From d04d822e33aca2aa0b27c5fc663e46b84d89b50b Mon Sep 17 00:00:00 2001 From: Matthew Bratschun Date: Fri, 14 Jun 2024 15:52:40 -0600 Subject: [PATCH 01/25] initial commit --- .github/CODEOWNERS | 1 + .../machine/extension/main.bicep | 77 +++ avm/res/hybrid-compute/machine/main.bicep | 485 ++++++++++++++++++ .../machine/tests/e2e/default/main.test.bicep | 47 ++ .../machine/tests/e2e/max/main.test.bicep | 101 ++++ avm/res/hybrid-compute/machine/version.json | 7 + 6 files changed, 718 insertions(+) create mode 100644 avm/res/hybrid-compute/machine/extension/main.bicep create mode 100644 avm/res/hybrid-compute/machine/main.bicep create mode 100644 avm/res/hybrid-compute/machine/tests/e2e/default/main.test.bicep create mode 100644 avm/res/hybrid-compute/machine/tests/e2e/max/main.test.bicep create mode 100644 avm/res/hybrid-compute/machine/version.json diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 3829d6ef26..2e7242ba43 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -61,6 +61,7 @@ /avm/res/event-hub/namespace/ @Azure/avm-res-eventhub-namespace-module-owners-bicep @Azure/avm-core-team-technical-bicep /avm/res/health-bot/health-bot/ @Azure/avm-res-healthbot-healthbot-module-owners-bicep @Azure/avm-core-team-technical-bicep /avm/res/healthcare-apis/workspace/ @Azure/avm-res-healthcareapis-workspace-module-owners-bicep @Azure/avm-core-team-technical-bicep +/avm/res/hybrid-compute/machine/ @Azure/avm-res-hybridcompute-machine-module-owners-bicep @Azure/avm-core-team-technical-bicep /avm/res/insights/action-group/ @Azure/avm-res-insights-actiongroup-module-owners-bicep @Azure/avm-core-team-technical-bicep /avm/res/insights/activity-log-alert/ @Azure/avm-res-insights-activitylogalert-module-owners-bicep @Azure/avm-core-team-technical-bicep /avm/res/insights/component/ @Azure/avm-res-insights-component-module-owners-bicep @Azure/avm-core-team-technical-bicep diff --git a/avm/res/hybrid-compute/machine/extension/main.bicep b/avm/res/hybrid-compute/machine/extension/main.bicep new file mode 100644 index 0000000000..2ffb0fd9b6 --- /dev/null +++ b/avm/res/hybrid-compute/machine/extension/main.bicep @@ -0,0 +1,77 @@ +metadata name = 'Arc Machine Extensions' +metadata description = 'This module deploys a Arc Machine Extension.' +metadata owner = 'Azure/module-maintainers' + +@description('Conditional. The name of the parent Arc Machine that extension is provisioned for. Required if the template is used in a standalone deployment.') +param arcMachineName string + +@description('Required. The name of the Arc Machine extension.') +param name string + +@description('Optional. The location the extension is deployed to.') +param location string = resourceGroup().location + +@description('Required. The name of the extension handler publisher.') +param publisher string + +@description('Required. Specifies the type of the extension; an example is "CustomScriptExtension".') +param type string + +@description('Required. Specifies the version of the script handler.') +param typeHandlerVersion string + +@description('Required. Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true.') +param autoUpgradeMinorVersion bool + +@description('Optional. How the extension handler should be forced to update even if the extension configuration has not changed.') +param forceUpdateTag string = '' + +@description('Optional. Any object that contains the extension specific settings.') +param settings object = {} + +@description('Optional. Any object that contains the extension specific protected settings.') +@secure() +param protectedSettings object = {} + +@description('Optional. Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false.') +param supressFailures bool = false + +@description('Required. Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available.') +param enableAutomaticUpgrade bool + +@description('Optional. Tags of the resource.') +param tags object? + +resource machine 'Microsoft.HybridCompute/machines@2022-12-27' existing = { + name: arcMachineName +} + +resource extension 'Microsoft.HybridCompute/machines/extensions@2022-12-27' = { + name: name + parent: machine + location: location + tags: tags + properties: { + publisher: publisher + type: type + typeHandlerVersion: typeHandlerVersion + autoUpgradeMinorVersion: autoUpgradeMinorVersion + enableAutomaticUpgrade: enableAutomaticUpgrade + forceUpdateTag: !empty(forceUpdateTag) ? forceUpdateTag : null + settings: !empty(settings) ? settings : null + protectedSettings: !empty(protectedSettings) ? protectedSettings : null + suppressFailures: supressFailures + } +} + +@description('The name of the extension.') +output name string = extension.name + +@description('The resource ID of the extension.') +output resourceId string = extension.id + +@description('The name of the Resource Group the extension was created in.') +output resourceGroupName string = resourceGroup().name + +@description('The location the resource was deployed into.') +output location string = extension.location diff --git a/avm/res/hybrid-compute/machine/main.bicep b/avm/res/hybrid-compute/machine/main.bicep new file mode 100644 index 0000000000..9d5dd4af8f --- /dev/null +++ b/avm/res/hybrid-compute/machine/main.bicep @@ -0,0 +1,485 @@ +metadata name = 'Hybrid Compute Machines' +metadata description = 'This module deploys a Arc machine with one or multiple NICs and optionally one or multiple public IPs.' +metadata owner = 'Azure/module-maintainers' + +@description('Required. The name of the Arc machine to be created. You should use a unique prefix to reduce name collisions in Active Directory.') +param name string + +@description('Optional. The managed identity definition for this resource. The system-assigned managed identity will automatically be enabled if extensionAadJoinConfig.enabled = "True".') +param managedIdentities managedIdentitiesType + +// Child resources +@description('Optional. Specifies whether extension operations should be allowed on the Arc machine. This may only be set to False when no extensions are present on the Arc machine.') +param allowExtensionOperations bool = true + +@description('Optional. Required if name is specified. Password of the user specified in user parameter.') +@secure() +param extensionDomainJoinPassword string = '' + +@description('Optional. The configuration for the [Domain Join] extension. Must at least contain the ["enabled": true] property to be executed.') +param extensionDomainJoinConfig object = { + enabled: false +} + +@description('Optional. The configuration for the [Anti Malware] extension. Must at least contain the ["enabled": true] property to be executed.') +param extensionAntiMalwareConfig object = { + enabled: false +} + +@description('Optional. The configuration for the [Monitoring Agent] extension. Must at least contain the ["enabled": true] property to be executed.') +param extensionMonitoringAgentConfig object = { + enabled: false +} + +@description('Optional. The configuration for the [Dependency Agent] extension. Must at least contain the ["enabled": true] property to be executed.') +param extensionDependencyAgentConfig object = { + enabled: false +} + +@description('Optional. The configuration for the [Desired State Configuration] extension. Must at least contain the ["enabled": true] property to be executed.') +param extensionDSCConfig object = { + enabled: false +} + +@description('Optional. The configuration for the [Custom Script] extension. Must at least contain the ["enabled": true] property to be executed.') +param extensionCustomScriptConfig object = { + enabled: false + fileData: [] +} + +@description('Optional. The configuration for the [Guest Configuration] extension. Must at least contain the ["enabled": true] property to be executed. Needs a managed identy.') +param extensionGuestConfigurationExtension object = { + enabled: false +} + +@description('Optional. The guest configuration for the Arc machine. Needs the Guest Configuration extension to be enabled.') +param guestConfiguration object = {} + +@description('Optional. An object that contains the extension specific protected settings.') +@secure() +param extensionCustomScriptProtectedSetting object = {} + +@description('Optional. An object that contains the extension specific protected settings.') +@secure() +param extensionGuestConfigurationExtensionProtectedSettings object = {} + +@description('Conditional. The chosen OS type.') +@allowed([ + 'Windows' + 'Linux' + '' +]) +param osType string = '' + +// Shared parameters +@description('Optional. Location for all resources.') +param location string = resourceGroup().location + +@description('Optional. The lock settings of the service.') +param lock lockType + +@description('Optional. Array of role assignments to create.') +param roleAssignments roleAssignmentType + +@description('Optional. Tags of the resource.') +param tags object? + +@description('Generated. Do not provide a value! This date value is used to generate a registration token.') +param baseTime string = utcNow('u') + +@description('Optional. SAS token validity length to use to download files from storage accounts. Usage: \'PT8H\' - valid for 8 hours; \'P5D\' - valid for 5 days; \'P1Y\' - valid for 1 year. When not provided, the SAS token will be valid for 8 hours.') +param sasTokenValidityLength string = 'PT8H' + +@description('Optional. Enable/Disable usage telemetry for module.') +param enableTelemetry bool = true + +@description('Optional. The configuration profile of automanage. Either \'/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction\', \'providers/Microsoft.Automanage/bestPractices/AzureBestPracticesDevTest\' or the resource Id of custom profile.') +param configurationProfile string = '' + +var builtInRoleNames = { + Contributor: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') + Owner: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') + Reader: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') + 'Role Based Access Control Administrator (Preview)': subscriptionResourceId( + 'Microsoft.Authorization/roleDefinitions', + 'f58310d9-a9f6-439a-9e8d-f62e7b41a168' + ) + 'User Access Administrator': subscriptionResourceId( + 'Microsoft.Authorization/roleDefinitions', + '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9' + ) + 'Arc machine Administrator Login': subscriptionResourceId( + 'Microsoft.Authorization/roleDefinitions', + '1c0163c0-47e6-4577-8991-ea5c82e286e4' + ) + 'Arc machine Contributor': subscriptionResourceId( + 'Microsoft.Authorization/roleDefinitions', + '9980e02c-c2be-4d73-94e8-173b1dc7cf3c' + ) + 'Arc machine User Login': subscriptionResourceId( + 'Microsoft.Authorization/roleDefinitions', + 'fb879df8-f326-4884-b1cf-06f3ad86be52' + ) +} + +var accountSasProperties = { + signedServices: 'b' + signedPermission: 'r' + signedExpiry: dateTimeAdd(baseTime, sasTokenValidityLength) + signedResourceTypes: 'o' + signedProtocol: 'https' +} + +resource avmTelemetry 'Microsoft.Resources/deployments@2023-07-01' = if (enableTelemetry) { + name: '46d3xbcp.res.hybridcompute-machine.${replace('-..--..-', '.', '-')}.${substring(uniqueString(deployment().name, location), 0, 4)}' + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] + outputs: { + telemetry: { + type: 'String' + value: 'For more information, see https://aka.ms/avm/TelemetryInfo' + } + } + } + } +} + +resource machine 'Microsoft.HybridCompute/machines@2022-12-27' = { + name: name + location: location + tags: tags + properties: {} +} + +resource machine_configurationProfileAssignment 'Microsoft.Automanage/configurationProfileAssignments@2022-05-04' = if (!empty(configurationProfile)) { + name: 'default' + properties: { + configurationProfile: configurationProfile + } + scope: machine +} + +module machine_domainJoinExtension 'extension/main.bicep' = if (extensionDomainJoinConfig.enabled) { + name: '${uniqueString(deployment().name, location)}-VM-DomainJoin' + params: { + arcMachineName: machine.name + name: 'DomainJoin' + location: location + publisher: 'Microsoft.Compute' + type: 'JsonADDomainExtension' + typeHandlerVersion: contains(extensionDomainJoinConfig, 'typeHandlerVersion') + ? extensionDomainJoinConfig.typeHandlerVersion + : '1.3' + autoUpgradeMinorVersion: contains(extensionDomainJoinConfig, 'autoUpgradeMinorVersion') + ? extensionDomainJoinConfig.autoUpgradeMinorVersion + : true + enableAutomaticUpgrade: contains(extensionDomainJoinConfig, 'enableAutomaticUpgrade') + ? extensionDomainJoinConfig.enableAutomaticUpgrade + : false + settings: extensionDomainJoinConfig.settings + supressFailures: extensionDomainJoinConfig.?supressFailures ?? false + tags: extensionDomainJoinConfig.?tags ?? tags + protectedSettings: { + Password: extensionDomainJoinPassword + } + } +} + +module machine_microsoftAntiMalwareExtension 'extension/main.bicep' = if (extensionAntiMalwareConfig.enabled) { + name: '${uniqueString(deployment().name, location)}-VM-MicrosoftAntiMalware' + params: { + arcMachineName: machine.name + name: 'MicrosoftAntiMalware' + location: location + publisher: 'Microsoft.Azure.Security' + type: 'IaaSAntimalware' + typeHandlerVersion: contains(extensionAntiMalwareConfig, 'typeHandlerVersion') + ? extensionAntiMalwareConfig.typeHandlerVersion + : '1.3' + autoUpgradeMinorVersion: contains(extensionAntiMalwareConfig, 'autoUpgradeMinorVersion') + ? extensionAntiMalwareConfig.autoUpgradeMinorVersion + : true + enableAutomaticUpgrade: contains(extensionAntiMalwareConfig, 'enableAutomaticUpgrade') + ? extensionAntiMalwareConfig.enableAutomaticUpgrade + : false + settings: extensionAntiMalwareConfig.settings + supressFailures: extensionAntiMalwareConfig.?supressFailures ?? false + tags: extensionAntiMalwareConfig.?tags ?? tags + } + dependsOn: [ + machine_domainJoinExtension + ] +} + +resource machine_logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2021-06-01' existing = if (!empty(extensionMonitoringAgentConfig.?monitoringWorkspaceId)) { + name: last(split( + (!empty(extensionMonitoringAgentConfig.?monitoringWorkspaceId ?? '') + ? extensionMonitoringAgentConfig.monitoringWorkspaceId + : 'law'), + '/' + ))! + scope: az.resourceGroup( + split( + (!empty(extensionMonitoringAgentConfig.?monitoringWorkspaceId ?? '') + ? extensionMonitoringAgentConfig.monitoringWorkspaceId + : '//'), + '/' + )[2], + split( + (!empty(extensionMonitoringAgentConfig.?monitoringWorkspaceId ?? '') + ? extensionMonitoringAgentConfig.monitoringWorkspaceId + : '////'), + '/' + )[4] + ) +} + +module machine_azureMonitorAgentExtension 'extension/main.bicep' = if (extensionMonitoringAgentConfig.enabled) { + name: '${uniqueString(deployment().name, location)}-VM-AzureMonitorAgent' + params: { + arcMachineName: machine.name + name: 'AzureMonitorAgent' + location: location + publisher: 'Microsoft.Azure.Monitor' + type: osType == 'Windows' ? 'AzureMonitorWindowsAgent' : 'AzureMonitorLinuxAgent' + typeHandlerVersion: extensionMonitoringAgentConfig.?typeHandlerVersion ?? (osType == 'Windows' ? '1.22' : '1.29') + autoUpgradeMinorVersion: extensionMonitoringAgentConfig.?autoUpgradeMinorVersion ?? true + enableAutomaticUpgrade: extensionMonitoringAgentConfig.?enableAutomaticUpgrade ?? false + settings: { + workspaceId: !empty(extensionMonitoringAgentConfig.?monitoringWorkspaceId ?? '') + ? machine_logAnalyticsWorkspace.properties.customerId + : '' + GCS_AUTO_CONFIG: osType == 'Linux' ? true : null + } + supressFailures: extensionMonitoringAgentConfig.?supressFailures ?? false + tags: extensionMonitoringAgentConfig.?tags ?? tags + protectedSettings: { + workspaceKey: !empty(extensionMonitoringAgentConfig.?monitoringWorkspaceId ?? '') + ? machine_logAnalyticsWorkspace.listKeys().primarySharedKey + : '' + } + } + dependsOn: [ + machine_microsoftAntiMalwareExtension + ] +} + +module machine_dependencyAgentExtension 'extension/main.bicep' = if (extensionDependencyAgentConfig.enabled) { + name: '${uniqueString(deployment().name, location)}-VM-DependencyAgent' + params: { + arcMachineName: machine.name + name: 'DependencyAgent' + location: location + publisher: 'Microsoft.Azure.Monitoring.DependencyAgent' + type: osType == 'Windows' ? 'DependencyAgentWindows' : 'DependencyAgentLinux' + typeHandlerVersion: contains(extensionDependencyAgentConfig, 'typeHandlerVersion') + ? extensionDependencyAgentConfig.typeHandlerVersion + : '9.10' + autoUpgradeMinorVersion: contains(extensionDependencyAgentConfig, 'autoUpgradeMinorVersion') + ? extensionDependencyAgentConfig.autoUpgradeMinorVersion + : true + enableAutomaticUpgrade: contains(extensionDependencyAgentConfig, 'enableAutomaticUpgrade') + ? extensionDependencyAgentConfig.enableAutomaticUpgrade + : true + settings: { + enableAMA: contains(extensionDependencyAgentConfig, 'enableAMA') ? extensionDependencyAgentConfig.enableAMA : true + } + supressFailures: extensionDependencyAgentConfig.?supressFailures ?? false + tags: extensionDependencyAgentConfig.?tags ?? tags + } + dependsOn: [ + machine_azureMonitorAgentExtension + ] +} + +module machine_desiredStateConfigurationExtension 'extension/main.bicep' = if (extensionDSCConfig.enabled) { + name: '${uniqueString(deployment().name, location)}-VM-DesiredStateConfiguration' + params: { + arcMachineName: machine.name + name: 'DesiredStateConfiguration' + location: location + publisher: 'Microsoft.Powershell' + type: 'DSC' + typeHandlerVersion: contains(extensionDSCConfig, 'typeHandlerVersion') + ? extensionDSCConfig.typeHandlerVersion + : '2.77' + autoUpgradeMinorVersion: contains(extensionDSCConfig, 'autoUpgradeMinorVersion') + ? extensionDSCConfig.autoUpgradeMinorVersion + : true + enableAutomaticUpgrade: contains(extensionDSCConfig, 'enableAutomaticUpgrade') + ? extensionDSCConfig.enableAutomaticUpgrade + : false + settings: contains(extensionDSCConfig, 'settings') ? extensionDSCConfig.settings : {} + supressFailures: extensionDSCConfig.?supressFailures ?? false + tags: extensionDSCConfig.?tags ?? tags + protectedSettings: contains(extensionDSCConfig, 'protectedSettings') ? extensionDSCConfig.protectedSettings : {} + } +} + +module machine_customScriptExtension 'extension/main.bicep' = if (extensionCustomScriptConfig.enabled) { + name: '${uniqueString(deployment().name, location)}-VM-CustomScriptExtension' + params: { + arcMachineName: machine.name + name: 'CustomScriptExtension' + location: location + publisher: osType == 'Windows' ? 'Microsoft.Compute' : 'Microsoft.Azure.Extensions' + type: osType == 'Windows' ? 'CustomScriptExtension' : 'CustomScript' + typeHandlerVersion: contains(extensionCustomScriptConfig, 'typeHandlerVersion') + ? extensionCustomScriptConfig.typeHandlerVersion + : (osType == 'Windows' ? '1.10' : '2.1') + autoUpgradeMinorVersion: contains(extensionCustomScriptConfig, 'autoUpgradeMinorVersion') + ? extensionCustomScriptConfig.autoUpgradeMinorVersion + : true + enableAutomaticUpgrade: contains(extensionCustomScriptConfig, 'enableAutomaticUpgrade') + ? extensionCustomScriptConfig.enableAutomaticUpgrade + : false + settings: { + fileUris: [ + for fileData in extensionCustomScriptConfig.fileData: contains(fileData, 'storageAccountId') + ? '${fileData.uri}?${listAccountSas(fileData.storageAccountId, '2019-04-01', accountSasProperties).accountSasToken}' + : fileData.uri + ] + } + supressFailures: extensionCustomScriptConfig.?supressFailures ?? false + tags: extensionCustomScriptConfig.?tags ?? tags + protectedSettings: extensionCustomScriptProtectedSetting + } + dependsOn: [ + machine_desiredStateConfigurationExtension + ] +} + +module machine_azureGuestConfigurationExtension 'extension/main.bicep' = if (extensionGuestConfigurationExtension.enabled) { + name: '${uniqueString(deployment().name, location)}-VM-GuestConfiguration' + params: { + arcMachineName: machine.name + name: osType == 'Windows' ? 'AzurePolicyforWindows' : 'AzurePolicyforLinux' + location: location + publisher: 'Microsoft.GuestConfiguration' + type: osType == 'Windows' ? 'ConfigurationforWindows' : 'ConfigurationForLinux' + typeHandlerVersion: contains(extensionGuestConfigurationExtension, 'typeHandlerVersion') + ? extensionGuestConfigurationExtension.typeHandlerVersion + : (osType == 'Windows' ? '1.0' : '1.0') + autoUpgradeMinorVersion: contains(extensionGuestConfigurationExtension, 'autoUpgradeMinorVersion') + ? extensionGuestConfigurationExtension.autoUpgradeMinorVersion + : true + enableAutomaticUpgrade: contains(extensionGuestConfigurationExtension, 'enableAutomaticUpgrade') + ? extensionGuestConfigurationExtension.enableAutomaticUpgrade + : true + forceUpdateTag: contains(extensionGuestConfigurationExtension, 'forceUpdateTag') + ? extensionGuestConfigurationExtension.forceUpdateTag + : '1.0' + settings: contains(extensionGuestConfigurationExtension, 'settings') + ? extensionGuestConfigurationExtension.settings + : {} + supressFailures: extensionGuestConfigurationExtension.?supressFailures ?? false + protectedSettings: extensionGuestConfigurationExtensionProtectedSettings + tags: extensionGuestConfigurationExtension.?tags ?? tags + } + dependsOn: [] +} + +resource AzureWindowsBaseline 'Microsoft.GuestConfiguration/guestConfigurationAssignments@2020-06-25' = if (!empty(guestConfiguration)) { + name: 'AzureWindowsBaseline' + scope: machine + dependsOn: [ + machine_azureGuestConfigurationExtension + ] + location: location + properties: { + guestConfiguration: guestConfiguration + } +} + +resource machine_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' + properties: { + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' + ? 'Cannot delete resource or child resources.' + : 'Cannot delete or modify the resource or child resources.' + } + scope: machine +} + +resource machine_roleAssignments 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ + for (roleAssignment, index) in (roleAssignments ?? []): { + name: guid(machine.id, roleAssignment.principalId, roleAssignment.roleDefinitionIdOrName) + properties: { + roleDefinitionId: contains(builtInRoleNames, roleAssignment.roleDefinitionIdOrName) + ? builtInRoleNames[roleAssignment.roleDefinitionIdOrName] + : contains(roleAssignment.roleDefinitionIdOrName, '/providers/Microsoft.Authorization/roleDefinitions/') + ? roleAssignment.roleDefinitionIdOrName + : subscriptionResourceId('Microsoft.Authorization/roleDefinitions', roleAssignment.roleDefinitionIdOrName) + principalId: roleAssignment.principalId + description: roleAssignment.?description + principalType: roleAssignment.?principalType + condition: roleAssignment.?condition + conditionVersion: !empty(roleAssignment.?condition) ? (roleAssignment.?conditionVersion ?? '2.0') : null // Must only be set if condtion is set + delegatedManagedIdentityResourceId: roleAssignment.?delegatedManagedIdentityResourceId + } + scope: machine + } +] + +@description('The name of the machine.') +output name string = machine.name + +@description('The resource ID of the machine.') +output resourceId string = machine.id + +@description('The name of the resource group the VM was created in.') +output resourceGroupName string = resourceGroup().name + +@description('The principal ID of the system assigned identity.') +output systemAssignedMIPrincipalId string = machine.?identity.?principalId ?? '' + +@description('The location the resource was deployed into.') +output location string = machine.location + +// =============== // +// Definitions // +// =============== // + +type managedIdentitiesType = { + @description('Optional. Enables system assigned managed identity on the resource.') + systemAssigned: bool? + + @description('Optional. The resource ID(s) to assign to the resource.') + userAssignedResourceIds: string[]? +}? + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? + +type roleAssignmentType = { + @description('Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') + roleDefinitionIdOrName: string + + @description('Required. The principal ID of the principal (user/group/identity) to assign the role to.') + principalId: string + + @description('Optional. The principal type of the assigned principal ID.') + principalType: ('ServicePrincipal' | 'Group' | 'User' | 'ForeignGroup' | 'Device')? + + @description('Optional. The description of the role assignment.') + description: string? + + @description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container".') + condition: string? + + @description('Optional. Version of the condition.') + conditionVersion: '2.0'? + + @description('Optional. The Resource Id of the delegated managed identity resource.') + delegatedManagedIdentityResourceId: string? +}[]? diff --git a/avm/res/hybrid-compute/machine/tests/e2e/default/main.test.bicep b/avm/res/hybrid-compute/machine/tests/e2e/default/main.test.bicep new file mode 100644 index 0000000000..9e7f1b1a92 --- /dev/null +++ b/avm/res/hybrid-compute/machine/tests/e2e/default/main.test.bicep @@ -0,0 +1,47 @@ +targetScope = 'subscription' + +metadata name = 'Creates only an Arc Machine' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + +// ========== // +// Parameters // +// ========== // + +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +param resourceGroupName string = 'dep-${namePrefix}-hybridCompute.machine-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param resourceLocation string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'arcmacmin' + +@description('Optional. A token to inject into the name of each resource.') +param namePrefix string = '#_namePrefix_#' + +// ============ // +// Dependencies // +// ============ // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: resourceLocation +} + +// ============== // +// Test Execution // +// ============== // +@batchSize(1) +module testDeployment '../../../main.bicep' = [ + for iteration in ['init', 'idem']: { + scope: resourceGroup + name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}' + params: { + location: resourceLocation + name: '${namePrefix}${serviceShort}' + } + } +] diff --git a/avm/res/hybrid-compute/machine/tests/e2e/max/main.test.bicep b/avm/res/hybrid-compute/machine/tests/e2e/max/main.test.bicep new file mode 100644 index 0000000000..a0357c8dc5 --- /dev/null +++ b/avm/res/hybrid-compute/machine/tests/e2e/max/main.test.bicep @@ -0,0 +1,101 @@ +targetScope = 'subscription' + +metadata name = 'Creates an Arc Machine with maximum configurations' +metadata description = 'This instance deploys the module with the full set of required parameters.' + +// ========== // +// Parameters // +// ========== // + +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +param resourceGroupName string = 'dep-${namePrefix}-hybridCompute.machine-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param resourceLocation string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'arcmacmin' + +@description('Optional. A token to inject into the name of each resource.') +param namePrefix string = '#_namePrefix_#' + +// ============ // +// Dependencies // +// ============ // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: resourceLocation +} + +// ============== // +// Test Execution // +// ============== // +@batchSize(1) +module testDeployment '../../../main.bicep' = [ + for iteration in ['init', 'idem']: { + scope: resourceGroup + name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}' + params: { + location: resourceLocation + name: '${namePrefix}${serviceShort}' + allowExtensionOperations: true + configurationProfile: 'providers/Microsoft.Automanage/bestPractices/AzureBestPracticesDevTest' + extensionAntiMalwareConfig: { + enabled: true + } + extensionDSCConfig: { + enabled: true + configurationMode: 'ApplyAndMonitor' + configurationModeFrequencyMins: 15 + refreshFrequencyMins: 30 + rebootNodeIfNeeded: true + actionAfterReboot: 'ContinueConfiguration' + nodeConfigurationName: 'MyDSCConfig' + configurationArguments: {} + } + extensionCustomScriptConfig: { + script: 'echo "Hello World"' + } + extensionCustomScriptProtectedSetting: {} + extensionDependencyAgentConfig: { + enabled: true + } + extensionGuestConfigurationExtension: { + enabled: true + } + extensionGuestConfigurationExtensionProtectedSettings: {} + extensionMonitoringAgentConfig: { + enabled: true + } + guestConfiguration: { + name: 'AzureWindowsBaseline' + version: '1.*' + assignmentType: 'ApplyAndMonitor' + configurationParameter: [ + { + name: 'Minimum Password Length;ExpectedValue' + value: '16' + } + { + name: 'Minimum Password Length;RemediateValue' + value: '16' + } + { + name: 'Maximum Password Age;ExpectedValue' + value: '75' + } + { + name: 'Maximum Password Age;RemediateValue' + value: '75' + } + ] + } + osType: 'Windows' + sasTokenValidityLength: 'PT1H' + } + } +] diff --git a/avm/res/hybrid-compute/machine/version.json b/avm/res/hybrid-compute/machine/version.json new file mode 100644 index 0000000000..78451defbe --- /dev/null +++ b/avm/res/hybrid-compute/machine/version.json @@ -0,0 +1,7 @@ +{ + "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", + "version": "0.0", + "pathFilters": [ + "./main.json" + ] +} From 058c2078410316c8f9218d7fc3670333bbf163fc Mon Sep 17 00:00:00 2001 From: Matthew Bratschun Date: Fri, 14 Jun 2024 15:55:40 -0600 Subject: [PATCH 02/25] workflow --- .../avm.res.hybrid-compute.machine.yml | 90 +++++++++++++++++++ 1 file changed, 90 insertions(+) create mode 100644 .github/workflows/avm.res.hybrid-compute.machine.yml diff --git a/.github/workflows/avm.res.hybrid-compute.machine.yml b/.github/workflows/avm.res.hybrid-compute.machine.yml new file mode 100644 index 0000000000..1b37947d8e --- /dev/null +++ b/.github/workflows/avm.res.hybrid-compute.machine.yml @@ -0,0 +1,90 @@ +name: "avm.res.hybrid-compute.machine" + +on: + schedule: + - cron: "0 12 1/15 * *" # Bi-Weekly Test (on 1st & 15th of month) + workflow_dispatch: + inputs: + staticValidation: + type: boolean + description: "Execute static validation" + required: false + default: true + deploymentValidation: + type: boolean + description: "Execute deployment validation" + required: false + default: true + removeDeployment: + type: boolean + description: "Remove deployed module" + required: false + default: true + customLocation: + type: string + description: "Default location overwrite (e.g., eastus)" + required: false + push: + branches: + - main + paths: + - ".github/actions/templates/avm-**" + - ".github/workflows/avm.template.module.yml" + - ".github/workflows/avm.res.hybrid-compute.machine.yml" + - "avm/res/hybrid-compute/machine/**" + - "avm/utilities/pipelines/**" + - "!avm/utilities/pipelines/platform/**" + - "!*/**/README.md" + +env: + modulePath: "avm/res/hybrid-compute/machine" + workflowPath: ".github/workflows/avm.res.hybrid-compute.machine.yml" + +concurrency: + group: ${{ github.workflow }} + +jobs: + ########################### + # Initialize pipeline # + ########################### + job_initialize_pipeline: + runs-on: ubuntu-latest + name: "Initialize pipeline" + steps: + - name: "Checkout" + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: "Set input parameters to output variables" + id: get-workflow-param + uses: ./.github/actions/templates/avm-getWorkflowInput + with: + workflowPath: "${{ env.workflowPath}}" + - name: "Get module test file paths" + id: get-module-test-file-paths + uses: ./.github/actions/templates/avm-getModuleTestFiles + with: + modulePath: "${{ env.modulePath }}" + outputs: + workflowInput: ${{ steps.get-workflow-param.outputs.workflowInput }} + moduleTestFilePaths: ${{ steps.get-module-test-file-paths.outputs.moduleTestFilePaths }} + psRuleModuleTestFilePaths: ${{ steps.get-module-test-file-paths.outputs.psRuleModuleTestFilePaths }} + modulePath: "${{ env.modulePath }}" + + ############################## + # Call reusable workflow # + ############################## + call-workflow-passing-data: + name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags + needs: + - job_initialize_pipeline + uses: ./.github/workflows/avm.template.module.yml + with: + workflowInput: "${{ needs.job_initialize_pipeline.outputs.workflowInput }}" + moduleTestFilePaths: "${{ needs.job_initialize_pipeline.outputs.moduleTestFilePaths }}" + psRuleModuleTestFilePaths: "${{ needs.job_initialize_pipeline.outputs.psRuleModuleTestFilePaths }}" + modulePath: "${{ needs.job_initialize_pipeline.outputs.modulePath}}" + secrets: inherit From 87d9e0e28eb471b50264bca2890d321d89abbb0f Mon Sep 17 00:00:00 2001 From: Matthew Bratschun Date: Mon, 17 Jun 2024 08:29:32 -0600 Subject: [PATCH 03/25] rename --- .../machine/extension/main.bicep | 1 - avm/res/hybrid-compute/machine/main.bicep | 19 ++++++++++--------- .../{default => defaults.hci}/main.test.bicep | 4 ++++ .../e2e/{max => max.hci}/main.test.bicep | 5 ++++- 4 files changed, 18 insertions(+), 11 deletions(-) rename avm/res/hybrid-compute/machine/tests/e2e/{default => defaults.hci}/main.test.bicep (93%) rename avm/res/hybrid-compute/machine/tests/e2e/{max => max.hci}/main.test.bicep (96%) diff --git a/avm/res/hybrid-compute/machine/extension/main.bicep b/avm/res/hybrid-compute/machine/extension/main.bicep index 2ffb0fd9b6..533930d639 100644 --- a/avm/res/hybrid-compute/machine/extension/main.bicep +++ b/avm/res/hybrid-compute/machine/extension/main.bicep @@ -60,7 +60,6 @@ resource extension 'Microsoft.HybridCompute/machines/extensions@2022-12-27' = { forceUpdateTag: !empty(forceUpdateTag) ? forceUpdateTag : null settings: !empty(settings) ? settings : null protectedSettings: !empty(protectedSettings) ? protectedSettings : null - suppressFailures: supressFailures } } diff --git a/avm/res/hybrid-compute/machine/main.bicep b/avm/res/hybrid-compute/machine/main.bicep index 9d5dd4af8f..a6f8e56e43 100644 --- a/avm/res/hybrid-compute/machine/main.bicep +++ b/avm/res/hybrid-compute/machine/main.bicep @@ -5,13 +5,10 @@ metadata owner = 'Azure/module-maintainers' @description('Required. The name of the Arc machine to be created. You should use a unique prefix to reduce name collisions in Active Directory.') param name string -@description('Optional. The managed identity definition for this resource. The system-assigned managed identity will automatically be enabled if extensionAadJoinConfig.enabled = "True".') -param managedIdentities managedIdentitiesType +@description('Required. Kind of Arc machine to be created. Possible values are: HCI, SCVMM, VMware') +param kind string // Child resources -@description('Optional. Specifies whether extension operations should be allowed on the Arc machine. This may only be set to False when no extensions are present on the Arc machine.') -param allowExtensionOperations bool = true - @description('Optional. Required if name is specified. Password of the user specified in user parameter.') @secure() param extensionDomainJoinPassword string = '' @@ -130,28 +127,32 @@ var accountSasProperties = { signedProtocol: 'https' } -resource avmTelemetry 'Microsoft.Resources/deployments@2023-07-01' = if (enableTelemetry) { +resource #_namePrefix_#Telemetry 'Microsoft.Resources/deployments@2023-07-01' = if (enableTelemetry) { name: '46d3xbcp.res.hybridcompute-machine.${replace('-..--..-', '.', '-')}.${substring(uniqueString(deployment().name, location), 0, 4)}' properties: { mode: 'Incremental' template: { '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' + contentVersion: '#_moduleVersion_#.0' resources: [] outputs: { telemetry: { type: 'String' - value: 'For more information, see https://aka.ms/avm/TelemetryInfo' + value: 'For more information, see https://aka.ms/#_namePrefix_#/TelemetryInfo' } } } } } -resource machine 'Microsoft.HybridCompute/machines@2022-12-27' = { +resource machine 'Microsoft.HybridCompute/machines@2023-03-15-preview' = { name: name location: location + identity: { + type: 'SystemAssigned' + } tags: tags + kind: kind properties: {} } diff --git a/avm/res/hybrid-compute/machine/tests/e2e/default/main.test.bicep b/avm/res/hybrid-compute/machine/tests/e2e/defaults.hci/main.test.bicep similarity index 93% rename from avm/res/hybrid-compute/machine/tests/e2e/default/main.test.bicep rename to avm/res/hybrid-compute/machine/tests/e2e/defaults.hci/main.test.bicep index 9e7f1b1a92..fd33a1036d 100644 --- a/avm/res/hybrid-compute/machine/tests/e2e/default/main.test.bicep +++ b/avm/res/hybrid-compute/machine/tests/e2e/defaults.hci/main.test.bicep @@ -7,6 +7,9 @@ metadata description = 'This instance deploys the module with the minimum set of // Parameters // // ========== // +@description('Required. The kind of machine to deploy.') +param kind string = 'HCI' + @description('Optional. The name of the resource group to deploy for testing purposes.') @maxLength(90) param resourceGroupName string = 'dep-${namePrefix}-hybridCompute.machine-${serviceShort}-rg' @@ -42,6 +45,7 @@ module testDeployment '../../../main.bicep' = [ params: { location: resourceLocation name: '${namePrefix}${serviceShort}' + kind: kind } } ] diff --git a/avm/res/hybrid-compute/machine/tests/e2e/max/main.test.bicep b/avm/res/hybrid-compute/machine/tests/e2e/max.hci/main.test.bicep similarity index 96% rename from avm/res/hybrid-compute/machine/tests/e2e/max/main.test.bicep rename to avm/res/hybrid-compute/machine/tests/e2e/max.hci/main.test.bicep index a0357c8dc5..ff87992032 100644 --- a/avm/res/hybrid-compute/machine/tests/e2e/max/main.test.bicep +++ b/avm/res/hybrid-compute/machine/tests/e2e/max.hci/main.test.bicep @@ -7,6 +7,9 @@ metadata description = 'This instance deploys the module with the full set of re // Parameters // // ========== // +@description('Required. The kind of machine to deploy.') +param kind string = 'HCI' + @description('Optional. The name of the resource group to deploy for testing purposes.') @maxLength(90) param resourceGroupName string = 'dep-${namePrefix}-hybridCompute.machine-${serviceShort}-rg' @@ -42,7 +45,7 @@ module testDeployment '../../../main.bicep' = [ params: { location: resourceLocation name: '${namePrefix}${serviceShort}' - allowExtensionOperations: true + kind: kind configurationProfile: 'providers/Microsoft.Automanage/bestPractices/AzureBestPracticesDevTest' extensionAntiMalwareConfig: { enabled: true From d93c062df269cb9bef5407e438a66adf82543a9b Mon Sep 17 00:00:00 2001 From: Matthew Bratschun Date: Mon, 17 Jun 2024 08:57:44 -0600 Subject: [PATCH 04/25] other kind properties --- .../machine/extension/main.bicep | 3 --- avm/res/hybrid-compute/machine/main.bicep | 19 ++++++++++++++++++- 2 files changed, 18 insertions(+), 4 deletions(-) diff --git a/avm/res/hybrid-compute/machine/extension/main.bicep b/avm/res/hybrid-compute/machine/extension/main.bicep index 533930d639..2d93c88b75 100644 --- a/avm/res/hybrid-compute/machine/extension/main.bicep +++ b/avm/res/hybrid-compute/machine/extension/main.bicep @@ -33,9 +33,6 @@ param settings object = {} @secure() param protectedSettings object = {} -@description('Optional. Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false.') -param supressFailures bool = false - @description('Required. Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available.') param enableAutomaticUpgrade bool diff --git a/avm/res/hybrid-compute/machine/main.bicep b/avm/res/hybrid-compute/machine/main.bicep index a6f8e56e43..1c139e7c33 100644 --- a/avm/res/hybrid-compute/machine/main.bicep +++ b/avm/res/hybrid-compute/machine/main.bicep @@ -8,6 +8,18 @@ param name string @description('Required. Kind of Arc machine to be created. Possible values are: HCI, SCVMM, VMware') param kind string +@description('Conditional. The resource ID of an Arc Private Link Scope which which to associate this machine. Required if you are using Private Link for Arc and your Arc Machine will resolve a Private Endpoint for connectivity to Azure.') +param privateLinkScopeResourceId string = '' + +@description('Optional. Parent cluster resource ID (Azure Stack HCI).') +param parentClusterResourceId string = '' + +@description('Optional. The GUID of the on-premises virtual machine from your hypervisor.') +param vmId string = '' + +@description('Optional. The Public Key that the client provides to be used during initial resource onboarding.') +param clientPublicKye string = '' + // Child resources @description('Optional. Required if name is specified. Password of the user specified in user parameter.') @secure() @@ -153,7 +165,12 @@ resource machine 'Microsoft.HybridCompute/machines@2023-03-15-preview' = { } tags: tags kind: kind - properties: {} + properties: { + parentClusterResourceId: parentClusterResourceId + vmId: vmId + clientPublicKey: clientPublicKye + privateLinkScopeResourceId: privateLinkScopeResourceId + } } resource machine_configurationProfileAssignment 'Microsoft.Automanage/configurationProfileAssignments@2022-05-04' = if (!empty(configurationProfile)) { From c9155d3b5b08e477a2045b49cd85ca6d046f3e16 Mon Sep 17 00:00:00 2001 From: Matthew Bratschun Date: Mon, 17 Jun 2024 08:59:38 -0600 Subject: [PATCH 05/25] remove supressFailures --- avm/res/hybrid-compute/machine/main.bicep | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/avm/res/hybrid-compute/machine/main.bicep b/avm/res/hybrid-compute/machine/main.bicep index 1c139e7c33..f545861968 100644 --- a/avm/res/hybrid-compute/machine/main.bicep +++ b/avm/res/hybrid-compute/machine/main.bicep @@ -139,18 +139,18 @@ var accountSasProperties = { signedProtocol: 'https' } -resource #_namePrefix_#Telemetry 'Microsoft.Resources/deployments@2023-07-01' = if (enableTelemetry) { +resource avmTelemetry 'Microsoft.Resources/deployments@2023-07-01' = if (enableTelemetry) { name: '46d3xbcp.res.hybridcompute-machine.${replace('-..--..-', '.', '-')}.${substring(uniqueString(deployment().name, location), 0, 4)}' properties: { mode: 'Incremental' template: { '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '#_moduleVersion_#.0' + contentVersion: '0.0.0' resources: [] outputs: { telemetry: { type: 'String' - value: 'For more information, see https://aka.ms/#_namePrefix_#/TelemetryInfo' + value: 'For more information, see https://aka.ms/avm/TelemetryInfo' } } } @@ -199,7 +199,6 @@ module machine_domainJoinExtension 'extension/main.bicep' = if (extensionDomainJ ? extensionDomainJoinConfig.enableAutomaticUpgrade : false settings: extensionDomainJoinConfig.settings - supressFailures: extensionDomainJoinConfig.?supressFailures ?? false tags: extensionDomainJoinConfig.?tags ?? tags protectedSettings: { Password: extensionDomainJoinPassword @@ -225,7 +224,6 @@ module machine_microsoftAntiMalwareExtension 'extension/main.bicep' = if (extens ? extensionAntiMalwareConfig.enableAutomaticUpgrade : false settings: extensionAntiMalwareConfig.settings - supressFailures: extensionAntiMalwareConfig.?supressFailures ?? false tags: extensionAntiMalwareConfig.?tags ?? tags } dependsOn: [ @@ -273,7 +271,6 @@ module machine_azureMonitorAgentExtension 'extension/main.bicep' = if (extension : '' GCS_AUTO_CONFIG: osType == 'Linux' ? true : null } - supressFailures: extensionMonitoringAgentConfig.?supressFailures ?? false tags: extensionMonitoringAgentConfig.?tags ?? tags protectedSettings: { workspaceKey: !empty(extensionMonitoringAgentConfig.?monitoringWorkspaceId ?? '') @@ -306,7 +303,6 @@ module machine_dependencyAgentExtension 'extension/main.bicep' = if (extensionDe settings: { enableAMA: contains(extensionDependencyAgentConfig, 'enableAMA') ? extensionDependencyAgentConfig.enableAMA : true } - supressFailures: extensionDependencyAgentConfig.?supressFailures ?? false tags: extensionDependencyAgentConfig.?tags ?? tags } dependsOn: [ @@ -332,7 +328,6 @@ module machine_desiredStateConfigurationExtension 'extension/main.bicep' = if (e ? extensionDSCConfig.enableAutomaticUpgrade : false settings: contains(extensionDSCConfig, 'settings') ? extensionDSCConfig.settings : {} - supressFailures: extensionDSCConfig.?supressFailures ?? false tags: extensionDSCConfig.?tags ?? tags protectedSettings: contains(extensionDSCConfig, 'protectedSettings') ? extensionDSCConfig.protectedSettings : {} } @@ -362,7 +357,6 @@ module machine_customScriptExtension 'extension/main.bicep' = if (extensionCusto : fileData.uri ] } - supressFailures: extensionCustomScriptConfig.?supressFailures ?? false tags: extensionCustomScriptConfig.?tags ?? tags protectedSettings: extensionCustomScriptProtectedSetting } @@ -394,7 +388,6 @@ module machine_azureGuestConfigurationExtension 'extension/main.bicep' = if (ext settings: contains(extensionGuestConfigurationExtension, 'settings') ? extensionGuestConfigurationExtension.settings : {} - supressFailures: extensionGuestConfigurationExtension.?supressFailures ?? false protectedSettings: extensionGuestConfigurationExtensionProtectedSettings tags: extensionGuestConfigurationExtension.?tags ?? tags } From bed65ab646526995464cf705f645fb57da53360c Mon Sep 17 00:00:00 2001 From: Matthew Bratschun Date: Mon, 17 Jun 2024 15:03:00 -0600 Subject: [PATCH 06/25] removed extensions deployments --- avm/res/hybrid-compute/machine/README.md | 578 ++++++++++++++++++ .../machine/extension/README.md | 152 +++++ avm/res/hybrid-compute/machine/main.bicep | 324 ++-------- .../tests/e2e/defaults.vmware/main.test.bicep | 51 ++ .../machine/tests/e2e/max.hci/main.test.bicep | 30 +- 5 files changed, 828 insertions(+), 307 deletions(-) create mode 100644 avm/res/hybrid-compute/machine/README.md create mode 100644 avm/res/hybrid-compute/machine/extension/README.md create mode 100644 avm/res/hybrid-compute/machine/tests/e2e/defaults.vmware/main.test.bicep diff --git a/avm/res/hybrid-compute/machine/README.md b/avm/res/hybrid-compute/machine/README.md new file mode 100644 index 0000000000..ceb4d6577b --- /dev/null +++ b/avm/res/hybrid-compute/machine/README.md @@ -0,0 +1,578 @@ +# Hybrid Compute Machines `[Microsoft.HybridCompute/machines]` + +This module deploys a Arc Machines for use with Arc Resource Bridge for Azure Stack HCI or VMware. In these scenarios, this resource module will be used in combination with another resource module to create the require Virtual Machine Instance extension resource on this Arc Machine resource. + +> !NOTE +> This module is not applicable to other Arc Machine scenarios, which do not require the resource to be pre-created before connecting the Azure Connected Machine (Arc) agent. Futher, the extensions child resource in this module will not work when initially creating the Arc Machine resource because at that point, the Arc agent has not been connected. + +## Navigation + +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) +- [Parameters](#Parameters) +- [Outputs](#Outputs) +- [Cross-referenced modules](#Cross-referenced-modules) +- [Data Collection](#Data-Collection) + +## Resource Types + +| Resource Type | API Version | +| :-- | :-- | +| `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | +| `Microsoft.Automanage/configurationProfileAssignments` | [2022-05-04](https://learn.microsoft.com/en-us/azure/templates) | +| `Microsoft.GuestConfiguration/guestConfigurationAssignments` | [2020-06-25](https://learn.microsoft.com/en-us/azure/templates/Microsoft.GuestConfiguration/2020-06-25/guestConfigurationAssignments) | +| `Microsoft.HybridCompute/machines` | [2023-03-15-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.HybridCompute/2023-03-15-preview/machines) | + +## Usage examples + +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. + +>**Note**: To reference the module, please use the following syntax `br/public:avm/res/hybrid-compute/machine:`. + +- [Creates only an Arc Machine](#example-1-creates-only-an-arc-machine) +- [Creates only an Arc Machine](#example-2-creates-only-an-arc-machine) +- [Creates an Arc Machine with maximum configurations](#example-3-creates-an-arc-machine-with-maximum-configurations) + +### Example 1: _Creates only an Arc Machine_ + +This instance deploys the module with the minimum set of required parameters. + + +
+ +via Bicep module + +```bicep +module machine 'br/public:avm/res/hybrid-compute/machine:' = { + name: 'machineDeployment' + params: { + // Required parameters + kind: '' + name: 'arcmacmin' + // Non-required parameters + location: '' + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "kind": { + "value": "" + }, + "name": { + "value": "arcmacmin" + }, + // Non-required parameters + "location": { + "value": "" + } + } +} +``` + +
+

+ +### Example 2: _Creates only an Arc Machine_ + +This instance deploys the module with the minimum set of required parameters. + + +

+ +via Bicep module + +```bicep +module machine 'br/public:avm/res/hybrid-compute/machine:' = { + name: 'machineDeployment' + params: { + // Required parameters + kind: '' + name: 'arcmacmin' + // Non-required parameters + location: '' + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "kind": { + "value": "" + }, + "name": { + "value": "arcmacmin" + }, + // Non-required parameters + "location": { + "value": "" + } + } +} +``` + +
+

+ +### Example 3: _Creates an Arc Machine with maximum configurations_ + +This instance deploys the module with the full set of required parameters. + + +

+ +via Bicep module + +```bicep +module machine 'br/public:avm/res/hybrid-compute/machine:' = { + name: 'machineDeployment' + params: { + // Required parameters + kind: '' + name: 'arcmacmin' + // Non-required parameters + configurationProfile: 'providers/Microsoft.Automanage/bestPractices/AzureBestPracticesDevTest' + guestConfiguration: { + assignmentType: 'ApplyAndMonitor' + configurationParameter: [ + { + name: 'Minimum Password Length;ExpectedValue' + value: '16' + } + { + name: 'Minimum Password Length;RemediateValue' + value: '16' + } + { + name: 'Maximum Password Age;ExpectedValue' + value: '75' + } + { + name: 'Maximum Password Age;RemediateValue' + value: '75' + } + ] + name: 'AzureWindowsBaseline' + version: '1.*' + } + location: '' + osType: 'Windows' + patchAssessmentMode: 'AutomaticByPlatform' + patchMode: 'AutomaticByPlatform' + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "kind": { + "value": "" + }, + "name": { + "value": "arcmacmin" + }, + // Non-required parameters + "configurationProfile": { + "value": "providers/Microsoft.Automanage/bestPractices/AzureBestPracticesDevTest" + }, + "guestConfiguration": { + "value": { + "assignmentType": "ApplyAndMonitor", + "configurationParameter": [ + { + "name": "Minimum Password Length;ExpectedValue", + "value": "16" + }, + { + "name": "Minimum Password Length;RemediateValue", + "value": "16" + }, + { + "name": "Maximum Password Age;ExpectedValue", + "value": "75" + }, + { + "name": "Maximum Password Age;RemediateValue", + "value": "75" + } + ], + "name": "AzureWindowsBaseline", + "version": "1.*" + } + }, + "location": { + "value": "" + }, + "osType": { + "value": "Windows" + }, + "patchAssessmentMode": { + "value": "AutomaticByPlatform" + }, + "patchMode": { + "value": "AutomaticByPlatform" + } + } +} +``` + +
+

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-kind) | string | Kind of Arc machine to be created. Possible values are: HCI, SCVMM, VMware | +| [`name`](#parameter-name) | string | The name of the Arc machine to be created. You should use a unique prefix to reduce name collisions in Active Directory. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`osType`](#parameter-ostype) | string | The chosen OS type. | +| [`privateLinkScopeResourceId`](#parameter-privatelinkscoperesourceid) | string | The resource ID of an Arc Private Link Scope which which to associate this machine. Required if you are using Private Link for Arc and your Arc Machine will resolve a Private Endpoint for connectivity to Azure. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`clientPublicKey`](#parameter-clientpublickey) | string | The Public Key that the client provides to be used during initial resource onboarding. | +| [`configurationProfile`](#parameter-configurationprofile) | string | The configuration profile of automanage. Either '/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction', 'providers/Microsoft.Automanage/bestPractices/AzureBestPracticesDevTest' or the resource Id of custom profile. | +| [`enableHotpatching`](#parameter-enablehotpatching) | bool | Captures the hotpatch capability enrollment intent of the customers, which enables customers to patch their Windows machines without requiring a reboot. | +| [`enableTelemetry`](#parameter-enabletelemetry) | bool | Enable/Disable usage telemetry for module. | +| [`guestConfiguration`](#parameter-guestconfiguration) | object | The guest configuration for the Arc machine. Needs the Guest Configuration extension to be enabled. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | +| [`parentClusterResourceId`](#parameter-parentclusterresourceid) | string | Parent cluster resource ID (Azure Stack HCI). | +| [`patchAssessmentMode`](#parameter-patchassessmentmode) | string | VM guest patching assessment mode. Set it to 'AutomaticByPlatform' to enable automatically check for updates every 24 hours. | +| [`patchMode`](#parameter-patchmode) | string | VM guest patching orchestration mode. 'AutomaticByOS' & 'Manual' are for Windows only, 'ImageDefault' for Linux only. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignments to create. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`vmId`](#parameter-vmid) | string | The GUID of the on-premises virtual machine from your hypervisor. | + +### Parameter: `kind` + +Kind of Arc machine to be created. Possible values are: HCI, SCVMM, VMware + +- Required: Yes +- Type: string + +### Parameter: `name` + +The name of the Arc machine to be created. You should use a unique prefix to reduce name collisions in Active Directory. + +- Required: Yes +- Type: string + +### Parameter: `osType` + +The chosen OS type. + +- Required: No +- Type: string +- Default: `''` +- Allowed: + ```Bicep + [ + '' + 'Linux' + 'Windows' + ] + ``` + +### Parameter: `privateLinkScopeResourceId` + +The resource ID of an Arc Private Link Scope which which to associate this machine. Required if you are using Private Link for Arc and your Arc Machine will resolve a Private Endpoint for connectivity to Azure. + +- Required: No +- Type: string +- Default: `''` + +### Parameter: `clientPublicKey` + +The Public Key that the client provides to be used during initial resource onboarding. + +- Required: No +- Type: string +- Default: `''` + +### Parameter: `configurationProfile` + +The configuration profile of automanage. Either '/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction', 'providers/Microsoft.Automanage/bestPractices/AzureBestPracticesDevTest' or the resource Id of custom profile. + +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableHotpatching` + +Captures the hotpatch capability enrollment intent of the customers, which enables customers to patch their Windows machines without requiring a reboot. + +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableTelemetry` + +Enable/Disable usage telemetry for module. + +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `guestConfiguration` + +The guest configuration for the Arc machine. Needs the Guest Configuration extension to be enabled. + +- Required: No +- Type: object +- Default: `{}` + +### Parameter: `location` + +Location for all resources. + +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +The lock settings of the service. + +- Required: No +- Type: object + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | + +### Parameter: `lock.kind` + +Specify the type of lock. + +- Required: No +- Type: string +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` + +### Parameter: `lock.name` + +Specify the name of lock. + +- Required: No +- Type: string + +### Parameter: `parentClusterResourceId` + +Parent cluster resource ID (Azure Stack HCI). + +- Required: No +- Type: string +- Default: `''` + +### Parameter: `patchAssessmentMode` + +VM guest patching assessment mode. Set it to 'AutomaticByPlatform' to enable automatically check for updates every 24 hours. + +- Required: No +- Type: string +- Default: `'ImageDefault'` +- Allowed: + ```Bicep + [ + 'AutomaticByPlatform' + 'ImageDefault' + ] + ``` + +### Parameter: `patchMode` + +VM guest patching orchestration mode. 'AutomaticByOS' & 'Manual' are for Windows only, 'ImageDefault' for Linux only. + +- Required: No +- Type: string +- Default: `''` +- Allowed: + ```Bicep + [ + '' + 'AutomaticByOS' + 'AutomaticByPlatform' + 'ImageDefault' + 'Manual' + ] + ``` + +### Parameter: `roleAssignments` + +Array of role assignments to create. + +- Required: No +- Type: array + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container". | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | + +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes +- Type: string + +### Parameter: `roleAssignments.roleDefinitionIdOrName` + +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + +- Required: Yes +- Type: string + +### Parameter: `roleAssignments.condition` + +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container". + +- Required: No +- Type: string + +### Parameter: `roleAssignments.conditionVersion` + +Version of the condition. + +- Required: No +- Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` + +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` + +The Resource Id of the delegated managed identity resource. + +- Required: No +- Type: string + +### Parameter: `roleAssignments.description` + +The description of the role assignment. + +- Required: No +- Type: string + +### Parameter: `roleAssignments.principalType` + +The principal type of the assigned principal ID. + +- Required: No +- Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` + +### Parameter: `tags` + +Tags of the resource. + +- Required: No +- Type: object + +### Parameter: `vmId` + +The GUID of the on-premises virtual machine from your hypervisor. + +- Required: No +- Type: string +- Default: `''` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the machine. | +| `resourceGroupName` | string | The name of the resource group the VM was created in. | +| `resourceId` | string | The resource ID of the machine. | +| `systemAssignedMIPrincipalId` | string | The principal ID of the system assigned identity. | + +## Cross-referenced modules + +_None_ + +## Data Collection + +The software may collect information about you and your use of the software and send it to Microsoft. Microsoft may use this information to provide services and improve our products and services. You may turn off the telemetry as described in the [repository](https://aka.ms/avm/telemetry). There are also some features in the software that may enable you and Microsoft to collect data from users of your applications. If you use these features, you must comply with applicable law, including providing appropriate notices to users of your applications together with a copy of Microsoft’s privacy statement. Our privacy statement is located at . You can learn more about data collection and use in the help documentation and our privacy statement. Your use of the software operates as your consent to these practices. diff --git a/avm/res/hybrid-compute/machine/extension/README.md b/avm/res/hybrid-compute/machine/extension/README.md new file mode 100644 index 0000000000..bac902873f --- /dev/null +++ b/avm/res/hybrid-compute/machine/extension/README.md @@ -0,0 +1,152 @@ +# Arc Machine Extensions `[Microsoft.HybridCompute/machines/extensions]` + +This module deploys a Arc Machine Extension. + +## Navigation + +- [Resource Types](#Resource-Types) +- [Parameters](#Parameters) +- [Outputs](#Outputs) +- [Cross-referenced modules](#Cross-referenced-modules) +- [Data Collection](#Data-Collection) + +## Resource Types + +| Resource Type | API Version | +| :-- | :-- | +| `Microsoft.HybridCompute/machines/extensions` | [2022-12-27](https://learn.microsoft.com/en-us/azure/templates/Microsoft.HybridCompute/2022-12-27/machines/extensions) | + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`autoUpgradeMinorVersion`](#parameter-autoupgrademinorversion) | bool | Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true. | +| [`enableAutomaticUpgrade`](#parameter-enableautomaticupgrade) | bool | Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available. | +| [`name`](#parameter-name) | string | The name of the Arc Machine extension. | +| [`publisher`](#parameter-publisher) | string | The name of the extension handler publisher. | +| [`type`](#parameter-type) | string | Specifies the type of the extension; an example is "CustomScriptExtension". | +| [`typeHandlerVersion`](#parameter-typehandlerversion) | string | Specifies the version of the script handler. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`arcMachineName`](#parameter-arcmachinename) | string | The name of the parent Arc Machine that extension is provisioned for. Required if the template is used in a standalone deployment. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`forceUpdateTag`](#parameter-forceupdatetag) | string | How the extension handler should be forced to update even if the extension configuration has not changed. | +| [`location`](#parameter-location) | string | The location the extension is deployed to. | +| [`protectedSettings`](#parameter-protectedsettings) | secureObject | Any object that contains the extension specific protected settings. | +| [`settings`](#parameter-settings) | object | Any object that contains the extension specific settings. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | + +### Parameter: `autoUpgradeMinorVersion` + +Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true. + +- Required: Yes +- Type: bool + +### Parameter: `enableAutomaticUpgrade` + +Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available. + +- Required: Yes +- Type: bool + +### Parameter: `name` + +The name of the Arc Machine extension. + +- Required: Yes +- Type: string + +### Parameter: `publisher` + +The name of the extension handler publisher. + +- Required: Yes +- Type: string + +### Parameter: `type` + +Specifies the type of the extension; an example is "CustomScriptExtension". + +- Required: Yes +- Type: string + +### Parameter: `typeHandlerVersion` + +Specifies the version of the script handler. + +- Required: Yes +- Type: string + +### Parameter: `arcMachineName` + +The name of the parent Arc Machine that extension is provisioned for. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + +### Parameter: `forceUpdateTag` + +How the extension handler should be forced to update even if the extension configuration has not changed. + +- Required: No +- Type: string +- Default: `''` + +### Parameter: `location` + +The location the extension is deployed to. + +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `protectedSettings` + +Any object that contains the extension specific protected settings. + +- Required: No +- Type: secureObject +- Default: `{}` + +### Parameter: `settings` + +Any object that contains the extension specific settings. + +- Required: No +- Type: object +- Default: `{}` + +### Parameter: `tags` + +Tags of the resource. + +- Required: No +- Type: object + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the extension. | +| `resourceGroupName` | string | The name of the Resource Group the extension was created in. | +| `resourceId` | string | The resource ID of the extension. | + +## Cross-referenced modules + +_None_ + +## Data Collection + +The software may collect information about you and your use of the software and send it to Microsoft. Microsoft may use this information to provide services and improve our products and services. You may turn off the telemetry as described in the [repository](https://aka.ms/avm/telemetry). There are also some features in the software that may enable you and Microsoft to collect data from users of your applications. If you use these features, you must comply with applicable law, including providing appropriate notices to users of your applications together with a copy of Microsoft’s privacy statement. Our privacy statement is located at . You can learn more about data collection and use in the help documentation and our privacy statement. Your use of the software operates as your consent to these practices. diff --git a/avm/res/hybrid-compute/machine/main.bicep b/avm/res/hybrid-compute/machine/main.bicep index f545861968..c79af96f83 100644 --- a/avm/res/hybrid-compute/machine/main.bicep +++ b/avm/res/hybrid-compute/machine/main.bicep @@ -1,5 +1,5 @@ metadata name = 'Hybrid Compute Machines' -metadata description = 'This module deploys a Arc machine with one or multiple NICs and optionally one or multiple public IPs.' +metadata description = 'This module deploys a Arc Machines for use with Arc Resource Bridge for Azure Stack HCI or VMware. In these scenarios, this resource module will be used in combination with another resource module to create the require Virtual Machine Instance extension resource on this Arc Machine resource.' metadata owner = 'Azure/module-maintainers' @description('Required. The name of the Arc machine to be created. You should use a unique prefix to reduce name collisions in Active Directory.') @@ -18,60 +18,32 @@ param parentClusterResourceId string = '' param vmId string = '' @description('Optional. The Public Key that the client provides to be used during initial resource onboarding.') -param clientPublicKye string = '' +param clientPublicKey string = '' -// Child resources -@description('Optional. Required if name is specified. Password of the user specified in user parameter.') -@secure() -param extensionDomainJoinPassword string = '' - -@description('Optional. The configuration for the [Domain Join] extension. Must at least contain the ["enabled": true] property to be executed.') -param extensionDomainJoinConfig object = { - enabled: false -} - -@description('Optional. The configuration for the [Anti Malware] extension. Must at least contain the ["enabled": true] property to be executed.') -param extensionAntiMalwareConfig object = { - enabled: false -} - -@description('Optional. The configuration for the [Monitoring Agent] extension. Must at least contain the ["enabled": true] property to be executed.') -param extensionMonitoringAgentConfig object = { - enabled: false -} - -@description('Optional. The configuration for the [Dependency Agent] extension. Must at least contain the ["enabled": true] property to be executed.') -param extensionDependencyAgentConfig object = { - enabled: false -} - -@description('Optional. The configuration for the [Desired State Configuration] extension. Must at least contain the ["enabled": true] property to be executed.') -param extensionDSCConfig object = { - enabled: false -} +@description('Optional. VM guest patching orchestration mode. \'AutomaticByOS\' & \'Manual\' are for Windows only, \'ImageDefault\' for Linux only.') +@allowed([ + 'AutomaticByPlatform' + 'AutomaticByOS' + 'Manual' + 'ImageDefault' + '' +]) +param patchMode string = '' -@description('Optional. The configuration for the [Custom Script] extension. Must at least contain the ["enabled": true] property to be executed.') -param extensionCustomScriptConfig object = { - enabled: false - fileData: [] -} +@description('Optional. VM guest patching assessment mode. Set it to \'AutomaticByPlatform\' to enable automatically check for updates every 24 hours.') +@allowed([ + 'AutomaticByPlatform' + 'ImageDefault' +]) +param patchAssessmentMode string = 'ImageDefault' -@description('Optional. The configuration for the [Guest Configuration] extension. Must at least contain the ["enabled": true] property to be executed. Needs a managed identy.') -param extensionGuestConfigurationExtension object = { - enabled: false -} +@description('Optional. Captures the hotpatch capability enrollment intent of the customers, which enables customers to patch their Windows machines without requiring a reboot.') +param enableHotpatching bool = false +// Child resources @description('Optional. The guest configuration for the Arc machine. Needs the Guest Configuration extension to be enabled.') param guestConfiguration object = {} -@description('Optional. An object that contains the extension specific protected settings.') -@secure() -param extensionCustomScriptProtectedSetting object = {} - -@description('Optional. An object that contains the extension specific protected settings.') -@secure() -param extensionGuestConfigurationExtensionProtectedSettings object = {} - @description('Conditional. The chosen OS type.') @allowed([ 'Windows' @@ -93,18 +65,31 @@ param roleAssignments roleAssignmentType @description('Optional. Tags of the resource.') param tags object? -@description('Generated. Do not provide a value! This date value is used to generate a registration token.') -param baseTime string = utcNow('u') - -@description('Optional. SAS token validity length to use to download files from storage accounts. Usage: \'PT8H\' - valid for 8 hours; \'P5D\' - valid for 5 days; \'P1Y\' - valid for 1 year. When not provided, the SAS token will be valid for 8 hours.') -param sasTokenValidityLength string = 'PT8H' - @description('Optional. Enable/Disable usage telemetry for module.') param enableTelemetry bool = true @description('Optional. The configuration profile of automanage. Either \'/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction\', \'providers/Microsoft.Automanage/bestPractices/AzureBestPracticesDevTest\' or the resource Id of custom profile.') param configurationProfile string = '' +var linuxConfiguration = { + patchSettings: (patchMode =~ 'AutomaticByPlatform' || patchMode =~ 'ImageDefault') + ? { + patchMode: patchMode + assessmentMode: patchAssessmentMode + } + : null +} + +var windowsConfiguration = { + patchSettings: (patchMode =~ 'AutomaticByPlatform' || patchMode =~ 'AutomaticByOS' || patchMode =~ 'Manual') + ? { + patchMode: patchMode + assessmentMode: patchAssessmentMode + enableHotpatching: enableHotpatching + } + : null +} + var builtInRoleNames = { Contributor: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') Owner: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') @@ -131,14 +116,6 @@ var builtInRoleNames = { ) } -var accountSasProperties = { - signedServices: 'b' - signedPermission: 'r' - signedExpiry: dateTimeAdd(baseTime, sasTokenValidityLength) - signedResourceTypes: 'o' - signedProtocol: 'https' -} - resource avmTelemetry 'Microsoft.Resources/deployments@2023-07-01' = if (enableTelemetry) { name: '46d3xbcp.res.hybridcompute-machine.${replace('-..--..-', '.', '-')}.${substring(uniqueString(deployment().name, location), 0, 4)}' properties: { @@ -166,9 +143,13 @@ resource machine 'Microsoft.HybridCompute/machines@2023-03-15-preview' = { tags: tags kind: kind properties: { + osProfile: { + windowsConfiguration: osType == 'Windows' ? windowsConfiguration : null + linuxConfiguration: osType == 'Linux' ? linuxConfiguration : null + } parentClusterResourceId: parentClusterResourceId vmId: vmId - clientPublicKey: clientPublicKye + clientPublicKey: clientPublicKey privateLinkScopeResourceId: privateLinkScopeResourceId } } @@ -181,225 +162,10 @@ resource machine_configurationProfileAssignment 'Microsoft.Automanage/configurat scope: machine } -module machine_domainJoinExtension 'extension/main.bicep' = if (extensionDomainJoinConfig.enabled) { - name: '${uniqueString(deployment().name, location)}-VM-DomainJoin' - params: { - arcMachineName: machine.name - name: 'DomainJoin' - location: location - publisher: 'Microsoft.Compute' - type: 'JsonADDomainExtension' - typeHandlerVersion: contains(extensionDomainJoinConfig, 'typeHandlerVersion') - ? extensionDomainJoinConfig.typeHandlerVersion - : '1.3' - autoUpgradeMinorVersion: contains(extensionDomainJoinConfig, 'autoUpgradeMinorVersion') - ? extensionDomainJoinConfig.autoUpgradeMinorVersion - : true - enableAutomaticUpgrade: contains(extensionDomainJoinConfig, 'enableAutomaticUpgrade') - ? extensionDomainJoinConfig.enableAutomaticUpgrade - : false - settings: extensionDomainJoinConfig.settings - tags: extensionDomainJoinConfig.?tags ?? tags - protectedSettings: { - Password: extensionDomainJoinPassword - } - } -} - -module machine_microsoftAntiMalwareExtension 'extension/main.bicep' = if (extensionAntiMalwareConfig.enabled) { - name: '${uniqueString(deployment().name, location)}-VM-MicrosoftAntiMalware' - params: { - arcMachineName: machine.name - name: 'MicrosoftAntiMalware' - location: location - publisher: 'Microsoft.Azure.Security' - type: 'IaaSAntimalware' - typeHandlerVersion: contains(extensionAntiMalwareConfig, 'typeHandlerVersion') - ? extensionAntiMalwareConfig.typeHandlerVersion - : '1.3' - autoUpgradeMinorVersion: contains(extensionAntiMalwareConfig, 'autoUpgradeMinorVersion') - ? extensionAntiMalwareConfig.autoUpgradeMinorVersion - : true - enableAutomaticUpgrade: contains(extensionAntiMalwareConfig, 'enableAutomaticUpgrade') - ? extensionAntiMalwareConfig.enableAutomaticUpgrade - : false - settings: extensionAntiMalwareConfig.settings - tags: extensionAntiMalwareConfig.?tags ?? tags - } - dependsOn: [ - machine_domainJoinExtension - ] -} - -resource machine_logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2021-06-01' existing = if (!empty(extensionMonitoringAgentConfig.?monitoringWorkspaceId)) { - name: last(split( - (!empty(extensionMonitoringAgentConfig.?monitoringWorkspaceId ?? '') - ? extensionMonitoringAgentConfig.monitoringWorkspaceId - : 'law'), - '/' - ))! - scope: az.resourceGroup( - split( - (!empty(extensionMonitoringAgentConfig.?monitoringWorkspaceId ?? '') - ? extensionMonitoringAgentConfig.monitoringWorkspaceId - : '//'), - '/' - )[2], - split( - (!empty(extensionMonitoringAgentConfig.?monitoringWorkspaceId ?? '') - ? extensionMonitoringAgentConfig.monitoringWorkspaceId - : '////'), - '/' - )[4] - ) -} - -module machine_azureMonitorAgentExtension 'extension/main.bicep' = if (extensionMonitoringAgentConfig.enabled) { - name: '${uniqueString(deployment().name, location)}-VM-AzureMonitorAgent' - params: { - arcMachineName: machine.name - name: 'AzureMonitorAgent' - location: location - publisher: 'Microsoft.Azure.Monitor' - type: osType == 'Windows' ? 'AzureMonitorWindowsAgent' : 'AzureMonitorLinuxAgent' - typeHandlerVersion: extensionMonitoringAgentConfig.?typeHandlerVersion ?? (osType == 'Windows' ? '1.22' : '1.29') - autoUpgradeMinorVersion: extensionMonitoringAgentConfig.?autoUpgradeMinorVersion ?? true - enableAutomaticUpgrade: extensionMonitoringAgentConfig.?enableAutomaticUpgrade ?? false - settings: { - workspaceId: !empty(extensionMonitoringAgentConfig.?monitoringWorkspaceId ?? '') - ? machine_logAnalyticsWorkspace.properties.customerId - : '' - GCS_AUTO_CONFIG: osType == 'Linux' ? true : null - } - tags: extensionMonitoringAgentConfig.?tags ?? tags - protectedSettings: { - workspaceKey: !empty(extensionMonitoringAgentConfig.?monitoringWorkspaceId ?? '') - ? machine_logAnalyticsWorkspace.listKeys().primarySharedKey - : '' - } - } - dependsOn: [ - machine_microsoftAntiMalwareExtension - ] -} - -module machine_dependencyAgentExtension 'extension/main.bicep' = if (extensionDependencyAgentConfig.enabled) { - name: '${uniqueString(deployment().name, location)}-VM-DependencyAgent' - params: { - arcMachineName: machine.name - name: 'DependencyAgent' - location: location - publisher: 'Microsoft.Azure.Monitoring.DependencyAgent' - type: osType == 'Windows' ? 'DependencyAgentWindows' : 'DependencyAgentLinux' - typeHandlerVersion: contains(extensionDependencyAgentConfig, 'typeHandlerVersion') - ? extensionDependencyAgentConfig.typeHandlerVersion - : '9.10' - autoUpgradeMinorVersion: contains(extensionDependencyAgentConfig, 'autoUpgradeMinorVersion') - ? extensionDependencyAgentConfig.autoUpgradeMinorVersion - : true - enableAutomaticUpgrade: contains(extensionDependencyAgentConfig, 'enableAutomaticUpgrade') - ? extensionDependencyAgentConfig.enableAutomaticUpgrade - : true - settings: { - enableAMA: contains(extensionDependencyAgentConfig, 'enableAMA') ? extensionDependencyAgentConfig.enableAMA : true - } - tags: extensionDependencyAgentConfig.?tags ?? tags - } - dependsOn: [ - machine_azureMonitorAgentExtension - ] -} - -module machine_desiredStateConfigurationExtension 'extension/main.bicep' = if (extensionDSCConfig.enabled) { - name: '${uniqueString(deployment().name, location)}-VM-DesiredStateConfiguration' - params: { - arcMachineName: machine.name - name: 'DesiredStateConfiguration' - location: location - publisher: 'Microsoft.Powershell' - type: 'DSC' - typeHandlerVersion: contains(extensionDSCConfig, 'typeHandlerVersion') - ? extensionDSCConfig.typeHandlerVersion - : '2.77' - autoUpgradeMinorVersion: contains(extensionDSCConfig, 'autoUpgradeMinorVersion') - ? extensionDSCConfig.autoUpgradeMinorVersion - : true - enableAutomaticUpgrade: contains(extensionDSCConfig, 'enableAutomaticUpgrade') - ? extensionDSCConfig.enableAutomaticUpgrade - : false - settings: contains(extensionDSCConfig, 'settings') ? extensionDSCConfig.settings : {} - tags: extensionDSCConfig.?tags ?? tags - protectedSettings: contains(extensionDSCConfig, 'protectedSettings') ? extensionDSCConfig.protectedSettings : {} - } -} - -module machine_customScriptExtension 'extension/main.bicep' = if (extensionCustomScriptConfig.enabled) { - name: '${uniqueString(deployment().name, location)}-VM-CustomScriptExtension' - params: { - arcMachineName: machine.name - name: 'CustomScriptExtension' - location: location - publisher: osType == 'Windows' ? 'Microsoft.Compute' : 'Microsoft.Azure.Extensions' - type: osType == 'Windows' ? 'CustomScriptExtension' : 'CustomScript' - typeHandlerVersion: contains(extensionCustomScriptConfig, 'typeHandlerVersion') - ? extensionCustomScriptConfig.typeHandlerVersion - : (osType == 'Windows' ? '1.10' : '2.1') - autoUpgradeMinorVersion: contains(extensionCustomScriptConfig, 'autoUpgradeMinorVersion') - ? extensionCustomScriptConfig.autoUpgradeMinorVersion - : true - enableAutomaticUpgrade: contains(extensionCustomScriptConfig, 'enableAutomaticUpgrade') - ? extensionCustomScriptConfig.enableAutomaticUpgrade - : false - settings: { - fileUris: [ - for fileData in extensionCustomScriptConfig.fileData: contains(fileData, 'storageAccountId') - ? '${fileData.uri}?${listAccountSas(fileData.storageAccountId, '2019-04-01', accountSasProperties).accountSasToken}' - : fileData.uri - ] - } - tags: extensionCustomScriptConfig.?tags ?? tags - protectedSettings: extensionCustomScriptProtectedSetting - } - dependsOn: [ - machine_desiredStateConfigurationExtension - ] -} - -module machine_azureGuestConfigurationExtension 'extension/main.bicep' = if (extensionGuestConfigurationExtension.enabled) { - name: '${uniqueString(deployment().name, location)}-VM-GuestConfiguration' - params: { - arcMachineName: machine.name - name: osType == 'Windows' ? 'AzurePolicyforWindows' : 'AzurePolicyforLinux' - location: location - publisher: 'Microsoft.GuestConfiguration' - type: osType == 'Windows' ? 'ConfigurationforWindows' : 'ConfigurationForLinux' - typeHandlerVersion: contains(extensionGuestConfigurationExtension, 'typeHandlerVersion') - ? extensionGuestConfigurationExtension.typeHandlerVersion - : (osType == 'Windows' ? '1.0' : '1.0') - autoUpgradeMinorVersion: contains(extensionGuestConfigurationExtension, 'autoUpgradeMinorVersion') - ? extensionGuestConfigurationExtension.autoUpgradeMinorVersion - : true - enableAutomaticUpgrade: contains(extensionGuestConfigurationExtension, 'enableAutomaticUpgrade') - ? extensionGuestConfigurationExtension.enableAutomaticUpgrade - : true - forceUpdateTag: contains(extensionGuestConfigurationExtension, 'forceUpdateTag') - ? extensionGuestConfigurationExtension.forceUpdateTag - : '1.0' - settings: contains(extensionGuestConfigurationExtension, 'settings') - ? extensionGuestConfigurationExtension.settings - : {} - protectedSettings: extensionGuestConfigurationExtensionProtectedSettings - tags: extensionGuestConfigurationExtension.?tags ?? tags - } - dependsOn: [] -} - resource AzureWindowsBaseline 'Microsoft.GuestConfiguration/guestConfigurationAssignments@2020-06-25' = if (!empty(guestConfiguration)) { name: 'AzureWindowsBaseline' scope: machine - dependsOn: [ - machine_azureGuestConfigurationExtension - ] + dependsOn: [] location: location properties: { guestConfiguration: guestConfiguration diff --git a/avm/res/hybrid-compute/machine/tests/e2e/defaults.vmware/main.test.bicep b/avm/res/hybrid-compute/machine/tests/e2e/defaults.vmware/main.test.bicep new file mode 100644 index 0000000000..1aa4e48622 --- /dev/null +++ b/avm/res/hybrid-compute/machine/tests/e2e/defaults.vmware/main.test.bicep @@ -0,0 +1,51 @@ +targetScope = 'subscription' + +metadata name = 'Creates only an Arc Machine' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + +// ========== // +// Parameters // +// ========== // + +@description('Required. The kind of machine to deploy.') +param kind string = 'Vmware' + +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +param resourceGroupName string = 'dep-${namePrefix}-hybridCompute.machine-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param resourceLocation string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'arcmacmin' + +@description('Optional. A token to inject into the name of each resource.') +param namePrefix string = '#_namePrefix_#' + +// ============ // +// Dependencies // +// ============ // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: resourceLocation +} + +// ============== // +// Test Execution // +// ============== // +@batchSize(1) +module testDeployment '../../../main.bicep' = [ + for iteration in ['init', 'idem']: { + scope: resourceGroup + name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}' + params: { + location: resourceLocation + name: '${namePrefix}${serviceShort}' + kind: kind + } + } +] diff --git a/avm/res/hybrid-compute/machine/tests/e2e/max.hci/main.test.bicep b/avm/res/hybrid-compute/machine/tests/e2e/max.hci/main.test.bicep index ff87992032..f9e7bc72ec 100644 --- a/avm/res/hybrid-compute/machine/tests/e2e/max.hci/main.test.bicep +++ b/avm/res/hybrid-compute/machine/tests/e2e/max.hci/main.test.bicep @@ -47,33 +47,8 @@ module testDeployment '../../../main.bicep' = [ name: '${namePrefix}${serviceShort}' kind: kind configurationProfile: 'providers/Microsoft.Automanage/bestPractices/AzureBestPracticesDevTest' - extensionAntiMalwareConfig: { - enabled: true - } - extensionDSCConfig: { - enabled: true - configurationMode: 'ApplyAndMonitor' - configurationModeFrequencyMins: 15 - refreshFrequencyMins: 30 - rebootNodeIfNeeded: true - actionAfterReboot: 'ContinueConfiguration' - nodeConfigurationName: 'MyDSCConfig' - configurationArguments: {} - } - extensionCustomScriptConfig: { - script: 'echo "Hello World"' - } - extensionCustomScriptProtectedSetting: {} - extensionDependencyAgentConfig: { - enabled: true - } - extensionGuestConfigurationExtension: { - enabled: true - } - extensionGuestConfigurationExtensionProtectedSettings: {} - extensionMonitoringAgentConfig: { - enabled: true - } + patchAssessmentMode: 'AutomaticByPlatform' + patchMode: 'AutomaticByPlatform' guestConfiguration: { name: 'AzureWindowsBaseline' version: '1.*' @@ -98,7 +73,6 @@ module testDeployment '../../../main.bicep' = [ ] } osType: 'Windows' - sasTokenValidityLength: 'PT1H' } } ] From a6c5fafc249caa9f51532adcd2182c96d63fc0c7 Mon Sep 17 00:00:00 2001 From: Matthew Bratschun Date: Tue, 18 Jun 2024 08:47:45 -0600 Subject: [PATCH 07/25] readmes and arm --- avm/res/hybrid-compute/machine/README.md | 5 +- .../machine/extension/README.md | 23 +- .../machine/extension/main.bicep | 4 +- .../machine/extension/main.json | 152 +++++++ avm/res/hybrid-compute/machine/main.bicep | 2 +- avm/res/hybrid-compute/machine/main.json | 425 ++++++++++++++++++ 6 files changed, 590 insertions(+), 21 deletions(-) create mode 100644 avm/res/hybrid-compute/machine/extension/main.json create mode 100644 avm/res/hybrid-compute/machine/main.json diff --git a/avm/res/hybrid-compute/machine/README.md b/avm/res/hybrid-compute/machine/README.md index ceb4d6577b..43d2a6ee80 100644 --- a/avm/res/hybrid-compute/machine/README.md +++ b/avm/res/hybrid-compute/machine/README.md @@ -1,9 +1,6 @@ # Hybrid Compute Machines `[Microsoft.HybridCompute/machines]` -This module deploys a Arc Machines for use with Arc Resource Bridge for Azure Stack HCI or VMware. In these scenarios, this resource module will be used in combination with another resource module to create the require Virtual Machine Instance extension resource on this Arc Machine resource. - -> !NOTE -> This module is not applicable to other Arc Machine scenarios, which do not require the resource to be pre-created before connecting the Azure Connected Machine (Arc) agent. Futher, the extensions child resource in this module will not work when initially creating the Arc Machine resource because at that point, the Arc agent has not been connected. +This module deploys an Arc Machine for use with Arc Resource Bridge for Azure Stack HCI or VMware. In these scenarios, this resource module will be used in combination with another resource module to create the require Virtual Machine Instance extension resource on this Arc Machine resource. This module should not be used for other Arc-enabled server scenarios, where the Arc Machine resource is created automatically by the onboarding process. ## Navigation diff --git a/avm/res/hybrid-compute/machine/extension/README.md b/avm/res/hybrid-compute/machine/extension/README.md index bac902873f..c88c823b42 100644 --- a/avm/res/hybrid-compute/machine/extension/README.md +++ b/avm/res/hybrid-compute/machine/extension/README.md @@ -1,6 +1,6 @@ # Arc Machine Extensions `[Microsoft.HybridCompute/machines/extensions]` -This module deploys a Arc Machine Extension. +This module deploys a Arc Machine Extension. This module should be used as a standalone deployment after the Arc agent has connected to the Arc Machine resource. ## Navigation @@ -22,6 +22,7 @@ This module deploys a Arc Machine Extension. | Parameter | Type | Description | | :-- | :-- | :-- | +| [`arcMachineName`](#parameter-arcmachinename) | string | The name of the parent Arc Machine that extension is provisioned for. | | [`autoUpgradeMinorVersion`](#parameter-autoupgrademinorversion) | bool | Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true. | | [`enableAutomaticUpgrade`](#parameter-enableautomaticupgrade) | bool | Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available. | | [`name`](#parameter-name) | string | The name of the Arc Machine extension. | @@ -29,12 +30,6 @@ This module deploys a Arc Machine Extension. | [`type`](#parameter-type) | string | Specifies the type of the extension; an example is "CustomScriptExtension". | | [`typeHandlerVersion`](#parameter-typehandlerversion) | string | Specifies the version of the script handler. | -**Conditional parameters** - -| Parameter | Type | Description | -| :-- | :-- | :-- | -| [`arcMachineName`](#parameter-arcmachinename) | string | The name of the parent Arc Machine that extension is provisioned for. Required if the template is used in a standalone deployment. | - **Optional parameters** | Parameter | Type | Description | @@ -45,6 +40,13 @@ This module deploys a Arc Machine Extension. | [`settings`](#parameter-settings) | object | Any object that contains the extension specific settings. | | [`tags`](#parameter-tags) | object | Tags of the resource. | +### Parameter: `arcMachineName` + +The name of the parent Arc Machine that extension is provisioned for. + +- Required: Yes +- Type: string + ### Parameter: `autoUpgradeMinorVersion` Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true. @@ -87,13 +89,6 @@ Specifies the version of the script handler. - Required: Yes - Type: string -### Parameter: `arcMachineName` - -The name of the parent Arc Machine that extension is provisioned for. Required if the template is used in a standalone deployment. - -- Required: Yes -- Type: string - ### Parameter: `forceUpdateTag` How the extension handler should be forced to update even if the extension configuration has not changed. diff --git a/avm/res/hybrid-compute/machine/extension/main.bicep b/avm/res/hybrid-compute/machine/extension/main.bicep index 2d93c88b75..e144af63ed 100644 --- a/avm/res/hybrid-compute/machine/extension/main.bicep +++ b/avm/res/hybrid-compute/machine/extension/main.bicep @@ -1,8 +1,8 @@ metadata name = 'Arc Machine Extensions' -metadata description = 'This module deploys a Arc Machine Extension.' +metadata description = 'This module deploys a Arc Machine Extension. This module should be used as a standalone deployment after the Arc agent has connected to the Arc Machine resource.' metadata owner = 'Azure/module-maintainers' -@description('Conditional. The name of the parent Arc Machine that extension is provisioned for. Required if the template is used in a standalone deployment.') +@description('Required. The name of the parent Arc Machine that extension is provisioned for.') param arcMachineName string @description('Required. The name of the Arc Machine extension.') diff --git a/avm/res/hybrid-compute/machine/extension/main.json b/avm/res/hybrid-compute/machine/extension/main.json new file mode 100644 index 0000000000..d49364a58f --- /dev/null +++ b/avm/res/hybrid-compute/machine/extension/main.json @@ -0,0 +1,152 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.28.1.47646", + "templateHash": "17610285708839931903" + }, + "name": "Arc Machine Extensions", + "description": "This module deploys a Arc Machine Extension. This module should be used as a standalone deployment after the Arc agent has connected to the Arc Machine resource.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "arcMachineName": { + "type": "string", + "metadata": { + "description": "Required. The name of the parent Arc Machine that extension is provisioned for." + } + }, + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the Arc Machine extension." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. The location the extension is deployed to." + } + }, + "publisher": { + "type": "string", + "metadata": { + "description": "Required. The name of the extension handler publisher." + } + }, + "type": { + "type": "string", + "metadata": { + "description": "Required. Specifies the type of the extension; an example is \"CustomScriptExtension\"." + } + }, + "typeHandlerVersion": { + "type": "string", + "metadata": { + "description": "Required. Specifies the version of the script handler." + } + }, + "autoUpgradeMinorVersion": { + "type": "bool", + "metadata": { + "description": "Required. Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true." + } + }, + "forceUpdateTag": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. How the extension handler should be forced to update even if the extension configuration has not changed." + } + }, + "settings": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. Any object that contains the extension specific settings." + } + }, + "protectedSettings": { + "type": "secureObject", + "defaultValue": {}, + "metadata": { + "description": "Optional. Any object that contains the extension specific protected settings." + } + }, + "enableAutomaticUpgrade": { + "type": "bool", + "metadata": { + "description": "Required. Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available." + } + }, + "tags": { + "type": "object", + "nullable": true, + "metadata": { + "description": "Optional. Tags of the resource." + } + } + }, + "resources": { + "machine": { + "existing": true, + "type": "Microsoft.HybridCompute/machines", + "apiVersion": "2022-12-27", + "name": "[parameters('arcMachineName')]" + }, + "extension": { + "type": "Microsoft.HybridCompute/machines/extensions", + "apiVersion": "2022-12-27", + "name": "[format('{0}/{1}', parameters('arcMachineName'), parameters('name'))]", + "location": "[parameters('location')]", + "tags": "[parameters('tags')]", + "properties": { + "publisher": "[parameters('publisher')]", + "type": "[parameters('type')]", + "typeHandlerVersion": "[parameters('typeHandlerVersion')]", + "autoUpgradeMinorVersion": "[parameters('autoUpgradeMinorVersion')]", + "enableAutomaticUpgrade": "[parameters('enableAutomaticUpgrade')]", + "forceUpdateTag": "[if(not(empty(parameters('forceUpdateTag'))), parameters('forceUpdateTag'), null())]", + "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]", + "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]" + }, + "dependsOn": [ + "machine" + ] + } + }, + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the extension." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the extension." + }, + "value": "[resourceId('Microsoft.HybridCompute/machines/extensions', parameters('arcMachineName'), parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The name of the Resource Group the extension was created in." + }, + "value": "[resourceGroup().name]" + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference('extension', '2022-12-27', 'full').location]" + } + } +} \ No newline at end of file diff --git a/avm/res/hybrid-compute/machine/main.bicep b/avm/res/hybrid-compute/machine/main.bicep index c79af96f83..8bd07d5274 100644 --- a/avm/res/hybrid-compute/machine/main.bicep +++ b/avm/res/hybrid-compute/machine/main.bicep @@ -1,5 +1,5 @@ metadata name = 'Hybrid Compute Machines' -metadata description = 'This module deploys a Arc Machines for use with Arc Resource Bridge for Azure Stack HCI or VMware. In these scenarios, this resource module will be used in combination with another resource module to create the require Virtual Machine Instance extension resource on this Arc Machine resource.' +metadata description = 'This module deploys an Arc Machine for use with Arc Resource Bridge for Azure Stack HCI or VMware. In these scenarios, this resource module will be used in combination with another resource module to create the require Virtual Machine Instance extension resource on this Arc Machine resource. This module should not be used for other Arc-enabled server scenarios, where the Arc Machine resource is created automatically by the onboarding process.' metadata owner = 'Azure/module-maintainers' @description('Required. The name of the Arc machine to be created. You should use a unique prefix to reduce name collisions in Active Directory.') diff --git a/avm/res/hybrid-compute/machine/main.json b/avm/res/hybrid-compute/machine/main.json new file mode 100644 index 0000000000..61209ff3ae --- /dev/null +++ b/avm/res/hybrid-compute/machine/main.json @@ -0,0 +1,425 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.28.1.47646", + "templateHash": "13722506663179306088" + }, + "name": "Hybrid Compute Machines", + "description": "This module deploys an Arc Machine for use with Arc Resource Bridge for Azure Stack HCI or VMware. In these scenarios, this resource module will be used in combination with another resource module to create the require Virtual Machine Instance extension resource on this Arc Machine resource. This module should not be used for other Arc-enabled server scenarios, where the Arc Machine resource is created automatically by the onboarding process.", + "owner": "Azure/module-maintainers" + }, + "definitions": { + "managedIdentitiesType": { + "type": "object", + "properties": { + "systemAssigned": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Enables system assigned managed identity on the resource." + } + }, + "userAssignedResourceIds": { + "type": "array", + "items": { + "type": "string" + }, + "nullable": true, + "metadata": { + "description": "Optional. The resource ID(s) to assign to the resource." + } + } + }, + "nullable": true + }, + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + }, + "roleAssignmentType": { + "type": "array", + "items": { + "type": "object", + "properties": { + "roleDefinitionIdOrName": { + "type": "string", + "metadata": { + "description": "Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + } + }, + "principalId": { + "type": "string", + "metadata": { + "description": "Required. The principal ID of the principal (user/group/identity) to assign the role to." + } + }, + "principalType": { + "type": "string", + "allowedValues": [ + "Device", + "ForeignGroup", + "Group", + "ServicePrincipal", + "User" + ], + "nullable": true, + "metadata": { + "description": "Optional. The principal type of the assigned principal ID." + } + }, + "description": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The description of the role assignment." + } + }, + "condition": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." + } + }, + "conditionVersion": { + "type": "string", + "allowedValues": [ + "2.0" + ], + "nullable": true, + "metadata": { + "description": "Optional. Version of the condition." + } + }, + "delegatedManagedIdentityResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The Resource Id of the delegated managed identity resource." + } + } + } + }, + "nullable": true + } + }, + "parameters": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the Arc machine to be created. You should use a unique prefix to reduce name collisions in Active Directory." + } + }, + "kind": { + "type": "string", + "metadata": { + "description": "Required. Kind of Arc machine to be created. Possible values are: HCI, SCVMM, VMware" + } + }, + "privateLinkScopeResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Conditional. The resource ID of an Arc Private Link Scope which which to associate this machine. Required if you are using Private Link for Arc and your Arc Machine will resolve a Private Endpoint for connectivity to Azure." + } + }, + "parentClusterResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Parent cluster resource ID (Azure Stack HCI)." + } + }, + "vmId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The GUID of the on-premises virtual machine from your hypervisor." + } + }, + "clientPublicKey": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The Public Key that the client provides to be used during initial resource onboarding." + } + }, + "patchMode": { + "type": "string", + "defaultValue": "", + "allowedValues": [ + "AutomaticByPlatform", + "AutomaticByOS", + "Manual", + "ImageDefault", + "" + ], + "metadata": { + "description": "Optional. VM guest patching orchestration mode. 'AutomaticByOS' & 'Manual' are for Windows only, 'ImageDefault' for Linux only." + } + }, + "patchAssessmentMode": { + "type": "string", + "defaultValue": "ImageDefault", + "allowedValues": [ + "AutomaticByPlatform", + "ImageDefault" + ], + "metadata": { + "description": "Optional. VM guest patching assessment mode. Set it to 'AutomaticByPlatform' to enable automatically check for updates every 24 hours." + } + }, + "enableHotpatching": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Captures the hotpatch capability enrollment intent of the customers, which enables customers to patch their Windows machines without requiring a reboot." + } + }, + "guestConfiguration": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. The guest configuration for the Arc machine. Needs the Guest Configuration extension to be enabled." + } + }, + "osType": { + "type": "string", + "defaultValue": "", + "allowedValues": [ + "Windows", + "Linux", + "" + ], + "metadata": { + "description": "Conditional. The chosen OS type." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Location for all resources." + } + }, + "lock": { + "$ref": "#/definitions/lockType", + "metadata": { + "description": "Optional. The lock settings of the service." + } + }, + "roleAssignments": { + "$ref": "#/definitions/roleAssignmentType", + "metadata": { + "description": "Optional. Array of role assignments to create." + } + }, + "tags": { + "type": "object", + "nullable": true, + "metadata": { + "description": "Optional. Tags of the resource." + } + }, + "enableTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable/Disable usage telemetry for module." + } + }, + "configurationProfile": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The configuration profile of automanage. Either '/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction', 'providers/Microsoft.Automanage/bestPractices/AzureBestPracticesDevTest' or the resource Id of custom profile." + } + } + }, + "variables": { + "linuxConfiguration": { + "patchSettings": "[if(or(equals(toLower(parameters('patchMode')), toLower('AutomaticByPlatform')), equals(toLower(parameters('patchMode')), toLower('ImageDefault'))), createObject('patchMode', parameters('patchMode'), 'assessmentMode', parameters('patchAssessmentMode')), null())]" + }, + "windowsConfiguration": { + "patchSettings": "[if(or(or(equals(toLower(parameters('patchMode')), toLower('AutomaticByPlatform')), equals(toLower(parameters('patchMode')), toLower('AutomaticByOS'))), equals(toLower(parameters('patchMode')), toLower('Manual'))), createObject('patchMode', parameters('patchMode'), 'assessmentMode', parameters('patchAssessmentMode'), 'enableHotpatching', parameters('enableHotpatching')), null())]" + }, + "builtInRoleNames": { + "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", + "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", + "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", + "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]", + "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]", + "Arc machine Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '1c0163c0-47e6-4577-8991-ea5c82e286e4')]", + "Arc machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c')]", + "Arc machine User Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fb879df8-f326-4884-b1cf-06f3ad86be52')]" + } + }, + "resources": { + "avmTelemetry": { + "condition": "[parameters('enableTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2023-07-01", + "name": "[format('46d3xbcp.res.hybridcompute-machine.{0}.{1}', replace('-..--..-', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "0.0.0", + "resources": [], + "outputs": { + "telemetry": { + "type": "String", + "value": "For more information, see https://aka.ms/avm/TelemetryInfo" + } + } + } + } + }, + "machine": { + "type": "Microsoft.HybridCompute/machines", + "apiVersion": "2023-03-15-preview", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "identity": { + "type": "SystemAssigned" + }, + "tags": "[parameters('tags')]", + "kind": "[parameters('kind')]", + "properties": { + "osProfile": { + "windowsConfiguration": "[if(equals(parameters('osType'), 'Windows'), variables('windowsConfiguration'), null())]", + "linuxConfiguration": "[if(equals(parameters('osType'), 'Linux'), variables('linuxConfiguration'), null())]" + }, + "parentClusterResourceId": "[parameters('parentClusterResourceId')]", + "vmId": "[parameters('vmId')]", + "clientPublicKey": "[parameters('clientPublicKey')]", + "privateLinkScopeResourceId": "[parameters('privateLinkScopeResourceId')]" + } + }, + "machine_configurationProfileAssignment": { + "condition": "[not(empty(parameters('configurationProfile')))]", + "type": "Microsoft.Automanage/configurationProfileAssignments", + "apiVersion": "2022-05-04", + "scope": "[format('Microsoft.HybridCompute/machines/{0}', parameters('name'))]", + "name": "default", + "properties": { + "configurationProfile": "[parameters('configurationProfile')]" + }, + "dependsOn": [ + "machine" + ] + }, + "AzureWindowsBaseline": { + "condition": "[not(empty(parameters('guestConfiguration')))]", + "type": "Microsoft.GuestConfiguration/guestConfigurationAssignments", + "apiVersion": "2020-06-25", + "scope": "[format('Microsoft.HybridCompute/machines/{0}', parameters('name'))]", + "name": "AzureWindowsBaseline", + "location": "[parameters('location')]", + "properties": { + "guestConfiguration": "[parameters('guestConfiguration')]" + }, + "dependsOn": [ + "machine" + ] + }, + "machine_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", + "type": "Microsoft.Authorization/locks", + "apiVersion": "2020-05-01", + "scope": "[format('Microsoft.HybridCompute/machines/{0}', parameters('name'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", + "properties": { + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" + }, + "dependsOn": [ + "machine" + ] + }, + "machine_roleAssignments": { + "copy": { + "name": "machine_roleAssignments", + "count": "[length(coalesce(parameters('roleAssignments'), createArray()))]" + }, + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2022-04-01", + "scope": "[format('Microsoft.HybridCompute/machines/{0}', parameters('name'))]", + "name": "[guid(resourceId('Microsoft.HybridCompute/machines', parameters('name')), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId, coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]", + "properties": { + "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName), variables('builtInRoleNames')[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName], if(contains(coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName, '/providers/Microsoft.Authorization/roleDefinitions/'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)))]", + "principalId": "[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId]", + "description": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'description')]", + "principalType": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'principalType')]", + "condition": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition')]", + "conditionVersion": "[if(not(empty(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition'))), coalesce(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'conditionVersion'), '2.0'), null())]", + "delegatedManagedIdentityResourceId": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'delegatedManagedIdentityResourceId')]" + }, + "dependsOn": [ + "machine" + ] + } + }, + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the machine." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the machine." + }, + "value": "[resourceId('Microsoft.HybridCompute/machines', parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The name of the resource group the VM was created in." + }, + "value": "[resourceGroup().name]" + }, + "systemAssignedMIPrincipalId": { + "type": "string", + "metadata": { + "description": "The principal ID of the system assigned identity." + }, + "value": "[coalesce(tryGet(tryGet(reference('machine', '2023-03-15-preview', 'full'), 'identity'), 'principalId'), '')]" + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference('machine', '2023-03-15-preview', 'full').location]" + } + } +} \ No newline at end of file From b1bb045b4382674b25255319b5fbfdc9b4cd4792 Mon Sep 17 00:00:00 2001 From: Matthew Bratschun Date: Tue, 18 Jun 2024 09:04:04 -0600 Subject: [PATCH 08/25] static validation --- .github/ISSUE_TEMPLATE/avm_module_issue.yml | 1 + avm/res/hybrid-compute/machine/main.bicep | 2 +- .../tests/e2e/{defaults.hci => hci.defaults}/main.test.bicep | 0 .../e2e/{defaults.vmware => vmware.defaults}/main.test.bicep | 0 4 files changed, 2 insertions(+), 1 deletion(-) rename avm/res/hybrid-compute/machine/tests/e2e/{defaults.hci => hci.defaults}/main.test.bicep (100%) rename avm/res/hybrid-compute/machine/tests/e2e/{defaults.vmware => vmware.defaults}/main.test.bicep (100%) diff --git a/.github/ISSUE_TEMPLATE/avm_module_issue.yml b/.github/ISSUE_TEMPLATE/avm_module_issue.yml index ab3d0c7867..0cc1777b70 100644 --- a/.github/ISSUE_TEMPLATE/avm_module_issue.yml +++ b/.github/ISSUE_TEMPLATE/avm_module_issue.yml @@ -95,6 +95,7 @@ body: - "avm/res/event-hub/namespace" - "avm/res/health-bot/health-bot" - "avm/res/healthcare-apis/workspace" + - "avm/res/hybrid-compute/machine" - "avm/res/insights/action-group" - "avm/res/insights/activity-log-alert" - "avm/res/insights/component" diff --git a/avm/res/hybrid-compute/machine/main.bicep b/avm/res/hybrid-compute/machine/main.bicep index 8bd07d5274..0822fe490f 100644 --- a/avm/res/hybrid-compute/machine/main.bicep +++ b/avm/res/hybrid-compute/machine/main.bicep @@ -5,7 +5,7 @@ metadata owner = 'Azure/module-maintainers' @description('Required. The name of the Arc machine to be created. You should use a unique prefix to reduce name collisions in Active Directory.') param name string -@description('Required. Kind of Arc machine to be created. Possible values are: HCI, SCVMM, VMware') +@description('Required. Kind of Arc machine to be created. Possible values are: HCI, SCVMM, VMware.') param kind string @description('Conditional. The resource ID of an Arc Private Link Scope which which to associate this machine. Required if you are using Private Link for Arc and your Arc Machine will resolve a Private Endpoint for connectivity to Azure.') diff --git a/avm/res/hybrid-compute/machine/tests/e2e/defaults.hci/main.test.bicep b/avm/res/hybrid-compute/machine/tests/e2e/hci.defaults/main.test.bicep similarity index 100% rename from avm/res/hybrid-compute/machine/tests/e2e/defaults.hci/main.test.bicep rename to avm/res/hybrid-compute/machine/tests/e2e/hci.defaults/main.test.bicep diff --git a/avm/res/hybrid-compute/machine/tests/e2e/defaults.vmware/main.test.bicep b/avm/res/hybrid-compute/machine/tests/e2e/vmware.defaults/main.test.bicep similarity index 100% rename from avm/res/hybrid-compute/machine/tests/e2e/defaults.vmware/main.test.bicep rename to avm/res/hybrid-compute/machine/tests/e2e/vmware.defaults/main.test.bicep From 164fcd293a212a031027df833c90d61e1b990a8e Mon Sep 17 00:00:00 2001 From: Matthew Bratschun Date: Tue, 18 Jun 2024 09:10:33 -0600 Subject: [PATCH 09/25] validation updates --- avm/res/hybrid-compute/machine/README.md | 114 +++++++++++----------- avm/res/hybrid-compute/machine/main.bicep | 2 +- avm/res/hybrid-compute/machine/main.json | 6 +- 3 files changed, 61 insertions(+), 61 deletions(-) diff --git a/avm/res/hybrid-compute/machine/README.md b/avm/res/hybrid-compute/machine/README.md index 43d2a6ee80..2e8be16afb 100644 --- a/avm/res/hybrid-compute/machine/README.md +++ b/avm/res/hybrid-compute/machine/README.md @@ -30,8 +30,8 @@ The following section provides usage examples for the module, which were used to >**Note**: To reference the module, please use the following syntax `br/public:avm/res/hybrid-compute/machine:`. - [Creates only an Arc Machine](#example-1-creates-only-an-arc-machine) -- [Creates only an Arc Machine](#example-2-creates-only-an-arc-machine) -- [Creates an Arc Machine with maximum configurations](#example-3-creates-an-arc-machine-with-maximum-configurations) +- [Creates an Arc Machine with maximum configurations](#example-2-creates-an-arc-machine-with-maximum-configurations) +- [Creates only an Arc Machine](#example-3-creates-only-an-arc-machine) ### Example 1: _Creates only an Arc Machine_ @@ -85,59 +85,7 @@ module machine 'br/public:avm/res/hybrid-compute/machine:' = {

-### Example 2: _Creates only an Arc Machine_ - -This instance deploys the module with the minimum set of required parameters. - - -

- -via Bicep module - -```bicep -module machine 'br/public:avm/res/hybrid-compute/machine:' = { - name: 'machineDeployment' - params: { - // Required parameters - kind: '' - name: 'arcmacmin' - // Non-required parameters - location: '' - } -} -``` - -
-

- -

- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - // Required parameters - "kind": { - "value": "" - }, - "name": { - "value": "arcmacmin" - }, - // Non-required parameters - "location": { - "value": "" - } - } -} -``` - -
-

- -### Example 3: _Creates an Arc Machine with maximum configurations_ +### Example 2: _Creates an Arc Machine with maximum configurations_ This instance deploys the module with the full set of required parameters. @@ -253,6 +201,58 @@ module machine 'br/public:avm/res/hybrid-compute/machine:' = {

+### Example 3: _Creates only an Arc Machine_ + +This instance deploys the module with the minimum set of required parameters. + + +

+ +via Bicep module + +```bicep +module machine 'br/public:avm/res/hybrid-compute/machine:' = { + name: 'machineDeployment' + params: { + // Required parameters + kind: '' + name: 'arcmacmin' + // Non-required parameters + location: '' + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "kind": { + "value": "" + }, + "name": { + "value": "arcmacmin" + }, + // Non-required parameters + "location": { + "value": "" + } + } +} +``` + +
+

+ ## Parameters @@ -260,7 +260,7 @@ module machine 'br/public:avm/res/hybrid-compute/machine:' = { | Parameter | Type | Description | | :-- | :-- | :-- | -| [`kind`](#parameter-kind) | string | Kind of Arc machine to be created. Possible values are: HCI, SCVMM, VMware | +| [`kind`](#parameter-kind) | string | Kind of Arc machine to be created. Possible values are: HCI, SCVMM, VMware. | | [`name`](#parameter-name) | string | The name of the Arc machine to be created. You should use a unique prefix to reduce name collisions in Active Directory. | **Conditional parameters** @@ -290,7 +290,7 @@ module machine 'br/public:avm/res/hybrid-compute/machine:' = { ### Parameter: `kind` -Kind of Arc machine to be created. Possible values are: HCI, SCVMM, VMware +Kind of Arc machine to be created. Possible values are: HCI, SCVMM, VMware. - Required: Yes - Type: string diff --git a/avm/res/hybrid-compute/machine/main.bicep b/avm/res/hybrid-compute/machine/main.bicep index 0822fe490f..bcfecf0640 100644 --- a/avm/res/hybrid-compute/machine/main.bicep +++ b/avm/res/hybrid-compute/machine/main.bicep @@ -44,7 +44,7 @@ param enableHotpatching bool = false @description('Optional. The guest configuration for the Arc machine. Needs the Guest Configuration extension to be enabled.') param guestConfiguration object = {} -@description('Conditional. The chosen OS type.') +@description('Conditional. Required if you are providing OS-type specified configurations, such as patch settings. The chosen OS type, either Windows or Linux.') @allowed([ 'Windows' 'Linux' diff --git a/avm/res/hybrid-compute/machine/main.json b/avm/res/hybrid-compute/machine/main.json index 61209ff3ae..7127f7f3f0 100644 --- a/avm/res/hybrid-compute/machine/main.json +++ b/avm/res/hybrid-compute/machine/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.28.1.47646", - "templateHash": "13722506663179306088" + "templateHash": "3375691957070444687" }, "name": "Hybrid Compute Machines", "description": "This module deploys an Arc Machine for use with Arc Resource Bridge for Azure Stack HCI or VMware. In these scenarios, this resource module will be used in combination with another resource module to create the require Virtual Machine Instance extension resource on this Arc Machine resource. This module should not be used for other Arc-enabled server scenarios, where the Arc Machine resource is created automatically by the onboarding process.", @@ -138,7 +138,7 @@ "kind": { "type": "string", "metadata": { - "description": "Required. Kind of Arc machine to be created. Possible values are: HCI, SCVMM, VMware" + "description": "Required. Kind of Arc machine to be created. Possible values are: HCI, SCVMM, VMware." } }, "privateLinkScopeResourceId": { @@ -217,7 +217,7 @@ "" ], "metadata": { - "description": "Conditional. The chosen OS type." + "description": "Conditional. Required if you are providing OS-type specified configurations, such as patch settings. The chosen OS type, either Windows or Linux." } }, "location": { From 4661e4d5af6cbe66c5bc4837837c65db2007ee91 Mon Sep 17 00:00:00 2001 From: Matthew Bratschun Date: Tue, 18 Jun 2024 09:18:00 -0600 Subject: [PATCH 10/25] validation --- avm/res/hybrid-compute/machine/README.md | 57 ++++++++++++++++++- .../tests/e2e/waf-aligned/main.test.bicep | 51 +++++++++++++++++ 2 files changed, 106 insertions(+), 2 deletions(-) create mode 100644 avm/res/hybrid-compute/machine/tests/e2e/waf-aligned/main.test.bicep diff --git a/avm/res/hybrid-compute/machine/README.md b/avm/res/hybrid-compute/machine/README.md index 2e8be16afb..e3dafafd56 100644 --- a/avm/res/hybrid-compute/machine/README.md +++ b/avm/res/hybrid-compute/machine/README.md @@ -32,6 +32,7 @@ The following section provides usage examples for the module, which were used to - [Creates only an Arc Machine](#example-1-creates-only-an-arc-machine) - [Creates an Arc Machine with maximum configurations](#example-2-creates-an-arc-machine-with-maximum-configurations) - [Creates only an Arc Machine](#example-3-creates-only-an-arc-machine) +- [Creates only an Arc Machine](#example-4-creates-only-an-arc-machine) ### Example 1: _Creates only an Arc Machine_ @@ -206,6 +207,58 @@ module machine 'br/public:avm/res/hybrid-compute/machine:' = { This instance deploys the module with the minimum set of required parameters. +

+ +via Bicep module + +```bicep +module machine 'br/public:avm/res/hybrid-compute/machine:' = { + name: 'machineDeployment' + params: { + // Required parameters + kind: '' + name: 'arcmacmin' + // Non-required parameters + location: '' + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "kind": { + "value": "" + }, + "name": { + "value": "arcmacmin" + }, + // Non-required parameters + "location": { + "value": "" + } + } +} +``` + +
+

+ +### Example 4: _Creates only an Arc Machine_ + +This instance deploys the module with the minimum set of required parameters. + +

via Bicep module @@ -267,7 +320,7 @@ module machine 'br/public:avm/res/hybrid-compute/machine:' = { | Parameter | Type | Description | | :-- | :-- | :-- | -| [`osType`](#parameter-ostype) | string | The chosen OS type. | +| [`osType`](#parameter-ostype) | string | Required if you are providing OS-type specified configurations, such as patch settings. The chosen OS type, either Windows or Linux. | | [`privateLinkScopeResourceId`](#parameter-privatelinkscoperesourceid) | string | The resource ID of an Arc Private Link Scope which which to associate this machine. Required if you are using Private Link for Arc and your Arc Machine will resolve a Private Endpoint for connectivity to Azure. | **Optional parameters** @@ -304,7 +357,7 @@ The name of the Arc machine to be created. You should use a unique prefix to red ### Parameter: `osType` -The chosen OS type. +Required if you are providing OS-type specified configurations, such as patch settings. The chosen OS type, either Windows or Linux. - Required: No - Type: string diff --git a/avm/res/hybrid-compute/machine/tests/e2e/waf-aligned/main.test.bicep b/avm/res/hybrid-compute/machine/tests/e2e/waf-aligned/main.test.bicep new file mode 100644 index 0000000000..fd33a1036d --- /dev/null +++ b/avm/res/hybrid-compute/machine/tests/e2e/waf-aligned/main.test.bicep @@ -0,0 +1,51 @@ +targetScope = 'subscription' + +metadata name = 'Creates only an Arc Machine' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + +// ========== // +// Parameters // +// ========== // + +@description('Required. The kind of machine to deploy.') +param kind string = 'HCI' + +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +param resourceGroupName string = 'dep-${namePrefix}-hybridCompute.machine-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param resourceLocation string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'arcmacmin' + +@description('Optional. A token to inject into the name of each resource.') +param namePrefix string = '#_namePrefix_#' + +// ============ // +// Dependencies // +// ============ // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: resourceLocation +} + +// ============== // +// Test Execution // +// ============== // +@batchSize(1) +module testDeployment '../../../main.bicep' = [ + for iteration in ['init', 'idem']: { + scope: resourceGroup + name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}' + params: { + location: resourceLocation + name: '${namePrefix}${serviceShort}' + kind: kind + } + } +] From 3b12f01c2adbfb603eae6f9432133ed197796f37 Mon Sep 17 00:00:00 2001 From: Matthew Bratschun Date: Tue, 18 Jun 2024 09:21:56 -0600 Subject: [PATCH 11/25] service shorts --- .../machine/tests/e2e/hci.defaults/main.test.bicep | 2 +- .../hybrid-compute/machine/tests/e2e/max.hci/main.test.bicep | 2 +- .../machine/tests/e2e/vmware.defaults/main.test.bicep | 2 +- .../machine/tests/e2e/waf-aligned/main.test.bicep | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/avm/res/hybrid-compute/machine/tests/e2e/hci.defaults/main.test.bicep b/avm/res/hybrid-compute/machine/tests/e2e/hci.defaults/main.test.bicep index fd33a1036d..dd2e08d255 100644 --- a/avm/res/hybrid-compute/machine/tests/e2e/hci.defaults/main.test.bicep +++ b/avm/res/hybrid-compute/machine/tests/e2e/hci.defaults/main.test.bicep @@ -18,7 +18,7 @@ param resourceGroupName string = 'dep-${namePrefix}-hybridCompute.machine-${serv param resourceLocation string = deployment().location @description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') -param serviceShort string = 'arcmacmin' +param serviceShort string = 'arcmachci' @description('Optional. A token to inject into the name of each resource.') param namePrefix string = '#_namePrefix_#' diff --git a/avm/res/hybrid-compute/machine/tests/e2e/max.hci/main.test.bicep b/avm/res/hybrid-compute/machine/tests/e2e/max.hci/main.test.bicep index f9e7bc72ec..af87646f03 100644 --- a/avm/res/hybrid-compute/machine/tests/e2e/max.hci/main.test.bicep +++ b/avm/res/hybrid-compute/machine/tests/e2e/max.hci/main.test.bicep @@ -18,7 +18,7 @@ param resourceGroupName string = 'dep-${namePrefix}-hybridCompute.machine-${serv param resourceLocation string = deployment().location @description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') -param serviceShort string = 'arcmacmin' +param serviceShort string = 'arcmachcimx' @description('Optional. A token to inject into the name of each resource.') param namePrefix string = '#_namePrefix_#' diff --git a/avm/res/hybrid-compute/machine/tests/e2e/vmware.defaults/main.test.bicep b/avm/res/hybrid-compute/machine/tests/e2e/vmware.defaults/main.test.bicep index 1aa4e48622..8afb091906 100644 --- a/avm/res/hybrid-compute/machine/tests/e2e/vmware.defaults/main.test.bicep +++ b/avm/res/hybrid-compute/machine/tests/e2e/vmware.defaults/main.test.bicep @@ -18,7 +18,7 @@ param resourceGroupName string = 'dep-${namePrefix}-hybridCompute.machine-${serv param resourceLocation string = deployment().location @description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') -param serviceShort string = 'arcmacmin' +param serviceShort string = 'arcmacvmw' @description('Optional. A token to inject into the name of each resource.') param namePrefix string = '#_namePrefix_#' diff --git a/avm/res/hybrid-compute/machine/tests/e2e/waf-aligned/main.test.bicep b/avm/res/hybrid-compute/machine/tests/e2e/waf-aligned/main.test.bicep index fd33a1036d..745821b477 100644 --- a/avm/res/hybrid-compute/machine/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/hybrid-compute/machine/tests/e2e/waf-aligned/main.test.bicep @@ -18,7 +18,7 @@ param resourceGroupName string = 'dep-${namePrefix}-hybridCompute.machine-${serv param resourceLocation string = deployment().location @description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') -param serviceShort string = 'arcmacmin' +param serviceShort string = 'arcmacwaf' @description('Optional. A token to inject into the name of each resource.') param namePrefix string = '#_namePrefix_#' From e96efa8248664c3f491bb150ece3a9f9f60edca5 Mon Sep 17 00:00:00 2001 From: Matthew Bratschun Date: Tue, 18 Jun 2024 09:31:29 -0600 Subject: [PATCH 12/25] validation - tags --- avm/res/hybrid-compute/machine/extension/main.bicep | 6 ++++++ .../machine/tests/e2e/hci.defaults/main.test.bicep | 5 +++++ .../machine/tests/e2e/max.hci/main.test.bicep | 5 +++++ .../machine/tests/e2e/vmware.defaults/main.test.bicep | 5 +++++ .../machine/tests/e2e/waf-aligned/main.test.bicep | 5 +++++ 5 files changed, 26 insertions(+) diff --git a/avm/res/hybrid-compute/machine/extension/main.bicep b/avm/res/hybrid-compute/machine/extension/main.bicep index e144af63ed..a28d9965a0 100644 --- a/avm/res/hybrid-compute/machine/extension/main.bicep +++ b/avm/res/hybrid-compute/machine/extension/main.bicep @@ -71,3 +71,9 @@ output resourceGroupName string = resourceGroup().name @description('The location the resource was deployed into.') output location string = extension.location + +@description('The name of the Resource Group the extension was created in.') +output resourceGroupName string = resourceGroup().name + +@description('The location the resource was deployed into.') +output location string = extension.location diff --git a/avm/res/hybrid-compute/machine/tests/e2e/hci.defaults/main.test.bicep b/avm/res/hybrid-compute/machine/tests/e2e/hci.defaults/main.test.bicep index dd2e08d255..431d7824d4 100644 --- a/avm/res/hybrid-compute/machine/tests/e2e/hci.defaults/main.test.bicep +++ b/avm/res/hybrid-compute/machine/tests/e2e/hci.defaults/main.test.bicep @@ -46,6 +46,11 @@ module testDeployment '../../../main.bicep' = [ location: resourceLocation name: '${namePrefix}${serviceShort}' kind: kind + tags: { + 'hidden-title': 'This is visible in the resource name' + Environment: 'Non-Prod' + Role: 'DeploymentValidation' + } } } ] diff --git a/avm/res/hybrid-compute/machine/tests/e2e/max.hci/main.test.bicep b/avm/res/hybrid-compute/machine/tests/e2e/max.hci/main.test.bicep index af87646f03..25bd5c8d76 100644 --- a/avm/res/hybrid-compute/machine/tests/e2e/max.hci/main.test.bicep +++ b/avm/res/hybrid-compute/machine/tests/e2e/max.hci/main.test.bicep @@ -73,6 +73,11 @@ module testDeployment '../../../main.bicep' = [ ] } osType: 'Windows' + tags: { + 'hidden-title': 'This is visible in the resource name' + Environment: 'Non-Prod' + Role: 'DeploymentValidation' + } } } ] diff --git a/avm/res/hybrid-compute/machine/tests/e2e/vmware.defaults/main.test.bicep b/avm/res/hybrid-compute/machine/tests/e2e/vmware.defaults/main.test.bicep index 8afb091906..600659e182 100644 --- a/avm/res/hybrid-compute/machine/tests/e2e/vmware.defaults/main.test.bicep +++ b/avm/res/hybrid-compute/machine/tests/e2e/vmware.defaults/main.test.bicep @@ -46,6 +46,11 @@ module testDeployment '../../../main.bicep' = [ location: resourceLocation name: '${namePrefix}${serviceShort}' kind: kind + tags: { + 'hidden-title': 'This is visible in the resource name' + Environment: 'Non-Prod' + Role: 'DeploymentValidation' + } } } ] diff --git a/avm/res/hybrid-compute/machine/tests/e2e/waf-aligned/main.test.bicep b/avm/res/hybrid-compute/machine/tests/e2e/waf-aligned/main.test.bicep index 745821b477..1a579ccd8e 100644 --- a/avm/res/hybrid-compute/machine/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/hybrid-compute/machine/tests/e2e/waf-aligned/main.test.bicep @@ -46,6 +46,11 @@ module testDeployment '../../../main.bicep' = [ location: resourceLocation name: '${namePrefix}${serviceShort}' kind: kind + tags: { + 'hidden-title': 'This is visible in the resource name' + Environment: 'Non-Prod' + Role: 'DeploymentValidation' + } } } ] From 78fef602bae05879e258770a987d483a65e54678 Mon Sep 17 00:00:00 2001 From: Matthew Bratschun Date: Tue, 18 Jun 2024 09:32:49 -0600 Subject: [PATCH 13/25] serviceshorts --- .../machine/tests/e2e/hci.defaults/main.test.bicep | 2 +- .../machine/tests/e2e/vmware.defaults/main.test.bicep | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/avm/res/hybrid-compute/machine/tests/e2e/hci.defaults/main.test.bicep b/avm/res/hybrid-compute/machine/tests/e2e/hci.defaults/main.test.bicep index 431d7824d4..d46e3997c2 100644 --- a/avm/res/hybrid-compute/machine/tests/e2e/hci.defaults/main.test.bicep +++ b/avm/res/hybrid-compute/machine/tests/e2e/hci.defaults/main.test.bicep @@ -18,7 +18,7 @@ param resourceGroupName string = 'dep-${namePrefix}-hybridCompute.machine-${serv param resourceLocation string = deployment().location @description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') -param serviceShort string = 'arcmachci' +param serviceShort string = 'arcmachcimin' @description('Optional. A token to inject into the name of each resource.') param namePrefix string = '#_namePrefix_#' diff --git a/avm/res/hybrid-compute/machine/tests/e2e/vmware.defaults/main.test.bicep b/avm/res/hybrid-compute/machine/tests/e2e/vmware.defaults/main.test.bicep index 600659e182..9ba89b725a 100644 --- a/avm/res/hybrid-compute/machine/tests/e2e/vmware.defaults/main.test.bicep +++ b/avm/res/hybrid-compute/machine/tests/e2e/vmware.defaults/main.test.bicep @@ -18,7 +18,7 @@ param resourceGroupName string = 'dep-${namePrefix}-hybridCompute.machine-${serv param resourceLocation string = deployment().location @description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') -param serviceShort string = 'arcmacvmw' +param serviceShort string = 'arcmacvmwmin' @description('Optional. A token to inject into the name of each resource.') param namePrefix string = '#_namePrefix_#' From 224dc2dc141c202bae67c566ec71f8f298042298 Mon Sep 17 00:00:00 2001 From: Matthew Bratschun Date: Tue, 18 Jun 2024 09:58:57 -0600 Subject: [PATCH 14/25] max tests --- avm/res/hybrid-compute/machine/README.md | 68 ++++++++++++++++--- avm/res/hybrid-compute/machine/main.bicep | 2 +- avm/res/hybrid-compute/machine/main.json | 4 +- .../tests/e2e/max.hci/dependencies.bicep | 17 +++++ .../machine/tests/e2e/max.hci/main.test.bicep | 10 +++ 5 files changed, 90 insertions(+), 11 deletions(-) create mode 100644 avm/res/hybrid-compute/machine/tests/e2e/max.hci/dependencies.bicep diff --git a/avm/res/hybrid-compute/machine/README.md b/avm/res/hybrid-compute/machine/README.md index e3dafafd56..015dfd4d4a 100644 --- a/avm/res/hybrid-compute/machine/README.md +++ b/avm/res/hybrid-compute/machine/README.md @@ -49,9 +49,14 @@ module machine 'br/public:avm/res/hybrid-compute/machine:' = { params: { // Required parameters kind: '' - name: 'arcmacmin' + name: 'arcmachcimin' // Non-required parameters location: '' + tags: { + Environment: 'Non-Prod' + 'hidden-title': 'This is visible in the resource name' + Role: 'DeploymentValidation' + } } } ``` @@ -73,11 +78,18 @@ module machine 'br/public:avm/res/hybrid-compute/machine:' = { "value": "" }, "name": { - "value": "arcmacmin" + "value": "arcmachcimin" }, // Non-required parameters "location": { "value": "" + }, + "tags": { + "value": { + "Environment": "Non-Prod", + "hidden-title": "This is visible in the resource name", + "Role": "DeploymentValidation" + } } } } @@ -101,7 +113,7 @@ module machine 'br/public:avm/res/hybrid-compute/machine:' = { params: { // Required parameters kind: '' - name: 'arcmacmin' + name: 'arcmachcimx' // Non-required parameters configurationProfile: 'providers/Microsoft.Automanage/bestPractices/AzureBestPracticesDevTest' guestConfiguration: { @@ -131,6 +143,12 @@ module machine 'br/public:avm/res/hybrid-compute/machine:' = { osType: 'Windows' patchAssessmentMode: 'AutomaticByPlatform' patchMode: 'AutomaticByPlatform' + privateLinkScopeResourceId: '' + tags: { + Environment: 'Non-Prod' + 'hidden-title': 'This is visible in the resource name' + Role: 'DeploymentValidation' + } } } ``` @@ -152,7 +170,7 @@ module machine 'br/public:avm/res/hybrid-compute/machine:' = { "value": "" }, "name": { - "value": "arcmacmin" + "value": "arcmachcimx" }, // Non-required parameters "configurationProfile": { @@ -194,6 +212,16 @@ module machine 'br/public:avm/res/hybrid-compute/machine:' = { }, "patchMode": { "value": "AutomaticByPlatform" + }, + "privateLinkScopeResourceId": { + "value": "" + }, + "tags": { + "value": { + "Environment": "Non-Prod", + "hidden-title": "This is visible in the resource name", + "Role": "DeploymentValidation" + } } } } @@ -217,9 +245,14 @@ module machine 'br/public:avm/res/hybrid-compute/machine:' = { params: { // Required parameters kind: '' - name: 'arcmacmin' + name: 'arcmacvmwmin' // Non-required parameters location: '' + tags: { + Environment: 'Non-Prod' + 'hidden-title': 'This is visible in the resource name' + Role: 'DeploymentValidation' + } } } ``` @@ -241,11 +274,18 @@ module machine 'br/public:avm/res/hybrid-compute/machine:' = { "value": "" }, "name": { - "value": "arcmacmin" + "value": "arcmacvmwmin" }, // Non-required parameters "location": { "value": "" + }, + "tags": { + "value": { + "Environment": "Non-Prod", + "hidden-title": "This is visible in the resource name", + "Role": "DeploymentValidation" + } } } } @@ -269,9 +309,14 @@ module machine 'br/public:avm/res/hybrid-compute/machine:' = { params: { // Required parameters kind: '' - name: 'arcmacmin' + name: 'arcmacwaf' // Non-required parameters location: '' + tags: { + Environment: 'Non-Prod' + 'hidden-title': 'This is visible in the resource name' + Role: 'DeploymentValidation' + } } } ``` @@ -293,11 +338,18 @@ module machine 'br/public:avm/res/hybrid-compute/machine:' = { "value": "" }, "name": { - "value": "arcmacmin" + "value": "arcmacwaf" }, // Non-required parameters "location": { "value": "" + }, + "tags": { + "value": { + "Environment": "Non-Prod", + "hidden-title": "This is visible in the resource name", + "Role": "DeploymentValidation" + } } } } diff --git a/avm/res/hybrid-compute/machine/main.bicep b/avm/res/hybrid-compute/machine/main.bicep index bcfecf0640..fa8e4cbab4 100644 --- a/avm/res/hybrid-compute/machine/main.bicep +++ b/avm/res/hybrid-compute/machine/main.bicep @@ -150,7 +150,7 @@ resource machine 'Microsoft.HybridCompute/machines@2023-03-15-preview' = { parentClusterResourceId: parentClusterResourceId vmId: vmId clientPublicKey: clientPublicKey - privateLinkScopeResourceId: privateLinkScopeResourceId + privateLinkScopeResourceId: empty(privateLinkScopeResourceId) ? null : privateLinkScopeResourceId } } diff --git a/avm/res/hybrid-compute/machine/main.json b/avm/res/hybrid-compute/machine/main.json index 7127f7f3f0..1bc085513a 100644 --- a/avm/res/hybrid-compute/machine/main.json +++ b/avm/res/hybrid-compute/machine/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.28.1.47646", - "templateHash": "3375691957070444687" + "templateHash": "15387314263277045505" }, "name": "Hybrid Compute Machines", "description": "This module deploys an Arc Machine for use with Arc Resource Bridge for Azure Stack HCI or VMware. In these scenarios, this resource module will be used in combination with another resource module to create the require Virtual Machine Instance extension resource on this Arc Machine resource. This module should not be used for other Arc-enabled server scenarios, where the Arc Machine resource is created automatically by the onboarding process.", @@ -318,7 +318,7 @@ "parentClusterResourceId": "[parameters('parentClusterResourceId')]", "vmId": "[parameters('vmId')]", "clientPublicKey": "[parameters('clientPublicKey')]", - "privateLinkScopeResourceId": "[parameters('privateLinkScopeResourceId')]" + "privateLinkScopeResourceId": "[if(empty(parameters('privateLinkScopeResourceId')), null(), parameters('privateLinkScopeResourceId'))]" } }, "machine_configurationProfileAssignment": { diff --git a/avm/res/hybrid-compute/machine/tests/e2e/max.hci/dependencies.bicep b/avm/res/hybrid-compute/machine/tests/e2e/max.hci/dependencies.bicep new file mode 100644 index 0000000000..086d05e310 --- /dev/null +++ b/avm/res/hybrid-compute/machine/tests/e2e/max.hci/dependencies.bicep @@ -0,0 +1,17 @@ +param privateLinkScopeName string +param location string + +resource privateLinkScope 'Microsoft.HybridCompute/privateLinkScopes@2023-10-03-preview' = { + name: privateLinkScopeName + location: location + tags: { + 'hidden-title': 'This is visible in the resource name' + Environment: 'Non-Prod' + Role: 'DeploymentValidation' + } + properties: { + publicNetworkAccess: 'Enabled' + } +} + +output privateLinkScopeResourceId string = privateLinkScope.id diff --git a/avm/res/hybrid-compute/machine/tests/e2e/max.hci/main.test.bicep b/avm/res/hybrid-compute/machine/tests/e2e/max.hci/main.test.bicep index 25bd5c8d76..c234d7580a 100644 --- a/avm/res/hybrid-compute/machine/tests/e2e/max.hci/main.test.bicep +++ b/avm/res/hybrid-compute/machine/tests/e2e/max.hci/main.test.bicep @@ -34,6 +34,15 @@ resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { location: resourceLocation } +module nestedDependencies 'dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, resourceLocation)}-nestedDependencies' + params: { + location: resourceLocation + privateLinkScopeName: 'dep-${namePrefix}-pls-${serviceShort}' + } +} + // ============== // // Test Execution // // ============== // @@ -49,6 +58,7 @@ module testDeployment '../../../main.bicep' = [ configurationProfile: 'providers/Microsoft.Automanage/bestPractices/AzureBestPracticesDevTest' patchAssessmentMode: 'AutomaticByPlatform' patchMode: 'AutomaticByPlatform' + privateLinkScopeResourceId: nestedDependencies.outputs.privateLinkScopeResourceId guestConfiguration: { name: 'AzureWindowsBaseline' version: '1.*' From a210e98cc4492ff6dd16ae84adac0065e085b333 Mon Sep 17 00:00:00 2001 From: Matthew Bratschun Date: Tue, 18 Jun 2024 10:19:19 -0600 Subject: [PATCH 15/25] config profile --- .../hybrid-compute/machine/tests/e2e/max.hci/main.test.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/avm/res/hybrid-compute/machine/tests/e2e/max.hci/main.test.bicep b/avm/res/hybrid-compute/machine/tests/e2e/max.hci/main.test.bicep index c234d7580a..930b448081 100644 --- a/avm/res/hybrid-compute/machine/tests/e2e/max.hci/main.test.bicep +++ b/avm/res/hybrid-compute/machine/tests/e2e/max.hci/main.test.bicep @@ -55,7 +55,7 @@ module testDeployment '../../../main.bicep' = [ location: resourceLocation name: '${namePrefix}${serviceShort}' kind: kind - configurationProfile: 'providers/Microsoft.Automanage/bestPractices/AzureBestPracticesDevTest' + configurationProfile: '/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesDevTest' patchAssessmentMode: 'AutomaticByPlatform' patchMode: 'AutomaticByPlatform' privateLinkScopeResourceId: nestedDependencies.outputs.privateLinkScopeResourceId From 7a912058a1758e342616803fbeb0d5902b2de7e2 Mon Sep 17 00:00:00 2001 From: Matthew Bratschun Date: Tue, 18 Jun 2024 11:01:28 -0600 Subject: [PATCH 16/25] remove config profile --- avm/res/hybrid-compute/machine/README.md | 14 ----------- avm/res/hybrid-compute/machine/main.bicep | 15 +++-------- avm/res/hybrid-compute/machine/main.json | 25 +++---------------- .../machine/tests/e2e/max.hci/main.test.bicep | 1 - 4 files changed, 7 insertions(+), 48 deletions(-) diff --git a/avm/res/hybrid-compute/machine/README.md b/avm/res/hybrid-compute/machine/README.md index 015dfd4d4a..77bad5ab18 100644 --- a/avm/res/hybrid-compute/machine/README.md +++ b/avm/res/hybrid-compute/machine/README.md @@ -17,7 +17,6 @@ This module deploys an Arc Machine for use with Arc Resource Bridge for Azure St | :-- | :-- | | `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | -| `Microsoft.Automanage/configurationProfileAssignments` | [2022-05-04](https://learn.microsoft.com/en-us/azure/templates) | | `Microsoft.GuestConfiguration/guestConfigurationAssignments` | [2020-06-25](https://learn.microsoft.com/en-us/azure/templates/Microsoft.GuestConfiguration/2020-06-25/guestConfigurationAssignments) | | `Microsoft.HybridCompute/machines` | [2023-03-15-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.HybridCompute/2023-03-15-preview/machines) | @@ -115,7 +114,6 @@ module machine 'br/public:avm/res/hybrid-compute/machine:' = { kind: '' name: 'arcmachcimx' // Non-required parameters - configurationProfile: 'providers/Microsoft.Automanage/bestPractices/AzureBestPracticesDevTest' guestConfiguration: { assignmentType: 'ApplyAndMonitor' configurationParameter: [ @@ -173,9 +171,6 @@ module machine 'br/public:avm/res/hybrid-compute/machine:' = { "value": "arcmachcimx" }, // Non-required parameters - "configurationProfile": { - "value": "providers/Microsoft.Automanage/bestPractices/AzureBestPracticesDevTest" - }, "guestConfiguration": { "value": { "assignmentType": "ApplyAndMonitor", @@ -380,7 +375,6 @@ module machine 'br/public:avm/res/hybrid-compute/machine:' = { | Parameter | Type | Description | | :-- | :-- | :-- | | [`clientPublicKey`](#parameter-clientpublickey) | string | The Public Key that the client provides to be used during initial resource onboarding. | -| [`configurationProfile`](#parameter-configurationprofile) | string | The configuration profile of automanage. Either '/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction', 'providers/Microsoft.Automanage/bestPractices/AzureBestPracticesDevTest' or the resource Id of custom profile. | | [`enableHotpatching`](#parameter-enablehotpatching) | bool | Captures the hotpatch capability enrollment intent of the customers, which enables customers to patch their Windows machines without requiring a reboot. | | [`enableTelemetry`](#parameter-enabletelemetry) | bool | Enable/Disable usage telemetry for module. | | [`guestConfiguration`](#parameter-guestconfiguration) | object | The guest configuration for the Arc machine. Needs the Guest Configuration extension to be enabled. | @@ -439,14 +433,6 @@ The Public Key that the client provides to be used during initial resource onboa - Type: string - Default: `''` -### Parameter: `configurationProfile` - -The configuration profile of automanage. Either '/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction', 'providers/Microsoft.Automanage/bestPractices/AzureBestPracticesDevTest' or the resource Id of custom profile. - -- Required: No -- Type: string -- Default: `''` - ### Parameter: `enableHotpatching` Captures the hotpatch capability enrollment intent of the customers, which enables customers to patch their Windows machines without requiring a reboot. diff --git a/avm/res/hybrid-compute/machine/main.bicep b/avm/res/hybrid-compute/machine/main.bicep index fa8e4cbab4..0ce96dadea 100644 --- a/avm/res/hybrid-compute/machine/main.bicep +++ b/avm/res/hybrid-compute/machine/main.bicep @@ -68,9 +68,6 @@ param tags object? @description('Optional. Enable/Disable usage telemetry for module.') param enableTelemetry bool = true -@description('Optional. The configuration profile of automanage. Either \'/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction\', \'providers/Microsoft.Automanage/bestPractices/AzureBestPracticesDevTest\' or the resource Id of custom profile.') -param configurationProfile string = '' - var linuxConfiguration = { patchSettings: (patchMode =~ 'AutomaticByPlatform' || patchMode =~ 'ImageDefault') ? { @@ -114,6 +111,10 @@ var builtInRoleNames = { 'Microsoft.Authorization/roleDefinitions', 'fb879df8-f326-4884-b1cf-06f3ad86be52' ) + 'Windows Admin Center Administrator Login': subscriptionResourceId( + 'Microsoft.Authorization/roleDefinitions', + 'a6333a3e-0164-44c3-b281-7a577aff287f' + ) } resource avmTelemetry 'Microsoft.Resources/deployments@2023-07-01' = if (enableTelemetry) { @@ -154,14 +155,6 @@ resource machine 'Microsoft.HybridCompute/machines@2023-03-15-preview' = { } } -resource machine_configurationProfileAssignment 'Microsoft.Automanage/configurationProfileAssignments@2022-05-04' = if (!empty(configurationProfile)) { - name: 'default' - properties: { - configurationProfile: configurationProfile - } - scope: machine -} - resource AzureWindowsBaseline 'Microsoft.GuestConfiguration/guestConfigurationAssignments@2020-06-25' = if (!empty(guestConfiguration)) { name: 'AzureWindowsBaseline' scope: machine diff --git a/avm/res/hybrid-compute/machine/main.json b/avm/res/hybrid-compute/machine/main.json index 1bc085513a..c67040631a 100644 --- a/avm/res/hybrid-compute/machine/main.json +++ b/avm/res/hybrid-compute/machine/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.28.1.47646", - "templateHash": "15387314263277045505" + "templateHash": "4502679634466883571" }, "name": "Hybrid Compute Machines", "description": "This module deploys an Arc Machine for use with Arc Resource Bridge for Azure Stack HCI or VMware. In these scenarios, this resource module will be used in combination with another resource module to create the require Virtual Machine Instance extension resource on this Arc Machine resource. This module should not be used for other Arc-enabled server scenarios, where the Arc Machine resource is created automatically by the onboarding process.", @@ -252,13 +252,6 @@ "metadata": { "description": "Optional. Enable/Disable usage telemetry for module." } - }, - "configurationProfile": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. The configuration profile of automanage. Either '/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction', 'providers/Microsoft.Automanage/bestPractices/AzureBestPracticesDevTest' or the resource Id of custom profile." - } } }, "variables": { @@ -276,7 +269,8 @@ "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]", "Arc machine Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '1c0163c0-47e6-4577-8991-ea5c82e286e4')]", "Arc machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c')]", - "Arc machine User Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fb879df8-f326-4884-b1cf-06f3ad86be52')]" + "Arc machine User Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fb879df8-f326-4884-b1cf-06f3ad86be52')]", + "Windows Admin Center Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a6333a3e-0164-44c3-b281-7a577aff287f')]" } }, "resources": { @@ -321,19 +315,6 @@ "privateLinkScopeResourceId": "[if(empty(parameters('privateLinkScopeResourceId')), null(), parameters('privateLinkScopeResourceId'))]" } }, - "machine_configurationProfileAssignment": { - "condition": "[not(empty(parameters('configurationProfile')))]", - "type": "Microsoft.Automanage/configurationProfileAssignments", - "apiVersion": "2022-05-04", - "scope": "[format('Microsoft.HybridCompute/machines/{0}', parameters('name'))]", - "name": "default", - "properties": { - "configurationProfile": "[parameters('configurationProfile')]" - }, - "dependsOn": [ - "machine" - ] - }, "AzureWindowsBaseline": { "condition": "[not(empty(parameters('guestConfiguration')))]", "type": "Microsoft.GuestConfiguration/guestConfigurationAssignments", diff --git a/avm/res/hybrid-compute/machine/tests/e2e/max.hci/main.test.bicep b/avm/res/hybrid-compute/machine/tests/e2e/max.hci/main.test.bicep index 930b448081..ab9dbe9c79 100644 --- a/avm/res/hybrid-compute/machine/tests/e2e/max.hci/main.test.bicep +++ b/avm/res/hybrid-compute/machine/tests/e2e/max.hci/main.test.bicep @@ -55,7 +55,6 @@ module testDeployment '../../../main.bicep' = [ location: resourceLocation name: '${namePrefix}${serviceShort}' kind: kind - configurationProfile: '/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesDevTest' patchAssessmentMode: 'AutomaticByPlatform' patchMode: 'AutomaticByPlatform' privateLinkScopeResourceId: nestedDependencies.outputs.privateLinkScopeResourceId From 6ffdbd1f8465b06f2effd2af725544c4c04a1c11 Mon Sep 17 00:00:00 2001 From: Matthew Bratschun Date: Tue, 18 Jun 2024 13:28:06 -0600 Subject: [PATCH 17/25] readme + json --- avm/res/hybrid-compute/machine/README.md | 6 +++--- avm/res/hybrid-compute/machine/extension/main.json | 2 +- avm/res/hybrid-compute/machine/main.json | 2 +- .../machine/tests/e2e/waf-aligned/main.test.bicep | 4 ++-- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/avm/res/hybrid-compute/machine/README.md b/avm/res/hybrid-compute/machine/README.md index 77bad5ab18..0c6633628a 100644 --- a/avm/res/hybrid-compute/machine/README.md +++ b/avm/res/hybrid-compute/machine/README.md @@ -31,7 +31,7 @@ The following section provides usage examples for the module, which were used to - [Creates only an Arc Machine](#example-1-creates-only-an-arc-machine) - [Creates an Arc Machine with maximum configurations](#example-2-creates-an-arc-machine-with-maximum-configurations) - [Creates only an Arc Machine](#example-3-creates-only-an-arc-machine) -- [Creates only an Arc Machine](#example-4-creates-only-an-arc-machine) +- [WAF-aligned](#example-4-waf-aligned) ### Example 1: _Creates only an Arc Machine_ @@ -289,9 +289,9 @@ module machine 'br/public:avm/res/hybrid-compute/machine:' = {

-### Example 4: _Creates only an Arc Machine_ +### Example 4: _WAF-aligned_ -This instance deploys the module with the minimum set of required parameters. +This instance deploys the module in alignment with the best-practices of the Azure Well-Architected Framework.

diff --git a/avm/res/hybrid-compute/machine/extension/main.json b/avm/res/hybrid-compute/machine/extension/main.json index d49364a58f..b7ecb60b9b 100644 --- a/avm/res/hybrid-compute/machine/extension/main.json +++ b/avm/res/hybrid-compute/machine/extension/main.json @@ -149,4 +149,4 @@ "value": "[reference('extension', '2022-12-27', 'full').location]" } } -} \ No newline at end of file +} diff --git a/avm/res/hybrid-compute/machine/main.json b/avm/res/hybrid-compute/machine/main.json index c67040631a..eede87a45a 100644 --- a/avm/res/hybrid-compute/machine/main.json +++ b/avm/res/hybrid-compute/machine/main.json @@ -403,4 +403,4 @@ "value": "[reference('machine', '2023-03-15-preview', 'full').location]" } } -} \ No newline at end of file +} diff --git a/avm/res/hybrid-compute/machine/tests/e2e/waf-aligned/main.test.bicep b/avm/res/hybrid-compute/machine/tests/e2e/waf-aligned/main.test.bicep index 1a579ccd8e..e207dee969 100644 --- a/avm/res/hybrid-compute/machine/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/hybrid-compute/machine/tests/e2e/waf-aligned/main.test.bicep @@ -1,7 +1,7 @@ targetScope = 'subscription' -metadata name = 'Creates only an Arc Machine' -metadata description = 'This instance deploys the module with the minimum set of required parameters.' +metadata name = 'WAF-aligned' +metadata description = 'This instance deploys the module in alignment with the best-practices of the Azure Well-Architected Framework.' // ========== // // Parameters // From d1ab22fbd2a99a904b857794702df52b1d0912e4 Mon Sep 17 00:00:00 2001 From: Matthew Bratschun Date: Tue, 18 Jun 2024 13:37:56 -0600 Subject: [PATCH 18/25] static validation updates --- avm/res/hybrid-compute/machine/README.md | 2 +- avm/res/hybrid-compute/machine/extension/README.md | 2 +- avm/res/hybrid-compute/machine/extension/main.bicep | 10 ++-------- avm/res/hybrid-compute/machine/extension/main.json | 10 +++++----- avm/res/hybrid-compute/machine/main.bicep | 2 +- avm/res/hybrid-compute/machine/main.json | 10 +++++----- 6 files changed, 15 insertions(+), 21 deletions(-) diff --git a/avm/res/hybrid-compute/machine/README.md b/avm/res/hybrid-compute/machine/README.md index 0c6633628a..e9373c4588 100644 --- a/avm/res/hybrid-compute/machine/README.md +++ b/avm/res/hybrid-compute/machine/README.md @@ -18,7 +18,7 @@ This module deploys an Arc Machine for use with Arc Resource Bridge for Azure St | `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.GuestConfiguration/guestConfigurationAssignments` | [2020-06-25](https://learn.microsoft.com/en-us/azure/templates/Microsoft.GuestConfiguration/2020-06-25/guestConfigurationAssignments) | -| `Microsoft.HybridCompute/machines` | [2023-03-15-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.HybridCompute/2023-03-15-preview/machines) | +| `Microsoft.HybridCompute/machines` | [2024-05-20-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.HybridCompute/machines) | ## Usage examples diff --git a/avm/res/hybrid-compute/machine/extension/README.md b/avm/res/hybrid-compute/machine/extension/README.md index c88c823b42..c0d27d4602 100644 --- a/avm/res/hybrid-compute/machine/extension/README.md +++ b/avm/res/hybrid-compute/machine/extension/README.md @@ -14,7 +14,7 @@ This module deploys a Arc Machine Extension. This module should be used as a sta | Resource Type | API Version | | :-- | :-- | -| `Microsoft.HybridCompute/machines/extensions` | [2022-12-27](https://learn.microsoft.com/en-us/azure/templates/Microsoft.HybridCompute/2022-12-27/machines/extensions) | +| `Microsoft.HybridCompute/machines/extensions` | [2024-05-20-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.HybridCompute/machines/extensions) | ## Parameters diff --git a/avm/res/hybrid-compute/machine/extension/main.bicep b/avm/res/hybrid-compute/machine/extension/main.bicep index a28d9965a0..fcbdf890b4 100644 --- a/avm/res/hybrid-compute/machine/extension/main.bicep +++ b/avm/res/hybrid-compute/machine/extension/main.bicep @@ -39,11 +39,11 @@ param enableAutomaticUpgrade bool @description('Optional. Tags of the resource.') param tags object? -resource machine 'Microsoft.HybridCompute/machines@2022-12-27' existing = { +resource machine 'Microsoft.HybridCompute/machines@2024-05-20-preview' existing = { name: arcMachineName } -resource extension 'Microsoft.HybridCompute/machines/extensions@2022-12-27' = { +resource extension 'Microsoft.HybridCompute/machines/extensions@2024-05-20-preview' = { name: name parent: machine location: location @@ -71,9 +71,3 @@ output resourceGroupName string = resourceGroup().name @description('The location the resource was deployed into.') output location string = extension.location - -@description('The name of the Resource Group the extension was created in.') -output resourceGroupName string = resourceGroup().name - -@description('The location the resource was deployed into.') -output location string = extension.location diff --git a/avm/res/hybrid-compute/machine/extension/main.json b/avm/res/hybrid-compute/machine/extension/main.json index b7ecb60b9b..586bc964c3 100644 --- a/avm/res/hybrid-compute/machine/extension/main.json +++ b/avm/res/hybrid-compute/machine/extension/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.28.1.47646", - "templateHash": "17610285708839931903" + "templateHash": "16197514128453369753" }, "name": "Arc Machine Extensions", "description": "This module deploys a Arc Machine Extension. This module should be used as a standalone deployment after the Arc agent has connected to the Arc Machine resource.", @@ -95,12 +95,12 @@ "machine": { "existing": true, "type": "Microsoft.HybridCompute/machines", - "apiVersion": "2022-12-27", + "apiVersion": "2024-05-20-preview", "name": "[parameters('arcMachineName')]" }, "extension": { "type": "Microsoft.HybridCompute/machines/extensions", - "apiVersion": "2022-12-27", + "apiVersion": "2024-05-20-preview", "name": "[format('{0}/{1}', parameters('arcMachineName'), parameters('name'))]", "location": "[parameters('location')]", "tags": "[parameters('tags')]", @@ -146,7 +146,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference('extension', '2022-12-27', 'full').location]" + "value": "[reference('extension', '2024-05-20-preview', 'full').location]" } } -} +} \ No newline at end of file diff --git a/avm/res/hybrid-compute/machine/main.bicep b/avm/res/hybrid-compute/machine/main.bicep index 0ce96dadea..878ce92360 100644 --- a/avm/res/hybrid-compute/machine/main.bicep +++ b/avm/res/hybrid-compute/machine/main.bicep @@ -135,7 +135,7 @@ resource avmTelemetry 'Microsoft.Resources/deployments@2023-07-01' = if (enableT } } -resource machine 'Microsoft.HybridCompute/machines@2023-03-15-preview' = { +resource machine 'Microsoft.HybridCompute/machines@2024-05-20-preview' = { name: name location: location identity: { diff --git a/avm/res/hybrid-compute/machine/main.json b/avm/res/hybrid-compute/machine/main.json index eede87a45a..58fda1eb4c 100644 --- a/avm/res/hybrid-compute/machine/main.json +++ b/avm/res/hybrid-compute/machine/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.28.1.47646", - "templateHash": "4502679634466883571" + "templateHash": "2990849316618349180" }, "name": "Hybrid Compute Machines", "description": "This module deploys an Arc Machine for use with Arc Resource Bridge for Azure Stack HCI or VMware. In these scenarios, this resource module will be used in combination with another resource module to create the require Virtual Machine Instance extension resource on this Arc Machine resource. This module should not be used for other Arc-enabled server scenarios, where the Arc Machine resource is created automatically by the onboarding process.", @@ -296,7 +296,7 @@ }, "machine": { "type": "Microsoft.HybridCompute/machines", - "apiVersion": "2023-03-15-preview", + "apiVersion": "2024-05-20-preview", "name": "[parameters('name')]", "location": "[parameters('location')]", "identity": { @@ -393,14 +393,14 @@ "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[coalesce(tryGet(tryGet(reference('machine', '2023-03-15-preview', 'full'), 'identity'), 'principalId'), '')]" + "value": "[coalesce(tryGet(tryGet(reference('machine', '2024-05-20-preview', 'full'), 'identity'), 'principalId'), '')]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference('machine', '2023-03-15-preview', 'full').location]" + "value": "[reference('machine', '2024-05-20-preview', 'full').location]" } } -} +} \ No newline at end of file From 9fa74f6bfb0d4ad9539f23e556423aa500ec0725 Mon Sep 17 00:00:00 2001 From: Matthew Bratschun Date: Tue, 18 Jun 2024 14:07:34 -0600 Subject: [PATCH 19/25] update api version --- avm/res/hybrid-compute/machine/README.md | 11 +---------- .../hybrid-compute/machine/extension/README.md | 2 +- .../hybrid-compute/machine/extension/main.bicep | 4 ++-- .../hybrid-compute/machine/extension/main.json | 8 ++++---- avm/res/hybrid-compute/machine/main.bicep | 9 +++++---- avm/res/hybrid-compute/machine/main.json | 17 +++++------------ 6 files changed, 18 insertions(+), 33 deletions(-) diff --git a/avm/res/hybrid-compute/machine/README.md b/avm/res/hybrid-compute/machine/README.md index e9373c4588..b92eec80b9 100644 --- a/avm/res/hybrid-compute/machine/README.md +++ b/avm/res/hybrid-compute/machine/README.md @@ -18,7 +18,7 @@ This module deploys an Arc Machine for use with Arc Resource Bridge for Azure St | `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.GuestConfiguration/guestConfigurationAssignments` | [2020-06-25](https://learn.microsoft.com/en-us/azure/templates/Microsoft.GuestConfiguration/2020-06-25/guestConfigurationAssignments) | -| `Microsoft.HybridCompute/machines` | [2024-05-20-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.HybridCompute/machines) | +| `Microsoft.HybridCompute/machines` | [2024-03-31-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.HybridCompute/machines) | ## Usage examples @@ -375,7 +375,6 @@ module machine 'br/public:avm/res/hybrid-compute/machine:' = { | Parameter | Type | Description | | :-- | :-- | :-- | | [`clientPublicKey`](#parameter-clientpublickey) | string | The Public Key that the client provides to be used during initial resource onboarding. | -| [`enableHotpatching`](#parameter-enablehotpatching) | bool | Captures the hotpatch capability enrollment intent of the customers, which enables customers to patch their Windows machines without requiring a reboot. | | [`enableTelemetry`](#parameter-enabletelemetry) | bool | Enable/Disable usage telemetry for module. | | [`guestConfiguration`](#parameter-guestconfiguration) | object | The guest configuration for the Arc machine. Needs the Guest Configuration extension to be enabled. | | [`location`](#parameter-location) | string | Location for all resources. | @@ -433,14 +432,6 @@ The Public Key that the client provides to be used during initial resource onboa - Type: string - Default: `''` -### Parameter: `enableHotpatching` - -Captures the hotpatch capability enrollment intent of the customers, which enables customers to patch their Windows machines without requiring a reboot. - -- Required: No -- Type: bool -- Default: `False` - ### Parameter: `enableTelemetry` Enable/Disable usage telemetry for module. diff --git a/avm/res/hybrid-compute/machine/extension/README.md b/avm/res/hybrid-compute/machine/extension/README.md index c0d27d4602..aef5344c17 100644 --- a/avm/res/hybrid-compute/machine/extension/README.md +++ b/avm/res/hybrid-compute/machine/extension/README.md @@ -14,7 +14,7 @@ This module deploys a Arc Machine Extension. This module should be used as a sta | Resource Type | API Version | | :-- | :-- | -| `Microsoft.HybridCompute/machines/extensions` | [2024-05-20-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.HybridCompute/machines/extensions) | +| `Microsoft.HybridCompute/machines/extensions` | [2024-03-31-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.HybridCompute/machines/extensions) | ## Parameters diff --git a/avm/res/hybrid-compute/machine/extension/main.bicep b/avm/res/hybrid-compute/machine/extension/main.bicep index fcbdf890b4..2c68e47c59 100644 --- a/avm/res/hybrid-compute/machine/extension/main.bicep +++ b/avm/res/hybrid-compute/machine/extension/main.bicep @@ -39,11 +39,11 @@ param enableAutomaticUpgrade bool @description('Optional. Tags of the resource.') param tags object? -resource machine 'Microsoft.HybridCompute/machines@2024-05-20-preview' existing = { +resource machine 'Microsoft.HybridCompute/machines@2024-03-31-preview' existing = { name: arcMachineName } -resource extension 'Microsoft.HybridCompute/machines/extensions@2024-05-20-preview' = { +resource extension 'Microsoft.HybridCompute/machines/extensions@2024-03-31-preview' = { name: name parent: machine location: location diff --git a/avm/res/hybrid-compute/machine/extension/main.json b/avm/res/hybrid-compute/machine/extension/main.json index 586bc964c3..4c7f7f20b5 100644 --- a/avm/res/hybrid-compute/machine/extension/main.json +++ b/avm/res/hybrid-compute/machine/extension/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.28.1.47646", - "templateHash": "16197514128453369753" + "templateHash": "16938870032761436213" }, "name": "Arc Machine Extensions", "description": "This module deploys a Arc Machine Extension. This module should be used as a standalone deployment after the Arc agent has connected to the Arc Machine resource.", @@ -95,12 +95,12 @@ "machine": { "existing": true, "type": "Microsoft.HybridCompute/machines", - "apiVersion": "2024-05-20-preview", + "apiVersion": "2024-03-31-preview", "name": "[parameters('arcMachineName')]" }, "extension": { "type": "Microsoft.HybridCompute/machines/extensions", - "apiVersion": "2024-05-20-preview", + "apiVersion": "2024-03-31-preview", "name": "[format('{0}/{1}', parameters('arcMachineName'), parameters('name'))]", "location": "[parameters('location')]", "tags": "[parameters('tags')]", @@ -146,7 +146,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference('extension', '2024-05-20-preview', 'full').location]" + "value": "[reference('extension', '2024-03-31-preview', 'full').location]" } } } \ No newline at end of file diff --git a/avm/res/hybrid-compute/machine/main.bicep b/avm/res/hybrid-compute/machine/main.bicep index 878ce92360..62b766ed93 100644 --- a/avm/res/hybrid-compute/machine/main.bicep +++ b/avm/res/hybrid-compute/machine/main.bicep @@ -37,8 +37,9 @@ param patchMode string = '' ]) param patchAssessmentMode string = 'ImageDefault' -@description('Optional. Captures the hotpatch capability enrollment intent of the customers, which enables customers to patch their Windows machines without requiring a reboot.') -param enableHotpatching bool = false +// support added in 2024-05-20-preview +//@description('Optional. Captures the hotpatch capability enrollment intent of the customers, which enables customers to patch their Windows machines without requiring a reboot.') +//param enableHotpatching bool = false // Child resources @description('Optional. The guest configuration for the Arc machine. Needs the Guest Configuration extension to be enabled.') @@ -82,7 +83,7 @@ var windowsConfiguration = { ? { patchMode: patchMode assessmentMode: patchAssessmentMode - enableHotpatching: enableHotpatching + // enableHotpatching: enableHotpatching // support added in 2024-05-20-preview } : null } @@ -135,7 +136,7 @@ resource avmTelemetry 'Microsoft.Resources/deployments@2023-07-01' = if (enableT } } -resource machine 'Microsoft.HybridCompute/machines@2024-05-20-preview' = { +resource machine 'Microsoft.HybridCompute/machines@2024-03-31-preview' = { name: name location: location identity: { diff --git a/avm/res/hybrid-compute/machine/main.json b/avm/res/hybrid-compute/machine/main.json index 58fda1eb4c..1a1da5261a 100644 --- a/avm/res/hybrid-compute/machine/main.json +++ b/avm/res/hybrid-compute/machine/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.28.1.47646", - "templateHash": "2990849316618349180" + "templateHash": "1676670089655828815" }, "name": "Hybrid Compute Machines", "description": "This module deploys an Arc Machine for use with Arc Resource Bridge for Azure Stack HCI or VMware. In these scenarios, this resource module will be used in combination with another resource module to create the require Virtual Machine Instance extension resource on this Arc Machine resource. This module should not be used for other Arc-enabled server scenarios, where the Arc Machine resource is created automatically by the onboarding process.", @@ -194,13 +194,6 @@ "description": "Optional. VM guest patching assessment mode. Set it to 'AutomaticByPlatform' to enable automatically check for updates every 24 hours." } }, - "enableHotpatching": { - "type": "bool", - "defaultValue": false, - "metadata": { - "description": "Optional. Captures the hotpatch capability enrollment intent of the customers, which enables customers to patch their Windows machines without requiring a reboot." - } - }, "guestConfiguration": { "type": "object", "defaultValue": {}, @@ -259,7 +252,7 @@ "patchSettings": "[if(or(equals(toLower(parameters('patchMode')), toLower('AutomaticByPlatform')), equals(toLower(parameters('patchMode')), toLower('ImageDefault'))), createObject('patchMode', parameters('patchMode'), 'assessmentMode', parameters('patchAssessmentMode')), null())]" }, "windowsConfiguration": { - "patchSettings": "[if(or(or(equals(toLower(parameters('patchMode')), toLower('AutomaticByPlatform')), equals(toLower(parameters('patchMode')), toLower('AutomaticByOS'))), equals(toLower(parameters('patchMode')), toLower('Manual'))), createObject('patchMode', parameters('patchMode'), 'assessmentMode', parameters('patchAssessmentMode'), 'enableHotpatching', parameters('enableHotpatching')), null())]" + "patchSettings": "[if(or(or(equals(toLower(parameters('patchMode')), toLower('AutomaticByPlatform')), equals(toLower(parameters('patchMode')), toLower('AutomaticByOS'))), equals(toLower(parameters('patchMode')), toLower('Manual'))), createObject('patchMode', parameters('patchMode'), 'assessmentMode', parameters('patchAssessmentMode')), null())]" }, "builtInRoleNames": { "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", @@ -296,7 +289,7 @@ }, "machine": { "type": "Microsoft.HybridCompute/machines", - "apiVersion": "2024-05-20-preview", + "apiVersion": "2024-03-31-preview", "name": "[parameters('name')]", "location": "[parameters('location')]", "identity": { @@ -393,14 +386,14 @@ "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[coalesce(tryGet(tryGet(reference('machine', '2024-05-20-preview', 'full'), 'identity'), 'principalId'), '')]" + "value": "[coalesce(tryGet(tryGet(reference('machine', '2024-03-31-preview', 'full'), 'identity'), 'principalId'), '')]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference('machine', '2024-05-20-preview', 'full').location]" + "value": "[reference('machine', '2024-03-31-preview', 'full').location]" } } } \ No newline at end of file From 7248d25e8e1cc133603b5beb0c738ef05e307e65 Mon Sep 17 00:00:00 2001 From: Matthew Bratschun Date: Tue, 18 Jun 2024 15:43:17 -0600 Subject: [PATCH 20/25] version + name alignment --- avm/res/hybrid-compute/machine/main.bicep | 2 +- avm/res/hybrid-compute/machine/main.json | 4 ++-- avm/res/hybrid-compute/machine/version.json | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/avm/res/hybrid-compute/machine/main.bicep b/avm/res/hybrid-compute/machine/main.bicep index 62b766ed93..6f617a3982 100644 --- a/avm/res/hybrid-compute/machine/main.bicep +++ b/avm/res/hybrid-compute/machine/main.bicep @@ -157,7 +157,7 @@ resource machine 'Microsoft.HybridCompute/machines@2024-03-31-preview' = { } resource AzureWindowsBaseline 'Microsoft.GuestConfiguration/guestConfigurationAssignments@2020-06-25' = if (!empty(guestConfiguration)) { - name: 'AzureWindowsBaseline' + name: 'gca-${name}' scope: machine dependsOn: [] location: location diff --git a/avm/res/hybrid-compute/machine/main.json b/avm/res/hybrid-compute/machine/main.json index 1a1da5261a..ea602a8f01 100644 --- a/avm/res/hybrid-compute/machine/main.json +++ b/avm/res/hybrid-compute/machine/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.28.1.47646", - "templateHash": "1676670089655828815" + "templateHash": "3659039300722515358" }, "name": "Hybrid Compute Machines", "description": "This module deploys an Arc Machine for use with Arc Resource Bridge for Azure Stack HCI or VMware. In these scenarios, this resource module will be used in combination with another resource module to create the require Virtual Machine Instance extension resource on this Arc Machine resource. This module should not be used for other Arc-enabled server scenarios, where the Arc Machine resource is created automatically by the onboarding process.", @@ -313,7 +313,7 @@ "type": "Microsoft.GuestConfiguration/guestConfigurationAssignments", "apiVersion": "2020-06-25", "scope": "[format('Microsoft.HybridCompute/machines/{0}', parameters('name'))]", - "name": "AzureWindowsBaseline", + "name": "[format('gca-{0}', parameters('name'))]", "location": "[parameters('location')]", "properties": { "guestConfiguration": "[parameters('guestConfiguration')]" diff --git a/avm/res/hybrid-compute/machine/version.json b/avm/res/hybrid-compute/machine/version.json index 78451defbe..8daf267d3a 100644 --- a/avm/res/hybrid-compute/machine/version.json +++ b/avm/res/hybrid-compute/machine/version.json @@ -1,6 +1,6 @@ { "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.0", + "version": "0.1.0", "pathFilters": [ "./main.json" ] From 09e5fc23fb733a736a69e78f589cf2a701f615ad Mon Sep 17 00:00:00 2001 From: Matthew Bratschun <25390936+mbrat2005@users.noreply.github.com> Date: Thu, 20 Jun 2024 07:36:18 -0600 Subject: [PATCH 21/25] clientPublicKey --> secure Co-authored-by: Alexander Sehr --- avm/res/hybrid-compute/machine/main.bicep | 1 + 1 file changed, 1 insertion(+) diff --git a/avm/res/hybrid-compute/machine/main.bicep b/avm/res/hybrid-compute/machine/main.bicep index 6f617a3982..9102d1f7b7 100644 --- a/avm/res/hybrid-compute/machine/main.bicep +++ b/avm/res/hybrid-compute/machine/main.bicep @@ -18,6 +18,7 @@ param parentClusterResourceId string = '' param vmId string = '' @description('Optional. The Public Key that the client provides to be used during initial resource onboarding.') +@secure() param clientPublicKey string = '' @description('Optional. VM guest patching orchestration mode. \'AutomaticByOS\' & \'Manual\' are for Windows only, \'ImageDefault\' for Linux only.') From 99e49cd7ace5ae8af57090c7d6c5f15b6f00d372 Mon Sep 17 00:00:00 2001 From: Matthew Bratschun <25390936+mbrat2005@users.noreply.github.com> Date: Thu, 20 Jun 2024 07:36:49 -0600 Subject: [PATCH 22/25] patchMode -> optional Co-authored-by: Alexander Sehr --- avm/res/hybrid-compute/machine/main.bicep | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/avm/res/hybrid-compute/machine/main.bicep b/avm/res/hybrid-compute/machine/main.bicep index 9102d1f7b7..cd1400553c 100644 --- a/avm/res/hybrid-compute/machine/main.bicep +++ b/avm/res/hybrid-compute/machine/main.bicep @@ -27,9 +27,8 @@ param clientPublicKey string = '' 'AutomaticByOS' 'Manual' 'ImageDefault' - '' ]) -param patchMode string = '' +param patchMode string? @description('Optional. VM guest patching assessment mode. Set it to \'AutomaticByPlatform\' to enable automatically check for updates every 24 hours.') @allowed([ From ce743dd1494eb56cb893154688b4e92b019a64da Mon Sep 17 00:00:00 2001 From: Matthew Bratschun <25390936+mbrat2005@users.noreply.github.com> Date: Thu, 20 Jun 2024 14:00:42 +0000 Subject: [PATCH 23/25] AlexanderSehr review items --- avm/res/hybrid-compute/machine/main.bicep | 10 +++++----- .../machine/tests/e2e/hci.defaults/main.test.bicep | 12 ++---------- .../machine/tests/e2e/max.hci/main.test.bicep | 7 ++----- .../tests/e2e/vmware.defaults/main.test.bicep | 8 +++----- .../machine/tests/e2e/waf-aligned/main.test.bicep | 5 +---- avm/res/hybrid-compute/machine/version.json | 2 +- 6 files changed, 14 insertions(+), 30 deletions(-) diff --git a/avm/res/hybrid-compute/machine/main.bicep b/avm/res/hybrid-compute/machine/main.bicep index cd1400553c..7ceb726e2b 100644 --- a/avm/res/hybrid-compute/machine/main.bicep +++ b/avm/res/hybrid-compute/machine/main.bicep @@ -49,9 +49,8 @@ param guestConfiguration object = {} @allowed([ 'Windows' 'Linux' - '' ]) -param osType string = '' +param osType string? // Shared parameters @description('Optional. Location for all resources.') @@ -70,7 +69,7 @@ param tags object? param enableTelemetry bool = true var linuxConfiguration = { - patchSettings: (patchMode =~ 'AutomaticByPlatform' || patchMode =~ 'ImageDefault') + patchSettings: (patchMode == 'AutomaticByPlatform' || patchMode == 'ImageDefault') ? { patchMode: patchMode assessmentMode: patchAssessmentMode @@ -79,7 +78,7 @@ var linuxConfiguration = { } var windowsConfiguration = { - patchSettings: (patchMode =~ 'AutomaticByPlatform' || patchMode =~ 'AutomaticByOS' || patchMode =~ 'Manual') + patchSettings: (patchMode == 'AutomaticByPlatform' || patchMode == 'AutomaticByOS' || patchMode == 'Manual') ? { patchMode: patchMode assessmentMode: patchAssessmentMode @@ -118,6 +117,7 @@ var builtInRoleNames = { ) } +#disable-next-line no-deployments-resources resource avmTelemetry 'Microsoft.Resources/deployments@2023-07-01' = if (enableTelemetry) { name: '46d3xbcp.res.hybridcompute-machine.${replace('-..--..-', '.', '-')}.${substring(uniqueString(deployment().name, location), 0, 4)}' properties: { @@ -152,7 +152,7 @@ resource machine 'Microsoft.HybridCompute/machines@2024-03-31-preview' = { parentClusterResourceId: parentClusterResourceId vmId: vmId clientPublicKey: clientPublicKey - privateLinkScopeResourceId: empty(privateLinkScopeResourceId) ? null : privateLinkScopeResourceId + privateLinkScopeResourceId: !empty(privateLinkScopeResourceId) ? privateLinkScopeResourceId : null } } diff --git a/avm/res/hybrid-compute/machine/tests/e2e/hci.defaults/main.test.bicep b/avm/res/hybrid-compute/machine/tests/e2e/hci.defaults/main.test.bicep index d46e3997c2..66b423867d 100644 --- a/avm/res/hybrid-compute/machine/tests/e2e/hci.defaults/main.test.bicep +++ b/avm/res/hybrid-compute/machine/tests/e2e/hci.defaults/main.test.bicep @@ -1,15 +1,12 @@ targetScope = 'subscription' -metadata name = 'Creates only an Arc Machine' +metadata name = 'Creates an Arc Machine using only the defaults' metadata description = 'This instance deploys the module with the minimum set of required parameters.' // ========== // // Parameters // // ========== // -@description('Required. The kind of machine to deploy.') -param kind string = 'HCI' - @description('Optional. The name of the resource group to deploy for testing purposes.') @maxLength(90) param resourceGroupName string = 'dep-${namePrefix}-hybridCompute.machine-${serviceShort}-rg' @@ -45,12 +42,7 @@ module testDeployment '../../../main.bicep' = [ params: { location: resourceLocation name: '${namePrefix}${serviceShort}' - kind: kind - tags: { - 'hidden-title': 'This is visible in the resource name' - Environment: 'Non-Prod' - Role: 'DeploymentValidation' - } + kind: 'HCI' } } ] diff --git a/avm/res/hybrid-compute/machine/tests/e2e/max.hci/main.test.bicep b/avm/res/hybrid-compute/machine/tests/e2e/max.hci/main.test.bicep index ab9dbe9c79..7f9d565e22 100644 --- a/avm/res/hybrid-compute/machine/tests/e2e/max.hci/main.test.bicep +++ b/avm/res/hybrid-compute/machine/tests/e2e/max.hci/main.test.bicep @@ -1,15 +1,12 @@ targetScope = 'subscription' metadata name = 'Creates an Arc Machine with maximum configurations' -metadata description = 'This instance deploys the module with the full set of required parameters.' +metadata description = 'This instance deploys the module with most of its features enabled.' // ========== // // Parameters // // ========== // -@description('Required. The kind of machine to deploy.') -param kind string = 'HCI' - @description('Optional. The name of the resource group to deploy for testing purposes.') @maxLength(90) param resourceGroupName string = 'dep-${namePrefix}-hybridCompute.machine-${serviceShort}-rg' @@ -54,7 +51,7 @@ module testDeployment '../../../main.bicep' = [ params: { location: resourceLocation name: '${namePrefix}${serviceShort}' - kind: kind + kind: 'HCI' patchAssessmentMode: 'AutomaticByPlatform' patchMode: 'AutomaticByPlatform' privateLinkScopeResourceId: nestedDependencies.outputs.privateLinkScopeResourceId diff --git a/avm/res/hybrid-compute/machine/tests/e2e/vmware.defaults/main.test.bicep b/avm/res/hybrid-compute/machine/tests/e2e/vmware.defaults/main.test.bicep index 9ba89b725a..36ed2f6593 100644 --- a/avm/res/hybrid-compute/machine/tests/e2e/vmware.defaults/main.test.bicep +++ b/avm/res/hybrid-compute/machine/tests/e2e/vmware.defaults/main.test.bicep @@ -1,15 +1,13 @@ targetScope = 'subscription' -metadata name = 'Creates only an Arc Machine' +metadata name = 'Creates an VMWare machine using only the defaults' + metadata description = 'This instance deploys the module with the minimum set of required parameters.' // ========== // // Parameters // // ========== // -@description('Required. The kind of machine to deploy.') -param kind string = 'Vmware' - @description('Optional. The name of the resource group to deploy for testing purposes.') @maxLength(90) param resourceGroupName string = 'dep-${namePrefix}-hybridCompute.machine-${serviceShort}-rg' @@ -45,7 +43,7 @@ module testDeployment '../../../main.bicep' = [ params: { location: resourceLocation name: '${namePrefix}${serviceShort}' - kind: kind + kind: 'VMware' tags: { 'hidden-title': 'This is visible in the resource name' Environment: 'Non-Prod' diff --git a/avm/res/hybrid-compute/machine/tests/e2e/waf-aligned/main.test.bicep b/avm/res/hybrid-compute/machine/tests/e2e/waf-aligned/main.test.bicep index e207dee969..f9932ecb3e 100644 --- a/avm/res/hybrid-compute/machine/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/hybrid-compute/machine/tests/e2e/waf-aligned/main.test.bicep @@ -7,9 +7,6 @@ metadata description = 'This instance deploys the module in alignment with the b // Parameters // // ========== // -@description('Required. The kind of machine to deploy.') -param kind string = 'HCI' - @description('Optional. The name of the resource group to deploy for testing purposes.') @maxLength(90) param resourceGroupName string = 'dep-${namePrefix}-hybridCompute.machine-${serviceShort}-rg' @@ -45,7 +42,7 @@ module testDeployment '../../../main.bicep' = [ params: { location: resourceLocation name: '${namePrefix}${serviceShort}' - kind: kind + kind: 'HCI' tags: { 'hidden-title': 'This is visible in the resource name' Environment: 'Non-Prod' diff --git a/avm/res/hybrid-compute/machine/version.json b/avm/res/hybrid-compute/machine/version.json index 8daf267d3a..0200aa0775 100644 --- a/avm/res/hybrid-compute/machine/version.json +++ b/avm/res/hybrid-compute/machine/version.json @@ -1,6 +1,6 @@ { "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.1.0", + "version": "0.1", "pathFilters": [ "./main.json" ] From a5d315e1263d4e00fdc4392bcadf8902adcc8bf7 Mon Sep 17 00:00:00 2001 From: Matthew Bratschun <25390936+mbrat2005@users.noreply.github.com> Date: Thu, 20 Jun 2024 14:05:30 +0000 Subject: [PATCH 24/25] more review fixes --- .../machine/tests/e2e/max.hci/dependencies.bicep | 6 +++++- .../machine/tests/e2e/vmware.defaults/main.test.bicep | 5 ----- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/avm/res/hybrid-compute/machine/tests/e2e/max.hci/dependencies.bicep b/avm/res/hybrid-compute/machine/tests/e2e/max.hci/dependencies.bicep index 086d05e310..f482c45c67 100644 --- a/avm/res/hybrid-compute/machine/tests/e2e/max.hci/dependencies.bicep +++ b/avm/res/hybrid-compute/machine/tests/e2e/max.hci/dependencies.bicep @@ -1,5 +1,8 @@ +@description('Required. The name of the Private Link Scope to create.') param privateLinkScopeName string -param location string + +@description('Optional. The location to deploy to.') +param location string = resourceGroup().location resource privateLinkScope 'Microsoft.HybridCompute/privateLinkScopes@2023-10-03-preview' = { name: privateLinkScopeName @@ -14,4 +17,5 @@ resource privateLinkScope 'Microsoft.HybridCompute/privateLinkScopes@2023-10-03- } } +@description('The resource ID of the created Private Link Scope.') output privateLinkScopeResourceId string = privateLinkScope.id diff --git a/avm/res/hybrid-compute/machine/tests/e2e/vmware.defaults/main.test.bicep b/avm/res/hybrid-compute/machine/tests/e2e/vmware.defaults/main.test.bicep index 36ed2f6593..524d3881ec 100644 --- a/avm/res/hybrid-compute/machine/tests/e2e/vmware.defaults/main.test.bicep +++ b/avm/res/hybrid-compute/machine/tests/e2e/vmware.defaults/main.test.bicep @@ -44,11 +44,6 @@ module testDeployment '../../../main.bicep' = [ location: resourceLocation name: '${namePrefix}${serviceShort}' kind: 'VMware' - tags: { - 'hidden-title': 'This is visible in the resource name' - Environment: 'Non-Prod' - Role: 'DeploymentValidation' - } } } ] From a839e5f87fe3b5cb04bbcda16dfd83661af73e6e Mon Sep 17 00:00:00 2001 From: Matthew Bratschun Date: Thu, 20 Jun 2024 16:09:53 -0600 Subject: [PATCH 25/25] updated readme and json --- avm/res/hybrid-compute/machine/README.md | 58 ++++++------------------ avm/res/hybrid-compute/machine/main.json | 20 ++++---- 2 files changed, 24 insertions(+), 54 deletions(-) diff --git a/avm/res/hybrid-compute/machine/README.md b/avm/res/hybrid-compute/machine/README.md index b92eec80b9..8d2d8eb387 100644 --- a/avm/res/hybrid-compute/machine/README.md +++ b/avm/res/hybrid-compute/machine/README.md @@ -28,12 +28,12 @@ The following section provides usage examples for the module, which were used to >**Note**: To reference the module, please use the following syntax `br/public:avm/res/hybrid-compute/machine:`. -- [Creates only an Arc Machine](#example-1-creates-only-an-arc-machine) +- [Creates an Arc Machine using only the defaults](#example-1-creates-an-arc-machine-using-only-the-defaults) - [Creates an Arc Machine with maximum configurations](#example-2-creates-an-arc-machine-with-maximum-configurations) -- [Creates only an Arc Machine](#example-3-creates-only-an-arc-machine) +- [Creates an VMWare machine using only the defaults](#example-3-creates-an-vmware-machine-using-only-the-defaults) - [WAF-aligned](#example-4-waf-aligned) -### Example 1: _Creates only an Arc Machine_ +### Example 1: _Creates an Arc Machine using only the defaults_ This instance deploys the module with the minimum set of required parameters. @@ -47,15 +47,10 @@ module machine 'br/public:avm/res/hybrid-compute/machine:' = { name: 'machineDeployment' params: { // Required parameters - kind: '' + kind: 'HCI' name: 'arcmachcimin' // Non-required parameters location: '' - tags: { - Environment: 'Non-Prod' - 'hidden-title': 'This is visible in the resource name' - Role: 'DeploymentValidation' - } } } ``` @@ -74,7 +69,7 @@ module machine 'br/public:avm/res/hybrid-compute/machine:' = { "parameters": { // Required parameters "kind": { - "value": "" + "value": "HCI" }, "name": { "value": "arcmachcimin" @@ -82,13 +77,6 @@ module machine 'br/public:avm/res/hybrid-compute/machine:' = { // Non-required parameters "location": { "value": "" - }, - "tags": { - "value": { - "Environment": "Non-Prod", - "hidden-title": "This is visible in the resource name", - "Role": "DeploymentValidation" - } } } } @@ -99,7 +87,7 @@ module machine 'br/public:avm/res/hybrid-compute/machine:' = { ### Example 2: _Creates an Arc Machine with maximum configurations_ -This instance deploys the module with the full set of required parameters. +This instance deploys the module with most of its features enabled.
@@ -111,7 +99,7 @@ module machine 'br/public:avm/res/hybrid-compute/machine:' = { name: 'machineDeployment' params: { // Required parameters - kind: '' + kind: 'HCI' name: 'arcmachcimx' // Non-required parameters guestConfiguration: { @@ -165,7 +153,7 @@ module machine 'br/public:avm/res/hybrid-compute/machine:' = { "parameters": { // Required parameters "kind": { - "value": "" + "value": "HCI" }, "name": { "value": "arcmachcimx" @@ -225,7 +213,7 @@ module machine 'br/public:avm/res/hybrid-compute/machine:' = {

-### Example 3: _Creates only an Arc Machine_ +### Example 3: _Creates an VMWare machine using only the defaults_ This instance deploys the module with the minimum set of required parameters. @@ -239,15 +227,10 @@ module machine 'br/public:avm/res/hybrid-compute/machine:' = { name: 'machineDeployment' params: { // Required parameters - kind: '' + kind: 'VMware' name: 'arcmacvmwmin' // Non-required parameters location: '' - tags: { - Environment: 'Non-Prod' - 'hidden-title': 'This is visible in the resource name' - Role: 'DeploymentValidation' - } } } ``` @@ -266,7 +249,7 @@ module machine 'br/public:avm/res/hybrid-compute/machine:' = { "parameters": { // Required parameters "kind": { - "value": "" + "value": "VMware" }, "name": { "value": "arcmacvmwmin" @@ -274,13 +257,6 @@ module machine 'br/public:avm/res/hybrid-compute/machine:' = { // Non-required parameters "location": { "value": "" - }, - "tags": { - "value": { - "Environment": "Non-Prod", - "hidden-title": "This is visible in the resource name", - "Role": "DeploymentValidation" - } } } } @@ -303,7 +279,7 @@ module machine 'br/public:avm/res/hybrid-compute/machine:' = { name: 'machineDeployment' params: { // Required parameters - kind: '' + kind: 'HCI' name: 'arcmacwaf' // Non-required parameters location: '' @@ -330,7 +306,7 @@ module machine 'br/public:avm/res/hybrid-compute/machine:' = { "parameters": { // Required parameters "kind": { - "value": "" + "value": "HCI" }, "name": { "value": "arcmacwaf" @@ -374,7 +350,7 @@ module machine 'br/public:avm/res/hybrid-compute/machine:' = { | Parameter | Type | Description | | :-- | :-- | :-- | -| [`clientPublicKey`](#parameter-clientpublickey) | string | The Public Key that the client provides to be used during initial resource onboarding. | +| [`clientPublicKey`](#parameter-clientpublickey) | securestring | The Public Key that the client provides to be used during initial resource onboarding. | | [`enableTelemetry`](#parameter-enabletelemetry) | bool | Enable/Disable usage telemetry for module. | | [`guestConfiguration`](#parameter-guestconfiguration) | object | The guest configuration for the Arc machine. Needs the Guest Configuration extension to be enabled. | | [`location`](#parameter-location) | string | Location for all resources. | @@ -406,11 +382,9 @@ Required if you are providing OS-type specified configurations, such as patch se - Required: No - Type: string -- Default: `''` - Allowed: ```Bicep [ - '' 'Linux' 'Windows' ] @@ -429,7 +403,7 @@ The resource ID of an Arc Private Link Scope which which to associate this machi The Public Key that the client provides to be used during initial resource onboarding. - Required: No -- Type: string +- Type: securestring - Default: `''` ### Parameter: `enableTelemetry` @@ -521,11 +495,9 @@ VM guest patching orchestration mode. 'AutomaticByOS' & 'Manual' are for Windows - Required: No - Type: string -- Default: `''` - Allowed: ```Bicep [ - '' 'AutomaticByOS' 'AutomaticByPlatform' 'ImageDefault' diff --git a/avm/res/hybrid-compute/machine/main.json b/avm/res/hybrid-compute/machine/main.json index ea602a8f01..a2151e8063 100644 --- a/avm/res/hybrid-compute/machine/main.json +++ b/avm/res/hybrid-compute/machine/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.28.1.47646", - "templateHash": "3659039300722515358" + "templateHash": "6825923126291924605" }, "name": "Hybrid Compute Machines", "description": "This module deploys an Arc Machine for use with Arc Resource Bridge for Azure Stack HCI or VMware. In these scenarios, this resource module will be used in combination with another resource module to create the require Virtual Machine Instance extension resource on this Arc Machine resource. This module should not be used for other Arc-enabled server scenarios, where the Arc Machine resource is created automatically by the onboarding process.", @@ -163,7 +163,7 @@ } }, "clientPublicKey": { - "type": "string", + "type": "securestring", "defaultValue": "", "metadata": { "description": "Optional. The Public Key that the client provides to be used during initial resource onboarding." @@ -171,13 +171,12 @@ }, "patchMode": { "type": "string", - "defaultValue": "", + "nullable": true, "allowedValues": [ "AutomaticByPlatform", "AutomaticByOS", "Manual", - "ImageDefault", - "" + "ImageDefault" ], "metadata": { "description": "Optional. VM guest patching orchestration mode. 'AutomaticByOS' & 'Manual' are for Windows only, 'ImageDefault' for Linux only." @@ -203,11 +202,10 @@ }, "osType": { "type": "string", - "defaultValue": "", + "nullable": true, "allowedValues": [ "Windows", - "Linux", - "" + "Linux" ], "metadata": { "description": "Conditional. Required if you are providing OS-type specified configurations, such as patch settings. The chosen OS type, either Windows or Linux." @@ -249,10 +247,10 @@ }, "variables": { "linuxConfiguration": { - "patchSettings": "[if(or(equals(toLower(parameters('patchMode')), toLower('AutomaticByPlatform')), equals(toLower(parameters('patchMode')), toLower('ImageDefault'))), createObject('patchMode', parameters('patchMode'), 'assessmentMode', parameters('patchAssessmentMode')), null())]" + "patchSettings": "[if(or(equals(parameters('patchMode'), 'AutomaticByPlatform'), equals(parameters('patchMode'), 'ImageDefault')), createObject('patchMode', parameters('patchMode'), 'assessmentMode', parameters('patchAssessmentMode')), null())]" }, "windowsConfiguration": { - "patchSettings": "[if(or(or(equals(toLower(parameters('patchMode')), toLower('AutomaticByPlatform')), equals(toLower(parameters('patchMode')), toLower('AutomaticByOS'))), equals(toLower(parameters('patchMode')), toLower('Manual'))), createObject('patchMode', parameters('patchMode'), 'assessmentMode', parameters('patchAssessmentMode')), null())]" + "patchSettings": "[if(or(or(equals(parameters('patchMode'), 'AutomaticByPlatform'), equals(parameters('patchMode'), 'AutomaticByOS')), equals(parameters('patchMode'), 'Manual')), createObject('patchMode', parameters('patchMode'), 'assessmentMode', parameters('patchAssessmentMode')), null())]" }, "builtInRoleNames": { "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", @@ -305,7 +303,7 @@ "parentClusterResourceId": "[parameters('parentClusterResourceId')]", "vmId": "[parameters('vmId')]", "clientPublicKey": "[parameters('clientPublicKey')]", - "privateLinkScopeResourceId": "[if(empty(parameters('privateLinkScopeResourceId')), null(), parameters('privateLinkScopeResourceId'))]" + "privateLinkScopeResourceId": "[if(not(empty(parameters('privateLinkScopeResourceId'))), parameters('privateLinkScopeResourceId'), null())]" } }, "AzureWindowsBaseline": {