \"dataFactory\"." + "description": "Optional. The service (sub-) type to deploy the private endpoint for. For example \"vault\" or \"blob\"." } }, "subnetResourceId": { @@ -153,7 +153,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided." + "description": "Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided." } }, "privateDnsZoneResourceIds": { @@ -166,21 +166,6 @@ "description": "Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones." } }, - "isManualConnection": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. If Manual Private Link Connection is required." - } - }, - "manualConnectionRequestMessage": { - "type": "string", - "nullable": true, - "maxLength": 140, - "metadata": { - "description": "Optional. A message passed to the owner of the remote resource with the manual connection request." - } - }, "customDnsConfigs": { "type": "array", "items": { @@ -190,7 +175,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Required. Fqdn that resolves to private endpoint IP address." + "description": "Required. Fqdn that resolves to private endpoint ip address." } }, "ipAddresses": { @@ -199,7 +184,7 @@ "type": "string" }, "metadata": { - "description": "Required. A list of private IP addresses of the private endpoint." + "description": "Required. A list of private ip addresses of the private endpoint." } } } @@ -238,7 +223,7 @@ "privateIPAddress": { "type": "string", "metadata": { - "description": "Required. A private IP address obtained from the private endpoint's subnet." + "description": "Required. A private ip address obtained from the private endpoint's subnet." } } }, @@ -289,6 +274,13 @@ "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." } }, + "manualPrivateLinkServiceConnections": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. Manual PrivateLink Service Connections." + } + }, "enableTelemetry": { "type": "bool", "nullable": true, @@ -717,24 +709,32 @@ }, "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('{0}-SearchService-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "name": "[format('{0}-searchService-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { "scope": "inner" }, "mode": "Incremental", "parameters": { + "privateLinkServiceConnections": { + "value": [ + { + "name": "[parameters('name')]", + "properties": { + "privateLinkServiceId": "[resourceId('Microsoft.Search/searchServices', parameters('name'))]", + "groupIds": [ + "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'searchService')]" + ] + } + } + ] + }, "name": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.Search/searchServices', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'searchService'), copyIndex()))]" }, - "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Search/searchServices', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'searchService'), copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Search/searchServices', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'searchService')))))), createObject('value', null()))]", - "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Search/searchServices', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'searchService'), copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Search/searchServices', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'searchService')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, - "enableTelemetry": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'enableTelemetry'), parameters('enableTelemetry'))]" - }, "location": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'location'), reference(split(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location)]" }, @@ -753,6 +753,9 @@ "tags": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'tags'), parameters('tags'))]" }, + "manualPrivateLinkServiceConnections": { + "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections')]" + }, "customDnsConfigs": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customDnsConfigs')]" }, @@ -764,6 +767,9 @@ }, "customNetworkInterfaceName": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customNetworkInterfaceName')]" + }, + "enableTelemetry": { + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'enableTelemetry'), parameters('enableTelemetry'))]" } }, "template": { @@ -773,8 +779,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "2592884001616184297" + "version": "0.23.1.45101", + "templateHash": "2821141217598568122" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -823,7 +829,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" } }, "conditionVersion": { @@ -901,7 +907,7 @@ "privateIPAddress": { "type": "string", "metadata": { - "description": "Required. A private IP address obtained from the private endpoint's subnet." + "description": "Required. A private ip address obtained from the private endpoint's subnet." } } }, @@ -1004,7 +1010,7 @@ "fqdn": { "type": "string", "metadata": { - "description": "Required. Fqdn that resolves to private endpoint IP address." + "description": "Required. Fqdn that resolves to private endpoint ip address." } }, "ipAddresses": { @@ -1013,7 +1019,7 @@ "type": "string" }, "metadata": { - "description": "Required. A list of private IP addresses of the private endpoint." + "description": "Required. A list of private ip addresses of the private endpoint." } } } @@ -1139,7 +1145,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2023-07-01", - "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.4.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.3.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -1244,8 +1250,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "9321937464667207030" + "version": "0.23.1.45101", + "templateHash": "18168683629401652671" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -1356,13 +1362,6 @@ "description": "The location the resource was deployed into." }, "value": "[reference('privateEndpoint', '2023-04-01', 'full').location]" - }, - "groupId": { - "type": "string", - "metadata": { - "description": "The group Id for the private endpoint Group." - }, - "value": "[if(not(empty(reference('privateEndpoint').manualPrivateLinkServiceConnections)), reference('privateEndpoint').manualPrivateLinkServiceConnections[0].properties.groupIds[0], reference('privateEndpoint').privateLinkServiceConnections[0].properties.groupIds[0])]" } } } diff --git a/avm/res/search/search-service/tests/e2e/max/main.test.bicep b/avm/res/search/search-service/tests/e2e/max/main.test.bicep index 606cd77eb1..992a44d413 100644 --- a/avm/res/search/search-service/tests/e2e/max/main.test.bicep +++ b/avm/res/search/search-service/tests/e2e/max/main.test.bicep @@ -129,8 +129,4 @@ module testDeployment '../../../main.bicep' = { Role: 'DeploymentValidation' } } - dependsOn: [ - nestedDependencies - diagnosticDependencies - ] } diff --git a/avm/res/search/search-service/tests/e2e/pe/main.test.bicep b/avm/res/search/search-service/tests/e2e/pe/main.test.bicep index 1743c384cc..6f3121f61a 100644 --- a/avm/res/search/search-service/tests/e2e/pe/main.test.bicep +++ b/avm/res/search/search-service/tests/e2e/pe/main.test.bicep @@ -69,12 +69,6 @@ module testDeployment '../../../main.bicep' = { Role: 'DeploymentValidation' } } - { - privateDnsZoneResourceIds: [ - nestedDependencies.outputs.privateDNSZoneResourceId - ] - subnetResourceId: nestedDependencies.outputs.subnetResourceId - } ] sharedPrivateLinkResources: [ { @@ -95,7 +89,4 @@ module testDeployment '../../../main.bicep' = { Role: 'DeploymentValidation' } } - dependsOn: [ - nestedDependencies - ] } diff --git a/avm/res/search/search-service/tests/e2e/waf-aligned/main.test.bicep b/avm/res/search/search-service/tests/e2e/waf-aligned/main.test.bicep index 343f301ded..a1de915de1 100644 --- a/avm/res/search/search-service/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/search/search-service/tests/e2e/waf-aligned/main.test.bicep @@ -112,8 +112,4 @@ module testDeployment '../../../main.bicep' = { Role: 'DeploymentValidation' } } - dependsOn: [ - nestedDependencies - diagnosticDependencies - ] } diff --git a/avm/res/search/search-service/version.json b/avm/res/search/search-service/version.json index 1c035df49f..83083db694 100644 --- a/avm/res/search/search-service/version.json +++ b/avm/res/search/search-service/version.json @@ -1,6 +1,6 @@ { "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.2", + "version": "0.1", "pathFilters": [ "./main.json" ] diff --git a/avm/res/service-bus/namespace/README.md b/avm/res/service-bus/namespace/README.md index b599a682dd..1075d92df0 100644 --- a/avm/res/service-bus/namespace/README.md +++ b/avm/res/service-bus/namespace/README.md @@ -42,7 +42,8 @@ The following section provides usage examples for the module, which were used to - [Using only defaults](#example-1-using-only-defaults) - [Using encryption parameter set](#example-2-using-encryption-parameter-set) - [Using large parameter set](#example-3-using-large-parameter-set) -- [WAF-aligned](#example-4-waf-aligned) +- [Using private endpoint parameter set](#example-4-using-private-endpoint-parameter-set) +- [WAF-aligned](#example-5-waf-aligned) ### Example 1: _Using only defaults_ @@ -297,6 +298,7 @@ module namespace 'br/public:avm/res/service-bus/namespace:' = { privateDnsZoneResourceIds: [ '' ] + service: 'namespace' subnetResourceId: '' tags: { Environment: 'Non-Prod' @@ -304,12 +306,6 @@ module namespace 'br/public:avm/res/service-bus/namespace:' = { Role: 'DeploymentValidation' } } - { - privateDnsZoneResourceIds: [ - '' - ] - subnetResourceId: '' - } ] publicNetworkAccess: 'Enabled' queues: [ @@ -529,18 +525,13 @@ module namespace 'br/public:avm/res/service-bus/namespace:' = { "privateDnsZoneResourceIds": [ "" ], + "service": "namespace", "subnetResourceId": "", "tags": { "Environment": "Non-Prod", "hidden-title": "This is visible in the resource name", "Role": "DeploymentValidation" } - }, - { - "privateDnsZoneResourceIds": [ - "" - ], - "subnetResourceId": "" } ] }, @@ -642,7 +633,145 @@ module namespace 'br/public:avm/res/service-bus/namespace:' = {

-### Example 4: _WAF-aligned_ +### Example 4: _Using private endpoint parameter set_ + +This instance deploys the module with features enabled for private endpoint configrations. + + +

+ +via Bicep module + +```bicep +module namespace 'br/public:avm/res/service-bus/namespace:' = { + name: '${uniqueString(deployment().name, resourceLocation)}-test-sbnpe' + params: { + // Required parameters + name: 'sbnpe001' + skuObject: { + name: 'Premium' + } + // Non-required parameters + location: '' + privateEndpoints: [ + { + customDnsConfigs: [ + { + fqdn: 'abc.namespace.com' + ipAddresses: [ + '10.0.0.10' + ] + } + ] + ipConfigurations: [ + { + name: 'myIPconfig' + properties: { + groupId: 'namespace' + memberName: 'namespace' + privateIPAddress: '10.0.0.10' + } + } + ] + privateDnsZoneResourceIds: [ + '' + ] + roleAssignments: [ + { + principalId: '' + principalType: 'ServicePrincipal' + roleDefinitionIdOrName: 'Reader' + } + ] + subnetResourceId: '' + tags: { + Environment: 'Non-Prod' + 'hidden-title': 'This is visible in the resource name' + Role: 'DeploymentValidation' + } + } + ] + publicNetworkAccess: 'Disabled' + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "name": { + "value": "sbnpe001" + }, + "skuObject": { + "value": { + "name": "Premium" + } + }, + // Non-required parameters + "location": { + "value": "" + }, + "privateEndpoints": { + "value": [ + { + "customDnsConfigs": [ + { + "fqdn": "abc.namespace.com", + "ipAddresses": [ + "10.0.0.10" + ] + } + ], + "ipConfigurations": [ + { + "name": "myIPconfig", + "properties": { + "groupId": "namespace", + "memberName": "namespace", + "privateIPAddress": "10.0.0.10" + } + } + ], + "privateDnsZoneResourceIds": [ + "" + ], + "roleAssignments": [ + { + "principalId": "", + "principalType": "ServicePrincipal", + "roleDefinitionIdOrName": "Reader" + } + ], + "subnetResourceId": "", + "tags": { + "Environment": "Non-Prod", + "hidden-title": "This is visible in the resource name", + "Role": "DeploymentValidation" + } + } + ] + }, + "publicNetworkAccess": { + "value": "Disabled" + } + } +} +``` + +
+

+ +### Example 5: _WAF-aligned_ This instance deploys the module in alignment with the best-practices of the Well-Architected Framework. @@ -1640,15 +1769,14 @@ Configuration details for private endpoints. For security reasons, it is recomme | [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | | [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | | [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | -| [`isManualConnection`](#parameter-privateendpointsismanualconnection) | bool | If Manual Private Link Connection is required. | | [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | | [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | -| [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | A message passed to the owner of the remote resource with the manual connection request. | +| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | | [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | -| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. | +| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | | [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | | [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | -| [`service`](#parameter-privateendpointsservice) | string | The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". | +| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | | [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | ### Parameter: `privateEndpoints.subnetResourceId` @@ -1764,13 +1892,6 @@ A private IP address obtained from the private endpoint's subnet. - Required: Yes - Type: string -### Parameter: `privateEndpoints.isManualConnection` - -If Manual Private Link Connection is required. - -- Required: No -- Type: bool - ### Parameter: `privateEndpoints.location` The location to deploy the private endpoint to. @@ -1814,12 +1935,12 @@ Specify the name of lock. - Required: No - Type: string -### Parameter: `privateEndpoints.manualConnectionRequestMessage` +### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` -A message passed to the owner of the remote resource with the manual connection request. +Manual PrivateLink Service Connections. - Required: No -- Type: string +- Type: array ### Parameter: `privateEndpoints.name` @@ -1830,7 +1951,7 @@ The name of the private endpoint. ### Parameter: `privateEndpoints.privateDnsZoneGroupName` -The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. +The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. - Required: No - Type: string @@ -1933,7 +2054,7 @@ The principal type of the assigned principal ID. ### Parameter: `privateEndpoints.service` -The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". +The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". - Required: No - Type: string @@ -2909,7 +3030,7 @@ This section gives you an overview of all local-referenced module files (i.e., o | Reference | Type | | :-- | :-- | -| `br/public:avm/res/network/private-endpoint:0.4.0` | Remote reference | +| `br/public:avm/res/network/private-endpoint:0.3.1` | Remote reference | ## Data Collection diff --git a/avm/res/service-bus/namespace/main.bicep b/avm/res/service-bus/namespace/main.bicep index cfd5c17710..e519393cc1 100644 --- a/avm/res/service-bus/namespace/main.bicep +++ b/avm/res/service-bus/namespace/main.bicep @@ -300,13 +300,12 @@ resource serviceBusNamespace_diagnosticSettings 'Microsoft.Insights/diagnosticSe scope: serviceBusNamespace }] -module serviceBusNamespace_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { - name: '${uniqueString(deployment().name, location)}-ServiceBusNamespace-PrivateEndpoint-${index}' +module serviceBusNamespace_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.3.1' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { + name: '${uniqueString(deployment().name, location)}-serviceBusNamespace-PrivateEndpoint-${index}' params: { - name: privateEndpoint.?name ?? 'pep-${last(split(serviceBusNamespace.id, '/'))}-${privateEndpoint.?service ?? 'namespace'}-${index}' - privateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections != true ? [ + privateLinkServiceConnections: [ { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(serviceBusNamespace.id, '/'))}-${privateEndpoint.?service ?? 'namespace'}-${index}' + name: name properties: { privateLinkServiceId: serviceBusNamespace.id groupIds: [ @@ -314,19 +313,8 @@ module serviceBusNamespace_privateEndpoints 'br/public:avm/res/network/private-e ] } } - ] : null - manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ - { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(serviceBusNamespace.id, '/'))}-${privateEndpoint.?service ?? 'namespace'}-${index}' - properties: { - privateLinkServiceId: serviceBusNamespace.id - groupIds: [ - privateEndpoint.?service ?? 'namespace' - ] - requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' - } - } - ] : null + ] + name: privateEndpoint.?name ?? 'pep-${last(split(serviceBusNamespace.id, '/'))}-${privateEndpoint.?service ?? 'vault'}-${index}' subnetResourceId: privateEndpoint.subnetResourceId enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry location: privateEndpoint.?location ?? reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location @@ -335,6 +323,7 @@ module serviceBusNamespace_privateEndpoints 'br/public:avm/res/network/private-e privateDnsZoneResourceIds: privateEndpoint.?privateDnsZoneResourceIds roleAssignments: privateEndpoint.?roleAssignments tags: privateEndpoint.?tags ?? tags + manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections customDnsConfigs: privateEndpoint.?customDnsConfigs ipConfigurations: privateEndpoint.?ipConfigurations applicationSecurityGroupResourceIds: privateEndpoint.?applicationSecurityGroupResourceIds @@ -421,25 +410,18 @@ type privateEndpointType = { @description('Optional. The location to deploy the private endpoint to.') location: string? - @description('Optional. The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory".') + @description('Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob".') service: string? @description('Required. Resource ID of the subnet where the endpoint needs to be created.') subnetResourceId: string - @description('Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided.') + @description('Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided.') privateDnsZoneGroupName: string? @description('Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.') privateDnsZoneResourceIds: string[]? - @description('Optional. If Manual Private Link Connection is required.') - isManualConnection: bool? - - @description('Optional. A message passed to the owner of the remote resource with the manual connection request.') - @maxLength(140) - manualConnectionRequestMessage: string? - @description('Optional. Custom DNS configurations.') customDnsConfigs: { @description('Required. Fqdn that resolves to private endpoint IP address.') @@ -482,6 +464,9 @@ type privateEndpointType = { @description('Optional. Tags to be applied on all resources/resource groups in this deployment.') tags: object? + @description('Optional. Manual PrivateLink Service Connections.') + manualPrivateLinkServiceConnections: array? + @description('Optional. Enable/Disable usage telemetry for module.') enableTelemetry: bool? }[]? diff --git a/avm/res/service-bus/namespace/main.json b/avm/res/service-bus/namespace/main.json index 442f596ecd..eab333df99 100644 --- a/avm/res/service-bus/namespace/main.json +++ b/avm/res/service-bus/namespace/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "16911267296539658497" + "templateHash": "16905316086455363065" }, "name": "Service Bus Namespaces", "description": "This module deploys a Service Bus Namespace.", @@ -150,7 +150,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The subresource to deploy the private endpoint for. For example \"vault\", \"mysqlServer\" or \"dataFactory\"." + "description": "Optional. The service (sub-) type to deploy the private endpoint for. For example \"vault\" or \"blob\"." } }, "subnetResourceId": { @@ -163,7 +163,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided." + "description": "Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided." } }, "privateDnsZoneResourceIds": { @@ -176,21 +176,6 @@ "description": "Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones." } }, - "isManualConnection": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. If Manual Private Link Connection is required." - } - }, - "manualConnectionRequestMessage": { - "type": "string", - "nullable": true, - "maxLength": 140, - "metadata": { - "description": "Optional. A message passed to the owner of the remote resource with the manual connection request." - } - }, "customDnsConfigs": { "type": "array", "items": { @@ -299,6 +284,13 @@ "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." } }, + "manualPrivateLinkServiceConnections": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. Manual PrivateLink Service Connections." + } + }, "enableTelemetry": { "type": "bool", "nullable": true, @@ -3393,18 +3385,29 @@ }, "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('{0}-ServiceBusNamespace-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "name": "[format('{0}-serviceBusNamespace-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { "scope": "inner" }, "mode": "Incremental", "parameters": { + "privateLinkServiceConnections": { + "value": [ + { + "name": "[parameters('name')]", + "properties": { + "privateLinkServiceId": "[resourceId('Microsoft.ServiceBus/namespaces', parameters('name'))]", + "groupIds": [ + "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'namespace')]" + ] + } + } + ] + }, "name": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.ServiceBus/namespaces', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'namespace'), copyIndex()))]" + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.ServiceBus/namespaces', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'vault'), copyIndex()))]" }, - "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.ServiceBus/namespaces', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'namespace'), copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.ServiceBus/namespaces', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'namespace')))))), createObject('value', null()))]", - "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.ServiceBus/namespaces', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'namespace'), copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.ServiceBus/namespaces', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'namespace')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, @@ -3429,6 +3432,9 @@ "tags": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'tags'), parameters('tags'))]" }, + "manualPrivateLinkServiceConnections": { + "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections')]" + }, "customDnsConfigs": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customDnsConfigs')]" }, @@ -3449,8 +3455,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "2592884001616184297" + "version": "0.23.1.45101", + "templateHash": "2821141217598568122" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -3499,7 +3505,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" } }, "conditionVersion": { @@ -3577,7 +3583,7 @@ "privateIPAddress": { "type": "string", "metadata": { - "description": "Required. A private IP address obtained from the private endpoint's subnet." + "description": "Required. A private ip address obtained from the private endpoint's subnet." } } }, @@ -3680,7 +3686,7 @@ "fqdn": { "type": "string", "metadata": { - "description": "Required. Fqdn that resolves to private endpoint IP address." + "description": "Required. Fqdn that resolves to private endpoint ip address." } }, "ipAddresses": { @@ -3689,7 +3695,7 @@ "type": "string" }, "metadata": { - "description": "Required. A list of private IP addresses of the private endpoint." + "description": "Required. A list of private ip addresses of the private endpoint." } } } @@ -3815,7 +3821,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2023-07-01", - "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.4.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.3.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -3920,8 +3926,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "9321937464667207030" + "version": "0.23.1.45101", + "templateHash": "18168683629401652671" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -4032,13 +4038,6 @@ "description": "The location the resource was deployed into." }, "value": "[reference('privateEndpoint', '2023-04-01', 'full').location]" - }, - "groupId": { - "type": "string", - "metadata": { - "description": "The group Id for the private endpoint Group." - }, - "value": "[if(not(empty(reference('privateEndpoint').manualPrivateLinkServiceConnections)), reference('privateEndpoint').manualPrivateLinkServiceConnections[0].properties.groupIds[0], reference('privateEndpoint').privateLinkServiceConnections[0].properties.groupIds[0])]" } } } diff --git a/avm/res/service-bus/namespace/tests/e2e/encr/main.test.bicep b/avm/res/service-bus/namespace/tests/e2e/encr/main.test.bicep index 0d8f78b1fa..a42a0686b1 100644 --- a/avm/res/service-bus/namespace/tests/e2e/encr/main.test.bicep +++ b/avm/res/service-bus/namespace/tests/e2e/encr/main.test.bicep @@ -73,7 +73,4 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' userAssignedIdentityResourceId: nestedDependencies.outputs.managedIdentityResourceId } } - dependsOn: [ - nestedDependencies - ] }] diff --git a/avm/res/service-bus/namespace/tests/e2e/max/main.test.bicep b/avm/res/service-bus/namespace/tests/e2e/max/main.test.bicep index 8948e8ae44..09f357c679 100644 --- a/avm/res/service-bus/namespace/tests/e2e/max/main.test.bicep +++ b/avm/res/service-bus/namespace/tests/e2e/max/main.test.bicep @@ -212,6 +212,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' ] privateEndpoints: [ { + service: 'namespace' subnetResourceId: nestedDependencies.outputs.subnetResourceId privateDnsZoneResourceIds: [ nestedDependencies.outputs.privateDNSZoneResourceId @@ -240,12 +241,6 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' } ] } - { - subnetResourceId: nestedDependencies.outputs.subnetResourceId - privateDnsZoneResourceIds: [ - nestedDependencies.outputs.privateDNSZoneResourceId - ] - } ] managedIdentities: { systemAssigned: true @@ -257,8 +252,4 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' publicNetworkAccess: 'Enabled' minimumTlsVersion: '1.2' } - dependsOn: [ - nestedDependencies - diagnosticDependencies - ] }] diff --git a/avm/res/service-bus/namespace/tests/e2e/pe/dependencies.bicep b/avm/res/service-bus/namespace/tests/e2e/pe/dependencies.bicep new file mode 100644 index 0000000000..12f11cff98 --- /dev/null +++ b/avm/res/service-bus/namespace/tests/e2e/pe/dependencies.bicep @@ -0,0 +1,60 @@ +@description('Optional. The location to deploy resources to.') +param location string = resourceGroup().location + +@description('Required. The name of the Virtual Network to create.') +param virtualNetworkName string + +@description('Required. The name of the Managed Identity to create.') +param managedIdentityName string + +var addressPrefix = '10.0.0.0/16' + +resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = { + name: virtualNetworkName + location: location + properties: { + addressSpace: { + addressPrefixes: [ + addressPrefix + ] + } + subnets: [ + { + name: 'defaultSubnet' + properties: { + addressPrefix: cidrSubnet(addressPrefix, 16, 0) + } + } + ] + } +} + +resource privateDNSZone 'Microsoft.Network/privateDnsZones@2020-06-01' = { + name: 'privatelink.servicebus.windows.net' + location: 'global' + + resource virtualNetworkLinks 'virtualNetworkLinks@2020-06-01' = { + name: '${virtualNetwork.name}-vnetlink' + location: 'global' + properties: { + virtualNetwork: { + id: virtualNetwork.id + } + registrationEnabled: false + } + } +} + +resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = { + name: managedIdentityName + location: location +} + +@description('The resource ID of the created Virtual Network Subnet.') +output subnetResourceId string = virtualNetwork.properties.subnets[0].id + +@description('The resource ID of the created Private DNS Zone.') +output privateDNSZoneResourceId string = privateDNSZone.id + +@description('The principal ID of the created Managed Identity.') +output managedIdentityPrincipalId string = managedIdentity.properties.principalId diff --git a/avm/res/service-bus/namespace/tests/e2e/pe/main.test.bicep b/avm/res/service-bus/namespace/tests/e2e/pe/main.test.bicep new file mode 100644 index 0000000000..034666003b --- /dev/null +++ b/avm/res/service-bus/namespace/tests/e2e/pe/main.test.bicep @@ -0,0 +1,98 @@ +targetScope = 'subscription' + +metadata name = 'Using private endpoint parameter set' +metadata description = 'This instance deploys the module with features enabled for private endpoint configrations.' + +// ========== // +// Parameters // +// ========== // + +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +param resourceGroupName string = 'dep-${namePrefix}-servicebus.namespaces-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param resourceLocation string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'sbnpe' + +@description('Optional. A token to inject into the name of each resource.') +param namePrefix string = '#_namePrefix_#' + +// ============ // +// Dependencies // +// ============ // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: resourceLocation +} + +module nestedDependencies 'dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, resourceLocation)}-nestedDependencies' + params: { + virtualNetworkName: 'dep-${namePrefix}-vnet-${serviceShort}' + managedIdentityName: 'dep-${namePrefix}-msi-${serviceShort}' + location: resourceLocation + } +} + +// ============== // +// Test Execution // +// ============== // + +@batchSize(1) +module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' ]: { + scope: resourceGroup + name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}' + params: { + name: '${namePrefix}${serviceShort}001' + skuObject: { + name: 'Premium' + } + location: resourceLocation + publicNetworkAccess: 'Disabled' + privateEndpoints: [ + { + subnetResourceId: nestedDependencies.outputs.subnetResourceId + privateDnsZoneResourceIds: [ + nestedDependencies.outputs.privateDNSZoneResourceId + ] + tags: { + 'hidden-title': 'This is visible in the resource name' + Environment: 'Non-Prod' + Role: 'DeploymentValidation' + } + roleAssignments: [ + { + roleDefinitionIdOrName: 'Reader' + principalId: nestedDependencies.outputs.managedIdentityPrincipalId + principalType: 'ServicePrincipal' + } + ] + ipConfigurations: [ + { + name: 'myIPconfig' + properties: { + groupId: 'namespace' + memberName: 'namespace' + privateIPAddress: '10.0.0.10' + } + } + ] + customDnsConfigs: [ + { + fqdn: 'abc.namespace.com' + ipAddresses: [ + '10.0.0.10' + ] + } + ] + } + ] + } +}] diff --git a/avm/res/service-bus/namespace/tests/e2e/waf-aligned/main.test.bicep b/avm/res/service-bus/namespace/tests/e2e/waf-aligned/main.test.bicep index 543060cd91..11ba61b580 100644 --- a/avm/res/service-bus/namespace/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/service-bus/namespace/tests/e2e/waf-aligned/main.test.bicep @@ -199,8 +199,4 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' publicNetworkAccess: 'Enabled' minimumTlsVersion: '1.2' } - dependsOn: [ - nestedDependencies - diagnosticDependencies - ] }] diff --git a/avm/res/service-bus/namespace/version.json b/avm/res/service-bus/namespace/version.json index 76049e1c4a..daf1a794d9 100644 --- a/avm/res/service-bus/namespace/version.json +++ b/avm/res/service-bus/namespace/version.json @@ -1,7 +1,7 @@ { "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.3", + "version": "0.2", "pathFilters": [ "./main.json" ] -} \ No newline at end of file +} diff --git a/avm/res/sql/server/README.md b/avm/res/sql/server/README.md index 67a838766f..a35700ec06 100644 --- a/avm/res/sql/server/README.md +++ b/avm/res/sql/server/README.md @@ -44,9 +44,10 @@ The following section provides usage examples for the module, which were used to - [With an administrator](#example-1-with-an-administrator) - [Using only defaults](#example-2-using-only-defaults) - [Using large parameter set](#example-3-using-large-parameter-set) -- [With a secondary database](#example-4-with-a-secondary-database) -- [With vulnerability assessment](#example-5-with-vulnerability-assessment) -- [WAF-aligned](#example-6-waf-aligned) +- [Using Private Endpoints](#example-4-using-private-endpoints) +- [With a secondary database](#example-5-with-a-secondary-database) +- [With vulnerability assessment](#example-6-with-vulnerability-assessment) +- [WAF-aligned](#example-7-waf-aligned) ### Example 1: _With an administrator_ @@ -255,6 +256,7 @@ module server 'br/public:avm/res/sql/server:' = { privateDnsZoneResourceIds: [ '' ] + service: 'sqlServer' subnetResourceId: '' tags: { Environment: 'Non-Prod' @@ -262,12 +264,6 @@ module server 'br/public:avm/res/sql/server:' = { Role: 'DeploymentValidation' } } - { - privateDnsZoneResourceIds: [ - '' - ] - subnetResourceId: '' - } ] restrictOutboundNetworkAccess: 'Disabled' roleAssignments: [ @@ -429,18 +425,13 @@ module server 'br/public:avm/res/sql/server:' = { "privateDnsZoneResourceIds": [ "" ], + "service": "sqlServer", "subnetResourceId": "", "tags": { "Environment": "Non-Prod", "hidden-title": "This is visible in the resource name", "Role": "DeploymentValidation" } - }, - { - "privateDnsZoneResourceIds": [ - "" - ], - "subnetResourceId": "" } ] }, @@ -510,7 +501,139 @@ module server 'br/public:avm/res/sql/server:' = {

-### Example 4: _With a secondary database_ +### Example 4: _Using Private Endpoints_ + +This instance deploys the module with Private Endpoints. + + +

+ +via Bicep module + +```bicep +module server 'br/public:avm/res/sql/server:' = { + name: '${uniqueString(deployment().name, resourceLocation)}-test-sqlspe' + params: { + // Required parameters + name: 'sqlspe' + // Non-required parameters + administratorLogin: 'adminUserName' + administratorLoginPassword: '' + location: '' + privateEndpoints: [ + { + customDnsConfigs: [ + { + fqdn: 'abc.sqlServer.com' + ipAddresses: [ + '10.0.0.10' + ] + } + ] + ipConfigurations: [ + { + name: 'myIPconfig' + properties: { + groupId: 'sqlServer' + memberName: 'sqlServer' + privateIPAddress: '10.0.0.10' + } + } + ] + privateDnsZoneResourceIds: [ + '' + ] + subnetResourceId: '' + tags: { + Environment: 'Non-Prod' + 'hidden-title': 'This is visible in the resource name' + Role: 'DeploymentValidation' + } + } + ] + tags: { + Environment: 'Non-Prod' + 'hidden-title': 'This is visible in the resource name' + Role: 'DeploymentValidation' + } + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "name": { + "value": "sqlspe" + }, + // Non-required parameters + "administratorLogin": { + "value": "adminUserName" + }, + "administratorLoginPassword": { + "value": "" + }, + "location": { + "value": "" + }, + "privateEndpoints": { + "value": [ + { + "customDnsConfigs": [ + { + "fqdn": "abc.sqlServer.com", + "ipAddresses": [ + "10.0.0.10" + ] + } + ], + "ipConfigurations": [ + { + "name": "myIPconfig", + "properties": { + "groupId": "sqlServer", + "memberName": "sqlServer", + "privateIPAddress": "10.0.0.10" + } + } + ], + "privateDnsZoneResourceIds": [ + "" + ], + "subnetResourceId": "", + "tags": { + "Environment": "Non-Prod", + "hidden-title": "This is visible in the resource name", + "Role": "DeploymentValidation" + } + } + ] + }, + "tags": { + "value": { + "Environment": "Non-Prod", + "hidden-title": "This is visible in the resource name", + "Role": "DeploymentValidation" + } + } + } +} +``` + +
+

+ +### Example 5: _With a secondary database_ This instance deploys the module with a secondary database. @@ -600,7 +723,7 @@ module server 'br/public:avm/res/sql/server:' = {

-### Example 5: _With vulnerability assessment_ +### Example 6: _With vulnerability assessment_ This instance deploys the module with a vulnerability assessment. @@ -728,7 +851,7 @@ module server 'br/public:avm/res/sql/server:' = {

-### Example 6: _WAF-aligned_ +### Example 7: _WAF-aligned_ This instance deploys the module in alignment with the best-practices of the Azure Well-Architected Framework. @@ -1244,15 +1367,14 @@ Configuration details for private endpoints. For security reasons, it is recomme | [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | | [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | | [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | -| [`isManualConnection`](#parameter-privateendpointsismanualconnection) | bool | If Manual Private Link Connection is required. | | [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | | [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | -| [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | A message passed to the owner of the remote resource with the manual connection request. | +| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | | [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | | [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. | | [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | | [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | -| [`service`](#parameter-privateendpointsservice) | string | The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". | +| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | | [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | ### Parameter: `privateEndpoints.subnetResourceId` @@ -1368,13 +1490,6 @@ A private IP address obtained from the private endpoint's subnet. - Required: Yes - Type: string -### Parameter: `privateEndpoints.isManualConnection` - -If Manual Private Link Connection is required. - -- Required: No -- Type: bool - ### Parameter: `privateEndpoints.location` The location to deploy the private endpoint to. @@ -1418,12 +1533,12 @@ Specify the name of lock. - Required: No - Type: string -### Parameter: `privateEndpoints.manualConnectionRequestMessage` +### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` -A message passed to the owner of the remote resource with the manual connection request. +Manual PrivateLink Service Connections. - Required: No -- Type: string +- Type: array ### Parameter: `privateEndpoints.name` @@ -1537,7 +1652,7 @@ The principal type of the assigned principal ID. ### Parameter: `privateEndpoints.service` -The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". +The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". - Required: No - Type: string @@ -1718,7 +1833,7 @@ This section gives you an overview of all local-referenced module files (i.e., o | Reference | Type | | :-- | :-- | -| `br/public:avm/res/network/private-endpoint:0.4.0` | Remote reference | +| `br/public:avm/res/network/private-endpoint:0.3.1` | Remote reference | ## Notes diff --git a/avm/res/sql/server/main.bicep b/avm/res/sql/server/main.bicep index 26f63c5646..9adb292dfa 100644 --- a/avm/res/sql/server/main.bicep +++ b/avm/res/sql/server/main.bicep @@ -234,45 +234,34 @@ module server_elasticPools 'elastic-pool/main.bicep' = [for (elasticPool, index) } }] -module server_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { - name: '${uniqueString(deployment().name, location)}-Server-PrivateEndpoint-${index}' +module server_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.3.1' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { + name: '${uniqueString(deployment().name, location)}-server-PrivateEndpoint-${index}' params: { - name: privateEndpoint.?name ?? 'pep-${last(split(server.id, '/'))}-${privateEndpoint.?service ?? 'sqlServer'}-${index}' - privateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections != true ? [ - { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(server.id, '/'))}-${privateEndpoint.?service ?? 'sqlServer'}-${index}' - properties: { - privateLinkServiceId: server.id - groupIds: [ - privateEndpoint.?service ?? 'sqlServer' - ] - } - } - ] : null - manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ + privateLinkServiceConnections: [ { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(server.id, '/'))}-${privateEndpoint.?service ?? 'sqlServer'}-${index}' + name: name properties: { privateLinkServiceId: server.id groupIds: [ privateEndpoint.?service ?? 'sqlServer' ] - requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' } } - ] : null + ] + name: privateEndpoint.?name ?? 'pep-${last(split(server.id, '/'))}-${privateEndpoint.?service ?? 'sqlServer'}-${index}' subnetResourceId: privateEndpoint.subnetResourceId - enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry location: privateEndpoint.?location ?? reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location lock: privateEndpoint.?lock ?? lock privateDnsZoneGroupName: privateEndpoint.?privateDnsZoneGroupName privateDnsZoneResourceIds: privateEndpoint.?privateDnsZoneResourceIds roleAssignments: privateEndpoint.?roleAssignments tags: privateEndpoint.?tags ?? tags + manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections customDnsConfigs: privateEndpoint.?customDnsConfigs ipConfigurations: privateEndpoint.?ipConfigurations applicationSecurityGroupResourceIds: privateEndpoint.?applicationSecurityGroupResourceIds customNetworkInterfaceName: privateEndpoint.?customNetworkInterfaceName + enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry } }] @@ -410,13 +399,14 @@ type roleAssignmentType = { }[]? type privateEndpointType = { + @description('Optional. The name of the private endpoint.') name: string? @description('Optional. The location to deploy the private endpoint to.') location: string? - @description('Optional. The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory".') + @description('Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob".') service: string? @description('Required. Resource ID of the subnet where the endpoint needs to be created.') @@ -428,13 +418,6 @@ type privateEndpointType = { @description('Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.') privateDnsZoneResourceIds: string[]? - @description('Optional. If Manual Private Link Connection is required.') - isManualConnection: bool? - - @description('Optional. A message passed to the owner of the remote resource with the manual connection request.') - @maxLength(140) - manualConnectionRequestMessage: string? - @description('Optional. Custom DNS configurations.') customDnsConfigs: { @description('Required. Fqdn that resolves to private endpoint IP address.') @@ -477,6 +460,9 @@ type privateEndpointType = { @description('Optional. Tags to be applied on all resources/resource groups in this deployment.') tags: object? + @description('Optional. Manual PrivateLink Service Connections.') + manualPrivateLinkServiceConnections: array? + @description('Optional. Enable/Disable usage telemetry for module.') enableTelemetry: bool? }[]? diff --git a/avm/res/sql/server/main.json b/avm/res/sql/server/main.json index 5373bb5ebe..70407beb9e 100644 --- a/avm/res/sql/server/main.json +++ b/avm/res/sql/server/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "6171976598584344196" + "templateHash": "2223159689907478294" }, "name": "Azure SQL Servers", "description": "This module deploys an Azure SQL Server.", @@ -150,7 +150,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The subresource to deploy the private endpoint for. For example \"vault\", \"mysqlServer\" or \"dataFactory\"." + "description": "Optional. The service (sub-) type to deploy the private endpoint for. For example \"vault\" or \"blob\"." } }, "subnetResourceId": { @@ -176,21 +176,6 @@ "description": "Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones." } }, - "isManualConnection": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. If Manual Private Link Connection is required." - } - }, - "manualConnectionRequestMessage": { - "type": "string", - "nullable": true, - "maxLength": 140, - "metadata": { - "description": "Optional. A message passed to the owner of the remote resource with the manual connection request." - } - }, "customDnsConfigs": { "type": "array", "items": { @@ -299,6 +284,13 @@ "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." } }, + "manualPrivateLinkServiceConnections": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. Manual PrivateLink Service Connections." + } + }, "enableTelemetry": { "type": "bool", "nullable": true, @@ -1593,24 +1585,32 @@ }, "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('{0}-Server-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "name": "[format('{0}-server-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { "scope": "inner" }, "mode": "Incremental", "parameters": { + "privateLinkServiceConnections": { + "value": [ + { + "name": "[parameters('name')]", + "properties": { + "privateLinkServiceId": "[resourceId('Microsoft.Sql/servers', parameters('name'))]", + "groupIds": [ + "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'sqlServer')]" + ] + } + } + ] + }, "name": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.Sql/servers', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'sqlServer'), copyIndex()))]" }, - "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Sql/servers', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'sqlServer'), copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Sql/servers', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'sqlServer')))))), createObject('value', null()))]", - "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Sql/servers', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'sqlServer'), copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Sql/servers', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'sqlServer')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, - "enableTelemetry": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'enableTelemetry'), parameters('enableTelemetry'))]" - }, "location": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'location'), reference(split(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location)]" }, @@ -1629,6 +1629,9 @@ "tags": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'tags'), parameters('tags'))]" }, + "manualPrivateLinkServiceConnections": { + "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections')]" + }, "customDnsConfigs": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customDnsConfigs')]" }, @@ -1640,6 +1643,9 @@ }, "customNetworkInterfaceName": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customNetworkInterfaceName')]" + }, + "enableTelemetry": { + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'enableTelemetry'), parameters('enableTelemetry'))]" } }, "template": { @@ -1649,8 +1655,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "2592884001616184297" + "version": "0.23.1.45101", + "templateHash": "2821141217598568122" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -1699,7 +1705,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" } }, "conditionVersion": { @@ -1777,7 +1783,7 @@ "privateIPAddress": { "type": "string", "metadata": { - "description": "Required. A private IP address obtained from the private endpoint's subnet." + "description": "Required. A private ip address obtained from the private endpoint's subnet." } } }, @@ -1880,7 +1886,7 @@ "fqdn": { "type": "string", "metadata": { - "description": "Required. Fqdn that resolves to private endpoint IP address." + "description": "Required. Fqdn that resolves to private endpoint ip address." } }, "ipAddresses": { @@ -1889,7 +1895,7 @@ "type": "string" }, "metadata": { - "description": "Required. A list of private IP addresses of the private endpoint." + "description": "Required. A list of private ip addresses of the private endpoint." } } } @@ -2015,7 +2021,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2023-07-01", - "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.4.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.3.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -2120,8 +2126,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "9321937464667207030" + "version": "0.23.1.45101", + "templateHash": "18168683629401652671" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -2232,13 +2238,6 @@ "description": "The location the resource was deployed into." }, "value": "[reference('privateEndpoint', '2023-04-01', 'full').location]" - }, - "groupId": { - "type": "string", - "metadata": { - "description": "The group Id for the private endpoint Group." - }, - "value": "[if(not(empty(reference('privateEndpoint').manualPrivateLinkServiceConnections)), reference('privateEndpoint').manualPrivateLinkServiceConnections[0].properties.groupIds[0], reference('privateEndpoint').privateLinkServiceConnections[0].properties.groupIds[0])]" } } } diff --git a/avm/res/sql/server/tests/e2e/admin/main.test.bicep b/avm/res/sql/server/tests/e2e/admin/main.test.bicep index 622de8c80a..a7143c0613 100644 --- a/avm/res/sql/server/tests/e2e/admin/main.test.bicep +++ b/avm/res/sql/server/tests/e2e/admin/main.test.bicep @@ -57,7 +57,4 @@ module testDeployment '../../../main.bicep' = { principalType: 'Application' } } - dependsOn: [ - nestedDependencies - ] } diff --git a/avm/res/sql/server/tests/e2e/max/main.test.bicep b/avm/res/sql/server/tests/e2e/max/main.test.bicep index 01ea249410..32fe6d15cb 100644 --- a/avm/res/sql/server/tests/e2e/max/main.test.bicep +++ b/avm/res/sql/server/tests/e2e/max/main.test.bicep @@ -175,6 +175,7 @@ module testDeployment '../../../main.bicep' = { privateEndpoints: [ { subnetResourceId: nestedDependencies.outputs.privateEndpointSubnetResourceId + service: 'sqlServer' privateDnsZoneResourceIds: [ nestedDependencies.outputs.privateDNSZoneResourceId ] @@ -184,12 +185,6 @@ module testDeployment '../../../main.bicep' = { Role: 'DeploymentValidation' } } - { - subnetResourceId: nestedDependencies.outputs.privateEndpointSubnetResourceId - privateDnsZoneResourceIds: [ - nestedDependencies.outputs.privateDNSZoneResourceId - ] - } ] virtualNetworkRules: [ { @@ -205,8 +200,4 @@ module testDeployment '../../../main.bicep' = { Role: 'DeploymentValidation' } } - dependsOn: [ - nestedDependencies - diagnosticDependencies - ] } diff --git a/avm/res/sql/server/tests/e2e/pe/dependencies.bicep b/avm/res/sql/server/tests/e2e/pe/dependencies.bicep new file mode 100644 index 0000000000..ef2f9239a0 --- /dev/null +++ b/avm/res/sql/server/tests/e2e/pe/dependencies.bicep @@ -0,0 +1,50 @@ +@description('Required. The name of the Virtual Network to create.') +param virtualNetworkName string + +@description('Optional. The location to deploy resources to.') +param location string = resourceGroup().location + +var addressPrefix = '10.0.0.0/16' + +resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = { + name: virtualNetworkName + location: location + properties: { + addressSpace: { + addressPrefixes: [ + addressPrefix + ] + } + subnets: [ + { + name: 'defaultSubnet' + properties: { + + addressPrefix: cidrSubnet(addressPrefix, 16, 0) + } + } + ] + } +} + +resource privateDNSZone 'Microsoft.Network/privateDnsZones@2020-06-01' = { + name: 'privatelink${environment().suffixes.sqlServerHostname}' + location: 'global' + + resource virtualNetworkLinks 'virtualNetworkLinks@2020-06-01' = { + name: '${virtualNetwork.name}-vnetlink' + location: 'global' + properties: { + virtualNetwork: { + id: virtualNetwork.id + } + registrationEnabled: false + } + } +} + +@description('The resource ID of the created virtual network subnet.') +output subnetResourceId string = virtualNetwork.properties.subnets[0].id + +@description('The resource ID of the created Private DNS Zone.') +output privateDNSZoneResourceId string = privateDNSZone.id diff --git a/avm/res/sql/server/tests/e2e/pe/main.test.bicep b/avm/res/sql/server/tests/e2e/pe/main.test.bicep new file mode 100644 index 0000000000..f842f3c416 --- /dev/null +++ b/avm/res/sql/server/tests/e2e/pe/main.test.bicep @@ -0,0 +1,96 @@ +targetScope = 'subscription' + +metadata name = 'Using Private Endpoints' +metadata description = 'This instance deploys the module with Private Endpoints.' + +// ========== // +// Parameters // +// ========== // + +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +param resourceGroupName string = 'dep-${namePrefix}-sql.servers-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param resourceLocation string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'sqlspe' + +@description('Optional. The password to leverage for the login.') +@secure() +param password string = newGuid() + +@description('Optional. A token to inject into the name of each resource.') +param namePrefix string = '#_namePrefix_#' + +// ============ // +// Dependencies // +// ============ // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: resourceLocation +} + +module nestedDependencies 'dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, resourceLocation)}-nestedDependencies' + params: { + virtualNetworkName: 'dep-${namePrefix}-vnet-${serviceShort}' + location: resourceLocation + } +} + +// ============== // +// Test Execution // +// ============== // + +module testDeployment '../../../main.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}' + params: { + name: '${namePrefix}-${serviceShort}' + location: resourceLocation + administratorLogin: 'adminUserName' + administratorLoginPassword: password + privateEndpoints: [ + { + privateDnsZoneResourceIds: [ + nestedDependencies.outputs.privateDNSZoneResourceId + ] + subnetResourceId: nestedDependencies.outputs.subnetResourceId + tags: { + 'hidden-title': 'This is visible in the resource name' + Environment: 'Non-Prod' + Role: 'DeploymentValidation' + } + ipConfigurations: [ + { + name: 'myIPconfig' + properties: { + groupId: 'sqlServer' + memberName: 'sqlServer' + privateIPAddress: '10.0.0.10' + } + } + ] + customDnsConfigs: [ + { + fqdn: 'abc.sqlServer.com' + ipAddresses: [ + '10.0.0.10' + ] + } + ] + } + ] + tags: { + 'hidden-title': 'This is visible in the resource name' + Environment: 'Non-Prod' + Role: 'DeploymentValidation' + } + } +} diff --git a/avm/res/sql/server/tests/e2e/secondary/main.test.bicep b/avm/res/sql/server/tests/e2e/secondary/main.test.bicep index d86a8377b4..b04b858a3b 100644 --- a/avm/res/sql/server/tests/e2e/secondary/main.test.bicep +++ b/avm/res/sql/server/tests/e2e/secondary/main.test.bicep @@ -72,7 +72,4 @@ module testDeployment '../../../main.bicep' = { Role: 'DeploymentValidation' } } - dependsOn: [ - nestedDependencies - ] } diff --git a/avm/res/sql/server/tests/e2e/vulnAssm/main.test.bicep b/avm/res/sql/server/tests/e2e/vulnAssm/main.test.bicep index 3b01629f48..367a939783 100644 --- a/avm/res/sql/server/tests/e2e/vulnAssm/main.test.bicep +++ b/avm/res/sql/server/tests/e2e/vulnAssm/main.test.bicep @@ -89,7 +89,4 @@ module testDeployment '../../../main.bicep' = { Role: 'DeploymentValidation' } } - dependsOn: [ - nestedDependencies - ] } diff --git a/avm/res/sql/server/tests/e2e/waf-aligned/main.test.bicep b/avm/res/sql/server/tests/e2e/waf-aligned/main.test.bicep index d0c16ff2b9..e8cfdc3d1e 100644 --- a/avm/res/sql/server/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/sql/server/tests/e2e/waf-aligned/main.test.bicep @@ -172,8 +172,4 @@ module testDeployment '../../../main.bicep' = { Role: 'DeploymentValidation' } } - dependsOn: [ - nestedDependencies - diagnosticDependencies - ] } diff --git a/avm/res/sql/server/version.json b/avm/res/sql/server/version.json index 1c035df49f..83083db694 100644 --- a/avm/res/sql/server/version.json +++ b/avm/res/sql/server/version.json @@ -1,6 +1,6 @@ { "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.2", + "version": "0.1", "pathFilters": [ "./main.json" ] diff --git a/avm/res/storage/storage-account/README.md b/avm/res/storage/storage-account/README.md index 8617bfe51c..d33cf1a1a4 100644 --- a/avm/res/storage/storage-account/README.md +++ b/avm/res/storage/storage-account/README.md @@ -439,48 +439,6 @@ module storageAccount 'br/public:avm/res/storage/storage-account:' = { Role: 'DeploymentValidation' } } - { - privateDnsZoneResourceIds: [ - '' - ] - service: 'blob' - subnetResourceId: '' - } - { - privateDnsZoneResourceIds: [ - '' - ] - service: 'table' - subnetResourceId: '' - } - { - privateDnsZoneResourceIds: [ - '' - ] - service: 'queue' - subnetResourceId: '' - } - { - privateDnsZoneResourceIds: [ - '' - ] - service: 'file' - subnetResourceId: '' - } - { - privateDnsZoneResourceIds: [ - '' - ] - service: 'web' - subnetResourceId: '' - } - { - privateDnsZoneResourceIds: [ - '' - ] - service: 'dfs' - subnetResourceId: '' - } ] queueServices: { diagnosticSettings: [ @@ -871,48 +829,6 @@ module storageAccount 'br/public:avm/res/storage/storage-account:' = { "hidden-title": "This is visible in the resource name", "Role": "DeploymentValidation" } - }, - { - "privateDnsZoneResourceIds": [ - "" - ], - "service": "blob", - "subnetResourceId": "" - }, - { - "privateDnsZoneResourceIds": [ - "" - ], - "service": "table", - "subnetResourceId": "" - }, - { - "privateDnsZoneResourceIds": [ - "" - ], - "service": "queue", - "subnetResourceId": "" - }, - { - "privateDnsZoneResourceIds": [ - "" - ], - "service": "file", - "subnetResourceId": "" - }, - { - "privateDnsZoneResourceIds": [ - "" - ], - "service": "web", - "subnetResourceId": "" - }, - { - "privateDnsZoneResourceIds": [ - "" - ], - "service": "dfs", - "subnetResourceId": "" } ] }, @@ -2595,10 +2511,9 @@ Configuration details for private endpoints. For security reasons, it is recomme | [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | | [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | | [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | -| [`isManualConnection`](#parameter-privateendpointsismanualconnection) | bool | Manual PrivateLink Service Connections. | | [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | | [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | -| [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | A message passed to the owner of the remote resource with the manual connection request. | +| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | | [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | | [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | | [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | @@ -2725,13 +2640,6 @@ A private ip address obtained from the private endpoint's subnet. - Required: Yes - Type: string -### Parameter: `privateEndpoints.isManualConnection` - -Manual PrivateLink Service Connections. - -- Required: No -- Type: bool - ### Parameter: `privateEndpoints.location` The location to deploy the private endpoint to. @@ -2775,12 +2683,12 @@ Specify the name of lock. - Required: No - Type: string -### Parameter: `privateEndpoints.manualConnectionRequestMessage` +### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` -A message passed to the owner of the remote resource with the manual connection request. +Manual PrivateLink Service Connections. - Required: No -- Type: string +- Type: array ### Parameter: `privateEndpoints.name` @@ -3090,7 +2998,7 @@ This section gives you an overview of all local-referenced module files (i.e., o | Reference | Type | | :-- | :-- | -| `br/public:avm/res/network/private-endpoint:0.4.0` | Remote reference | +| `br/public:avm/res/network/private-endpoint:0.3.1` | Remote reference | ## Notes diff --git a/avm/res/storage/storage-account/main.bicep b/avm/res/storage/storage-account/main.bicep index 8b57a05034..a00ca23346 100644 --- a/avm/res/storage/storage-account/main.bicep +++ b/avm/res/storage/storage-account/main.bicep @@ -352,13 +352,12 @@ resource storageAccount_roleAssignments 'Microsoft.Authorization/roleAssignments scope: storageAccount }] -module storageAccount_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { +module storageAccount_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.3.1' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-StorageAccount-PrivateEndpoint-${index}' params: { - name: privateEndpoint.?name ?? 'pep-${last(split(storageAccount.id, '/'))}-${privateEndpoint.service}-${index}' - privateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections != true ? [ + privateLinkServiceConnections: [ { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(storageAccount.id, '/'))}-${privateEndpoint.service}-${index}' + name: name properties: { privateLinkServiceId: storageAccount.id groupIds: [ @@ -366,19 +365,8 @@ module storageAccount_privateEndpoints 'br/public:avm/res/network/private-endpoi ] } } - ] : null - manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ - { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(storageAccount.id, '/'))}-${privateEndpoint.service}-${index}' - properties: { - privateLinkServiceId: storageAccount.id - groupIds: [ - privateEndpoint.service - ] - requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' - } - } - ] : null + ] + name: privateEndpoint.?name ?? 'pep-${last(split(storageAccount.id, '/'))}-${privateEndpoint.service}-${index}' subnetResourceId: privateEndpoint.subnetResourceId enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry location: privateEndpoint.?location ?? reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location @@ -387,6 +375,7 @@ module storageAccount_privateEndpoints 'br/public:avm/res/network/private-endpoi privateDnsZoneResourceIds: privateEndpoint.?privateDnsZoneResourceIds roleAssignments: privateEndpoint.?roleAssignments tags: privateEndpoint.?tags ?? tags + manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections customDnsConfigs: privateEndpoint.?customDnsConfigs ipConfigurations: privateEndpoint.?ipConfigurations applicationSecurityGroupResourceIds: privateEndpoint.?applicationSecurityGroupResourceIds @@ -575,13 +564,6 @@ type privateEndpointType = { @description('Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.') privateDnsZoneResourceIds: string[]? - @description('Optional. Manual PrivateLink Service Connections.') - isManualConnection: bool? - - @description('Optional. A message passed to the owner of the remote resource with the manual connection request.') - @maxLength(140) - manualConnectionRequestMessage: string? - @description('Optional. Custom DNS configurations.') customDnsConfigs: { @description('Required. Fqdn that resolves to private endpoint ip address.') @@ -624,6 +606,9 @@ type privateEndpointType = { @description('Optional. Tags to be applied on all resources/resource groups in this deployment.') tags: object? + @description('Optional. Manual PrivateLink Service Connections.') + manualPrivateLinkServiceConnections: array? + @description('Optional. Enable/Disable usage telemetry for module.') enableTelemetry: bool? }[]? diff --git a/avm/res/storage/storage-account/main.json b/avm/res/storage/storage-account/main.json index 59666b5a83..3d4de8d154 100644 --- a/avm/res/storage/storage-account/main.json +++ b/avm/res/storage/storage-account/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "2079881859262732934" + "templateHash": "9001266032995338880" }, "name": "Storage Accounts", "description": "This module deploys a Storage Account.", @@ -227,21 +227,6 @@ "description": "Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones." } }, - "isManualConnection": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. Manual PrivateLink Service Connections." - } - }, - "manualConnectionRequestMessage": { - "type": "string", - "nullable": true, - "maxLength": 140, - "metadata": { - "description": "Optional. A message passed to the owner of the remote resource with the manual connection request." - } - }, "customDnsConfigs": { "type": "array", "items": { @@ -350,6 +335,13 @@ "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." } }, + "manualPrivateLinkServiceConnections": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. Manual PrivateLink Service Connections." + } + }, "enableTelemetry": { "type": "bool", "nullable": true, @@ -1003,11 +995,22 @@ }, "mode": "Incremental", "parameters": { + "privateLinkServiceConnections": { + "value": [ + { + "name": "[parameters('name')]", + "properties": { + "privateLinkServiceId": "[resourceId('Microsoft.Storage/storageAccounts', parameters('name'))]", + "groupIds": [ + "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service]" + ] + } + } + ] + }, "name": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.Storage/storageAccounts', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex()))]" }, - "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Storage/storageAccounts', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Storage/storageAccounts', parameters('name')), 'groupIds', createArray(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service))))), createObject('value', null()))]", - "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Storage/storageAccounts', parameters('name')), '/')), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service, copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Storage/storageAccounts', parameters('name')), 'groupIds', createArray(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, @@ -1032,6 +1035,9 @@ "tags": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'tags'), parameters('tags'))]" }, + "manualPrivateLinkServiceConnections": { + "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections')]" + }, "customDnsConfigs": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customDnsConfigs')]" }, @@ -1052,8 +1058,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "2592884001616184297" + "version": "0.23.1.45101", + "templateHash": "2821141217598568122" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -1102,7 +1108,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" } }, "conditionVersion": { @@ -1180,7 +1186,7 @@ "privateIPAddress": { "type": "string", "metadata": { - "description": "Required. A private IP address obtained from the private endpoint's subnet." + "description": "Required. A private ip address obtained from the private endpoint's subnet." } } }, @@ -1283,7 +1289,7 @@ "fqdn": { "type": "string", "metadata": { - "description": "Required. Fqdn that resolves to private endpoint IP address." + "description": "Required. Fqdn that resolves to private endpoint ip address." } }, "ipAddresses": { @@ -1292,7 +1298,7 @@ "type": "string" }, "metadata": { - "description": "Required. A list of private IP addresses of the private endpoint." + "description": "Required. A list of private ip addresses of the private endpoint." } } } @@ -1418,7 +1424,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2023-07-01", - "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.4.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.3.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -1523,8 +1529,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "9321937464667207030" + "version": "0.23.1.45101", + "templateHash": "18168683629401652671" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -1635,13 +1641,6 @@ "description": "The location the resource was deployed into." }, "value": "[reference('privateEndpoint', '2023-04-01', 'full').location]" - }, - "groupId": { - "type": "string", - "metadata": { - "description": "The group Id for the private endpoint Group." - }, - "value": "[if(not(empty(reference('privateEndpoint').manualPrivateLinkServiceConnections)), reference('privateEndpoint').manualPrivateLinkServiceConnections[0].properties.groupIds[0], reference('privateEndpoint').privateLinkServiceConnections[0].properties.groupIds[0])]" } } } diff --git a/avm/res/storage/storage-account/tests/e2e/max/dependencies.bicep b/avm/res/storage/storage-account/tests/e2e/max/dependencies.bicep index 2accc238d1..6e0fe47d04 100644 --- a/avm/res/storage/storage-account/tests/e2e/max/dependencies.bicep +++ b/avm/res/storage/storage-account/tests/e2e/max/dependencies.bicep @@ -22,29 +22,7 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = { { name: 'defaultSubnet' properties: { - addressPrefix: cidrSubnet(addressPrefix, 20, 0) - serviceEndpoints: [ - { - service: 'Microsoft.Storage' - } - ] - } - } - { - name: 'custom-private-subnet' - properties: { - addressPrefix: cidrSubnet(addressPrefix, 20, 1) - serviceEndpoints: [ - { - service: 'Microsoft.Storage' - } - ] - } - } - { - name: 'custom-private-subnet-2' - properties: { - addressPrefix: cidrSubnet(addressPrefix, 20, 2) + addressPrefix: cidrSubnet(addressPrefix, 16, 0) serviceEndpoints: [ { service: 'Microsoft.Storage' @@ -80,14 +58,8 @@ resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018- location: location } -@description('The resource ID of the created Virtual Network Default Subnet.') -output defaultSubnetResourceId string = virtualNetwork.properties.subnets[0].id - -@description('The resource ID of the 2nd created Virtual Network Subnet.') -output customSubnet1ResourceId string = virtualNetwork.properties.subnets[1].id - -@description('The resource ID of the 3rd created Virtual Network Subnet.') -output customSubnet2ResourceId string = virtualNetwork.properties.subnets[2].id +@description('The resource ID of the created Virtual Network Subnet.') +output subnetResourceId string = virtualNetwork.properties.subnets[0].id @description('The principal ID of the created Managed Identity.') output managedIdentityPrincipalId string = managedIdentity.properties.principalId diff --git a/avm/res/storage/storage-account/tests/e2e/max/main.test.bicep b/avm/res/storage/storage-account/tests/e2e/max/main.test.bicep index 684eca60e3..9690de9fbc 100644 --- a/avm/res/storage/storage-account/tests/e2e/max/main.test.bicep +++ b/avm/res/storage/storage-account/tests/e2e/max/main.test.bicep @@ -80,7 +80,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' privateEndpoints: [ { service: 'blob' - subnetResourceId: nestedDependencies.outputs.customSubnet1ResourceId + subnetResourceId: nestedDependencies.outputs.subnetResourceId privateDnsZoneResourceIds: [ nestedDependencies.outputs.privateDNSZoneResourceId ] @@ -90,48 +90,6 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } - { - service: 'blob' - subnetResourceId: nestedDependencies.outputs.customSubnet2ResourceId - privateDnsZoneResourceIds: [ - nestedDependencies.outputs.privateDNSZoneResourceId - ] - } - { - privateDnsZoneResourceIds: [ - nestedDependencies.outputs.privateDNSZoneResourceId - ] - subnetResourceId: nestedDependencies.outputs.customSubnet1ResourceId - service: 'table' - } - { - privateDnsZoneResourceIds: [ - nestedDependencies.outputs.privateDNSZoneResourceId - ] - subnetResourceId: nestedDependencies.outputs.customSubnet1ResourceId - service: 'queue' - } - { - privateDnsZoneResourceIds: [ - nestedDependencies.outputs.privateDNSZoneResourceId - ] - subnetResourceId: nestedDependencies.outputs.customSubnet1ResourceId - service: 'file' - } - { - privateDnsZoneResourceIds: [ - nestedDependencies.outputs.privateDNSZoneResourceId - ] - subnetResourceId: nestedDependencies.outputs.customSubnet1ResourceId - service: 'web' - } - { - privateDnsZoneResourceIds: [ - nestedDependencies.outputs.privateDNSZoneResourceId - ] - subnetResourceId: nestedDependencies.outputs.customSubnet1ResourceId - service: 'dfs' - } ] networkAcls: { bypass: 'AzureServices' @@ -139,7 +97,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' virtualNetworkRules: [ { action: 'Allow' - id: nestedDependencies.outputs.defaultSubnetResourceId + id: nestedDependencies.outputs.subnetResourceId } ] ipRules: [ @@ -449,8 +407,4 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } - dependsOn: [ - nestedDependencies - diagnosticDependencies - ] }] diff --git a/avm/res/storage/storage-account/tests/e2e/system-assigned-cmk-encryption/main.test.bicep b/avm/res/storage/storage-account/tests/e2e/system-assigned-cmk-encryption/main.test.bicep index 2c2bfc3700..936455ba72 100644 --- a/avm/res/storage/storage-account/tests/e2e/system-assigned-cmk-encryption/main.test.bicep +++ b/avm/res/storage/storage-account/tests/e2e/system-assigned-cmk-encryption/main.test.bicep @@ -82,7 +82,4 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' keyVaultResourceId: nestedDependencies.outputs.keyVaultResourceId } } - dependsOn: [ - nestedDependencies - ] }] diff --git a/avm/res/storage/storage-account/tests/e2e/user-assigned-cmk-encryption/main.test.bicep b/avm/res/storage/storage-account/tests/e2e/user-assigned-cmk-encryption/main.test.bicep index 3997f6a7f1..505551c7aa 100644 --- a/avm/res/storage/storage-account/tests/e2e/user-assigned-cmk-encryption/main.test.bicep +++ b/avm/res/storage/storage-account/tests/e2e/user-assigned-cmk-encryption/main.test.bicep @@ -89,7 +89,4 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' userAssignedIdentityResourceId: nestedDependencies.outputs.managedIdentityResourceId } } - dependsOn: [ - nestedDependencies - ] }] diff --git a/avm/res/storage/storage-account/tests/e2e/waf-aligned/main.test.bicep b/avm/res/storage/storage-account/tests/e2e/waf-aligned/main.test.bicep index 0fdbb91dff..8d3c2cb47c 100644 --- a/avm/res/storage/storage-account/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/storage/storage-account/tests/e2e/waf-aligned/main.test.bicep @@ -301,8 +301,4 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } - dependsOn: [ - nestedDependencies - diagnosticDependencies - ] }] diff --git a/avm/res/storage/storage-account/version.json b/avm/res/storage/storage-account/version.json index 0f81d22abc..e42c3d9e5f 100644 --- a/avm/res/storage/storage-account/version.json +++ b/avm/res/storage/storage-account/version.json @@ -1,6 +1,6 @@ { "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.8", + "version": "0.6", "pathFilters": [ "./main.json" ] diff --git a/avm/res/synapse/private-link-hub/README.md b/avm/res/synapse/private-link-hub/README.md index 7534fb874e..82e2a891c3 100644 --- a/avm/res/synapse/private-link-hub/README.md +++ b/avm/res/synapse/private-link-hub/README.md @@ -112,6 +112,7 @@ module privateLinkHub 'br/public:avm/res/synapse/private-link-hub:' = { privateDnsZoneResourceIds: [ '' ] + service: 'Web' subnetResourceId: '' tags: { Environment: 'Non-Prod' @@ -119,12 +120,6 @@ module privateLinkHub 'br/public:avm/res/synapse/private-link-hub:' = { Role: 'DeploymentValidation' } } - { - privateDnsZoneResourceIds: [ - '' - ] - subnetResourceId: '' - } ] roleAssignments: [ { @@ -179,18 +174,13 @@ module privateLinkHub 'br/public:avm/res/synapse/private-link-hub:' = { "privateDnsZoneResourceIds": [ "" ], + "service": "Web", "subnetResourceId": "", "tags": { "Environment": "Non-Prod", "hidden-title": "This is visible in the resource name", "Role": "DeploymentValidation" } - }, - { - "privateDnsZoneResourceIds": [ - "" - ], - "subnetResourceId": "" } ] }, @@ -402,6 +392,7 @@ Configuration details for private endpoints. For security reasons, it is recomme | Parameter | Type | Description | | :-- | :-- | :-- | +| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | | [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | string | Resource ID of the subnet where the endpoint needs to be created. | **Optional parameters** @@ -413,17 +404,22 @@ Configuration details for private endpoints. For security reasons, it is recomme | [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | | [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | | [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | -| [`isManualConnection`](#parameter-privateendpointsismanualconnection) | bool | If Manual Private Link Connection is required. | | [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | | [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | -| [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | A message passed to the owner of the remote resource with the manual connection request. | +| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | | [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | -| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. | +| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | | [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | | [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | -| [`service`](#parameter-privateendpointsservice) | string | The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". | | [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | +### Parameter: `privateEndpoints.service` + +The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". + +- Required: Yes +- Type: string + ### Parameter: `privateEndpoints.subnetResourceId` Resource ID of the subnet where the endpoint needs to be created. @@ -449,19 +445,19 @@ Custom DNS configurations. | Parameter | Type | Description | | :-- | :-- | :-- | -| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | string | Fqdn that resolves to private endpoint IP address. | -| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | array | A list of private IP addresses of the private endpoint. | +| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | string | Fqdn that resolves to private endpoint ip address. | +| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | array | A list of private ip addresses of the private endpoint. | ### Parameter: `privateEndpoints.customDnsConfigs.fqdn` -Fqdn that resolves to private endpoint IP address. +Fqdn that resolves to private endpoint ip address. - Required: No - Type: string ### Parameter: `privateEndpoints.customDnsConfigs.ipAddresses` -A list of private IP addresses of the private endpoint. +A list of private ip addresses of the private endpoint. - Required: Yes - Type: array @@ -514,7 +510,7 @@ Properties of private endpoint IP configurations. | :-- | :-- | :-- | | [`groupId`](#parameter-privateendpointsipconfigurationspropertiesgroupid) | string | The ID of a group obtained from the remote resource that this private endpoint should connect to. | | [`memberName`](#parameter-privateendpointsipconfigurationspropertiesmembername) | string | The member name of a group obtained from the remote resource that this private endpoint should connect to. | -| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | string | A private IP address obtained from the private endpoint's subnet. | +| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | string | A private ip address obtained from the private endpoint's subnet. | ### Parameter: `privateEndpoints.ipConfigurations.properties.groupId` @@ -532,18 +528,11 @@ The member name of a group obtained from the remote resource that this private e ### Parameter: `privateEndpoints.ipConfigurations.properties.privateIPAddress` -A private IP address obtained from the private endpoint's subnet. +A private ip address obtained from the private endpoint's subnet. - Required: Yes - Type: string -### Parameter: `privateEndpoints.isManualConnection` - -If Manual Private Link Connection is required. - -- Required: No -- Type: bool - ### Parameter: `privateEndpoints.location` The location to deploy the private endpoint to. @@ -587,12 +576,12 @@ Specify the name of lock. - Required: No - Type: string -### Parameter: `privateEndpoints.manualConnectionRequestMessage` +### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` -A message passed to the owner of the remote resource with the manual connection request. +Manual PrivateLink Service Connections. - Required: No -- Type: string +- Type: array ### Parameter: `privateEndpoints.name` @@ -603,7 +592,7 @@ The name of the private endpoint. ### Parameter: `privateEndpoints.privateDnsZoneGroupName` -The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. +The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. - Required: No - Type: string @@ -704,13 +693,6 @@ The principal type of the assigned principal ID. ] ``` -### Parameter: `privateEndpoints.service` - -The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". - -- Required: No -- Type: string - ### Parameter: `privateEndpoints.tags` Tags to be applied on all resources/resource groups in this deployment. @@ -830,7 +812,7 @@ This section gives you an overview of all local-referenced module files (i.e., o | Reference | Type | | :-- | :-- | -| `br/public:avm/res/network/private-endpoint:0.4.0` | Remote reference | +| `br/public:avm/res/network/private-endpoint:0.3.1` | Remote reference | ## Data Collection diff --git a/avm/res/synapse/private-link-hub/main.bicep b/avm/res/synapse/private-link-hub/main.bicep index 22d0d278ce..ea2d80db82 100644 --- a/avm/res/synapse/private-link-hub/main.bicep +++ b/avm/res/synapse/private-link-hub/main.bicep @@ -81,45 +81,34 @@ resource privateLinkHub_roleAssignments 'Microsoft.Authorization/roleAssignments }] // Private Endpoints -module privateLinkHub_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { - name: '${uniqueString(deployment().name, location)}-PrivateLinkHub-PrivateEndpoint-${index}' +module privateLinkHub_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.3.1' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { + name: '${uniqueString(deployment().name, location)}-privateLinkHub-PrivateEndpoint-${index}' params: { - name: privateEndpoint.?name ?? 'pep-${last(split(privateLinkHub.id, '/'))}-${privateEndpoint.?service ?? 'web'}-${index}' - privateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections != true ? [ + privateLinkServiceConnections: [ { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(privateLinkHub.id, '/'))}-${privateEndpoint.?service ?? 'web'}-${index}' + name: name properties: { privateLinkServiceId: privateLinkHub.id groupIds: [ - privateEndpoint.?service ?? 'web' + privateEndpoint.?service ?? 'privateLinkHubs' ] } } - ] : null - manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ - { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(privateLinkHub.id, '/'))}-${privateEndpoint.?service ?? 'web'}-${index}' - properties: { - privateLinkServiceId: privateLinkHub.id - groupIds: [ - privateEndpoint.?service ?? 'web' - ] - requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' - } - } - ] : null + ] + name: privateEndpoint.?name ?? 'pep-${last(split(privateLinkHub.id, '/'))}-${privateEndpoint.?service ?? privateEndpoint.service}-${index}' subnetResourceId: privateEndpoint.subnetResourceId - enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry location: privateEndpoint.?location ?? reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location lock: privateEndpoint.?lock ?? lock privateDnsZoneGroupName: privateEndpoint.?privateDnsZoneGroupName privateDnsZoneResourceIds: privateEndpoint.?privateDnsZoneResourceIds roleAssignments: privateEndpoint.?roleAssignments tags: privateEndpoint.?tags ?? tags + manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections customDnsConfigs: privateEndpoint.?customDnsConfigs ipConfigurations: privateEndpoint.?ipConfigurations applicationSecurityGroupResourceIds: privateEndpoint.?applicationSecurityGroupResourceIds customNetworkInterfaceName: privateEndpoint.?customNetworkInterfaceName + enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry } }] @@ -177,31 +166,24 @@ type privateEndpointType = { @description('Optional. The location to deploy the private endpoint to.') location: string? - @description('Optional. The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory".') - service: string? + @description('Required. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob".') + service: string @description('Required. Resource ID of the subnet where the endpoint needs to be created.') subnetResourceId: string - @description('Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided.') + @description('Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided.') privateDnsZoneGroupName: string? @description('Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.') privateDnsZoneResourceIds: string[]? - @description('Optional. If Manual Private Link Connection is required.') - isManualConnection: bool? - - @description('Optional. A message passed to the owner of the remote resource with the manual connection request.') - @maxLength(140) - manualConnectionRequestMessage: string? - @description('Optional. Custom DNS configurations.') customDnsConfigs: { - @description('Required. Fqdn that resolves to private endpoint IP address.') + @description('Required. Fqdn that resolves to private endpoint ip address.') fqdn: string? - @description('Required. A list of private IP addresses of the private endpoint.') + @description('Required. A list of private ip addresses of the private endpoint.') ipAddresses: string[] }[]? @@ -218,7 +200,7 @@ type privateEndpointType = { @description('Required. The member name of a group obtained from the remote resource that this private endpoint should connect to.') memberName: string - @description('Required. A private IP address obtained from the private endpoint\'s subnet.') + @description('Required. A private ip address obtained from the private endpoint\'s subnet.') privateIPAddress: string } }[]? @@ -238,6 +220,9 @@ type privateEndpointType = { @description('Optional. Tags to be applied on all resources/resource groups in this deployment.') tags: object? + @description('Optional. Manual PrivateLink Service Connections.') + manualPrivateLinkServiceConnections: array? + @description('Optional. Enable/Disable usage telemetry for module.') enableTelemetry: bool? }[]? diff --git a/avm/res/synapse/private-link-hub/main.json b/avm/res/synapse/private-link-hub/main.json index d0134ae735..d6a37b5693 100644 --- a/avm/res/synapse/private-link-hub/main.json +++ b/avm/res/synapse/private-link-hub/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "16624127378809450653" + "templateHash": "17829030796536004082" }, "name": "Azure Synapse Analytics", "description": "This module deploys an Azure Synapse Analytics (Private Link Hub).", @@ -125,9 +125,8 @@ }, "service": { "type": "string", - "nullable": true, "metadata": { - "description": "Optional. The subresource to deploy the private endpoint for. For example \"vault\", \"mysqlServer\" or \"dataFactory\"." + "description": "Required. The service (sub-) type to deploy the private endpoint for. For example \"vault\" or \"blob\"." } }, "subnetResourceId": { @@ -140,7 +139,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided." + "description": "Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided." } }, "privateDnsZoneResourceIds": { @@ -153,21 +152,6 @@ "description": "Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones." } }, - "isManualConnection": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. If Manual Private Link Connection is required." - } - }, - "manualConnectionRequestMessage": { - "type": "string", - "nullable": true, - "maxLength": 140, - "metadata": { - "description": "Optional. A message passed to the owner of the remote resource with the manual connection request." - } - }, "customDnsConfigs": { "type": "array", "items": { @@ -177,7 +161,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Required. Fqdn that resolves to private endpoint IP address." + "description": "Required. Fqdn that resolves to private endpoint ip address." } }, "ipAddresses": { @@ -186,7 +170,7 @@ "type": "string" }, "metadata": { - "description": "Required. A list of private IP addresses of the private endpoint." + "description": "Required. A list of private ip addresses of the private endpoint." } } } @@ -225,7 +209,7 @@ "privateIPAddress": { "type": "string", "metadata": { - "description": "Required. A private IP address obtained from the private endpoint's subnet." + "description": "Required. A private ip address obtained from the private endpoint's subnet." } } }, @@ -276,6 +260,13 @@ "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." } }, + "manualPrivateLinkServiceConnections": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. Manual PrivateLink Service Connections." + } + }, "enableTelemetry": { "type": "bool", "nullable": true, @@ -415,24 +406,32 @@ }, "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('{0}-PrivateLinkHub-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "name": "[format('{0}-privateLinkHub-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { "scope": "inner" }, "mode": "Incremental", "parameters": { + "privateLinkServiceConnections": { + "value": [ + { + "name": "[parameters('name')]", + "properties": { + "privateLinkServiceId": "[resourceId('Microsoft.Synapse/privateLinkHubs', parameters('name'))]", + "groupIds": [ + "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'privateLinkHubs')]" + ] + } + } + ] + }, "name": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.Synapse/privateLinkHubs', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'web'), copyIndex()))]" + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.Synapse/privateLinkHubs', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].service), copyIndex()))]" }, - "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Synapse/privateLinkHubs', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'web'), copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Synapse/privateLinkHubs', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'web')))))), createObject('value', null()))]", - "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Synapse/privateLinkHubs', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'web'), copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Synapse/privateLinkHubs', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'web')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, - "enableTelemetry": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'enableTelemetry'), parameters('enableTelemetry'))]" - }, "location": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'location'), reference(split(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location)]" }, @@ -451,6 +450,9 @@ "tags": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'tags'), parameters('tags'))]" }, + "manualPrivateLinkServiceConnections": { + "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections')]" + }, "customDnsConfigs": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customDnsConfigs')]" }, @@ -462,6 +464,9 @@ }, "customNetworkInterfaceName": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customNetworkInterfaceName')]" + }, + "enableTelemetry": { + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'enableTelemetry'), parameters('enableTelemetry'))]" } }, "template": { @@ -471,8 +476,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "2592884001616184297" + "version": "0.23.1.45101", + "templateHash": "2821141217598568122" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -521,7 +526,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" } }, "conditionVersion": { @@ -599,7 +604,7 @@ "privateIPAddress": { "type": "string", "metadata": { - "description": "Required. A private IP address obtained from the private endpoint's subnet." + "description": "Required. A private ip address obtained from the private endpoint's subnet." } } }, @@ -702,7 +707,7 @@ "fqdn": { "type": "string", "metadata": { - "description": "Required. Fqdn that resolves to private endpoint IP address." + "description": "Required. Fqdn that resolves to private endpoint ip address." } }, "ipAddresses": { @@ -711,7 +716,7 @@ "type": "string" }, "metadata": { - "description": "Required. A list of private IP addresses of the private endpoint." + "description": "Required. A list of private ip addresses of the private endpoint." } } } @@ -837,7 +842,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2023-07-01", - "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.4.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.3.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -942,8 +947,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "9321937464667207030" + "version": "0.23.1.45101", + "templateHash": "18168683629401652671" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -1054,13 +1059,6 @@ "description": "The location the resource was deployed into." }, "value": "[reference('privateEndpoint', '2023-04-01', 'full').location]" - }, - "groupId": { - "type": "string", - "metadata": { - "description": "The group Id for the private endpoint Group." - }, - "value": "[if(not(empty(reference('privateEndpoint').manualPrivateLinkServiceConnections)), reference('privateEndpoint').manualPrivateLinkServiceConnections[0].properties.groupIds[0], reference('privateEndpoint').privateLinkServiceConnections[0].properties.groupIds[0])]" } } } diff --git a/avm/res/synapse/private-link-hub/tests/e2e/max/main.test.bicep b/avm/res/synapse/private-link-hub/tests/e2e/max/main.test.bicep index 26749a1732..edcbcf4ffe 100644 --- a/avm/res/synapse/private-link-hub/tests/e2e/max/main.test.bicep +++ b/avm/res/synapse/private-link-hub/tests/e2e/max/main.test.bicep @@ -62,6 +62,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' privateDnsZoneResourceIds: [ nestedDependencies.outputs.privateDNSZoneResourceId ] + service: 'Web' subnetResourceId: nestedDependencies.outputs.subnetResourceId tags: { 'hidden-title': 'This is visible in the resource name' @@ -69,12 +70,6 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } - { - privateDnsZoneResourceIds: [ - nestedDependencies.outputs.privateDNSZoneResourceId - ] - subnetResourceId: nestedDependencies.outputs.subnetResourceId - } ] roleAssignments: [ { @@ -94,7 +89,4 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } - dependsOn: [ - nestedDependencies - ] }] diff --git a/avm/res/synapse/private-link-hub/tests/e2e/waf-aligned/main.test.bicep b/avm/res/synapse/private-link-hub/tests/e2e/waf-aligned/main.test.bicep index 7a5577e6b5..f25303df35 100644 --- a/avm/res/synapse/private-link-hub/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/synapse/private-link-hub/tests/e2e/waf-aligned/main.test.bicep @@ -72,7 +72,4 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } - dependsOn: [ - nestedDependencies - ] }] diff --git a/avm/res/synapse/private-link-hub/version.json b/avm/res/synapse/private-link-hub/version.json index 1c035df49f..83083db694 100644 --- a/avm/res/synapse/private-link-hub/version.json +++ b/avm/res/synapse/private-link-hub/version.json @@ -1,6 +1,6 @@ { "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.2", + "version": "0.1", "pathFilters": [ "./main.json" ] diff --git a/avm/res/web/site/README.md b/avm/res/web/site/README.md index 7d7f600c47..3fa8c4a1e0 100644 --- a/avm/res/web/site/README.md +++ b/avm/res/web/site/README.md @@ -249,12 +249,6 @@ module site 'br/public:avm/res/web/site:' = { Role: 'DeploymentValidation' } } - { - privateDnsZoneResourceIds: [ - '' - ] - subnetResourceId: '' - } ] roleAssignments: [ { @@ -449,12 +443,6 @@ module site 'br/public:avm/res/web/site:' = { "hidden-title": "This is visible in the resource name", "Role": "DeploymentValidation" } - }, - { - "privateDnsZoneResourceIds": [ - "" - ], - "subnetResourceId": "" } ] }, @@ -764,12 +752,6 @@ module site 'br/public:avm/res/web/site:' = { Role: 'DeploymentValidation' } } - { - privateDnsZoneResourceIds: [ - '' - ] - subnetResourceId: '' - } ] publicNetworkAccess: 'Disabled' roleAssignments: [ @@ -978,12 +960,6 @@ module site 'br/public:avm/res/web/site:' = { "hidden-title": "This is visible in the resource name", "Role": "DeploymentValidation" } - }, - { - "privateDnsZoneResourceIds": [ - "" - ], - "subnetResourceId": "" } ] }, @@ -1603,15 +1579,14 @@ Configuration details for private endpoints. For security reasons, it is recomme | [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | | [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | | [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | -| [`isManualConnection`](#parameter-privateendpointsismanualconnection) | bool | If Manual Private Link Connection is required. | | [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | | [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | -| [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | A message passed to the owner of the remote resource with the manual connection request. | +| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | | [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | -| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. | +| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | | [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | | [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | -| [`service`](#parameter-privateendpointsservice) | string | The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". | +| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | | [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | ### Parameter: `privateEndpoints.subnetResourceId` @@ -1639,19 +1614,19 @@ Custom DNS configurations. | Parameter | Type | Description | | :-- | :-- | :-- | -| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | string | Fqdn that resolves to private endpoint IP address. | -| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | array | A list of private IP addresses of the private endpoint. | +| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | string | Fqdn that resolves to private endpoint ip address. | +| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | array | A list of private ip addresses of the private endpoint. | ### Parameter: `privateEndpoints.customDnsConfigs.fqdn` -Fqdn that resolves to private endpoint IP address. +Fqdn that resolves to private endpoint ip address. - Required: No - Type: string ### Parameter: `privateEndpoints.customDnsConfigs.ipAddresses` -A list of private IP addresses of the private endpoint. +A list of private ip addresses of the private endpoint. - Required: Yes - Type: array @@ -1704,7 +1679,7 @@ Properties of private endpoint IP configurations. | :-- | :-- | :-- | | [`groupId`](#parameter-privateendpointsipconfigurationspropertiesgroupid) | string | The ID of a group obtained from the remote resource that this private endpoint should connect to. | | [`memberName`](#parameter-privateendpointsipconfigurationspropertiesmembername) | string | The member name of a group obtained from the remote resource that this private endpoint should connect to. | -| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | string | A private IP address obtained from the private endpoint's subnet. | +| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | string | A private ip address obtained from the private endpoint's subnet. | ### Parameter: `privateEndpoints.ipConfigurations.properties.groupId` @@ -1722,18 +1697,11 @@ The member name of a group obtained from the remote resource that this private e ### Parameter: `privateEndpoints.ipConfigurations.properties.privateIPAddress` -A private IP address obtained from the private endpoint's subnet. +A private ip address obtained from the private endpoint's subnet. - Required: Yes - Type: string -### Parameter: `privateEndpoints.isManualConnection` - -If Manual Private Link Connection is required. - -- Required: No -- Type: bool - ### Parameter: `privateEndpoints.location` The location to deploy the private endpoint to. @@ -1777,12 +1745,12 @@ Specify the name of lock. - Required: No - Type: string -### Parameter: `privateEndpoints.manualConnectionRequestMessage` +### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` -A message passed to the owner of the remote resource with the manual connection request. +Manual PrivateLink Service Connections. - Required: No -- Type: string +- Type: array ### Parameter: `privateEndpoints.name` @@ -1793,7 +1761,7 @@ The name of the private endpoint. ### Parameter: `privateEndpoints.privateDnsZoneGroupName` -The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. +The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. - Required: No - Type: string @@ -1896,7 +1864,7 @@ The principal type of the assigned principal ID. ### Parameter: `privateEndpoints.service` -The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". +The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". - Required: No - Type: string @@ -2133,7 +2101,7 @@ This section gives you an overview of all local-referenced module files (i.e., o | Reference | Type | | :-- | :-- | -| `br/public:avm/res/network/private-endpoint:0.4.0` | Remote reference | +| `br/public:avm/res/network/private-endpoint:0.3.2` | Remote reference | ## Notes diff --git a/avm/res/web/site/main.bicep b/avm/res/web/site/main.bicep index ac945af7de..7351a9a11f 100644 --- a/avm/res/web/site/main.bicep +++ b/avm/res/web/site/main.bicep @@ -362,13 +362,12 @@ resource app_roleAssignments 'Microsoft.Authorization/roleAssignments@2022-04-01 scope: app }] -module app_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { - name: '${uniqueString(deployment().name, location)}-App-PrivateEndpoint-${index}' +module app_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.3.2' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { + name: '${uniqueString(deployment().name, location)}-app-PrivateEndpoint-${index}' params: { - name: privateEndpoint.?name ?? 'pep-${last(split(app.id, '/'))}-${privateEndpoint.?service ?? 'sites'}-${index}' - privateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections != true ? [ + privateLinkServiceConnections: [ { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(app.id, '/'))}-${privateEndpoint.?service ?? 'sites'}-${index}' + name: name properties: { privateLinkServiceId: app.id groupIds: [ @@ -376,19 +375,8 @@ module app_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = ] } } - ] : null - manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ - { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(app.id, '/'))}-${privateEndpoint.?service ?? 'sites'}-${index}' - properties: { - privateLinkServiceId: app.id - groupIds: [ - privateEndpoint.?service ?? 'sites' - ] - requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' - } - } - ] : null + ] + name: privateEndpoint.?name ?? 'pep-${last(split(app.id, '/'))}-${privateEndpoint.?service ?? 'sites'}-${index}' subnetResourceId: privateEndpoint.subnetResourceId enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry location: privateEndpoint.?location ?? reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location @@ -397,6 +385,7 @@ module app_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = privateDnsZoneResourceIds: privateEndpoint.?privateDnsZoneResourceIds roleAssignments: privateEndpoint.?roleAssignments tags: privateEndpoint.?tags ?? tags + manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections customDnsConfigs: privateEndpoint.?customDnsConfigs ipConfigurations: privateEndpoint.?ipConfigurations applicationSecurityGroupResourceIds: privateEndpoint.?applicationSecurityGroupResourceIds @@ -481,31 +470,24 @@ type privateEndpointType = { @description('Optional. The location to deploy the private endpoint to.') location: string? - @description('Optional. The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory".') + @description('Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob".') service: string? @description('Required. Resource ID of the subnet where the endpoint needs to be created.') subnetResourceId: string - @description('Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided.') + @description('Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided.') privateDnsZoneGroupName: string? @description('Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.') privateDnsZoneResourceIds: string[]? - @description('Optional. If Manual Private Link Connection is required.') - isManualConnection: bool? - - @description('Optional. A message passed to the owner of the remote resource with the manual connection request.') - @maxLength(140) - manualConnectionRequestMessage: string? - @description('Optional. Custom DNS configurations.') customDnsConfigs: { - @description('Required. Fqdn that resolves to private endpoint IP address.') + @description('Required. Fqdn that resolves to private endpoint ip address.') fqdn: string? - @description('Required. A list of private IP addresses of the private endpoint.') + @description('Required. A list of private ip addresses of the private endpoint.') ipAddresses: string[] }[]? @@ -522,7 +504,7 @@ type privateEndpointType = { @description('Required. The member name of a group obtained from the remote resource that this private endpoint should connect to.') memberName: string - @description('Required. A private IP address obtained from the private endpoint\'s subnet.') + @description('Required. A private ip address obtained from the private endpoint\'s subnet.') privateIPAddress: string } }[]? @@ -542,6 +524,9 @@ type privateEndpointType = { @description('Optional. Tags to be applied on all resources/resource groups in this deployment.') tags: object? + @description('Optional. Manual PrivateLink Service Connections.') + manualPrivateLinkServiceConnections: array? + @description('Optional. Enable/Disable usage telemetry for module.') enableTelemetry: bool? }[]? diff --git a/avm/res/web/site/main.json b/avm/res/web/site/main.json index 14f78f43f4..500663e7fb 100644 --- a/avm/res/web/site/main.json +++ b/avm/res/web/site/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "7010125481271494880" + "templateHash": "15412423005625899099" }, "name": "Web/Function Apps", "description": "This module deploys a Web or Function App.", @@ -150,7 +150,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The subresource to deploy the private endpoint for. For example \"vault\", \"mysqlServer\" or \"dataFactory\"." + "description": "Optional. The service (sub-) type to deploy the private endpoint for. For example \"vault\" or \"blob\"." } }, "subnetResourceId": { @@ -163,7 +163,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided." + "description": "Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided." } }, "privateDnsZoneResourceIds": { @@ -176,21 +176,6 @@ "description": "Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones." } }, - "isManualConnection": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. If Manual Private Link Connection is required." - } - }, - "manualConnectionRequestMessage": { - "type": "string", - "nullable": true, - "maxLength": 140, - "metadata": { - "description": "Optional. A message passed to the owner of the remote resource with the manual connection request." - } - }, "customDnsConfigs": { "type": "array", "items": { @@ -200,7 +185,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Required. Fqdn that resolves to private endpoint IP address." + "description": "Required. Fqdn that resolves to private endpoint ip address." } }, "ipAddresses": { @@ -209,7 +194,7 @@ "type": "string" }, "metadata": { - "description": "Required. A list of private IP addresses of the private endpoint." + "description": "Required. A list of private ip addresses of the private endpoint." } } } @@ -248,7 +233,7 @@ "privateIPAddress": { "type": "string", "metadata": { - "description": "Required. A private IP address obtained from the private endpoint's subnet." + "description": "Required. A private ip address obtained from the private endpoint's subnet." } } }, @@ -299,6 +284,13 @@ "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." } }, + "manualPrivateLinkServiceConnections": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. Manual PrivateLink Service Connections." + } + }, "enableTelemetry": { "type": "bool", "nullable": true, @@ -1296,7 +1288,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "7766866613475753287" + "templateHash": "12905465301950647404" }, "name": "Web/Function App Deployment Slots", "description": "This module deploys a Web or Function App Deployment Slot.", @@ -1440,7 +1432,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The subresource to deploy the private endpoint for. For example \"vault\", \"mysqlServer\" or \"dataFactory\"." + "description": "Optional. The service (sub-) type to deploy the private endpoint for. For example \"vault\" or \"blob\"." } }, "subnetResourceId": { @@ -1453,7 +1445,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided." + "description": "Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided." } }, "privateDnsZoneResourceIds": { @@ -1466,21 +1458,6 @@ "description": "Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones." } }, - "isManualConnection": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. If Manual Private Link Connection is required." - } - }, - "manualConnectionRequestMessage": { - "type": "string", - "nullable": true, - "maxLength": 140, - "metadata": { - "description": "Optional. A message passed to the owner of the remote resource with the manual connection request." - } - }, "customDnsConfigs": { "type": "array", "items": { @@ -1490,7 +1467,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Required. Fqdn that resolves to private endpoint IP address." + "description": "Required. Fqdn that resolves to private endpoint ip address." } }, "ipAddresses": { @@ -1499,7 +1476,7 @@ "type": "string" }, "metadata": { - "description": "Required. A list of private IP addresses of the private endpoint." + "description": "Required. A list of private ip addresses of the private endpoint." } } } @@ -1538,7 +1515,7 @@ "privateIPAddress": { "type": "string", "metadata": { - "description": "Required. A private IP address obtained from the private endpoint's subnet." + "description": "Required. A private ip address obtained from the private endpoint's subnet." } } }, @@ -1589,6 +1566,13 @@ "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." } }, + "manualPrivateLinkServiceConnections": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. Manual PrivateLink Service Connections." + } + }, "enableTelemetry": { "type": "bool", "nullable": true, @@ -2705,11 +2689,22 @@ }, "mode": "Incremental", "parameters": { + "privateLinkServiceConnections": { + "value": [ + { + "name": "[parameters('name')]", + "properties": { + "privateLinkServiceId": "[resourceId('Microsoft.Web/sites', parameters('appName'))]", + "groupIds": [ + "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), format('sites-{0}', parameters('name')))]" + ] + } + } + ] + }, "name": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}-{3}', last(split(resourceId('Microsoft.Web/sites', parameters('appName')), '/')), parameters('name'), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), format('sites-{0}', parameters('name'))), copyIndex()))]" + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}-{3}', last(split(resourceId('Microsoft.Web/sites', parameters('appName')), '/')), parameters('name'), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'sites'), copyIndex()))]" }, - "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/sites', parameters('appName')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), format('sites-{0}', parameters('name'))), copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Web/sites', parameters('appName')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), format('sites-{0}', parameters('name')))))))), createObject('value', null()))]", - "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/sites', parameters('appName')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), format('sites-{0}', parameters('name'))), copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Web/sites', parameters('appName')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), format('sites-{0}', parameters('name')))), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, @@ -2734,6 +2729,9 @@ "tags": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'tags'), parameters('tags'))]" }, + "manualPrivateLinkServiceConnections": { + "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections')]" + }, "customDnsConfigs": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customDnsConfigs')]" }, @@ -2754,8 +2752,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "2592884001616184297" + "version": "0.23.1.45101", + "templateHash": "2821141217598568122" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -2804,7 +2802,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" } }, "conditionVersion": { @@ -3120,7 +3118,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2023-07-01", - "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.4.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.3.2', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -3225,8 +3223,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "9321937464667207030" + "version": "0.23.1.45101", + "templateHash": "18168683629401652671" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -3337,13 +3335,6 @@ "description": "The location the resource was deployed into." }, "value": "[reference('privateEndpoint', '2023-04-01', 'full').location]" - }, - "groupId": { - "type": "string", - "metadata": { - "description": "The group Id for the private endpoint Group." - }, - "value": "[if(not(empty(reference('privateEndpoint').manualPrivateLinkServiceConnections)), reference('privateEndpoint').manualPrivateLinkServiceConnections[0].properties.groupIds[0], reference('privateEndpoint').privateLinkServiceConnections[0].properties.groupIds[0])]" } } } @@ -3627,18 +3618,29 @@ }, "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('{0}-App-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "name": "[format('{0}-app-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { "scope": "inner" }, "mode": "Incremental", "parameters": { + "privateLinkServiceConnections": { + "value": [ + { + "name": "[parameters('name')]", + "properties": { + "privateLinkServiceId": "[resourceId('Microsoft.Web/sites', parameters('name'))]", + "groupIds": [ + "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'sites')]" + ] + } + } + ] + }, "name": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/sites', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'sites'), copyIndex()))]" }, - "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/sites', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'sites'), copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Web/sites', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'sites')))))), createObject('value', null()))]", - "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/sites', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'sites'), copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Web/sites', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'sites')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, @@ -3663,6 +3665,9 @@ "tags": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'tags'), parameters('tags'))]" }, + "manualPrivateLinkServiceConnections": { + "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections')]" + }, "customDnsConfigs": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customDnsConfigs')]" }, @@ -3683,8 +3688,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "2592884001616184297" + "version": "0.23.1.45101", + "templateHash": "2821141217598568122" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -3733,7 +3738,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" } }, "conditionVersion": { @@ -4049,7 +4054,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2023-07-01", - "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.4.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.3.2', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -4154,8 +4159,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "9321937464667207030" + "version": "0.23.1.45101", + "templateHash": "18168683629401652671" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -4266,13 +4271,6 @@ "description": "The location the resource was deployed into." }, "value": "[reference('privateEndpoint', '2023-04-01', 'full').location]" - }, - "groupId": { - "type": "string", - "metadata": { - "description": "The group Id for the private endpoint Group." - }, - "value": "[if(not(empty(reference('privateEndpoint').manualPrivateLinkServiceConnections)), reference('privateEndpoint').manualPrivateLinkServiceConnections[0].properties.groupIds[0], reference('privateEndpoint').privateLinkServiceConnections[0].properties.groupIds[0])]" } } } diff --git a/avm/res/web/site/slot/README.md b/avm/res/web/site/slot/README.md index f81c939982..8b82bf1ad9 100644 --- a/avm/res/web/site/slot/README.md +++ b/avm/res/web/site/slot/README.md @@ -509,15 +509,14 @@ Configuration details for private endpoints. | [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | | [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | | [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | -| [`isManualConnection`](#parameter-privateendpointsismanualconnection) | bool | If Manual Private Link Connection is required. | | [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | | [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | -| [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | A message passed to the owner of the remote resource with the manual connection request. | +| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | | [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | -| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. | +| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | | [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | | [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | -| [`service`](#parameter-privateendpointsservice) | string | The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". | +| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | | [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | ### Parameter: `privateEndpoints.subnetResourceId` @@ -545,19 +544,19 @@ Custom DNS configurations. | Parameter | Type | Description | | :-- | :-- | :-- | -| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | string | Fqdn that resolves to private endpoint IP address. | -| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | array | A list of private IP addresses of the private endpoint. | +| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | string | Fqdn that resolves to private endpoint ip address. | +| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | array | A list of private ip addresses of the private endpoint. | ### Parameter: `privateEndpoints.customDnsConfigs.fqdn` -Fqdn that resolves to private endpoint IP address. +Fqdn that resolves to private endpoint ip address. - Required: No - Type: string ### Parameter: `privateEndpoints.customDnsConfigs.ipAddresses` -A list of private IP addresses of the private endpoint. +A list of private ip addresses of the private endpoint. - Required: Yes - Type: array @@ -610,7 +609,7 @@ Properties of private endpoint IP configurations. | :-- | :-- | :-- | | [`groupId`](#parameter-privateendpointsipconfigurationspropertiesgroupid) | string | The ID of a group obtained from the remote resource that this private endpoint should connect to. | | [`memberName`](#parameter-privateendpointsipconfigurationspropertiesmembername) | string | The member name of a group obtained from the remote resource that this private endpoint should connect to. | -| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | string | A private IP address obtained from the private endpoint's subnet. | +| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | string | A private ip address obtained from the private endpoint's subnet. | ### Parameter: `privateEndpoints.ipConfigurations.properties.groupId` @@ -628,18 +627,11 @@ The member name of a group obtained from the remote resource that this private e ### Parameter: `privateEndpoints.ipConfigurations.properties.privateIPAddress` -A private IP address obtained from the private endpoint's subnet. +A private ip address obtained from the private endpoint's subnet. - Required: Yes - Type: string -### Parameter: `privateEndpoints.isManualConnection` - -If Manual Private Link Connection is required. - -- Required: No -- Type: bool - ### Parameter: `privateEndpoints.location` The location to deploy the private endpoint to. @@ -683,12 +675,12 @@ Specify the name of lock. - Required: No - Type: string -### Parameter: `privateEndpoints.manualConnectionRequestMessage` +### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` -A message passed to the owner of the remote resource with the manual connection request. +Manual PrivateLink Service Connections. - Required: No -- Type: string +- Type: array ### Parameter: `privateEndpoints.name` @@ -699,7 +691,7 @@ The name of the private endpoint. ### Parameter: `privateEndpoints.privateDnsZoneGroupName` -The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. +The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. - Required: No - Type: string @@ -802,7 +794,7 @@ The principal type of the assigned principal ID. ### Parameter: `privateEndpoints.service` -The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". +The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". - Required: No - Type: string @@ -1027,7 +1019,7 @@ This section gives you an overview of all local-referenced module files (i.e., o | Reference | Type | | :-- | :-- | -| `br/public:avm/res/network/private-endpoint:0.4.0` | Remote reference | +| `br/public:avm/res/network/private-endpoint:0.3.2` | Remote reference | ## Notes diff --git a/avm/res/web/site/slot/main.bicep b/avm/res/web/site/slot/main.bicep index fb10222b00..9c91ea7372 100644 --- a/avm/res/web/site/slot/main.bicep +++ b/avm/res/web/site/slot/main.bicep @@ -295,13 +295,12 @@ resource slot_roleAssignments 'Microsoft.Authorization/roleAssignments@2022-04-0 scope: slot }] -module slot_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { +module slot_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.3.2' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-Slot-PrivateEndpoint-${index}' params: { - name: privateEndpoint.?name ?? 'pep-${last(split(app.id, '/'))}-${name}-${privateEndpoint.?service ?? 'sites-${slot.name}'}-${index}' - privateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections != true ? [ + privateLinkServiceConnections: [ { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(app.id, '/'))}-${privateEndpoint.?service ?? 'sites-${slot.name}'}-${index}' + name: slot.name properties: { privateLinkServiceId: app.id // Must be set on the WebApp and not the slot groupIds: [ @@ -309,19 +308,8 @@ module slot_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' ] } } - ] : null - manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ - { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(app.id, '/'))}-${privateEndpoint.?service ?? 'sites-${slot.name}'}-${index}' - properties: { - privateLinkServiceId: app.id // Must be set on the WebApp and not the slot - groupIds: [ - privateEndpoint.?service ?? 'sites-${slot.name}' // The required syntax to create the private endpoint for a specific slot - ] - requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' - } - } - ] : null + ] + name: privateEndpoint.?name ?? 'pep-${last(split(app.id, '/'))}-${name}-${privateEndpoint.?service ?? 'sites'}-${index}' subnetResourceId: privateEndpoint.subnetResourceId enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry location: privateEndpoint.?location ?? reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location @@ -330,6 +318,7 @@ module slot_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' privateDnsZoneResourceIds: privateEndpoint.?privateDnsZoneResourceIds roleAssignments: privateEndpoint.?roleAssignments tags: privateEndpoint.?tags ?? tags + manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections customDnsConfigs: privateEndpoint.?customDnsConfigs ipConfigurations: privateEndpoint.?ipConfigurations applicationSecurityGroupResourceIds: privateEndpoint.?applicationSecurityGroupResourceIds @@ -402,31 +391,24 @@ type privateEndpointType = { @description('Optional. The location to deploy the private endpoint to.') location: string? - @description('Optional. The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory".') + @description('Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob".') service: string? @description('Required. Resource ID of the subnet where the endpoint needs to be created.') subnetResourceId: string - @description('Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided.') + @description('Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided.') privateDnsZoneGroupName: string? @description('Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.') privateDnsZoneResourceIds: string[]? - @description('Optional. If Manual Private Link Connection is required.') - isManualConnection: bool? - - @description('Optional. A message passed to the owner of the remote resource with the manual connection request.') - @maxLength(140) - manualConnectionRequestMessage: string? - @description('Optional. Custom DNS configurations.') customDnsConfigs: { - @description('Required. Fqdn that resolves to private endpoint IP address.') + @description('Required. Fqdn that resolves to private endpoint ip address.') fqdn: string? - @description('Required. A list of private IP addresses of the private endpoint.') + @description('Required. A list of private ip addresses of the private endpoint.') ipAddresses: string[] }[]? @@ -443,7 +425,7 @@ type privateEndpointType = { @description('Required. The member name of a group obtained from the remote resource that this private endpoint should connect to.') memberName: string - @description('Required. A private IP address obtained from the private endpoint\'s subnet.') + @description('Required. A private ip address obtained from the private endpoint\'s subnet.') privateIPAddress: string } }[]? @@ -463,6 +445,9 @@ type privateEndpointType = { @description('Optional. Tags to be applied on all resources/resource groups in this deployment.') tags: object? + @description('Optional. Manual PrivateLink Service Connections.') + manualPrivateLinkServiceConnections: array? + @description('Optional. Enable/Disable usage telemetry for module.') enableTelemetry: bool? }[]? diff --git a/avm/res/web/site/slot/main.json b/avm/res/web/site/slot/main.json index 2a2938a707..a4c60a5730 100644 --- a/avm/res/web/site/slot/main.json +++ b/avm/res/web/site/slot/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "7766866613475753287" + "templateHash": "12905465301950647404" }, "name": "Web/Function App Deployment Slots", "description": "This module deploys a Web or Function App Deployment Slot.", @@ -150,7 +150,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The subresource to deploy the private endpoint for. For example \"vault\", \"mysqlServer\" or \"dataFactory\"." + "description": "Optional. The service (sub-) type to deploy the private endpoint for. For example \"vault\" or \"blob\"." } }, "subnetResourceId": { @@ -163,7 +163,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided." + "description": "Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided." } }, "privateDnsZoneResourceIds": { @@ -176,21 +176,6 @@ "description": "Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones." } }, - "isManualConnection": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. If Manual Private Link Connection is required." - } - }, - "manualConnectionRequestMessage": { - "type": "string", - "nullable": true, - "maxLength": 140, - "metadata": { - "description": "Optional. A message passed to the owner of the remote resource with the manual connection request." - } - }, "customDnsConfigs": { "type": "array", "items": { @@ -200,7 +185,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Required. Fqdn that resolves to private endpoint IP address." + "description": "Required. Fqdn that resolves to private endpoint ip address." } }, "ipAddresses": { @@ -209,7 +194,7 @@ "type": "string" }, "metadata": { - "description": "Required. A list of private IP addresses of the private endpoint." + "description": "Required. A list of private ip addresses of the private endpoint." } } } @@ -248,7 +233,7 @@ "privateIPAddress": { "type": "string", "metadata": { - "description": "Required. A private IP address obtained from the private endpoint's subnet." + "description": "Required. A private ip address obtained from the private endpoint's subnet." } } }, @@ -299,6 +284,13 @@ "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." } }, + "manualPrivateLinkServiceConnections": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. Manual PrivateLink Service Connections." + } + }, "enableTelemetry": { "type": "bool", "nullable": true, @@ -1415,11 +1407,22 @@ }, "mode": "Incremental", "parameters": { + "privateLinkServiceConnections": { + "value": [ + { + "name": "[parameters('name')]", + "properties": { + "privateLinkServiceId": "[resourceId('Microsoft.Web/sites', parameters('appName'))]", + "groupIds": [ + "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), format('sites-{0}', parameters('name')))]" + ] + } + } + ] + }, "name": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}-{3}', last(split(resourceId('Microsoft.Web/sites', parameters('appName')), '/')), parameters('name'), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), format('sites-{0}', parameters('name'))), copyIndex()))]" + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}-{3}', last(split(resourceId('Microsoft.Web/sites', parameters('appName')), '/')), parameters('name'), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'sites'), copyIndex()))]" }, - "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/sites', parameters('appName')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), format('sites-{0}', parameters('name'))), copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Web/sites', parameters('appName')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), format('sites-{0}', parameters('name')))))))), createObject('value', null()))]", - "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/sites', parameters('appName')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), format('sites-{0}', parameters('name'))), copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Web/sites', parameters('appName')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), format('sites-{0}', parameters('name')))), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, @@ -1444,6 +1447,9 @@ "tags": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'tags'), parameters('tags'))]" }, + "manualPrivateLinkServiceConnections": { + "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections')]" + }, "customDnsConfigs": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customDnsConfigs')]" }, @@ -1464,8 +1470,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "2592884001616184297" + "version": "0.23.1.45101", + "templateHash": "2821141217598568122" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -1514,7 +1520,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" } }, "conditionVersion": { @@ -1830,7 +1836,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2023-07-01", - "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.4.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.3.2', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -1935,8 +1941,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "9321937464667207030" + "version": "0.23.1.45101", + "templateHash": "18168683629401652671" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -2047,13 +2053,6 @@ "description": "The location the resource was deployed into." }, "value": "[reference('privateEndpoint', '2023-04-01', 'full').location]" - }, - "groupId": { - "type": "string", - "metadata": { - "description": "The group Id for the private endpoint Group." - }, - "value": "[if(not(empty(reference('privateEndpoint').manualPrivateLinkServiceConnections)), reference('privateEndpoint').manualPrivateLinkServiceConnections[0].properties.groupIds[0], reference('privateEndpoint').privateLinkServiceConnections[0].properties.groupIds[0])]" } } } diff --git a/avm/res/web/site/tests/e2e/functionApp.defaults/main.test.bicep b/avm/res/web/site/tests/e2e/functionApp.defaults/main.test.bicep index a9d3e90e3a..802c4c8ca4 100644 --- a/avm/res/web/site/tests/e2e/functionApp.defaults/main.test.bicep +++ b/avm/res/web/site/tests/e2e/functionApp.defaults/main.test.bicep @@ -57,7 +57,4 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' alwaysOn: true } } - dependsOn: [ - nestedDependencies - ] }] diff --git a/avm/res/web/site/tests/e2e/functionApp.max/main.test.bicep b/avm/res/web/site/tests/e2e/functionApp.max/main.test.bicep index 06353e92cf..6ce8a38d92 100644 --- a/avm/res/web/site/tests/e2e/functionApp.max/main.test.bicep +++ b/avm/res/web/site/tests/e2e/functionApp.max/main.test.bicep @@ -182,12 +182,6 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } - { - subnetResourceId: nestedDependencies.outputs.subnetResourceId - privateDnsZoneResourceIds: [ - nestedDependencies.outputs.privateDNSZoneResourceId - ] - } ] roleAssignments: [ { @@ -226,8 +220,4 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' } ] } - dependsOn: [ - nestedDependencies - diagnosticDependencies - ] }] diff --git a/avm/res/web/site/tests/e2e/waf-aligned/main.test.bicep b/avm/res/web/site/tests/e2e/waf-aligned/main.test.bicep index 3a0c5c9f24..df56fc271f 100644 --- a/avm/res/web/site/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/web/site/tests/e2e/waf-aligned/main.test.bicep @@ -100,8 +100,4 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' vnetRouteAllEnabled: true publicNetworkAccess: 'Disabled' } - dependsOn: [ - nestedDependencies - diagnosticDependencies - ] }] diff --git a/avm/res/web/site/tests/e2e/webApp.defaults/main.test.bicep b/avm/res/web/site/tests/e2e/webApp.defaults/main.test.bicep index 327bfd6495..afa3b51e11 100644 --- a/avm/res/web/site/tests/e2e/webApp.defaults/main.test.bicep +++ b/avm/res/web/site/tests/e2e/webApp.defaults/main.test.bicep @@ -54,7 +54,4 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' kind: 'app' serverFarmResourceId: nestedDependencies.outputs.serverFarmResourceId } - dependsOn: [ - nestedDependencies - ] }] diff --git a/avm/res/web/site/tests/e2e/webApp.max/main.test.bicep b/avm/res/web/site/tests/e2e/webApp.max/main.test.bicep index c1dba11860..cab7d7b186 100644 --- a/avm/res/web/site/tests/e2e/webApp.max/main.test.bicep +++ b/avm/res/web/site/tests/e2e/webApp.max/main.test.bicep @@ -182,12 +182,6 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } - { - subnetResourceId: nestedDependencies.outputs.subnetResourceId - privateDnsZoneResourceIds: [ - nestedDependencies.outputs.privateDNSZoneResourceId - ] - } ] roleAssignments: [ { @@ -244,8 +238,4 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' vnetRouteAllEnabled: true publicNetworkAccess: 'Disabled' } - dependsOn: [ - nestedDependencies - diagnosticDependencies - ] }] diff --git a/avm/res/web/site/version.json b/avm/res/web/site/version.json index c177b1bb58..1c035df49f 100644 --- a/avm/res/web/site/version.json +++ b/avm/res/web/site/version.json @@ -1,6 +1,6 @@ { "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.3", + "version": "0.2", "pathFilters": [ "./main.json" ] diff --git a/avm/res/web/static-site/README.md b/avm/res/web/static-site/README.md index fd130bc092..a4a37abdff 100644 --- a/avm/res/web/static-site/README.md +++ b/avm/res/web/static-site/README.md @@ -136,12 +136,6 @@ module staticSite 'br/public:avm/res/web/static-site:' = { Role: 'DeploymentValidation' } } - { - privateDnsZoneResourceIds: [ - '' - ] - subnetResourceId: '' - } ] roleAssignments: [ { @@ -240,12 +234,6 @@ module staticSite 'br/public:avm/res/web/static-site:' = { "hidden-title": "This is visible in the resource name", "Role": "DeploymentValidation" } - }, - { - "privateDnsZoneResourceIds": [ - "" - ], - "subnetResourceId": "" } ] }, @@ -645,15 +633,14 @@ Configuration details for private endpoints. For security reasons, it is recomme | [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | | [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | | [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | -| [`isManualConnection`](#parameter-privateendpointsismanualconnection) | bool | If Manual Private Link Connection is required. | | [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | | [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | -| [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | A message passed to the owner of the remote resource with the manual connection request. | +| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | | [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | -| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. | +| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | | [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | | [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | -| [`service`](#parameter-privateendpointsservice) | string | The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". | +| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | | [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | ### Parameter: `privateEndpoints.subnetResourceId` @@ -681,19 +668,19 @@ Custom DNS configurations. | Parameter | Type | Description | | :-- | :-- | :-- | -| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | string | Fqdn that resolves to private endpoint IP address. | -| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | array | A list of private IP addresses of the private endpoint. | +| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | string | Fqdn that resolves to private endpoint ip address. | +| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | array | A list of private ip addresses of the private endpoint. | ### Parameter: `privateEndpoints.customDnsConfigs.fqdn` -Fqdn that resolves to private endpoint IP address. +Fqdn that resolves to private endpoint ip address. - Required: No - Type: string ### Parameter: `privateEndpoints.customDnsConfigs.ipAddresses` -A list of private IP addresses of the private endpoint. +A list of private ip addresses of the private endpoint. - Required: Yes - Type: array @@ -746,7 +733,7 @@ Properties of private endpoint IP configurations. | :-- | :-- | :-- | | [`groupId`](#parameter-privateendpointsipconfigurationspropertiesgroupid) | string | The ID of a group obtained from the remote resource that this private endpoint should connect to. | | [`memberName`](#parameter-privateendpointsipconfigurationspropertiesmembername) | string | The member name of a group obtained from the remote resource that this private endpoint should connect to. | -| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | string | A private IP address obtained from the private endpoint's subnet. | +| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | string | A private ip address obtained from the private endpoint's subnet. | ### Parameter: `privateEndpoints.ipConfigurations.properties.groupId` @@ -764,18 +751,11 @@ The member name of a group obtained from the remote resource that this private e ### Parameter: `privateEndpoints.ipConfigurations.properties.privateIPAddress` -A private IP address obtained from the private endpoint's subnet. +A private ip address obtained from the private endpoint's subnet. - Required: Yes - Type: string -### Parameter: `privateEndpoints.isManualConnection` - -If Manual Private Link Connection is required. - -- Required: No -- Type: bool - ### Parameter: `privateEndpoints.location` The location to deploy the private endpoint to. @@ -819,12 +799,12 @@ Specify the name of lock. - Required: No - Type: string -### Parameter: `privateEndpoints.manualConnectionRequestMessage` +### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` -A message passed to the owner of the remote resource with the manual connection request. +Manual PrivateLink Service Connections. - Required: No -- Type: string +- Type: array ### Parameter: `privateEndpoints.name` @@ -835,7 +815,7 @@ The name of the private endpoint. ### Parameter: `privateEndpoints.privateDnsZoneGroupName` -The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. +The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. - Required: No - Type: string @@ -938,7 +918,7 @@ The principal type of the assigned principal ID. ### Parameter: `privateEndpoints.service` -The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". +The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". - Required: No - Type: string @@ -1123,7 +1103,7 @@ This section gives you an overview of all local-referenced module files (i.e., o | Reference | Type | | :-- | :-- | -| `br/public:avm/res/network/private-endpoint:0.4.0` | Remote reference | +| `br/public:avm/res/network/private-endpoint:0.3.1` | Remote reference | ## Data Collection diff --git a/avm/res/web/static-site/main.bicep b/avm/res/web/static-site/main.bicep index 78688b9023..3cbc8d702b 100644 --- a/avm/res/web/static-site/main.bicep +++ b/avm/res/web/static-site/main.bicep @@ -201,13 +201,12 @@ resource staticSite_roleAssignments 'Microsoft.Authorization/roleAssignments@202 scope: staticSite }] -module staticSite_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { - name: '${uniqueString(deployment().name, location)}-StaticSite-PrivateEndpoint-${index}' +module staticSite_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.3.1' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { + name: '${uniqueString(deployment().name, location)}-staticSite-PrivateEndpoint-${index}' params: { - name: privateEndpoint.?name ?? 'pep-${last(split(staticSite.id, '/'))}-${privateEndpoint.?service ?? 'staticSites'}-${index}' - privateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections != true ? [ + privateLinkServiceConnections: [ { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(staticSite.id, '/'))}-${privateEndpoint.?service ?? 'staticSites'}-${index}' + name: name properties: { privateLinkServiceId: staticSite.id groupIds: [ @@ -215,19 +214,8 @@ module staticSite_privateEndpoints 'br/public:avm/res/network/private-endpoint:0 ] } } - ] : null - manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [ - { - name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(staticSite.id, '/'))}-${privateEndpoint.?service ?? 'staticSites'}-${index}' - properties: { - privateLinkServiceId: staticSite.id - groupIds: [ - privateEndpoint.?service ?? 'staticSites' - ] - requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.' - } - } - ] : null + ] + name: privateEndpoint.?name ?? 'pep-${last(split(staticSite.id, '/'))}-${privateEndpoint.?service ?? 'staticSites'}-${index}' subnetResourceId: privateEndpoint.subnetResourceId enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry location: privateEndpoint.?location ?? reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location @@ -236,6 +224,7 @@ module staticSite_privateEndpoints 'br/public:avm/res/network/private-endpoint:0 privateDnsZoneResourceIds: privateEndpoint.?privateDnsZoneResourceIds roleAssignments: privateEndpoint.?roleAssignments tags: privateEndpoint.?tags ?? tags + manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections customDnsConfigs: privateEndpoint.?customDnsConfigs ipConfigurations: privateEndpoint.?ipConfigurations applicationSecurityGroupResourceIds: privateEndpoint.?applicationSecurityGroupResourceIds @@ -311,31 +300,24 @@ type privateEndpointType = { @description('Optional. The location to deploy the private endpoint to.') location: string? - @description('Optional. The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory".') + @description('Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob".') service: string? @description('Required. Resource ID of the subnet where the endpoint needs to be created.') subnetResourceId: string - @description('Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided.') + @description('Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided.') privateDnsZoneGroupName: string? @description('Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.') privateDnsZoneResourceIds: string[]? - @description('Optional. If Manual Private Link Connection is required.') - isManualConnection: bool? - - @description('Optional. A message passed to the owner of the remote resource with the manual connection request.') - @maxLength(140) - manualConnectionRequestMessage: string? - @description('Optional. Custom DNS configurations.') customDnsConfigs: { - @description('Required. Fqdn that resolves to private endpoint IP address.') + @description('Required. Fqdn that resolves to private endpoint ip address.') fqdn: string? - @description('Required. A list of private IP addresses of the private endpoint.') + @description('Required. A list of private ip addresses of the private endpoint.') ipAddresses: string[] }[]? @@ -352,7 +334,7 @@ type privateEndpointType = { @description('Required. The member name of a group obtained from the remote resource that this private endpoint should connect to.') memberName: string - @description('Required. A private IP address obtained from the private endpoint\'s subnet.') + @description('Required. A private ip address obtained from the private endpoint\'s subnet.') privateIPAddress: string } }[]? @@ -372,6 +354,9 @@ type privateEndpointType = { @description('Optional. Tags to be applied on all resources/resource groups in this deployment.') tags: object? + @description('Optional. Manual PrivateLink Service Connections.') + manualPrivateLinkServiceConnections: array? + @description('Optional. Enable/Disable usage telemetry for module.') enableTelemetry: bool? }[]? diff --git a/avm/res/web/static-site/main.json b/avm/res/web/static-site/main.json index b226d1b32c..bd76acc54e 100644 --- a/avm/res/web/static-site/main.json +++ b/avm/res/web/static-site/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "15307408528388407015" + "templateHash": "6139621116295404519" }, "name": "Static Web Apps", "description": "This module deploys a Static Web App.", @@ -150,7 +150,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The subresource to deploy the private endpoint for. For example \"vault\", \"mysqlServer\" or \"dataFactory\"." + "description": "Optional. The service (sub-) type to deploy the private endpoint for. For example \"vault\" or \"blob\"." } }, "subnetResourceId": { @@ -163,7 +163,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided." + "description": "Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided." } }, "privateDnsZoneResourceIds": { @@ -176,21 +176,6 @@ "description": "Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones." } }, - "isManualConnection": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. If Manual Private Link Connection is required." - } - }, - "manualConnectionRequestMessage": { - "type": "string", - "nullable": true, - "maxLength": 140, - "metadata": { - "description": "Optional. A message passed to the owner of the remote resource with the manual connection request." - } - }, "customDnsConfigs": { "type": "array", "items": { @@ -200,7 +185,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Required. Fqdn that resolves to private endpoint IP address." + "description": "Required. Fqdn that resolves to private endpoint ip address." } }, "ipAddresses": { @@ -209,7 +194,7 @@ "type": "string" }, "metadata": { - "description": "Required. A list of private IP addresses of the private endpoint." + "description": "Required. A list of private ip addresses of the private endpoint." } } } @@ -248,7 +233,7 @@ "privateIPAddress": { "type": "string", "metadata": { - "description": "Required. A private IP address obtained from the private endpoint's subnet." + "description": "Required. A private ip address obtained from the private endpoint's subnet." } } }, @@ -299,6 +284,13 @@ "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." } }, + "manualPrivateLinkServiceConnections": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. Manual PrivateLink Service Connections." + } + }, "enableTelemetry": { "type": "bool", "nullable": true, @@ -963,18 +955,29 @@ }, "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('{0}-StaticSite-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "name": "[format('{0}-staticSite-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { "scope": "inner" }, "mode": "Incremental", "parameters": { + "privateLinkServiceConnections": { + "value": [ + { + "name": "[parameters('name')]", + "properties": { + "privateLinkServiceId": "[resourceId('Microsoft.Web/staticSites', parameters('name'))]", + "groupIds": [ + "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'staticSites')]" + ] + } + } + ] + }, "name": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/staticSites', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'staticSites'), copyIndex()))]" }, - "privateLinkServiceConnections": "[if(not(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true())), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/staticSites', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'staticSites'), copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Web/staticSites', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'staticSites')))))), createObject('value', null()))]", - "manualPrivateLinkServiceConnections": "[if(equals(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections'), true()), createObject('value', createArray(createObject('name', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateLinkServiceConnectionName'), format('{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/staticSites', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'staticSites'), copyIndex())), 'properties', createObject('privateLinkServiceId', resourceId('Microsoft.Web/staticSites', parameters('name')), 'groupIds', createArray(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'staticSites')), 'requestMessage', coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualConnectionRequestMessage'), 'Manual approval required.'))))), createObject('value', null()))]", "subnetResourceId": { "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, @@ -999,6 +1002,9 @@ "tags": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'tags'), parameters('tags'))]" }, + "manualPrivateLinkServiceConnections": { + "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections')]" + }, "customDnsConfigs": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customDnsConfigs')]" }, @@ -1019,8 +1025,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "2592884001616184297" + "version": "0.23.1.45101", + "templateHash": "2821141217598568122" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -1069,7 +1075,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" } }, "conditionVersion": { @@ -1147,7 +1153,7 @@ "privateIPAddress": { "type": "string", "metadata": { - "description": "Required. A private IP address obtained from the private endpoint's subnet." + "description": "Required. A private ip address obtained from the private endpoint's subnet." } } }, @@ -1250,7 +1256,7 @@ "fqdn": { "type": "string", "metadata": { - "description": "Required. Fqdn that resolves to private endpoint IP address." + "description": "Required. Fqdn that resolves to private endpoint ip address." } }, "ipAddresses": { @@ -1259,7 +1265,7 @@ "type": "string" }, "metadata": { - "description": "Required. A list of private IP addresses of the private endpoint." + "description": "Required. A list of private ip addresses of the private endpoint." } } } @@ -1385,7 +1391,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2023-07-01", - "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.4.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.3.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -1490,8 +1496,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "9321937464667207030" + "version": "0.23.1.45101", + "templateHash": "18168683629401652671" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -1602,13 +1608,6 @@ "description": "The location the resource was deployed into." }, "value": "[reference('privateEndpoint', '2023-04-01', 'full').location]" - }, - "groupId": { - "type": "string", - "metadata": { - "description": "The group Id for the private endpoint Group." - }, - "value": "[if(not(empty(reference('privateEndpoint').manualPrivateLinkServiceConnections)), reference('privateEndpoint').manualPrivateLinkServiceConnections[0].properties.groupIds[0], reference('privateEndpoint').privateLinkServiceConnections[0].properties.groupIds[0])]" } } } diff --git a/avm/res/web/static-site/tests/e2e/max/main.test.bicep b/avm/res/web/static-site/tests/e2e/max/main.test.bicep index 4db79418e9..36bea24219 100644 --- a/avm/res/web/static-site/tests/e2e/max/main.test.bicep +++ b/avm/res/web/static-site/tests/e2e/max/main.test.bicep @@ -72,12 +72,6 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } - { - subnetResourceId: nestedDependencies.outputs.subnetResourceId - privateDnsZoneResourceIds: [ - nestedDependencies.outputs.privateDNSZoneResourceId - ] - } ] roleAssignments: [ { @@ -121,7 +115,4 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } - dependsOn: [ - nestedDependencies - ] }] diff --git a/avm/res/web/static-site/tests/e2e/waf-aligned/main.test.bicep b/avm/res/web/static-site/tests/e2e/waf-aligned/main.test.bicep index e95bd5db2b..98025ccbc8 100644 --- a/avm/res/web/static-site/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/web/static-site/tests/e2e/waf-aligned/main.test.bicep @@ -91,7 +91,4 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } - dependsOn: [ - nestedDependencies - ] }] diff --git a/avm/res/web/static-site/version.json b/avm/res/web/static-site/version.json index 729ac87673..8def869ede 100644 --- a/avm/res/web/static-site/version.json +++ b/avm/res/web/static-site/version.json @@ -1,7 +1,7 @@ { "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.2", + "version": "0.1", "pathFilters": [ "./main.json" ] -} \ No newline at end of file +} From 709464a70be7650457d4276a6486b47aa16d0f76 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Tue, 19 Mar 2024 14:45:13 +0100 Subject: [PATCH 27/29] Fixed references --- avm/res/databricks/workspace/main.json | 4 ++-- .../workspace/tests/e2e/max/dependencies.bicep | 10 ++++++++-- .../databricks/workspace/tests/e2e/max/main.test.bicep | 4 ++-- .../workspace/tests/e2e/waf-aligned/dependencies.bicep | 4 ++-- .../workspace/tests/e2e/waf-aligned/main.test.bicep | 4 ++-- 5 files changed, 16 insertions(+), 10 deletions(-) diff --git a/avm/res/databricks/workspace/main.json b/avm/res/databricks/workspace/main.json index e8eac46cb3..7e7925b110 100644 --- a/avm/res/databricks/workspace/main.json +++ b/avm/res/databricks/workspace/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "13278553463810121429" + "version": "0.26.54.24096", + "templateHash": "8925128185589273318" }, "name": "Azure Databricks Workspaces", "description": "This module deploys an Azure Databricks Workspace.", diff --git a/avm/res/databricks/workspace/tests/e2e/max/dependencies.bicep b/avm/res/databricks/workspace/tests/e2e/max/dependencies.bicep index be76c13962..75d00e31e1 100644 --- a/avm/res/databricks/workspace/tests/e2e/max/dependencies.bicep +++ b/avm/res/databricks/workspace/tests/e2e/max/dependencies.bicep @@ -341,10 +341,16 @@ resource privateDNSZone 'Microsoft.Network/privateDnsZones@2020-06-01' = { output defaultSubnetResourceId string = virtualNetwork.properties.subnets[0].id @description('The name of the 2nd created Virtual Network Public Subnet.') -output customPublicSubnetResourceId string = virtualNetwork.properties.subnets[1].name +output customPublicSubnetName string = virtualNetwork.properties.subnets[1].name + +@description('The resource ID of the 2nd created Virtual Network Public Subnet.') +output customPublicSubnetResourceId string = virtualNetwork.properties.subnets[1].id @description('The name of the 3rd created Virtual Network Private Subnet.') -output customPrivateSubnetResourceId string = virtualNetwork.properties.subnets[2].name +output customPrivateSubnetName string = virtualNetwork.properties.subnets[2].name + +@description('The resource ID of the 3rd created Virtual Network Private Subnet.') +output customPrivateSubnetResourceId string = virtualNetwork.properties.subnets[2].id @description('The resource ID of the created Virtual Network.') output virtualNetworkResourceId string = virtualNetwork.id diff --git a/avm/res/databricks/workspace/tests/e2e/max/main.test.bicep b/avm/res/databricks/workspace/tests/e2e/max/main.test.bicep index f22da27779..84a676c65f 100644 --- a/avm/res/databricks/workspace/tests/e2e/max/main.test.bicep +++ b/avm/res/databricks/workspace/tests/e2e/max/main.test.bicep @@ -139,8 +139,8 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' requiredNsgRules: 'NoAzureDatabricksRules' skuName: 'premium' amlWorkspaceResourceId: nestedDependencies.outputs.machineLearningWorkspaceResourceId - customPrivateSubnetName: nestedDependencies.outputs.customPrivateSubnetResourceId - customPublicSubnetName: nestedDependencies.outputs.customPublicSubnetResourceId + customPrivateSubnetName: nestedDependencies.outputs.customPrivateSubnetName + customPublicSubnetName: nestedDependencies.outputs.customPublicSubnetName publicNetworkAccess: 'Disabled' disablePublicIp: true loadBalancerResourceId: nestedDependencies.outputs.loadBalancerResourceId diff --git a/avm/res/databricks/workspace/tests/e2e/waf-aligned/dependencies.bicep b/avm/res/databricks/workspace/tests/e2e/waf-aligned/dependencies.bicep index be76c13962..a09ec9f89e 100644 --- a/avm/res/databricks/workspace/tests/e2e/waf-aligned/dependencies.bicep +++ b/avm/res/databricks/workspace/tests/e2e/waf-aligned/dependencies.bicep @@ -341,10 +341,10 @@ resource privateDNSZone 'Microsoft.Network/privateDnsZones@2020-06-01' = { output defaultSubnetResourceId string = virtualNetwork.properties.subnets[0].id @description('The name of the 2nd created Virtual Network Public Subnet.') -output customPublicSubnetResourceId string = virtualNetwork.properties.subnets[1].name +output customPublicSubnetName string = virtualNetwork.properties.subnets[1].name @description('The name of the 3rd created Virtual Network Private Subnet.') -output customPrivateSubnetResourceId string = virtualNetwork.properties.subnets[2].name +output customPrivateSubnetName string = virtualNetwork.properties.subnets[2].name @description('The resource ID of the created Virtual Network.') output virtualNetworkResourceId string = virtualNetwork.id diff --git a/avm/res/databricks/workspace/tests/e2e/waf-aligned/main.test.bicep b/avm/res/databricks/workspace/tests/e2e/waf-aligned/main.test.bicep index ad1c1a630e..c9edeae81c 100644 --- a/avm/res/databricks/workspace/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/databricks/workspace/tests/e2e/waf-aligned/main.test.bicep @@ -122,8 +122,8 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' requiredNsgRules: 'NoAzureDatabricksRules' skuName: 'premium' amlWorkspaceResourceId: nestedDependencies.outputs.machineLearningWorkspaceResourceId - customPrivateSubnetName: nestedDependencies.outputs.customPrivateSubnetResourceId - customPublicSubnetName: nestedDependencies.outputs.customPublicSubnetResourceId + customPrivateSubnetName: nestedDependencies.outputs.customPrivateSubnetName + customPublicSubnetName: nestedDependencies.outputs.customPublicSubnetName publicNetworkAccess: 'Disabled' disablePublicIp: true loadBalancerResourceId: nestedDependencies.outputs.loadBalancerResourceId From 99e28b325721128e53ad98826f9c8a3a1d6855c1 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Tue, 19 Mar 2024 16:33:24 +0100 Subject: [PATCH 28/29] Update to latest --- avm/res/databricks/workspace/README.md | 22 ------------------- .../workspace/tests/e2e/max/main.test.bicep | 11 ---------- 2 files changed, 33 deletions(-) diff --git a/avm/res/databricks/workspace/README.md b/avm/res/databricks/workspace/README.md index 63b97e72a1..b82707c649 100644 --- a/avm/res/databricks/workspace/README.md +++ b/avm/res/databricks/workspace/README.md @@ -152,17 +152,6 @@ module workspace 'br/public:avm/res/databricks/workspace:' = { Role: 'DeploymentValidation' } } - { - privateDnsZoneResourceIds: [ - '' - ] - service: 'databricks_ui_api' - subnetResourceId: '' - tags: { - Environment: 'Non-Prod' - Role: 'DeploymentValidation' - } - } { privateDnsZoneResourceIds: [ '' @@ -306,17 +295,6 @@ module workspace 'br/public:avm/res/databricks/workspace:' = { "Role": "DeploymentValidation" } }, - { - "privateDnsZoneResourceIds": [ - "" - ], - "service": "databricks_ui_api", - "subnetResourceId": "", - "tags": { - "Environment": "Non-Prod", - "Role": "DeploymentValidation" - } - }, { "privateDnsZoneResourceIds": [ "" diff --git a/avm/res/databricks/workspace/tests/e2e/max/main.test.bicep b/avm/res/databricks/workspace/tests/e2e/max/main.test.bicep index 84a676c65f..efd5d92c55 100644 --- a/avm/res/databricks/workspace/tests/e2e/max/main.test.bicep +++ b/avm/res/databricks/workspace/tests/e2e/max/main.test.bicep @@ -158,17 +158,6 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' Role: 'DeploymentValidation' } } - { - privateDnsZoneResourceIds: [ - nestedDependencies.outputs.privateDNSZoneResourceId - ] - service: 'databricks_ui_api' - subnetResourceId: nestedDependencies.outputs.customPrivateSubnetResourceId - tags: { - Environment: 'Non-Prod' - Role: 'DeploymentValidation' - } - } { privateDnsZoneResourceIds: [ nestedDependencies.outputs.privateDNSZoneResourceId From 6f496ce62acb9f9355305f100dbb32a3cf88fc46 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Tue, 19 Mar 2024 17:30:03 +0100 Subject: [PATCH 29/29] Update to latest --- .../tests/e2e/max/dependencies.bicep | 29 ++++++++++--------- .../workspace/tests/e2e/max/main.test.bicep | 4 +-- 2 files changed, 18 insertions(+), 15 deletions(-) diff --git a/avm/res/databricks/workspace/tests/e2e/max/dependencies.bicep b/avm/res/databricks/workspace/tests/e2e/max/dependencies.bicep index 75d00e31e1..b7d9d8756d 100644 --- a/avm/res/databricks/workspace/tests/e2e/max/dependencies.bicep +++ b/avm/res/databricks/workspace/tests/e2e/max/dependencies.bicep @@ -278,15 +278,21 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = { } subnets: [ { - name: 'defaultSubnet' + name: 'pimarySubnet' properties: { addressPrefix: cidrSubnet(addressPrefix, 20, 0) } } { - name: 'publicSubnet' + name: 'secondarySubnet' properties: { addressPrefix: cidrSubnet(addressPrefix, 20, 1) + } + } + { + name: 'publicSubnet' + properties: { + addressPrefix: cidrSubnet(addressPrefix, 20, 2) networkSecurityGroup: { id: networkSecurityGroup.id } @@ -303,7 +309,7 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = { { name: 'privateSubnet' properties: { - addressPrefix: cidrSubnet(addressPrefix, 20, 2) + addressPrefix: cidrSubnet(addressPrefix, 20, 3) networkSecurityGroup: { id: networkSecurityGroup.id } @@ -337,20 +343,17 @@ resource privateDNSZone 'Microsoft.Network/privateDnsZones@2020-06-01' = { } } -@description('The resource ID of the created Virtual Network Default Subnet.') -output defaultSubnetResourceId string = virtualNetwork.properties.subnets[0].id +@description('The resource ID of the created Virtual Network Primary Subnet.') +output primarySubnetResourceId string = virtualNetwork.properties.subnets[0].id -@description('The name of the 2nd created Virtual Network Public Subnet.') -output customPublicSubnetName string = virtualNetwork.properties.subnets[1].name +@description('The resource ID of the created Virtual Network Secondary Subnet.') +output secondarySubnetResourceId string = virtualNetwork.properties.subnets[1].id -@description('The resource ID of the 2nd created Virtual Network Public Subnet.') -output customPublicSubnetResourceId string = virtualNetwork.properties.subnets[1].id +@description('The name of the 2nd created Virtual Network Public Subnet.') +output customPublicSubnetName string = virtualNetwork.properties.subnets[2].name @description('The name of the 3rd created Virtual Network Private Subnet.') -output customPrivateSubnetName string = virtualNetwork.properties.subnets[2].name - -@description('The resource ID of the 3rd created Virtual Network Private Subnet.') -output customPrivateSubnetResourceId string = virtualNetwork.properties.subnets[2].id +output customPrivateSubnetName string = virtualNetwork.properties.subnets[3].name @description('The resource ID of the created Virtual Network.') output virtualNetworkResourceId string = virtualNetwork.id diff --git a/avm/res/databricks/workspace/tests/e2e/max/main.test.bicep b/avm/res/databricks/workspace/tests/e2e/max/main.test.bicep index efd5d92c55..3ad243524e 100644 --- a/avm/res/databricks/workspace/tests/e2e/max/main.test.bicep +++ b/avm/res/databricks/workspace/tests/e2e/max/main.test.bicep @@ -152,7 +152,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' nestedDependencies.outputs.privateDNSZoneResourceId ] service: 'databricks_ui_api' - subnetResourceId: nestedDependencies.outputs.customPublicSubnetResourceId + subnetResourceId: nestedDependencies.outputs.primarySubnetResourceId tags: { Environment: 'Non-Prod' Role: 'DeploymentValidation' @@ -162,7 +162,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' privateDnsZoneResourceIds: [ nestedDependencies.outputs.privateDNSZoneResourceId ] - subnetResourceId: nestedDependencies.outputs.customPrivateSubnetResourceId + subnetResourceId: nestedDependencies.outputs.secondarySubnetResourceId service: 'browser_authentication' } ]